Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Import role with byop #175

Merged
merged 7 commits into from
Aug 25, 2022
Merged

Import role with byop #175

merged 7 commits into from
Aug 25, 2022

Conversation

elliottzack429
Copy link
Contributor

Description

Adds support for importing roles. Enforces that include_default_policies can only be true if using role_type. Fixes some random test failures.

Rally #US879130: ALKS TFP - Allow users to import ALKS IAM Roles
DE276723: ALKS TFP: Remove whitespace and check for valid JSON in Resource Schema

Type of change

  • Feature (non-breaking change which adds functionality)

How has this been tested?

Steps:

  1. Manual Testing
  2. Unit Tests
  3. Acceptance Tests

Adding support for importing roles, ensured that include_default_policies can only be true for byop roles, and fixed some existing bugs with tests.  Also added max_duration field to trustRole resource type, which hopefully wont affect anything.
@elliottzack429 elliottzack429 requested review from americk0 and a team August 23, 2022 20:23
}

//Broken into seperate function to allow for returning of errors.
func UnmarshalAndMarshal(oldPolicy *string, newPolicy *string) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple things here:

First, to make this function more reusable, why don't we instead refactor this to just act on a single policy string and then call it twice: once for each policy

Second, I noticed this function does the old-school modify-my-inputs-in-place tactic which can be weird to debug down the line. Sometimes when the inputs are really large people still do this for performance reasons but for our case I'd be fine sacrificing that tiny bit of performance to save us a few headaches down the road. Consider returning the new string containing JSON rather than modifying the input

Comment on lines +70 to +74
"max_session_duration_in_seconds": {
Type: schema.TypeInt,
Default: 3600,
Optional: true,
},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we're adding this field to trust roles, we should make sure that it works. Right now the resourceAlksIamTrustRoleCreate function doesn't read this field and pass it along in the API call to ALKS Go so it's effectively a broken field. The reason you probably had to add this was because alks_iamtrustrole shares the same read, update, and delete functions as the alks_iamrole resource, but it still has its own create function so that function needs to be updated

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added

@elliottzack429 elliottzack429 merged commit 8ac532a into master Aug 25, 2022
@elliottzack429 elliottzack429 deleted the import-role-with-byop branch August 25, 2022 18:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants