Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

r/aws_iam_organization_features: IAM Organizations Root Access Management new resource #40164

Merged
merged 12 commits into from
Nov 26, 2024
Merged

r/aws_iam_organization_features: IAM Organizations Root Access Management new resource #40164

merged 12 commits into from
Nov 26, 2024
+501 −6

Conversation

alexbacchin
Copy link
Contributor

@alexbacchin alexbacchin commented Nov 18, 2024
edited
Loading

Description

This resource manages the IAM Organization features (Root Access Management). It can only be utilised on the management account with AWS Organization enabled, as well as trusted access for AWS Identity and Access Management.

The implementation was not as a straightforward. Each feature requires a separate Enable/Disable API call. However, reading all enable features is a single ListFeatures action.

resource "aws_organizations_organization" "example" {
  aws_service_access_principals = ["iam.amazonaws.com"]
  feature_set                   = "ALL"
}

resource "aws_iam_organization_features" "example" {
  features = [
    "RootCredentialsManagement", 
    "RootSessions"
  ]
}

Relations

Closes #40151
Closes #40173

References

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html

Output from Acceptance Testing

I have only included the basic testing. Please let me know if more testing is needed

% make testacc TESTS=TestAccIAMOrganizationFeatures_basic PKG=iam
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.2 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMOrganizationFeatures_basic'  -timeout 360m
2024/11/18 20:49:09 Initializing Terraform AWS Provider...
=== RUN   TestAccIAMOrganizationFeatures_basic
=== PAUSE TestAccIAMOrganizationFeatures_basic
=== CONT  TestAccIAMOrganizationFeatures_basic
--- PASS: TestAccIAMOrganizationFeatures_basic (33.03s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/iam        33.118s

...

@github-actions GitHub Actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/iam Issues and PRs that pertain to the iam service. generators Relates to code generators. needs-triage Waiting for first response or review from a maintainer. labels Nov 18, 2024
@github-actions github-actions bot added the documentation Introduces or discusses updates to documentation. label Nov 18, 2024
@alexbacchin alexbacchin marked this pull request as ready for review November 18, 2024 11:17
@alexbacchin alexbacchin requested a review from a team as a code owner November 18, 2024 11:17
@justinretzolk justinretzolk added new-resource Introduces a new resource. and removed needs-triage Waiting for first response or review from a maintainer. labels Nov 18, 2024
@aristosvo aristosvo mentioned this pull request Nov 18, 2024
Closed
@ewbankkit ewbankkit self-assigned this Nov 25, 2024
@github-actions github-actions bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Nov 25, 2024
ewbankkit
ewbankkit previously approved these changes Nov 26, 2024
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccIAMOrganizationsFeatures_serial' PKG=iam
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.3 test ./internal/service/iam/... -v -count 1 -parallel 20  -run=TestAccIAMOrganizationsFeatures_serial -timeout 360m
2024/11/26 08:25:37 Initializing Terraform AWS Provider...
=== RUN   TestAccIAMOrganizationsFeatures_serial
=== PAUSE TestAccIAMOrganizationsFeatures_serial
=== CONT  TestAccIAMOrganizationsFeatures_serial
=== RUN   TestAccIAMOrganizationsFeatures_serial/basic
=== RUN   TestAccIAMOrganizationsFeatures_serial/update
--- PASS: TestAccIAMOrganizationsFeatures_serial (32.33s)
    --- PASS: TestAccIAMOrganizationsFeatures_serial/basic (13.23s)
    --- PASS: TestAccIAMOrganizationsFeatures_serial/update (19.10s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/iam	37.488s
% make testacc TESTARGS='-run=TestAccIAMOrganizationsFeatures_serial' PKG=iam
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.3 test ./internal/service/iam/... -v -count 1 -parallel 20  -run=TestAccIAMOrganizationsFeatures_serial -timeout 360m
2024/11/26 08:27:16 Initializing Terraform AWS Provider...
=== RUN   TestAccIAMOrganizationsFeatures_serial
=== PAUSE TestAccIAMOrganizationsFeatures_serial
=== CONT  TestAccIAMOrganizationsFeatures_serial
=== RUN   TestAccIAMOrganizationsFeatures_serial/basic
    organizations_features_test.go:42: this AWS account must be the management account of an AWS Organization
=== RUN   TestAccIAMOrganizationsFeatures_serial/update
    organizations_features_test.go:78: this AWS account must be the management account of an AWS Organization
--- PASS: TestAccIAMOrganizationsFeatures_serial (1.10s)
    --- SKIP: TestAccIAMOrganizationsFeatures_serial/basic (0.84s)
    --- SKIP: TestAccIAMOrganizationsFeatures_serial/update (0.26s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/iam	6.150s

johnsonaj
johnsonaj approved these changes Nov 26, 2024
View reviewed changes
Copy link
Contributor

@johnsonaj johnsonaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

@ewbankkit ewbankkit merged commit bf676bb into hashicorp:main Nov 26, 2024
41 checks passed
@github-actions github-actions bot added this to the v5.78.0 milestone Nov 26, 2024
@ewbankkit
Copy link
Contributor

@alexbacchin Thanks for the contribution 🎉 👏.
I renamed the resource to aws_iam_organizations_features to match the API.

@alexbacchin alexbacchin deleted the r-aws_iam_organization_features branch November 26, 2024 18:56
@github-actions github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Nov 26, 2024
@github-actions GitHub Actions
Copy link

This functionality has been released in v5.78.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johnsonaj johnsonaj johnsonaj approved these changes

@ewbankkit ewbankkit ewbankkit left review comments

Assignees

@ewbankkit ewbankkit

Labels
documentation Introduces or discusses updates to documentation. generators Relates to code generators. new-resource Introduces a new resource. service/iam Issues and PRs that pertain to the iam service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v5.78.0
4 participants
@alexbacchin @ewbankkit @johnsonaj @justinretzolk