From db546bd192316d1a378b9df4eac537f5a98349fc Mon Sep 17 00:00:00 2001 From: lvthillo Date: Wed, 8 Dec 2021 09:18:19 +0100 Subject: [PATCH 1/8] Add support for organizations and organizational units for EC2 image builder distribution configuration --- .../distribution_configuration.go | 31 +++++ .../distribution_configuration_data_source.go | 14 +++ .../distribution_configuration_test.go | 106 ++++++++++++++++++ 3 files changed, 151 insertions(+) diff --git a/internal/service/imagebuilder/distribution_configuration.go b/internal/service/imagebuilder/distribution_configuration.go index f82d9802833..9d75d1acb34 100644 --- a/internal/service/imagebuilder/distribution_configuration.go +++ b/internal/service/imagebuilder/distribution_configuration.go @@ -89,6 +89,22 @@ func ResourceDistributionConfiguration() *schema.Resource { ValidateFunc: verify.ValidAccountID, }, }, + "organization_arns": { + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: verify.ValidARN, + }, + }, + "organizational_unit_arns": { + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: verify.ValidARN, + }, + }, }, }, }, @@ -387,6 +403,14 @@ func expandLaunchPermissionConfiguration(tfMap map[string]interface{}) *imagebui apiObject.UserGroups = flex.ExpandStringSet(v) } + if v, ok := tfMap["organization_arns"].(*schema.Set); ok && v.Len() > 0 { + apiObject.OrganizationArns = flex.ExpandStringSet(v) + } + + if v, ok := tfMap["organizational_unit_arns"].(*schema.Set); ok && v.Len() > 0 { + apiObject.OrganizationalUnitArns = flex.ExpandStringSet(v) + } + return apiObject } @@ -478,6 +502,13 @@ func flattenLaunchPermissionConfiguration(apiObject *imagebuilder.LaunchPermissi if v := apiObject.UserIds; v != nil { tfMap["user_ids"] = aws.StringValueSlice(v) } + if v := apiObject.OrganizationArns; v != nil { + tfMap["organization_arns"] = aws.StringValueSlice(v) + } + + if v := apiObject.OrganizationalUnitArns; v != nil { + tfMap["organizational_unit_arns"] = aws.StringValueSlice(v) + } return tfMap } diff --git a/internal/service/imagebuilder/distribution_configuration_data_source.go b/internal/service/imagebuilder/distribution_configuration_data_source.go index 2618bd7daee..040fde2cb85 100644 --- a/internal/service/imagebuilder/distribution_configuration_data_source.go +++ b/internal/service/imagebuilder/distribution_configuration_data_source.go @@ -85,6 +85,20 @@ func DataSourceDistributionConfiguration() *schema.Resource { Type: schema.TypeString, }, }, + "organization_arns": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "organizational_unit_arns": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, }, }, }, diff --git a/internal/service/imagebuilder/distribution_configuration_test.go b/internal/service/imagebuilder/distribution_configuration_test.go index 136ecf5cac5..d65b6394c2d 100644 --- a/internal/service/imagebuilder/distribution_configuration_test.go +++ b/internal/service/imagebuilder/distribution_configuration_test.go @@ -318,6 +318,78 @@ func TestAccImageBuilderDistributionConfiguration_DistributionAMIDistributionLau }) } +func TestAccImageBuilderDistributionConfiguration_DistributionAMIDistributionLaunchPermission_organizationArns(t *testing.T) { + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_imagebuilder_distribution_configuration.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, imagebuilder.EndpointsID), + ProviderFactories: acctest.ProviderFactories, + CheckDestroy: testAccCheckDistributionConfigurationDestroy, + Steps: []resource.TestStep{ + { + Config: testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationArnsConfig(rName, "arn:aws:organizations::111111111111:organization/o-aze123rty456"), + Check: resource.ComposeTestCheckFunc( + testAccCheckDistributionConfigurationExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "distribution.#", "1"), + resource.TestCheckTypeSetElemAttr(resourceName, "distribution.*.ami_distribution_configuration.0.launch_permission.0.organization_arns.*", "arn:aws:organizations::111111111111:organization/o-aze123rty456"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationArnsConfig(rName, "arn:aws:organizations::222222222222:organization/o-aze123rty456"), + Check: resource.ComposeTestCheckFunc( + testAccCheckDistributionConfigurationExists(resourceName), + acctest.CheckResourceAttrRFC3339(resourceName, "date_updated"), + resource.TestCheckResourceAttr(resourceName, "distribution.#", "1"), + resource.TestCheckTypeSetElemAttr(resourceName, "distribution.*.ami_distribution_configuration.0.launch_permission.0.organization_arns.*", "arn:aws:organizations::222222222222:organization/o-aze123rty456"), + ), + }, + }, + }) +} + +func TestAccImageBuilderDistributionConfiguration_DistributionAMIDistributionLaunchPermission_organizationalUnitArns(t *testing.T) { + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_imagebuilder_distribution_configuration.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, imagebuilder.EndpointsID), + ProviderFactories: acctest.ProviderFactories, + CheckDestroy: testAccCheckDistributionConfigurationDestroy, + Steps: []resource.TestStep{ + { + Config: testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationalUnitArnsConfig(rName, "arn:aws:organizations::111111111111:ou/o-aze123rty456/ou-azer-12aefd983dz"), + Check: resource.ComposeTestCheckFunc( + testAccCheckDistributionConfigurationExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "distribution.#", "1"), + resource.TestCheckTypeSetElemAttr(resourceName, "distribution.*.ami_distribution_configuration.0.launch_permission.0.organizational_unit_arns.*", "arn:aws:organizations::111111111111:ou/o-aze123rty456/ou-azer-12aefd983dz"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationalUnitArnsConfig(rName, "arn:aws:organizations::222222222222:ou/o-aze123rty456/ou-azer-12aefd983dz"), + Check: resource.ComposeTestCheckFunc( + testAccCheckDistributionConfigurationExists(resourceName), + acctest.CheckResourceAttrRFC3339(resourceName, "date_updated"), + resource.TestCheckResourceAttr(resourceName, "distribution.#", "1"), + resource.TestCheckTypeSetElemAttr(resourceName, "distribution.*.ami_distribution_configuration.0.launch_permission.0.organizational_unit_arns.*", "arn:aws:organizations::222222222222:ou/o-aze123rty456/ou-azer-12aefd983dz"), + ), + }, + }, + }) +} + func TestAccImageBuilderDistributionConfiguration_DistributionAMIDistribution_name(t *testing.T) { rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_imagebuilder_distribution_configuration.test" @@ -704,6 +776,40 @@ resource "aws_imagebuilder_distribution_configuration" "test" { `, rName, userId) } +func testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationArnsConfig(rName string, organizationArn string) string { + return fmt.Sprintf(` +data "aws_region" "current" {} +resource "aws_imagebuilder_distribution_configuration" "test" { + name = %[1]q + distribution { + ami_distribution_configuration { + launch_permission { + organization_arns = [%[2]q] + } + } + region = data.aws_region.current.name + } +} +`, rName, organizationArn) +} + +func testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationalUnitArnsConfig(rName string, organizationalUnitArn string) string { + return fmt.Sprintf(` +data "aws_region" "current" {} +resource "aws_imagebuilder_distribution_configuration" "test" { + name = %[1]q + distribution { + ami_distribution_configuration { + launch_permission { + organizational_unit_arns = [%[2]q] + } + } + region = data.aws_region.current.name + } +} +`, rName, organizationalUnitArn) +} + func testAccDistributionConfigurationDistributionAMIDistributionConfigurationNameConfig(rName string, name string) string { return fmt.Sprintf(` data "aws_region" "current" {} From 750289814261e4e32fc78777c7aa0fe62d670a07 Mon Sep 17 00:00:00 2001 From: lvthillo Date: Wed, 8 Dec 2021 17:49:31 +0100 Subject: [PATCH 2/8] Fix Acc tests --- .../distribution_configuration_test.go | 84 ++++++++++--------- 1 file changed, 44 insertions(+), 40 deletions(-) diff --git a/internal/service/imagebuilder/distribution_configuration_test.go b/internal/service/imagebuilder/distribution_configuration_test.go index d65b6394c2d..ddc1323d1b4 100644 --- a/internal/service/imagebuilder/distribution_configuration_test.go +++ b/internal/service/imagebuilder/distribution_configuration_test.go @@ -320,20 +320,24 @@ func TestAccImageBuilderDistributionConfiguration_DistributionAMIDistributionLau func TestAccImageBuilderDistributionConfiguration_DistributionAMIDistributionLaunchPermission_organizationArns(t *testing.T) { rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + organizationResourceName := "aws_organizations_organization.test" resourceName := "aws_imagebuilder_distribution_configuration.test" - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acctest.PreCheck(t) }, + resource.Test(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(t) + acctest.PreCheckOrganizationsAccount(t) + }, ErrorCheck: acctest.ErrorCheck(t, imagebuilder.EndpointsID), ProviderFactories: acctest.ProviderFactories, CheckDestroy: testAccCheckDistributionConfigurationDestroy, Steps: []resource.TestStep{ { - Config: testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationArnsConfig(rName, "arn:aws:organizations::111111111111:organization/o-aze123rty456"), + Config: testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationArnsConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckDistributionConfigurationExists(resourceName), resource.TestCheckResourceAttr(resourceName, "distribution.#", "1"), - resource.TestCheckTypeSetElemAttr(resourceName, "distribution.*.ami_distribution_configuration.0.launch_permission.0.organization_arns.*", "arn:aws:organizations::111111111111:organization/o-aze123rty456"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "distribution.*.ami_distribution_configuration.0.launch_permission.0.organization_arns.*", organizationResourceName, "arn"), ), }, { @@ -341,35 +345,31 @@ func TestAccImageBuilderDistributionConfiguration_DistributionAMIDistributionLau ImportState: true, ImportStateVerify: true, }, - { - Config: testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationArnsConfig(rName, "arn:aws:organizations::222222222222:organization/o-aze123rty456"), - Check: resource.ComposeTestCheckFunc( - testAccCheckDistributionConfigurationExists(resourceName), - acctest.CheckResourceAttrRFC3339(resourceName, "date_updated"), - resource.TestCheckResourceAttr(resourceName, "distribution.#", "1"), - resource.TestCheckTypeSetElemAttr(resourceName, "distribution.*.ami_distribution_configuration.0.launch_permission.0.organization_arns.*", "arn:aws:organizations::222222222222:organization/o-aze123rty456"), - ), - }, }, }) } func TestAccImageBuilderDistributionConfiguration_DistributionAMIDistributionLaunchPermission_organizationalUnitArns(t *testing.T) { rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + organizationalUnitResourceName := "aws_organizations_organizational_unit.test" + resourceName := "aws_imagebuilder_distribution_configuration.test" - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acctest.PreCheck(t) }, + resource.Test(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(t) + acctest.PreCheckOrganizationsAccount(t) + }, ErrorCheck: acctest.ErrorCheck(t, imagebuilder.EndpointsID), ProviderFactories: acctest.ProviderFactories, CheckDestroy: testAccCheckDistributionConfigurationDestroy, Steps: []resource.TestStep{ { - Config: testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationalUnitArnsConfig(rName, "arn:aws:organizations::111111111111:ou/o-aze123rty456/ou-azer-12aefd983dz"), + Config: testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationalUnitArnsConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckDistributionConfigurationExists(resourceName), resource.TestCheckResourceAttr(resourceName, "distribution.#", "1"), - resource.TestCheckTypeSetElemAttr(resourceName, "distribution.*.ami_distribution_configuration.0.launch_permission.0.organizational_unit_arns.*", "arn:aws:organizations::111111111111:ou/o-aze123rty456/ou-azer-12aefd983dz"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "distribution.*.ami_distribution_configuration.0.launch_permission.0.organizational_unit_arns.*", organizationalUnitResourceName, "arn"), ), }, { @@ -377,15 +377,6 @@ func TestAccImageBuilderDistributionConfiguration_DistributionAMIDistributionLau ImportState: true, ImportStateVerify: true, }, - { - Config: testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationalUnitArnsConfig(rName, "arn:aws:organizations::222222222222:ou/o-aze123rty456/ou-azer-12aefd983dz"), - Check: resource.ComposeTestCheckFunc( - testAccCheckDistributionConfigurationExists(resourceName), - acctest.CheckResourceAttrRFC3339(resourceName, "date_updated"), - resource.TestCheckResourceAttr(resourceName, "distribution.#", "1"), - resource.TestCheckTypeSetElemAttr(resourceName, "distribution.*.ami_distribution_configuration.0.launch_permission.0.organizational_unit_arns.*", "arn:aws:organizations::222222222222:ou/o-aze123rty456/ou-azer-12aefd983dz"), - ), - }, }, }) } @@ -776,38 +767,51 @@ resource "aws_imagebuilder_distribution_configuration" "test" { `, rName, userId) } -func testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationArnsConfig(rName string, organizationArn string) string { +func testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationArnsConfig(rName string) string { return fmt.Sprintf(` data "aws_region" "current" {} +data "aws_partition" "current" {} + +resource "aws_organizations_organization" "test" {} + resource "aws_imagebuilder_distribution_configuration" "test" { name = %[1]q distribution { ami_distribution_configuration { launch_permission { - organization_arns = [%[2]q] + organization_arns = [aws_organizations_organization.test.arn] } } region = data.aws_region.current.name } } -`, rName, organizationArn) +`, rName) } -func testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationalUnitArnsConfig(rName string, organizationalUnitArn string) string { +func testAccDistributionConfigurationDistributionAMIDistributionConfigurationLaunchPermissionOrganizationalUnitArnsConfig(rName string) string { return fmt.Sprintf(` data "aws_region" "current" {} +data "aws_partition" "current" {} + +resource "aws_organizations_organization" "test" {} + +resource "aws_organizations_organizational_unit" "test" { + name = %[1]q + parent_id = aws_organizations_organization.test.roots[0].id +} + resource "aws_imagebuilder_distribution_configuration" "test" { - name = %[1]q - distribution { - ami_distribution_configuration { - launch_permission { - organizational_unit_arns = [%[2]q] - } - } - region = data.aws_region.current.name + name = %[1]q + distribution { + ami_distribution_configuration { + launch_permission { + organizational_unit_arns = [aws_organizations_organizational_unit.test.arn] + } + } + region = data.aws_region.current.name + } } -} -`, rName, organizationalUnitArn) + `, rName) } func testAccDistributionConfigurationDistributionAMIDistributionConfigurationNameConfig(rName string, name string) string { From 80b413c2f79bfc826cfa138bab4c62299e383ebb Mon Sep 17 00:00:00 2001 From: lvthillo Date: Tue, 22 Mar 2022 08:23:30 +0100 Subject: [PATCH 3/8] Add docs + add CHANGELOG entry + fix terrafmt formatting. --- CHANGELOG.md | 1 + .../distribution_configuration_test.go | 22 +++++++++---------- ...r_distribution_configuration.html.markdown | 2 ++ 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 73334264bdc..022692b6253 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ ENHANCEMENTS: * resource/aws_instance: Add `user_data_replace_on_change` attribute ([#23604](https://github.com/hashicorp/terraform-provider-aws/issues/23604)) * resource/aws_ssm_maintenance_window_task: Add `arn` and `window_task_id` attributes. ([#23756](https://github.com/hashicorp/terraform-provider-aws/issues/23756)) * resource/aws_ssm_maintenance_window_task: Add `cutoff_behavior` argument. ([#23756](https://github.com/hashicorp/terraform-provider-aws/issues/23756)) +* resource/aws_imagebuilder_distribution_configuration: Add `organization_arns` and `organizational_unit_arns` attributes to the `distribution.launch_template_configuration` configuration block ([#21929](https://github.com/hashicorp/terraform-provider-aws/issues/21929)) BUG FIXES: diff --git a/internal/service/imagebuilder/distribution_configuration_test.go b/internal/service/imagebuilder/distribution_configuration_test.go index 82e2e377c5f..f2725facc90 100644 --- a/internal/service/imagebuilder/distribution_configuration_test.go +++ b/internal/service/imagebuilder/distribution_configuration_test.go @@ -955,21 +955,21 @@ data "aws_partition" "current" {} resource "aws_organizations_organization" "test" {} resource "aws_organizations_organizational_unit" "test" { - name = %[1]q - parent_id = aws_organizations_organization.test.roots[0].id + name = %[1]q + parent_id = aws_organizations_organization.test.roots[0].id } resource "aws_imagebuilder_distribution_configuration" "test" { - name = %[1]q - distribution { - ami_distribution_configuration { - launch_permission { - organizational_unit_arns = [aws_organizations_organizational_unit.test.arn] - } - } - region = data.aws_region.current.name - } + name = %[1]q + distribution { + ami_distribution_configuration { + launch_permission { + organizational_unit_arns = [aws_organizations_organizational_unit.test.arn] + } + } + region = data.aws_region.current.name } +} `, rName) } diff --git a/website/docs/r/imagebuilder_distribution_configuration.html.markdown b/website/docs/r/imagebuilder_distribution_configuration.html.markdown index 44da386e1f9..4b893d30e10 100644 --- a/website/docs/r/imagebuilder_distribution_configuration.html.markdown +++ b/website/docs/r/imagebuilder_distribution_configuration.html.markdown @@ -81,6 +81,8 @@ The following arguments are optional: * `user_groups` - (Optional) Set of EC2 launch permission user groups to assign. Use `all` to distribute a public AMI. * `user_ids` - (Optional) Set of AWS Account identifiers to assign. +* `organization_arns` - (Optional) Set of AWS Organization ARNs to assign. +* `organizational_unit_arns` - (Optional) Set of AWS Organizational Unit ARNs to assign. ### container_distribution_configuration From 593afcad75b138435df72bd49440de39945f06bf Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 23 Mar 2022 08:32:06 -0400 Subject: [PATCH 4/8] Add CHANGELOG entry file. --- .changelog/22104.txt | 7 +++++++ CHANGELOG.md | 1 - 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 .changelog/22104.txt diff --git a/.changelog/22104.txt b/.changelog/22104.txt new file mode 100644 index 00000000000..aeeb3e5b861 --- /dev/null +++ b/.changelog/22104.txt @@ -0,0 +1,7 @@ +```release-note:enhancement +resource/aws_imagebuilder_distribution_configuration: Add `organization_arns` and `organizational_unit_arns` arguments to the `distribution.ami_distribution_configuration.launch_permission` configuration block +``` + +```release-note:enhancement +data-source/aws_imagebuilder_distribution_configuration: Add `organization_arns` and `organizational_unit_arns` attributes to the `distribution.ami_distribution_configuration.launch_permission` configuration block +``` \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 022692b6253..73334264bdc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,7 +17,6 @@ ENHANCEMENTS: * resource/aws_instance: Add `user_data_replace_on_change` attribute ([#23604](https://github.com/hashicorp/terraform-provider-aws/issues/23604)) * resource/aws_ssm_maintenance_window_task: Add `arn` and `window_task_id` attributes. ([#23756](https://github.com/hashicorp/terraform-provider-aws/issues/23756)) * resource/aws_ssm_maintenance_window_task: Add `cutoff_behavior` argument. ([#23756](https://github.com/hashicorp/terraform-provider-aws/issues/23756)) -* resource/aws_imagebuilder_distribution_configuration: Add `organization_arns` and `organizational_unit_arns` attributes to the `distribution.launch_template_configuration` configuration block ([#21929](https://github.com/hashicorp/terraform-provider-aws/issues/21929)) BUG FIXES: From 63ceaca847fb80f2299b74a9ee71469e6050aa30 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 23 Mar 2022 08:33:33 -0400 Subject: [PATCH 5/8] d/aws_imagebuilder_distribution_configuration: 'organization_arns' and 'organizational_unit_arns' are in 'distribution.ami_distribution_configuration.launch_permission'. --- .../distribution_configuration_data_source.go | 28 +++++++++---------- ...r_distribution_configuration.html.markdown | 2 ++ 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/internal/service/imagebuilder/distribution_configuration_data_source.go b/internal/service/imagebuilder/distribution_configuration_data_source.go index 6c2b26593cf..85f45f4ede2 100644 --- a/internal/service/imagebuilder/distribution_configuration_data_source.go +++ b/internal/service/imagebuilder/distribution_configuration_data_source.go @@ -57,6 +57,20 @@ func DataSourceDistributionConfiguration() *schema.Resource { Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "organization_arns": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "organizational_unit_arns": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, "user_groups": { Type: schema.TypeSet, Computed: true, @@ -85,20 +99,6 @@ func DataSourceDistributionConfiguration() *schema.Resource { Type: schema.TypeString, }, }, - "organization_arns": { - Type: schema.TypeSet, - Computed: true, - Elem: &schema.Schema{ - Type: schema.TypeString, - }, - }, - "organizational_unit_arns": { - Type: schema.TypeSet, - Computed: true, - Elem: &schema.Schema{ - Type: schema.TypeString, - }, - }, }, }, }, diff --git a/website/docs/d/imagebuilder_distribution_configuration.html.markdown b/website/docs/d/imagebuilder_distribution_configuration.html.markdown index ae380c8d987..ccbd7cfc25b 100644 --- a/website/docs/d/imagebuilder_distribution_configuration.html.markdown +++ b/website/docs/d/imagebuilder_distribution_configuration.html.markdown @@ -35,6 +35,8 @@ In addition to all arguments above, the following attributes are exported: * `description` - Description to apply to distributed AMI. * `kms_key_id` - Amazon Resource Name (ARN) of Key Management Service (KMS) Key to encrypt AMI. * `launch_permission` - Nested list of EC2 launch permissions. + * `organization_arns` - Set of AWS Organization ARNs. + * `organizational_unit_arns` - Set of AWS Organizational Unit ARNs. * `user_groups` - Set of EC2 launch permission user groups. * `user_ids` - Set of AWS Account identifiers. * `target_account_ids` - Set of target AWS Account identifiers. From da1c9ff4dc52245cac0830afc65d022b29ce5568 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 23 Mar 2022 08:36:51 -0400 Subject: [PATCH 6/8] r/aws_imagebuilder_distribution_configuration: Alphabetical order. --- .../distribution_configuration.go | 47 ++++++++++--------- ...r_distribution_configuration.html.markdown | 4 +- 2 files changed, 26 insertions(+), 25 deletions(-) diff --git a/internal/service/imagebuilder/distribution_configuration.go b/internal/service/imagebuilder/distribution_configuration.go index 6aa4574f4ca..c281c4b0b97 100644 --- a/internal/service/imagebuilder/distribution_configuration.go +++ b/internal/service/imagebuilder/distribution_configuration.go @@ -73,36 +73,36 @@ func ResourceDistributionConfiguration() *schema.Resource { Optional: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "user_groups": { + "organization_arns": { Type: schema.TypeSet, Optional: true, Elem: &schema.Schema{ Type: schema.TypeString, - ValidateFunc: validation.StringLenBetween(1, 1024), + ValidateFunc: verify.ValidARN, }, }, - "user_ids": { + "organizational_unit_arns": { Type: schema.TypeSet, Optional: true, Elem: &schema.Schema{ Type: schema.TypeString, - ValidateFunc: verify.ValidAccountID, + ValidateFunc: verify.ValidARN, }, }, - "organization_arns": { + "user_groups": { Type: schema.TypeSet, Optional: true, Elem: &schema.Schema{ Type: schema.TypeString, - ValidateFunc: verify.ValidARN, + ValidateFunc: validation.StringLenBetween(1, 1024), }, }, - "organizational_unit_arns": { + "user_ids": { Type: schema.TypeSet, Optional: true, Elem: &schema.Schema{ Type: schema.TypeString, - ValidateFunc: verify.ValidARN, + ValidateFunc: verify.ValidAccountID, }, }, }, @@ -511,14 +511,6 @@ func expandLaunchPermissionConfiguration(tfMap map[string]interface{}) *imagebui apiObject := &imagebuilder.LaunchPermissionConfiguration{} - if v, ok := tfMap["user_ids"].(*schema.Set); ok && v.Len() > 0 { - apiObject.UserIds = flex.ExpandStringSet(v) - } - - if v, ok := tfMap["user_groups"].(*schema.Set); ok && v.Len() > 0 { - apiObject.UserGroups = flex.ExpandStringSet(v) - } - if v, ok := tfMap["organization_arns"].(*schema.Set); ok && v.Len() > 0 { apiObject.OrganizationArns = flex.ExpandStringSet(v) } @@ -527,6 +519,14 @@ func expandLaunchPermissionConfiguration(tfMap map[string]interface{}) *imagebui apiObject.OrganizationalUnitArns = flex.ExpandStringSet(v) } + if v, ok := tfMap["user_ids"].(*schema.Set); ok && v.Len() > 0 { + apiObject.UserIds = flex.ExpandStringSet(v) + } + + if v, ok := tfMap["user_groups"].(*schema.Set); ok && v.Len() > 0 { + apiObject.UserGroups = flex.ExpandStringSet(v) + } + return apiObject } @@ -695,13 +695,6 @@ func flattenLaunchPermissionConfiguration(apiObject *imagebuilder.LaunchPermissi tfMap := map[string]interface{}{} - if v := apiObject.UserGroups; v != nil { - tfMap["user_groups"] = aws.StringValueSlice(v) - } - - if v := apiObject.UserIds; v != nil { - tfMap["user_ids"] = aws.StringValueSlice(v) - } if v := apiObject.OrganizationArns; v != nil { tfMap["organization_arns"] = aws.StringValueSlice(v) } @@ -710,6 +703,14 @@ func flattenLaunchPermissionConfiguration(apiObject *imagebuilder.LaunchPermissi tfMap["organizational_unit_arns"] = aws.StringValueSlice(v) } + if v := apiObject.UserGroups; v != nil { + tfMap["user_groups"] = aws.StringValueSlice(v) + } + + if v := apiObject.UserIds; v != nil { + tfMap["user_ids"] = aws.StringValueSlice(v) + } + return tfMap } diff --git a/website/docs/r/imagebuilder_distribution_configuration.html.markdown b/website/docs/r/imagebuilder_distribution_configuration.html.markdown index 4b893d30e10..ee099916d39 100644 --- a/website/docs/r/imagebuilder_distribution_configuration.html.markdown +++ b/website/docs/r/imagebuilder_distribution_configuration.html.markdown @@ -79,10 +79,10 @@ The following arguments are optional: The following arguments are optional: -* `user_groups` - (Optional) Set of EC2 launch permission user groups to assign. Use `all` to distribute a public AMI. -* `user_ids` - (Optional) Set of AWS Account identifiers to assign. * `organization_arns` - (Optional) Set of AWS Organization ARNs to assign. * `organizational_unit_arns` - (Optional) Set of AWS Organizational Unit ARNs to assign. +* `user_groups` - (Optional) Set of EC2 launch permission user groups to assign. Use `all` to distribute a public AMI. +* `user_ids` - (Optional) Set of AWS Account identifiers to assign. ### container_distribution_configuration From 983c7ae37896189ce29315926e9c69ab3c8f0db0 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 23 Mar 2022 08:45:15 -0400 Subject: [PATCH 7/8] Skip acceptance tests errors like 'Error creating License Manager license configuration: ResourceLimitExceededException: You have reached the maximum allowed number of license configurations created in one day.'. --- .../imagebuilder/distribution_configuration_test.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/internal/service/imagebuilder/distribution_configuration_test.go b/internal/service/imagebuilder/distribution_configuration_test.go index f2725facc90..17d0586104d 100644 --- a/internal/service/imagebuilder/distribution_configuration_test.go +++ b/internal/service/imagebuilder/distribution_configuration_test.go @@ -15,6 +15,16 @@ import ( tfimagebuilder "github.com/hashicorp/terraform-provider-aws/internal/service/imagebuilder" ) +func init() { + acctest.RegisterServiceErrorCheckFunc(imagebuilder.EndpointsID, testAccErrorCheckSkip) +} + +func testAccErrorCheckSkip(t *testing.T) resource.ErrorCheckFunc { + return acctest.ErrorCheckSkipMessagesContaining(t, + "You have reached the maximum allowed number of license configurations created in one day", + ) +} + func TestAccImageBuilderDistributionConfiguration_basic(t *testing.T) { rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_imagebuilder_distribution_configuration.test" From bed61da430199eb3a66d91657f1fb106ee678427 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 23 Mar 2022 09:02:13 -0400 Subject: [PATCH 8/8] Prevent errors like 'Error creating License Manager license configuration: AccessDeniedException: Service role not found. Consult setup procedures in License Manager User Guide and create the required role for the service.'. --- .../service/imagebuilder/distribution_configuration_test.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/internal/service/imagebuilder/distribution_configuration_test.go b/internal/service/imagebuilder/distribution_configuration_test.go index 17d0586104d..e0681d3973e 100644 --- a/internal/service/imagebuilder/distribution_configuration_test.go +++ b/internal/service/imagebuilder/distribution_configuration_test.go @@ -635,7 +635,10 @@ func TestAccImageBuilderDistributionConfiguration_Distribution_licenseARNs(t *te resourceName := "aws_imagebuilder_distribution_configuration.test" resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acctest.PreCheck(t) }, + PreCheck: func() { + acctest.PreCheck(t) + acctest.PreCheckIAMServiceLinkedRole(t, "/aws-service-role/license-manager.amazonaws.com") + }, ErrorCheck: acctest.ErrorCheck(t, imagebuilder.EndpointsID), ProviderFactories: acctest.ProviderFactories, CheckDestroy: testAccCheckDistributionConfigurationDestroy,