Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for AWS Identity Center #19

Merged
merged 3 commits into from
May 26, 2023
Merged

Add support for AWS Identity Center #19

merged 3 commits into from
May 26, 2023

Conversation

ken-opal
Copy link
Contributor

@ken-opal ken-opal commented May 23, 2023
edited
Loading

Description of the change

  • Support creating and deleting permission sets

  • Remote info will be imported for permission sets so that the parent accounts can be referenced and modified as desired

  • Note: Build will fail until new version of the Go SDK is released.

Checklist

  • I performed a self-review of my code
  • I manually tested my code change (please list details in description)
  • I added unit tests
  • I updated the changelog
  • I updated the public facing docs

@ken-opal ken-opal requested review from jan-opal, a team and aashish-opal May 23, 2023 17:56
jan-opal
jan-opal reviewed May 25, 2023
View reviewed changes
opal/resource.go
@@ -416,14 +411,38 @@ func resourceResourceRead(ctx context.Context, d *schema.ResourceData, m any) di
}
d.Set("reviewer_stage", reviewerStagesI)

if resource.Metadata != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need the remote_info during the read operation? Other resources types currently don't require it, right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is so that we can set the remote_info with AWS account ID and ARN when importing from terraformer, so that we can support such a workflow like this:

  1. Use Opal to auto-import provisioned to get permission sets into our system
  2. Use terraformer to import accounts and permission sets into .tf files, with the remote_info filled so that the accounts can be updated (felt a bit weird to me that remote_info only exists when we create new remote resources)
  3. From there on, set app to manual import (to be added) and then use TF to manage permission sets

I imagine we can set this for other AWS Orgs resources too, but I just did permission sets for now

ken-opal added 2 commits May 25, 2023 14:56
@ken-opal
Add support for AWS Identity Center
744d502 
- Support creating and deleting permission sets
- Remote info will be imported for permission sets so that the parent
accounts can be referenced and modified as desired
@ken-opal
Update docs and examples
e9ae542 
- Updated README / remote_resource.tf
- Ran `make docs`
@ken-opal ken-opal temporarily deployed to Test May 25, 2023 21:59 — with GitHub Actions Inactive
amagnus
amagnus approved these changes May 26, 2023
View reviewed changes
Copy link

@amagnus amagnus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ken-opal ken-opal merged commit 24eb7c5 into main May 26, 2023
@ken-opal ken-opal deleted the ken/aws-ic branch May 26, 2023 22:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan-opal jan-opal jan-opal left review comments

@amagnus amagnus amagnus approved these changes

@aashish-opal aashish-opal Awaiting requested review from aashish-opal

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ken-opal @amagnus @jan-opal