feat:aws oidc account (#582)

Makefile

@@ -3,7 +3,7 @@ HOSTNAME=octopus.com
 NAMESPACE=com
 NAME=octopusdeploy
 BINARY=terraform-provider-${NAME}
-VERSION=0.7.99
+VERSION=0.7.102
 
 ifeq ($(OS), Windows_NT)
 	OS_ARCH?=windows_386

examples/resources/octopusdeploy_account/resource.tf

@@ -6,6 +6,16 @@ resource "octopusdeploy_account" "amazon_web_services_account" {
   secret_key   = "###########" # required; get from secure environment/store
 }
 
+resource "octopusdeploy_account" "amazon_web_services_openid_connect_account" {
+  account_type = "AwsOIDCAccount"
+  name         = "AWS OIDC Account (OK to Delete)"
+  role_arn = "arn:aws:iam::sourceAccountId:roleroleName"
+  session_duration = "3600"
+  execution_subject_keys = ["space", "project"]
+  health_subject_keys = ["space", "target"]
+  account_test_subject_keys = ["space", "type"]
+}
+
 # create an Azure service principal account
 resource "octopusdeploy_account" "azure_service_principal_account" {
   account_type    = "AzureServicePrincipal"
@@ -23,7 +33,7 @@ resource "octopusdeploy_account" "azure_openid_connect_account" {
   name            = "Azure OpenID Connect Account (OK to Delete)"
   subscription_id = "00000000-0000-0000-0000-000000000000"
   tenant_id       = "00000000-0000-0000-0000-000000000000"
-  executions_subject_keys = ["space", "project"]
+  execution_subject_keys = ["space", "project"]
   health_subject_keys = ["space", "target"]
   account_test_subject_keys = ["space", "type"]
 }

go.mod

@@ -3,7 +3,7 @@ module github.com/OctopusDeploy/terraform-provider-octopusdeploy
 go 1.20
 
 require (
-	github.com/OctopusDeploy/go-octopusdeploy/v2 v2.38.3
+	github.com/OctopusDeploy/go-octopusdeploy/v2 v2.40.0
 	github.com/OctopusSolutionsEngineering/OctopusTerraformTestFramework v0.0.0-20230705105638-f5ef7c07973b
 	github.com/google/uuid v1.3.0
 	github.com/gruntwork-io/terratest v0.41.11

go.sum

@@ -63,8 +63,8 @@ github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugX
 github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
 github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/Microsoft/hcsshim v0.9.7 h1:mKNHW/Xvv1aFH87Jb6ERDzXTJTLPlmzfZ28VBFD/bfg=
-github.com/OctopusDeploy/go-octopusdeploy/v2 v2.38.3 h1:t1y+X1xtuTRxKsre2GtYnRj1FYZPDWQTGn9i0LbMLK0=
-github.com/OctopusDeploy/go-octopusdeploy/v2 v2.38.3/go.mod h1:GZmFu6LmN8Yg0tEoZx3ytk9FnaH+84cWm7u5TdWZC6E=
+github.com/OctopusDeploy/go-octopusdeploy/v2 v2.40.0 h1:0Q3Vfbuza9GysMjQk56WphA3Lu2Kw/A/T6suJ78RMec=
+github.com/OctopusDeploy/go-octopusdeploy/v2 v2.40.0/go.mod h1:GZmFu6LmN8Yg0tEoZx3ytk9FnaH+84cWm7u5TdWZC6E=
 github.com/OctopusSolutionsEngineering/OctopusTerraformTestFramework v0.0.0-20230705105638-f5ef7c07973b h1:XOBPcVHeDUYIpcag0yI8IYKiBL+5LLL8suysvlavQwI=
 github.com/OctopusSolutionsEngineering/OctopusTerraformTestFramework v0.0.0-20230705105638-f5ef7c07973b/go.mod h1:E0hYVpZd61fXhzTozkxjiWEy+/yTRxAnr2SIE7k8ZSM=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ=

octopusdeploy/provider.go

@@ -46,6 +46,7 @@ func Provider() *schema.Provider {
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"octopusdeploy_aws_account":                                    resourceAmazonWebServicesAccount(),
+			"octopusdeploy_aws_openid_connect_account":                     resourceAmazonWebServicesOpenIDConnectAccount(),
 			"octopusdeploy_aws_elastic_container_registry":                 resourceAwsElasticContainerRegistry(),
 			"octopusdeploy_azure_cloud_service_deployment_target":          resourceAzureCloudServiceDeploymentTarget(),
 			"octopusdeploy_azure_service_fabric_cluster_deployment_target": resourceAzureServiceFabricClusterDeploymentTarget(),

octopusdeploy/resource_aws_openid_connect_account.go

@@ -0,0 +1,96 @@
+package octopusdeploy
+
+import (
+	"context"
+	"log"
+
+	"github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/accounts"
+	"github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/client"
+	"github.com/OctopusDeploy/terraform-provider-octopusdeploy/internal/errors"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func resourceAmazonWebServicesOpenIDConnectAccount() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceAmazonWebServicesOpenIDConnectAccountCreate,
+		DeleteContext: resourceAmazonWebServicesOpenIDConnectAccountDelete,
+		Description:   "This resource manages AWS OIDC accounts in Octopus Deploy.",
+		Importer:      getImporter(),
+		ReadContext:   resourceAmazonWebServicesOpenIDConnectAccountRead,
+		Schema:        getAmazonWebServicesOpenIDConnectAccountSchema(),
+		UpdateContext: resourceAmazonWebServicesOpenIDConnectAccountUpdate,
+	}
+}
+
+func resourceAmazonWebServicesOpenIDConnectAccountCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	account := expandAmazonWebServicesOpenIDConnectAccount(d)
+
+	log.Printf("[INFO] creating AWS OIDC account")
+
+	client := m.(*client.Client)
+	createdAccount, err := client.Accounts.Add(account)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	if err := setAmazonWebServicesOpenIDConnectAccount(ctx, d, createdAccount.(*accounts.AwsOIDCAccount)); err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId(createdAccount.GetID())
+
+	log.Printf("[INFO] AWS OIDC account created (%s)", d.Id())
+	return nil
+}
+
+func resourceAmazonWebServicesOpenIDConnectAccountDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	log.Printf("[INFO] deleting AWS OIDC account (%s)", d.Id())
+
+	client := m.(*client.Client)
+	if err := client.Accounts.DeleteByID(d.Id()); err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId("")
+
+	log.Printf("[INFO] AWS OIDC account deleted")
+	return nil
+}
+
+func resourceAmazonWebServicesOpenIDConnectAccountRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	log.Printf("[INFO] reading AWS OIDC account (%s)", d.Id())
+
+	client := m.(*client.Client)
+	accountResource, err := client.Accounts.GetByID(d.Id())
+	if err != nil {
+		return errors.ProcessApiError(ctx, d, err, "AWS OIDC account")
+	}
+
+	awsOIDCAccount := accountResource.(*accounts.AwsOIDCAccount)
+	if err := setAmazonWebServicesOpenIDConnectAccount(ctx, d, awsOIDCAccount); err != nil {
+		return diag.FromErr(err)
+	}
+
+	log.Printf("[INFO] AWS OIDC account read: %#v", awsOIDCAccount)
+	return nil
+}
+
+func resourceAmazonWebServicesOpenIDConnectAccountUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	account := expandAmazonWebServicesOpenIDConnectAccount(d)
+
+	log.Printf("[INFO] updating AWS OIDC account: %#v", account)
+
+	client := m.(*client.Client)
+	updatedAccount, err := client.Accounts.Update(account)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	if err := setAmazonWebServicesOpenIDConnectAccount(ctx, d, updatedAccount.(*accounts.AwsOIDCAccount)); err != nil {
+		return diag.FromErr(err)
+	}
+
+	log.Printf("[INFO] AWS OIDC account updated (%s)", d.Id())
+	return nil
+}

octopusdeploy/resource_aws_openid_connect_account_test.go

@@ -0,0 +1,86 @@
+package octopusdeploy
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/core"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccAWSOIDCAccountBasic(t *testing.T) {
+	localName := acctest.RandStringFromCharSet(20, acctest.CharSetAlpha)
+	prefix := "octopusdeploy_aws_account." + localName
+
+	description := acctest.RandStringFromCharSet(20, acctest.CharSetAlpha)
+	name := acctest.RandStringFromCharSet(20, acctest.CharSetAlpha)
+	tenantedDeploymentParticipation := core.TenantedDeploymentModeTenantedOrUntenanted
+
+	roleArn := "arn:aws:iam::sourceAccountId:roleroleName"
+	sessionDuration := "3600"
+	executionKeys := []string{"space"}
+	healthKeys := []string{"target"}
+	accountKeys := []string{"type"}
+
+	resource.Test(t, resource.TestCase{
+		CheckDestroy: testAccountCheckDestroy,
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Check: resource.ComposeTestCheckFunc(
+					testAccountExists(prefix),
+					resource.TestCheckResourceAttr(prefix, "description", description),
+					resource.TestCheckResourceAttr(prefix, "name", name),
+					resource.TestCheckResourceAttr(prefix, "role_arn", roleArn),
+					resource.TestCheckResourceAttr(prefix, "session_duration", sessionDuration),
+					resource.TestCheckResourceAttr(prefix, "tenanted_deployment_participation", string(tenantedDeploymentParticipation)),
+					resource.TestCheckResourceAttr(prefix, "execution_subject_keys", executionKeys[0]),
+					resource.TestCheckResourceAttr(prefix, "health_subject_keys", healthKeys[0]),
+					resource.TestCheckResourceAttr(prefix, "account_test_subject_keys", accountKeys[0]),
+				),
+				Config: testAwsOIDCAccountBasic(localName, name, description, roleArn, sessionDuration, tenantedDeploymentParticipation, executionKeys, healthKeys, accountKeys),
+			},
+			{
+				Check: resource.ComposeTestCheckFunc(
+					testAccountExists(prefix),
+					resource.TestCheckResourceAttr(prefix, "description", description),
+					resource.TestCheckResourceAttr(prefix, "name", name),
+					resource.TestCheckResourceAttr(prefix, "role_arn", roleArn),
+					resource.TestCheckResourceAttr(prefix, "session_duration", sessionDuration),
+					resource.TestCheckResourceAttr(prefix, "tenanted_deployment_participation", string(tenantedDeploymentParticipation)),
+					resource.TestCheckResourceAttr(prefix, "execution_subject_keys", executionKeys[0]),
+					resource.TestCheckResourceAttr(prefix, "health_subject_keys", healthKeys[0]),
+					resource.TestCheckResourceAttr(prefix, "account_test_subject_keys", accountKeys[0]),
+				),
+				Config: testAwsOIDCAccountBasic(localName, name, description, roleArn, sessionDuration, tenantedDeploymentParticipation, executionKeys, healthKeys, accountKeys),
+			},
+		},
+	})
+}
+
+func testAwsOIDCAccountBasic(localName string, name string, description string, roleArn string, sessionDuration string, tenantedDeploymentParticipation core.TenantedDeploymentMode, execution_subject_keys []string, health_subject_keys []string, account_test_subject_keys []string) string {
+	return fmt.Sprintf(`resource "octopusdeploy_aws_openid_connect_account" "%s" {
+		description = "%s"
+		name = "%s"
+		role_arn = "%s"
+		tenanted_deployment_participation = "%s"
+		execution_subject_keys = "%s"
+		health_subject_keys = "%s"
+		account_test_subject_keys = "%s"
+		session_duration = "%s"
+	}
+	
+	data "octopusdeploy_accounts" "test" {
+		ids = [octopusdeploy_aws_openid_connect_account.%s.id]
+	}`, localName, description, name, roleArn, tenantedDeploymentParticipation, execution_subject_keys, health_subject_keys, account_test_subject_keys, sessionDuration, localName)
+}
+
+func testAwsOIDCAccount(localName string, name string, roleArn string, sessionDuration string) string {
+	return fmt.Sprintf(`resource "octopusdeploy_aws_openid_connect_account" "%s" {
+		name       = "%s"
+		role_arn   = "%s"
+		session_duration = "%s"
+	}`, localName, name, roleArn, sessionDuration)
+}

octopusdeploy/resource_azure_oidc_account_test.go

@@ -21,9 +21,9 @@ func TestAccOctopusDeployAzureOpenIDConnectAccountBasic(t *testing.T) {
 	tenantedDeploymentMode := core.TenantedDeploymentModeTenantedOrUntenanted
 	tenantID := uuid.New()
 
-	execution_keys := []string{"space"}
-	health_keys := []string{"target"}
-	account_keys := []string{"type"}
+	executionKeys := []string{"space"}
+	healthKeys := []string{"target"}
+	accountKeys := []string{"type"}
 	audience := acctest.RandStringFromCharSet(20, acctest.CharSetAlpha)
 
 	newDescription := acctest.RandStringFromCharSet(20, acctest.CharSetAlpha)
@@ -42,12 +42,12 @@ func TestAccOctopusDeployAzureOpenIDConnectAccountBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(prefix, "subscription_id", subscriptionID.String()),
 					resource.TestCheckResourceAttr(prefix, "tenant_id", tenantID.String()),
 					resource.TestCheckResourceAttr(prefix, "tenanted_deployment_participation", string(tenantedDeploymentMode)),
-					resource.TestCheckResourceAttr(prefix, "execution_subject_keys", execution_keys[0]),
-					resource.TestCheckResourceAttr(prefix, "health_subject_keys", health_keys[0]),
-					resource.TestCheckResourceAttr(prefix, "account_test_subject_keys", account_keys[0]),
+					resource.TestCheckResourceAttr(prefix, "execution_subject_keys", executionKeys[0]),
+					resource.TestCheckResourceAttr(prefix, "health_subject_keys", healthKeys[0]),
+					resource.TestCheckResourceAttr(prefix, "account_test_subject_keys", accountKeys[0]),
 					resource.TestCheckResourceAttr(prefix, "audience", audience),
 				),
-				Config: testAzureOpenIDConnectAccountBasic(localName, name, description, applicationID, tenantID, subscriptionID, tenantedDeploymentMode, execution_keys, health_keys, account_keys, audience),
+				Config: testAzureOpenIDConnectAccountBasic(localName, name, description, applicationID, tenantID, subscriptionID, tenantedDeploymentMode, executionKeys, healthKeys, accountKeys, audience),
 			},
 			{
 				Check: resource.ComposeTestCheckFunc(
@@ -58,12 +58,12 @@ func TestAccOctopusDeployAzureOpenIDConnectAccountBasic(t *testing.T) {
 					resource.TestCheckResourceAttr(prefix, "subscription_id", subscriptionID.String()),
 					resource.TestCheckResourceAttr(prefix, "tenant_id", tenantID.String()),
 					resource.TestCheckResourceAttr(prefix, "tenanted_deployment_participation", string(tenantedDeploymentMode)),
-					resource.TestCheckResourceAttr(prefix, "execution_subject_keys", execution_keys[0]),
-					resource.TestCheckResourceAttr(prefix, "health_subject_keys", health_keys[0]),
-					resource.TestCheckResourceAttr(prefix, "account_test_subject_keys", account_keys[0]),
+					resource.TestCheckResourceAttr(prefix, "execution_subject_keys", executionKeys[0]),
+					resource.TestCheckResourceAttr(prefix, "health_subject_keys", healthKeys[0]),
+					resource.TestCheckResourceAttr(prefix, "account_test_subject_keys", accountKeys[0]),
 					resource.TestCheckResourceAttr(prefix, "audience", audience),
 				),
-				Config: testAzureOpenIDConnectAccountBasic(localName, name, newDescription, applicationID, tenantID, subscriptionID, tenantedDeploymentMode, execution_keys, health_keys, account_keys, audience),
+				Config: testAzureOpenIDConnectAccountBasic(localName, name, newDescription, applicationID, tenantID, subscriptionID, tenantedDeploymentMode, executionKeys, healthKeys, accountKeys, audience),
 			},
 		},
 	})