From 0503d4c06881f6cc2b3870e4ca400d3f4719b99c Mon Sep 17 00:00:00 2001 From: Ben Pearce Date: Fri, 15 Mar 2024 13:03:04 +1000 Subject: [PATCH] feat:aws oidc account (#582) --- Makefile | 2 +- .../octopusdeploy_account/resource.tf | 12 +- go.mod | 2 +- go.sum | 4 +- octopusdeploy/provider.go | 1 + .../resource_aws_openid_connect_account.go | 96 +++++++++++++ ...esource_aws_openid_connect_account_test.go | 86 ++++++++++++ .../resource_azure_oidc_account_test.go | 22 +-- ...zon_web_services_openid_connect_account.go | 131 ++++++++++++++++++ octopusdeploy/schema_azure_oidc_account.go | 10 +- octopusdeploy/schema_queries.go | 1 + octopusdeploy/schema_utilities.go | 7 +- 12 files changed, 350 insertions(+), 24 deletions(-) create mode 100644 octopusdeploy/resource_aws_openid_connect_account.go create mode 100644 octopusdeploy/resource_aws_openid_connect_account_test.go create mode 100644 octopusdeploy/schema_amazon_web_services_openid_connect_account.go diff --git a/Makefile b/Makefile index 4695999ef..8dd5de539 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ HOSTNAME=octopus.com NAMESPACE=com NAME=octopusdeploy BINARY=terraform-provider-${NAME} -VERSION=0.7.99 +VERSION=0.7.102 ifeq ($(OS), Windows_NT) OS_ARCH?=windows_386 diff --git a/examples/resources/octopusdeploy_account/resource.tf b/examples/resources/octopusdeploy_account/resource.tf index 85f81d9a5..c18a1aba5 100644 --- a/examples/resources/octopusdeploy_account/resource.tf +++ b/examples/resources/octopusdeploy_account/resource.tf @@ -6,6 +6,16 @@ resource "octopusdeploy_account" "amazon_web_services_account" { secret_key = "###########" # required; get from secure environment/store } +resource "octopusdeploy_account" "amazon_web_services_openid_connect_account" { + account_type = "AwsOIDCAccount" + name = "AWS OIDC Account (OK to Delete)" + role_arn = "arn:aws:iam::sourceAccountId:roleroleName" + session_duration = "3600" + execution_subject_keys = ["space", "project"] + health_subject_keys = ["space", "target"] + account_test_subject_keys = ["space", "type"] +} + # create an Azure service principal account resource "octopusdeploy_account" "azure_service_principal_account" { account_type = "AzureServicePrincipal" @@ -23,7 +33,7 @@ resource "octopusdeploy_account" "azure_openid_connect_account" { name = "Azure OpenID Connect Account (OK to Delete)" subscription_id = "00000000-0000-0000-0000-000000000000" tenant_id = "00000000-0000-0000-0000-000000000000" - executions_subject_keys = ["space", "project"] + execution_subject_keys = ["space", "project"] health_subject_keys = ["space", "target"] account_test_subject_keys = ["space", "type"] } diff --git a/go.mod b/go.mod index f23ff4482..02297b12b 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/OctopusDeploy/terraform-provider-octopusdeploy go 1.20 require ( - github.com/OctopusDeploy/go-octopusdeploy/v2 v2.38.3 + github.com/OctopusDeploy/go-octopusdeploy/v2 v2.40.0 github.com/OctopusSolutionsEngineering/OctopusTerraformTestFramework v0.0.0-20230705105638-f5ef7c07973b github.com/google/uuid v1.3.0 github.com/gruntwork-io/terratest v0.41.11 diff --git a/go.sum b/go.sum index e907b04a4..db402d8a4 100644 --- a/go.sum +++ b/go.sum @@ -63,8 +63,8 @@ github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugX github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg= github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= github.com/Microsoft/hcsshim v0.9.7 h1:mKNHW/Xvv1aFH87Jb6ERDzXTJTLPlmzfZ28VBFD/bfg= -github.com/OctopusDeploy/go-octopusdeploy/v2 v2.38.3 h1:t1y+X1xtuTRxKsre2GtYnRj1FYZPDWQTGn9i0LbMLK0= -github.com/OctopusDeploy/go-octopusdeploy/v2 v2.38.3/go.mod h1:GZmFu6LmN8Yg0tEoZx3ytk9FnaH+84cWm7u5TdWZC6E= +github.com/OctopusDeploy/go-octopusdeploy/v2 v2.40.0 h1:0Q3Vfbuza9GysMjQk56WphA3Lu2Kw/A/T6suJ78RMec= +github.com/OctopusDeploy/go-octopusdeploy/v2 v2.40.0/go.mod h1:GZmFu6LmN8Yg0tEoZx3ytk9FnaH+84cWm7u5TdWZC6E= github.com/OctopusSolutionsEngineering/OctopusTerraformTestFramework v0.0.0-20230705105638-f5ef7c07973b h1:XOBPcVHeDUYIpcag0yI8IYKiBL+5LLL8suysvlavQwI= github.com/OctopusSolutionsEngineering/OctopusTerraformTestFramework v0.0.0-20230705105638-f5ef7c07973b/go.mod h1:E0hYVpZd61fXhzTozkxjiWEy+/yTRxAnr2SIE7k8ZSM= github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ= diff --git a/octopusdeploy/provider.go b/octopusdeploy/provider.go index e99713e6e..bb63ac35c 100644 --- a/octopusdeploy/provider.go +++ b/octopusdeploy/provider.go @@ -46,6 +46,7 @@ func Provider() *schema.Provider { }, ResourcesMap: map[string]*schema.Resource{ "octopusdeploy_aws_account": resourceAmazonWebServicesAccount(), + "octopusdeploy_aws_openid_connect_account": resourceAmazonWebServicesOpenIDConnectAccount(), "octopusdeploy_aws_elastic_container_registry": resourceAwsElasticContainerRegistry(), "octopusdeploy_azure_cloud_service_deployment_target": resourceAzureCloudServiceDeploymentTarget(), "octopusdeploy_azure_service_fabric_cluster_deployment_target": resourceAzureServiceFabricClusterDeploymentTarget(), diff --git a/octopusdeploy/resource_aws_openid_connect_account.go b/octopusdeploy/resource_aws_openid_connect_account.go new file mode 100644 index 000000000..70db642fd --- /dev/null +++ b/octopusdeploy/resource_aws_openid_connect_account.go @@ -0,0 +1,96 @@ +package octopusdeploy + +import ( + "context" + "log" + + "github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/accounts" + "github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/client" + "github.com/OctopusDeploy/terraform-provider-octopusdeploy/internal/errors" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceAmazonWebServicesOpenIDConnectAccount() *schema.Resource { + return &schema.Resource{ + CreateContext: resourceAmazonWebServicesOpenIDConnectAccountCreate, + DeleteContext: resourceAmazonWebServicesOpenIDConnectAccountDelete, + Description: "This resource manages AWS OIDC accounts in Octopus Deploy.", + Importer: getImporter(), + ReadContext: resourceAmazonWebServicesOpenIDConnectAccountRead, + Schema: getAmazonWebServicesOpenIDConnectAccountSchema(), + UpdateContext: resourceAmazonWebServicesOpenIDConnectAccountUpdate, + } +} + +func resourceAmazonWebServicesOpenIDConnectAccountCreate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { + account := expandAmazonWebServicesOpenIDConnectAccount(d) + + log.Printf("[INFO] creating AWS OIDC account") + + client := m.(*client.Client) + createdAccount, err := client.Accounts.Add(account) + if err != nil { + return diag.FromErr(err) + } + + if err := setAmazonWebServicesOpenIDConnectAccount(ctx, d, createdAccount.(*accounts.AwsOIDCAccount)); err != nil { + return diag.FromErr(err) + } + + d.SetId(createdAccount.GetID()) + + log.Printf("[INFO] AWS OIDC account created (%s)", d.Id()) + return nil +} + +func resourceAmazonWebServicesOpenIDConnectAccountDelete(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { + log.Printf("[INFO] deleting AWS OIDC account (%s)", d.Id()) + + client := m.(*client.Client) + if err := client.Accounts.DeleteByID(d.Id()); err != nil { + return diag.FromErr(err) + } + + d.SetId("") + + log.Printf("[INFO] AWS OIDC account deleted") + return nil +} + +func resourceAmazonWebServicesOpenIDConnectAccountRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { + log.Printf("[INFO] reading AWS OIDC account (%s)", d.Id()) + + client := m.(*client.Client) + accountResource, err := client.Accounts.GetByID(d.Id()) + if err != nil { + return errors.ProcessApiError(ctx, d, err, "AWS OIDC account") + } + + awsOIDCAccount := accountResource.(*accounts.AwsOIDCAccount) + if err := setAmazonWebServicesOpenIDConnectAccount(ctx, d, awsOIDCAccount); err != nil { + return diag.FromErr(err) + } + + log.Printf("[INFO] AWS OIDC account read: %#v", awsOIDCAccount) + return nil +} + +func resourceAmazonWebServicesOpenIDConnectAccountUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { + account := expandAmazonWebServicesOpenIDConnectAccount(d) + + log.Printf("[INFO] updating AWS OIDC account: %#v", account) + + client := m.(*client.Client) + updatedAccount, err := client.Accounts.Update(account) + if err != nil { + return diag.FromErr(err) + } + + if err := setAmazonWebServicesOpenIDConnectAccount(ctx, d, updatedAccount.(*accounts.AwsOIDCAccount)); err != nil { + return diag.FromErr(err) + } + + log.Printf("[INFO] AWS OIDC account updated (%s)", d.Id()) + return nil +} diff --git a/octopusdeploy/resource_aws_openid_connect_account_test.go b/octopusdeploy/resource_aws_openid_connect_account_test.go new file mode 100644 index 000000000..17fe87f25 --- /dev/null +++ b/octopusdeploy/resource_aws_openid_connect_account_test.go @@ -0,0 +1,86 @@ +package octopusdeploy + +import ( + "fmt" + "testing" + + "github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/core" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccAWSOIDCAccountBasic(t *testing.T) { + localName := acctest.RandStringFromCharSet(20, acctest.CharSetAlpha) + prefix := "octopusdeploy_aws_account." + localName + + description := acctest.RandStringFromCharSet(20, acctest.CharSetAlpha) + name := acctest.RandStringFromCharSet(20, acctest.CharSetAlpha) + tenantedDeploymentParticipation := core.TenantedDeploymentModeTenantedOrUntenanted + + roleArn := "arn:aws:iam::sourceAccountId:roleroleName" + sessionDuration := "3600" + executionKeys := []string{"space"} + healthKeys := []string{"target"} + accountKeys := []string{"type"} + + resource.Test(t, resource.TestCase{ + CheckDestroy: testAccountCheckDestroy, + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Check: resource.ComposeTestCheckFunc( + testAccountExists(prefix), + resource.TestCheckResourceAttr(prefix, "description", description), + resource.TestCheckResourceAttr(prefix, "name", name), + resource.TestCheckResourceAttr(prefix, "role_arn", roleArn), + resource.TestCheckResourceAttr(prefix, "session_duration", sessionDuration), + resource.TestCheckResourceAttr(prefix, "tenanted_deployment_participation", string(tenantedDeploymentParticipation)), + resource.TestCheckResourceAttr(prefix, "execution_subject_keys", executionKeys[0]), + resource.TestCheckResourceAttr(prefix, "health_subject_keys", healthKeys[0]), + resource.TestCheckResourceAttr(prefix, "account_test_subject_keys", accountKeys[0]), + ), + Config: testAwsOIDCAccountBasic(localName, name, description, roleArn, sessionDuration, tenantedDeploymentParticipation, executionKeys, healthKeys, accountKeys), + }, + { + Check: resource.ComposeTestCheckFunc( + testAccountExists(prefix), + resource.TestCheckResourceAttr(prefix, "description", description), + resource.TestCheckResourceAttr(prefix, "name", name), + resource.TestCheckResourceAttr(prefix, "role_arn", roleArn), + resource.TestCheckResourceAttr(prefix, "session_duration", sessionDuration), + resource.TestCheckResourceAttr(prefix, "tenanted_deployment_participation", string(tenantedDeploymentParticipation)), + resource.TestCheckResourceAttr(prefix, "execution_subject_keys", executionKeys[0]), + resource.TestCheckResourceAttr(prefix, "health_subject_keys", healthKeys[0]), + resource.TestCheckResourceAttr(prefix, "account_test_subject_keys", accountKeys[0]), + ), + Config: testAwsOIDCAccountBasic(localName, name, description, roleArn, sessionDuration, tenantedDeploymentParticipation, executionKeys, healthKeys, accountKeys), + }, + }, + }) +} + +func testAwsOIDCAccountBasic(localName string, name string, description string, roleArn string, sessionDuration string, tenantedDeploymentParticipation core.TenantedDeploymentMode, execution_subject_keys []string, health_subject_keys []string, account_test_subject_keys []string) string { + return fmt.Sprintf(`resource "octopusdeploy_aws_openid_connect_account" "%s" { + description = "%s" + name = "%s" + role_arn = "%s" + tenanted_deployment_participation = "%s" + execution_subject_keys = "%s" + health_subject_keys = "%s" + account_test_subject_keys = "%s" + session_duration = "%s" + } + + data "octopusdeploy_accounts" "test" { + ids = [octopusdeploy_aws_openid_connect_account.%s.id] + }`, localName, description, name, roleArn, tenantedDeploymentParticipation, execution_subject_keys, health_subject_keys, account_test_subject_keys, sessionDuration, localName) +} + +func testAwsOIDCAccount(localName string, name string, roleArn string, sessionDuration string) string { + return fmt.Sprintf(`resource "octopusdeploy_aws_openid_connect_account" "%s" { + name = "%s" + role_arn = "%s" + session_duration = "%s" + }`, localName, name, roleArn, sessionDuration) +} diff --git a/octopusdeploy/resource_azure_oidc_account_test.go b/octopusdeploy/resource_azure_oidc_account_test.go index abb24687c..3d4b84954 100644 --- a/octopusdeploy/resource_azure_oidc_account_test.go +++ b/octopusdeploy/resource_azure_oidc_account_test.go @@ -21,9 +21,9 @@ func TestAccOctopusDeployAzureOpenIDConnectAccountBasic(t *testing.T) { tenantedDeploymentMode := core.TenantedDeploymentModeTenantedOrUntenanted tenantID := uuid.New() - execution_keys := []string{"space"} - health_keys := []string{"target"} - account_keys := []string{"type"} + executionKeys := []string{"space"} + healthKeys := []string{"target"} + accountKeys := []string{"type"} audience := acctest.RandStringFromCharSet(20, acctest.CharSetAlpha) newDescription := acctest.RandStringFromCharSet(20, acctest.CharSetAlpha) @@ -42,12 +42,12 @@ func TestAccOctopusDeployAzureOpenIDConnectAccountBasic(t *testing.T) { resource.TestCheckResourceAttr(prefix, "subscription_id", subscriptionID.String()), resource.TestCheckResourceAttr(prefix, "tenant_id", tenantID.String()), resource.TestCheckResourceAttr(prefix, "tenanted_deployment_participation", string(tenantedDeploymentMode)), - resource.TestCheckResourceAttr(prefix, "execution_subject_keys", execution_keys[0]), - resource.TestCheckResourceAttr(prefix, "health_subject_keys", health_keys[0]), - resource.TestCheckResourceAttr(prefix, "account_test_subject_keys", account_keys[0]), + resource.TestCheckResourceAttr(prefix, "execution_subject_keys", executionKeys[0]), + resource.TestCheckResourceAttr(prefix, "health_subject_keys", healthKeys[0]), + resource.TestCheckResourceAttr(prefix, "account_test_subject_keys", accountKeys[0]), resource.TestCheckResourceAttr(prefix, "audience", audience), ), - Config: testAzureOpenIDConnectAccountBasic(localName, name, description, applicationID, tenantID, subscriptionID, tenantedDeploymentMode, execution_keys, health_keys, account_keys, audience), + Config: testAzureOpenIDConnectAccountBasic(localName, name, description, applicationID, tenantID, subscriptionID, tenantedDeploymentMode, executionKeys, healthKeys, accountKeys, audience), }, { Check: resource.ComposeTestCheckFunc( @@ -58,12 +58,12 @@ func TestAccOctopusDeployAzureOpenIDConnectAccountBasic(t *testing.T) { resource.TestCheckResourceAttr(prefix, "subscription_id", subscriptionID.String()), resource.TestCheckResourceAttr(prefix, "tenant_id", tenantID.String()), resource.TestCheckResourceAttr(prefix, "tenanted_deployment_participation", string(tenantedDeploymentMode)), - resource.TestCheckResourceAttr(prefix, "execution_subject_keys", execution_keys[0]), - resource.TestCheckResourceAttr(prefix, "health_subject_keys", health_keys[0]), - resource.TestCheckResourceAttr(prefix, "account_test_subject_keys", account_keys[0]), + resource.TestCheckResourceAttr(prefix, "execution_subject_keys", executionKeys[0]), + resource.TestCheckResourceAttr(prefix, "health_subject_keys", healthKeys[0]), + resource.TestCheckResourceAttr(prefix, "account_test_subject_keys", accountKeys[0]), resource.TestCheckResourceAttr(prefix, "audience", audience), ), - Config: testAzureOpenIDConnectAccountBasic(localName, name, newDescription, applicationID, tenantID, subscriptionID, tenantedDeploymentMode, execution_keys, health_keys, account_keys, audience), + Config: testAzureOpenIDConnectAccountBasic(localName, name, newDescription, applicationID, tenantID, subscriptionID, tenantedDeploymentMode, executionKeys, healthKeys, accountKeys, audience), }, }, }) diff --git a/octopusdeploy/schema_amazon_web_services_openid_connect_account.go b/octopusdeploy/schema_amazon_web_services_openid_connect_account.go new file mode 100644 index 000000000..026b0f297 --- /dev/null +++ b/octopusdeploy/schema_amazon_web_services_openid_connect_account.go @@ -0,0 +1,131 @@ +package octopusdeploy + +import ( + "context" + "fmt" + + "github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/accounts" + "github.com/OctopusDeploy/go-octopusdeploy/v2/pkg/core" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func expandAmazonWebServicesOpenIDConnectAccount(d *schema.ResourceData) *accounts.AwsOIDCAccount { + name := d.Get("name").(string) + roleArn := d.Get("role_arn").(string) + + account, _ := accounts.NewAwsOIDCAccount(name, roleArn) + account.ID = d.Id() + + if v, ok := d.GetOk("description"); ok { + account.Description = v.(string) + } + + if v, ok := d.GetOk("environments"); ok { + account.EnvironmentIDs = getSliceFromTerraformTypeList(v) + } + + if v, ok := d.GetOk("space_id"); ok { + account.SpaceID = v.(string) + } + + if v, ok := d.GetOk("tenanted_deployment_participation"); ok { + account.TenantedDeploymentMode = core.TenantedDeploymentMode(v.(string)) + } + + if v, ok := d.GetOk("tenant_tags"); ok { + account.TenantTags = getSliceFromTerraformTypeList(v) + } + + if v, ok := d.GetOk("tenants"); ok { + account.TenantIDs = getSliceFromTerraformTypeList(v) + } + + if v, ok := d.GetOk("execution_subject_keys"); ok { + account.DeploymentSubjectKeys = getSliceFromTerraformTypeList(v) + } + + if v, ok := d.GetOk("health_subject_keys"); ok { + account.HealthCheckSubjectKeys = getSliceFromTerraformTypeList(v) + } + + if v, ok := d.GetOk("account_test_subject_keys"); ok { + account.AccountTestSubjectKeys = getSliceFromTerraformTypeList(v) + } + + if v, ok := d.GetOk("session_duration"); ok { + account.SessionDuration = v.(string) + } + + return account +} + +func getAmazonWebServicesOpenIDConnectAccountSchema() map[string]*schema.Schema { + return map[string]*schema.Schema{ + "description": { + Description: "A user-friendly description of this AWS OIDC account.", + Optional: true, + Type: schema.TypeString, + }, + "environments": getEnvironmentsSchema(), + "name": { + Description: "The name of this AWS OIDC account.", + Required: true, + Type: schema.TypeString, + ValidateDiagFunc: validation.ToDiagFunc(validation.StringLenBetween(1, 200)), + }, + "space_id": getSpaceIDSchema(), + "tenanted_deployment_participation": getTenantedDeploymentSchema(), + "tenants": getTenantsSchema(), + "tenant_tags": getTenantTagsSchema(), + "execution_subject_keys": getSubjectKeysSchema(SchemaSubjectKeysDescriptionExecution), + "health_subject_keys": getSubjectKeysSchema(SchemaSubjectKeysDescriptionHealth), + "account_test_subject_keys": getSubjectKeysSchema(SchemaSubjectKeysDescriptionAccountTest), + "role_arn": { + Description: "The Amazon Resource Name (ARN) of the role that the caller is assuming.", + Required: true, + Type: schema.TypeString, + }, + "session_duration": { + Description: "The duration, in seconds, of the role session.", + Required: false, + Optional: true, + Type: schema.TypeInt, + }, + } +} + +func setAmazonWebServicesOpenIDConnectAccount(ctx context.Context, d *schema.ResourceData, account *accounts.AwsOIDCAccount) error { + d.Set("description", account.GetDescription()) + d.Set("name", account.GetName()) + d.Set("space_id", account.GetSpaceID()) + d.Set("tenanted_deployment_participation", account.GetTenantedDeploymentMode()) + d.Set("role_arn", account.RoleArn) + d.Set("session_duration", account.SessionDuration) + + if err := d.Set("environments", account.GetEnvironmentIDs()); err != nil { + return fmt.Errorf("error setting environments: %s", err) + } + + if err := d.Set("tenants", account.GetTenantIDs()); err != nil { + return fmt.Errorf("error setting tenants: %s", err) + } + + if err := d.Set("tenant_tags", account.GetTenantTags()); err != nil { + return fmt.Errorf("error setting tenant_tags: %s", err) + } + + if err := d.Set("execution_subject_keys", account.DeploymentSubjectKeys); err != nil { + return fmt.Errorf("error setting execution_subject_keys: %s", err) + } + + if err := d.Set("health_subject_keys", account.HealthCheckSubjectKeys); err != nil { + return fmt.Errorf("error setting health_subject_keys: %s", err) + } + + if err := d.Set("account_test_subject_keys", account.AccountTestSubjectKeys); err != nil { + return fmt.Errorf("error setting account_test_subject_keys: %s", err) + } + + return nil +} diff --git a/octopusdeploy/schema_azure_oidc_account.go b/octopusdeploy/schema_azure_oidc_account.go index 21e4aae8f..6542fc6d8 100644 --- a/octopusdeploy/schema_azure_oidc_account.go +++ b/octopusdeploy/schema_azure_oidc_account.go @@ -68,10 +68,6 @@ func expandAzureOpenIDConnectAccount(d *schema.ResourceData) *accounts.AzureOIDC account.AccountTestSubjectKeys = getSliceFromTerraformTypeList(v) } - if v, ok := d.GetOk("audience"); ok { - account.Audience = v.(string) - } - return account } @@ -91,9 +87,9 @@ func getAzureOpenIdConnectAccountSchema() map[string]*schema.Schema { "tenants": getTenantsSchema(), "tenant_id": getTenantIDSchema(true), "tenant_tags": getTenantTagsSchema(), - "execution_subject_keys": getSubjectKeysSchema("Keys to include in a deployment or runbook. Valid options are `space`, `environment`, `project`, `tenant`, `runbook`, `account`, `type`"), - "health_subject_keys": getSubjectKeysSchema("Keys to include in a health check. Valid options are `space`, `account`, `target`, `type`"), - "account_test_subject_keys": getSubjectKeysSchema("Keys to include in an account test. Valid options are: `space`, `account`, `type`"), + "execution_subject_keys": getSubjectKeysSchema(SchemaSubjectKeysDescriptionExecution), + "health_subject_keys": getSubjectKeysSchema(SchemaSubjectKeysDescriptionHealth), + "account_test_subject_keys": getSubjectKeysSchema(SchemaSubjectKeysDescriptionAccountTest), "audience": getOidcAudienceSchema(), } } diff --git a/octopusdeploy/schema_queries.go b/octopusdeploy/schema_queries.go index dea99d6dc..d7457abec 100644 --- a/octopusdeploy/schema_queries.go +++ b/octopusdeploy/schema_queries.go @@ -13,6 +13,7 @@ func getQueryAccountType() *schema.Schema { ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{ "AmazonWebServicesAccount", "AmazonWebServicesRoleAccount", + "AwsOIDCAccount", "AzureServicePrincipal", "AzureOIDC", "AzureSubscription", diff --git a/octopusdeploy/schema_utilities.go b/octopusdeploy/schema_utilities.go index e67724313..9d6cec1c9 100644 --- a/octopusdeploy/schema_utilities.go +++ b/octopusdeploy/schema_utilities.go @@ -453,8 +453,13 @@ func setDataSchema(schema *map[string]*schema.Schema) { } } -func getSubjectKeysSchema(description string) *schema.Schema { +const ( + SchemaSubjectKeysDescriptionExecution = "Keys to include in a deployment or runbook. Valid options are `space`, `environment`, `project`, `tenant`, `runbook`, `account`, `type`" + SchemaSubjectKeysDescriptionHealth = "Keys to include in a health check. Valid options are `space`, `account`, `target`, `type`" + SchemaSubjectKeysDescriptionAccountTest = "Keys to include in an account test. Valid options are: `space`, `account`, `type`" +) +func getSubjectKeysSchema(description string) *schema.Schema { return &schema.Schema{ Optional: true, Description: description,