-
Notifications
You must be signed in to change notification settings - Fork 9.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
New data source: aws_iam_openid_connect_provider
- Loading branch information
Showing
4 changed files
with
144 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
package aws | ||
|
||
import ( | ||
"fmt" | ||
|
||
"github.com/aws/aws-sdk-go/aws" | ||
"github.com/aws/aws-sdk-go/service/iam" | ||
"github.com/hashicorp/terraform-plugin-sdk/helper/schema" | ||
) | ||
|
||
func dataSourceAwsIamOpenIDConnectProvider() *schema.Resource { | ||
return &schema.Resource{ | ||
Read: dataSourceAwsIamOpenIDConnectProviderRead, | ||
|
||
Schema: map[string]*schema.Schema{ | ||
"arn": { | ||
Type: schema.TypeString, | ||
Required: true, | ||
ValidateFunc: validateArn, | ||
}, | ||
"url": { | ||
Type: schema.TypeString, | ||
Computed: true, | ||
}, | ||
"client_id_list": { | ||
Elem: &schema.Schema{Type: schema.TypeString}, | ||
Type: schema.TypeList, | ||
Computed: true, | ||
}, | ||
"thumbprint_list": { | ||
Elem: &schema.Schema{Type: schema.TypeString}, | ||
Type: schema.TypeList, | ||
Computed: true, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func dataSourceAwsIamOpenIDConnectProviderRead(d *schema.ResourceData, meta interface{}) error { | ||
iamconn := meta.(*AWSClient).iamconn | ||
|
||
arn := d.Get("arn").(string) | ||
input := &iam.GetOpenIDConnectProviderInput{ | ||
OpenIDConnectProviderArn: aws.String(arn), | ||
} | ||
out, err := iamconn.GetOpenIDConnectProvider(input) | ||
if err != nil { | ||
return fmt.Errorf("error reading IAM OIDC Provider (%s): %w", arn, err) | ||
} | ||
|
||
d.SetId(arn) | ||
d.Set("url", out.Url) | ||
d.Set("client_id_list", flattenStringList(out.ClientIDList)) | ||
d.Set("thumbprint_list", flattenStringList(out.ThumbprintList)) | ||
|
||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
package aws | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/helper/acctest" | ||
"github.com/hashicorp/terraform-plugin-sdk/helper/resource" | ||
) | ||
|
||
func TestAccAWSDataSourceIamOpenIDConnectProvider_basic(t *testing.T) { | ||
resourceName := "data.aws_iam_openid_connect_provider.test" | ||
rString := acctest.RandString(5) | ||
url := "accounts.testle.com/" + rString | ||
|
||
resource.ParallelTest(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
Providers: testAccProviders, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccDatasourceAwsIamOpenIDConnectProviderConfig(url), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttrPair(resourceName, "arn", "aws_iam_openid_connect_provider.test", "arn"), | ||
resource.TestCheckResourceAttr(resourceName, "url", url), | ||
resource.TestCheckResourceAttr(resourceName, "client_id_list.#", "1"), | ||
resource.TestCheckResourceAttr(resourceName, "client_id_list.0", | ||
"266362248691-re108qaeld573ia0l6clj2i5ac7r7291.apps.testleusercontent.com"), | ||
resource.TestCheckResourceAttr(resourceName, "thumbprint_list.#", "2"), | ||
resource.TestCheckResourceAttr(resourceName, "thumbprint_list.0", "cf23df2207d99a74fbe169e3eba035e633b65d94"), | ||
resource.TestCheckResourceAttr(resourceName, "thumbprint_list.1", "c784713d6f9cb67b55dd84f4e4af7832d42b8f55"), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccDatasourceAwsIamOpenIDConnectProviderConfig(url string) string { | ||
return fmt.Sprintf(` | ||
resource "aws_iam_openid_connect_provider" "test" { | ||
url = "https://%s" | ||
client_id_list = [ | ||
"266362248691-re108qaeld573ia0l6clj2i5ac7r7291.apps.testleusercontent.com", | ||
] | ||
thumbprint_list = ["cf23df2207d99a74fbe169e3eba035e633b65d94", "c784713d6f9cb67b55dd84f4e4af7832d42b8f55"] | ||
} | ||
data "aws_iam_openid_connect_provider" "test" { | ||
arn = aws_iam_openid_connect_provider.test.arn | ||
} | ||
`, url) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
--- | ||
subcategory: "IAM" | ||
layout: "aws" | ||
page_title: "AWS: aws_iam_openid_connect_provider" | ||
description: |- | ||
Retrieve an IAM OpenID Connect provider. | ||
--- | ||
|
||
# Data Source: aws_iam_openid_connect_provider | ||
|
||
Retrieve an IAM OpenID Connect provider. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
data "aws_iam_openid_connect_provider" "default" { | ||
arn = "arn:aws:iam::123456789012:oidc-provider/server.example.com" | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are supported: | ||
|
||
* `arn` - (Required) The ARN assigned by AWS for this provider. | ||
|
||
## Attributes Reference | ||
|
||
In addition to all arguments above, the following attributes are exported: | ||
|
||
* `url` - The URL of the identity provider. Corresponds to the _iss_ claim. | ||
* `client_id_list` - A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the client_id parameter on OAuth requests.) | ||
* `thumbprint_list` - A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s). |