New data source: aws_iam_openid_connect_provider

aws/data_source_aws_iam_openid_connect_provider.go

@@ -0,0 +1,57 @@
+package aws
+
+import (
+ "fmt"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/service/iam"
+ "github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func dataSourceAwsIamOpenIDConnectProvider() *schema.Resource {
+ return &schema.Resource{
+ Read: dataSourceAwsIamOpenIDConnectProviderRead,
+
+ Schema: map[string]*schema.Schema{
+ "arn": {
+ Type: schema.TypeString,
+ Required: true,
+ ValidateFunc: validateArn,
+ },
+ "url": {
+ Type: schema.TypeString,
+ Computed: true,
+ },
+ "client_id_list": {
+ Elem: &schema.Schema{Type: schema.TypeString},
+ Type: schema.TypeList,
+ Computed: true,
+ },
+ "thumbprint_list": {
+ Elem: &schema.Schema{Type: schema.TypeString},
+ Type: schema.TypeList,
+ Computed: true,
+ },
+ },
+ }
+}
+
+func dataSourceAwsIamOpenIDConnectProviderRead(d *schema.ResourceData, meta interface{}) error {
+ iamconn := meta.(*AWSClient).iamconn
+
+ arn := d.Get("arn").(string)
+ input := &iam.GetOpenIDConnectProviderInput{
+ OpenIDConnectProviderArn: aws.String(arn),
+ }
+ out, err := iamconn.GetOpenIDConnectProvider(input)
+ if err != nil {
+ return fmt.Errorf("error reading IAM OIDC Provider (%s): %w", arn, err)
+ }
+
+ d.SetId(arn)
+ d.Set("url", out.Url)
+ d.Set("client_id_list", flattenStringList(out.ClientIDList))
+ d.Set("thumbprint_list", flattenStringList(out.ThumbprintList))
+
+ return nil
+}

aws/data_source_aws_iam_openid_connect_provider_test.go

@@ -0,0 +1,53 @@
+package aws
+
+import (
+ "fmt"
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+ "github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccAWSDataSourceIamOpenIDConnectProvider_basic(t *testing.T) {
+ resourceName := "data.aws_iam_openid_connect_provider.test"
+ rString := acctest.RandString(5)
+ url := "accounts.testle.com/" + rString
+
+ resource.ParallelTest(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccDatasourceAwsIamOpenIDConnectProviderConfig(url),
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttrPair(resourceName, "arn", "aws_iam_openid_connect_provider.test", "arn"),
+ resource.TestCheckResourceAttr(resourceName, "url", url),
+ resource.TestCheckResourceAttr(resourceName, "client_id_list.#", "1"),
+ resource.TestCheckResourceAttr(resourceName, "client_id_list.0",
+ "266362248691-re108qaeld573ia0l6clj2i5ac7r7291.apps.testleusercontent.com"),
+ resource.TestCheckResourceAttr(resourceName, "thumbprint_list.#", "2"),
+ resource.TestCheckResourceAttr(resourceName, "thumbprint_list.0", "cf23df2207d99a74fbe169e3eba035e633b65d94"),
+ resource.TestCheckResourceAttr(resourceName, "thumbprint_list.1", "c784713d6f9cb67b55dd84f4e4af7832d42b8f55"),
+ ),
+ },
+ },
+ })
+}
+
+func testAccDatasourceAwsIamOpenIDConnectProviderConfig(url string) string {
+ return fmt.Sprintf(`
+resource "aws_iam_openid_connect_provider" "test" {
+ url = "https://%s"
+ 
+ client_id_list = [
+ "266362248691-re108qaeld573ia0l6clj2i5ac7r7291.apps.testleusercontent.com",
+ ]
+ 
+ thumbprint_list = ["cf23df2207d99a74fbe169e3eba035e633b65d94", "c784713d6f9cb67b55dd84f4e4af7832d42b8f55"]
+}
+
+data "aws_iam_openid_connect_provider" "test" {
+ arn = aws_iam_openid_connect_provider.test.arn
+}
+`, url)
+}

aws/provider.go

@@ -256,6 +256,7 @@ func Provider() *schema.Provider {
  "aws_iam_account_alias": dataSourceAwsIamAccountAlias(),
  "aws_iam_group": dataSourceAwsIAMGroup(),
  "aws_iam_instance_profile": dataSourceAwsIAMInstanceProfile(),
+ "aws_iam_openid_connect_provider": dataSourceAwsIamOpenIDConnectProvider(),
  "aws_iam_policy": dataSourceAwsIAMPolicy(),
  "aws_iam_policy_document": dataSourceAwsIamPolicyDocument(),
  "aws_iam_role": dataSourceAwsIAMRole(),

website/docs/d/iam_openid_connect_provider.html.markdown

@@ -0,0 +1,33 @@
+---
+subcategory: "IAM"
+layout: "aws"
+page_title: "AWS: aws_iam_openid_connect_provider"
+description: |-
+ Retrieve an IAM OpenID Connect provider.
+---
+
+# Data Source: aws_iam_openid_connect_provider
+
+Retrieve an IAM OpenID Connect provider.
+
+## Example Usage
+
+```hcl
+data "aws_iam_openid_connect_provider" "default" {
+ arn = "arn:aws:iam::123456789012:oidc-provider/server.example.com"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `arn` - (Required) The ARN assigned by AWS for this provider.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `url` - The URL of the identity provider. Corresponds to the _iss_ claim.
+* `client_id_list` - A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the client_id parameter on OAuth requests.)
+* `thumbprint_list` - A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s).