Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

r/aws_eks_identity_provider_config - Adds a new resource for EKS OIDC Identity Provider Config #17959

Merged
merged 16 commits into from
Jul 7, 2021
Merged

r/aws_eks_identity_provider_config - Adds a new resource for EKS OIDC Identity Provider Config #17959

merged 16 commits into from
Jul 7, 2021

Conversation

willvrny
Copy link
Contributor

@willvrny willvrny commented Mar 5, 2021
edited

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #17607

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccAWSEksIdentityProviderConfig_basic'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSEksIdentityProviderConfig_basic -timeout 120m
=== RUN   TestAccAWSEksIdentityProviderConfig_basic
=== PAUSE TestAccAWSEksIdentityProviderConfig_basic
=== CONT  TestAccAWSEksIdentityProviderConfig_basic
--- PASS: TestAccAWSEksIdentityProviderConfig_basic (3542.20s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	3544.777s

$ make testacc TESTARGS='-run=TestAccAWSEksIdentityProviderConfig_disappears'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSEksIdentityProviderConfig_disappears -timeout 120m
=== RUN   TestAccAWSEksIdentityProviderConfig_disappears
=== PAUSE TestAccAWSEksIdentityProviderConfig_disappears
=== CONT  TestAccAWSEksIdentityProviderConfig_disappears
--- PASS: TestAccAWSEksIdentityProviderConfig_disappears (3554.95s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	3558.570s

$ make testacc TESTARGS='-run=TestAccAWSEksIdentityProviderConfig_Oidc_Group'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSEksIdentityProviderConfig_Oidc_Group -timeout 120m
=== RUN   TestAccAWSEksIdentityProviderConfig_Oidc_Group
=== PAUSE TestAccAWSEksIdentityProviderConfig_Oidc_Group
=== CONT  TestAccAWSEksIdentityProviderConfig_Oidc_Group
--- PASS: TestAccAWSEksIdentityProviderConfig_Oidc_Group (2975.67s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	2978.136s

$ make testacc TESTARGS='-run=TestAccAWSEksIdentityProviderConfig_Oidc_Username'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSEksIdentityProviderConfig_Oidc_Username -timeout 120m
=== RUN   TestAccAWSEksIdentityProviderConfig_Oidc_Username
=== PAUSE TestAccAWSEksIdentityProviderConfig_Oidc_Username
=== CONT  TestAccAWSEksIdentityProviderConfig_Oidc_Username
--- PASS: TestAccAWSEksIdentityProviderConfig_Oidc_Username (3748.44s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	3751.742s

$ make testacc TESTARGS='-run=TestAccAWSEksIdentityProviderConfig_Oidc_RequiredClaims'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSEksIdentityProviderConfig_Oidc_RequiredClaims -timeout 120m
=== RUN   TestAccAWSEksIdentityProviderConfig_Oidc_RequiredClaims
=== PAUSE TestAccAWSEksIdentityProviderConfig_Oidc_RequiredClaims
=== CONT  TestAccAWSEksIdentityProviderConfig_Oidc_RequiredClaims
--- PASS: TestAccAWSEksIdentityProviderConfig_Oidc_RequiredClaims (3588.45s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	3591.398s

$ make testacc TESTARGS='-run=TestAccAWSEksIdentityProviderConfig_Tags'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSEksIdentityProviderConfig_Tags -timeout 120m
=== RUN   TestAccAWSEksIdentityProviderConfig_Tags
=== PAUSE TestAccAWSEksIdentityProviderConfig_Tags
=== CONT  TestAccAWSEksIdentityProviderConfig_Tags
--- PASS: TestAccAWSEksIdentityProviderConfig_Tags (3701.77s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	3704.366s

Questions:

  1. I've not done a test per attribute as I'm seeing a single test take as long as 3832.718s. Is this okay or would you prefer a single test per attribute? I think the length is due to spinning up an EKS cluster and then I imagine the identity provider config requires rolling the master nodes.
  2. The AWS SDK put the name of the identity provider inside the OIDC struct. I've mirrored this in the resource but I'm not sure if it would be more consistent to move it out and have it as a top level field in the resource like other similar resources?
  3. I'm having to check an exception message for a particular case. This feels brittle but I can see this convention used in other areas. Is this okay?
  4. I've tried to use the newer funcs that allow for passing in a context e.g. CreateContext to avoid using deprecated code. In the tests I've just used context.Background(). I haven't written too much Go so I'm not too sure if this is correct?
  5. I've left the commits separate but I'm happy to rebase into a single commit?

@willvrny willvrny requested a review from a team as a code owner March 5, 2021 18:23
@ghost ghost added size/XL Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. provider Pertains to the provider itself, rather than any interaction with AWS. service/eks Issues and PRs that pertain to the eks service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Mar 5, 2021
@willvrny willvrny marked this pull request as draft March 5, 2021 18:23
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Mar 5, 2021
@github-actions
Copy link

github-actions bot commented Mar 5, 2021

Thank you for your contribution! 🚀

Please note that typically Go dependency changes are handled in this repository by dependabot or the maintainers. This is to prevent pull request merge conflicts and further delay reviews of contributions. Remove any changes to the go.mod or go.sum files and commit them into this pull request.

Additional details:

  • Check open pull requests with the dependencies label to view other dependency updates.
  • If this pull request includes an update the AWS Go SDK (or any other dependency) version, only updates submitted via dependabot will be merged. This pull request will need to remove these changes and will need to be rebased after the existing dependency update via dependabot has been merged for this pull request to be reviewed.
  • If this pull request is for supporting a new AWS service:
    • Ensure the new AWS service changes are following the Contributing Guide section on new services, in particular that the dependency addition and initial provider support are in a separate pull request from other changes (e.g. new resources). Contributions not following this item will not be reviewed until the changes are split.
    • If this pull request is already a separate pull request from the above item, you can ignore this message.

@willvrny willvrny force-pushed the f_aws_eks_identity_provider_config branch from 4dd062e to f8975a2 Compare March 5, 2021 18:28
github-actions[bot]
github-actions bot reviewed Mar 5, 2021
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome @willvrny 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTING guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

@willvrny willvrny changed the title [WIP] - Adds a new resource for EKS OIDC Identity Provider Config [WIP] r/aws_eks_identity_provider_config - Adds a new resource for EKS OIDC Identity Provider Config Mar 8, 2021
@xabinapal
Copy link

Is there anything missing on this PR prior to removing the draft flag? I'd be happy to help if necessary, this would be a great feature to have!

@willvrny
Copy link
Contributor Author

Hi @xabinapal. I was just hoping to get some clarification on my questions above. Aside from any changes from those answers I think functionality wise it's ready.

@willvrny willvrny marked this pull request as ready for review June 10, 2021 14:36
@willvrny willvrny force-pushed the f_aws_eks_identity_provider_config branch from 5c94338 to f8ffabc Compare June 11, 2021 14:07
@jfdoube
Copy link

jfdoube commented Jun 22, 2021

Any plan to release this feature soon ?

@ewbankkit
Copy link
Contributor

@willvrny Thanks for the contribution 🎉 👏.
In response to your questions above:

  1. The acceptance tests you have are sufficient given the length of time required to create all the pre-requisite resources
  2. We always prefer to mimic the AWS API structure, so lets leave the IdP name where it is
  3. Yes, checking AWS error message text is an unfortunate fact of life...
  4. It looks like we prefer context.TODO() in the acceptance tests:

    terraform-provider-aws/aws/resource_aws_eks_addon_test.go

    Lines 87 to 93 in b063e4f

    func TestAccAWSEksAddon_basic(t *testing.T) {
    var addon eks.Addon
    rName := acctest.RandomWithPrefix("tf-acc-test")
    clusterResourceName := "aws_eks_cluster.test"
    addonResourceName := "aws_eks_addon.test"
    addonName := "vpc-cni"
    ctx := context.TODO()
  5. Don't worry about rebasing

@willvrny willvrny force-pushed the f_aws_eks_identity_provider_config branch from f8ffabc to 65c612a Compare June 29, 2021 20:29
@willvrny
Copy link
Contributor Author

Thank you @ewbankkit. I've made the change to use context.TODO().

@alexandr-its
Copy link

Any plan to merge this feature? It will be great if I can use this feature

@ewbankkit
Copy link
Contributor

@willvrny Once you remove [WIP] I can start review and get this one merged.

@willvrny willvrny changed the title [WIP] r/aws_eks_identity_provider_config - Adds a new resource for EKS OIDC Identity Provider Config r/aws_eks_identity_provider_config - Adds a new resource for EKS OIDC Identity Provider Config Jul 5, 2021
@willvrny
Copy link
Contributor Author

willvrny commented Jul 5, 2021

@ewbankkit Done. Thank you.

@willvrny @ewbankkit
New resource: aws_eks_identity_provider_config.
c2f28d0 
This adds a new resource for associating an identity provider with an EKS cluster. This commit implements only the required fields.
@willvrny @ewbankkit
New resource: aws_eks_identity_provider_config.
4a7b303 
This adds a new resource for associating an identity provider with an EKS cluster. This commit adds a placeholder for the changelog entry and initial documentation for the resource.
@willvrny @ewbankkit
New resource: aws_eks_identity_provider_config.
4ff23ac 
This adds a new resource for associating an identity provider with an EKS cluster. This commit adds a the ability to import an existing identity provider config resource.
@willvrny @ewbankkit
New resource: aws_eks_identity_provider_config.
fae1a31 
This adds a new resource for associating an identity provider with an EKS cluster. This commit adds a test for if the resource dissapears and handles an invalid request exception when the identity provider config is not associated to the specified cluster on delete.
@willvrny @ewbankkit
New resource: aws_eks_identity_provider_config.
ff36e80 
This adds a new resource for associating an identity provider with an EKS cluster. This commit adds the optional fields to the resource and tests for them. It also adds tests for the validation on the schema.
willvrny and others added 11 commits July 7, 2021 09:29
@willvrny @ewbankkit
New resource: aws_eks_identity_provider_config.
01d0616 
This adds a new resource for associating an identity provider with an EKS cluster. This commit fixes the formatting of the terraform code in string templates and fixes the wrong grouping for imports.
@willvrny @ewbankkit
New resource: aws_eks_identity_provider_config.
439ca46 
This adds a new resource for associating an identity provider with an EKS cluster. This commit fixes the formatting of the terraform code in the docs and the indenting of unordered lists.
@willvrny @ewbankkit
New resource: aws_eks_identity_provider_config.
d647de8 
This adds a new resource for associating an identity provider with an EKS cluster. This commit renames the changelog entry to the pull request number.
@willvrny @ewbankkit
New resource: aws_eks_identity_provider_config.
d3812eb 
Moving to the new 'expandStringMap' method after pulling updates from upstream main branch.
@willvrny @ewbankkit
New resource: aws_eks_identity_provider_config.
4222c31 
Adding in the required 'ErrorCheck' to fix the awsproviderlint error. Moving from using the background context to the TODO context in the acceptance tests.
@willvrny @ewbankkit
New resource: aws_eks_identity_provider_config.
2d000de 
Running a go mod tidy to clean up go.sum.
@willvrny @ewbankkit
New resource: aws_eks_identity_provider_config.
eb34721 
Fixing the tfproviderdocs linting error around using 'terraform' and not 'hcl' for the markdown code samples.
@ewbankkit
r/aws_eks_identity_provider_config: Use internal finder and waiter pa…
312700f 
…ckages.
@ewbankkit
r/aws_eks_identity_provider_config: Tags can be updated; Add 'tags_all'.
1d7e5d1
@ewbankkit
r/aws_eks_identity_provider_config: Tweak test configurations.
4125dae
@ewbankkit
r/aws_eks_identity_provider_config: Consolidate to 'TestAccAWSEksIden…
518228c 
…tityProviderConfig_AllOidcOptions'.
@ewbankkit ewbankkit force-pushed the f_aws_eks_identity_provider_config branch from e3b1c4f to 518228c Compare July 7, 2021 16:40
ewbankkit
ewbankkit approved these changes Jul 7, 2021
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

Commercial
% make testacc TEST=./aws TESTARGS='-run=TestAccAWSEksIdentityProviderConfig_'     
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSEksIdentityProviderConfig_ -timeout 180m
=== RUN   TestAccAWSEksIdentityProviderConfig_basic
=== PAUSE TestAccAWSEksIdentityProviderConfig_basic
=== RUN   TestAccAWSEksIdentityProviderConfig_disappears
=== PAUSE TestAccAWSEksIdentityProviderConfig_disappears
=== RUN   TestAccAWSEksIdentityProviderConfig_AllOidcOptions
=== PAUSE TestAccAWSEksIdentityProviderConfig_AllOidcOptions
=== RUN   TestAccAWSEksIdentityProviderConfig_Tags
=== PAUSE TestAccAWSEksIdentityProviderConfig_Tags
=== CONT  TestAccAWSEksIdentityProviderConfig_basic
=== CONT  TestAccAWSEksIdentityProviderConfig_Tags
=== CONT  TestAccAWSEksIdentityProviderConfig_AllOidcOptions
=== CONT  TestAccAWSEksIdentityProviderConfig_disappears
--- PASS: TestAccAWSEksIdentityProviderConfig_AllOidcOptions (2208.99s)
--- PASS: TestAccAWSEksIdentityProviderConfig_disappears (2226.30s)
--- PASS: TestAccAWSEksIdentityProviderConfig_basic (2226.77s)
=== CONT  TestAccAWSEksIdentityProviderConfig_Tags        
--- PASS: TestAccAWSEksIdentityProviderConfig_Tags (2320.02s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	2323.155s
GovCloud
% make testacc TEST=./aws TESTARGS='-run=TestAccAWSEksIdentityProviderConfig_' 
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSEksIdentityProviderConfig_ -timeout 180m
=== RUN   TestAccAWSEksIdentityProviderConfig_basic
=== PAUSE TestAccAWSEksIdentityProviderConfig_basic
=== RUN   TestAccAWSEksIdentityProviderConfig_disappears
=== PAUSE TestAccAWSEksIdentityProviderConfig_disappears
=== RUN   TestAccAWSEksIdentityProviderConfig_AllOidcOptions
=== PAUSE TestAccAWSEksIdentityProviderConfig_AllOidcOptions
=== RUN   TestAccAWSEksIdentityProviderConfig_Tags
=== PAUSE TestAccAWSEksIdentityProviderConfig_Tags
=== CONT  TestAccAWSEksIdentityProviderConfig_basic
=== CONT  TestAccAWSEksIdentityProviderConfig_Tags
=== CONT  TestAccAWSEksIdentityProviderConfig_disappears
=== CONT  TestAccAWSEksIdentityProviderConfig_AllOidcOptions
--- PASS: TestAccAWSEksIdentityProviderConfig_basic (2123.50s)
--- PASS: TestAccAWSEksIdentityProviderConfig_disappears (2169.43s)
--- PASS: TestAccAWSEksIdentityProviderConfig_AllOidcOptions (2259.97s)
--- PASS: TestAccAWSEksIdentityProviderConfig_Tags (2292.37s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	2295.438s

@ewbankkit
Copy link
Contributor

@willvrny Thanks for the contribution 🎉 👏.
In order to get this merged quicker I went ahead and made a few minor additions:

  • add arn attribute
  • tags can be updated
  • add tags_all attribute

@ewbankkit ewbankkit merged commit 567527e into hashicorp:main Jul 7, 2021
@willvrny willvrny deleted the f_aws_eks_identity_provider_config branch July 8, 2021 08:01
@willvrny
Copy link
Contributor Author

willvrny commented Jul 8, 2021

Ah thank you.

@github-actions
Copy link

github-actions bot commented Aug 8, 2021

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 8, 2021
@breathingdust breathingdust removed the needs-triage Waiting for first response or review from a maintainer. label Sep 17, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@github-actions github-actions[bot] github-actions left review comments

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. provider Pertains to the provider itself, rather than any interaction with AWS. service/eks Issues and PRs that pertain to the eks service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

EKS support for authentication using identity providers
6 participants
@willvrny @xabinapal @jfdoube @ewbankkit @alexandr-its @breathingdust