resource/aws_organizations_account: Add parent_id argument (support moving accounts) #8583
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…entation References: * #4405 * #8281 Please note that automated acceptance testing is not currently possible with this resource, due to manual steps required to remove an account from an organization: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html These changes were manually verified via the following. Given an existing configuration, previously applied with version 2.9.0 of the Terraform AWS Provider: ```hcl resource "aws_organizations_organization" "organization" { feature_set = "ALL" } resource "aws_organizations_account" "bflad-dev1" { name = "bflad-dev1" email = "--OMITTED--" } resource "aws_organizations_account" "bflad-dev2" { name = "bflad-dev2" email = "--OMITTED--" } ``` Overwrite Terraform AWS Provider binary including this changeset, ensure plan shows no changes, and ensure `parent_id` is properly written to Terraform state: ```console $ cp ~/go/bin/terraform-provider-aws .terraform/plugins/darwin_amd64/terraform-provider-aws_v2.9.0_x4 $ terraform init ... $ terraform plan ... aws_organizations_organization.organization: Refreshing state... (ID: o-p687o6l073) aws_organizations_account.bflad-dev2: Refreshing state... (ID: --OMITTED--) aws_organizations_account.bflad-dev1: Refreshing state... (ID: --OMITTED--) ------------------------------------------------------------------------ No changes. Infrastructure is up-to-date. $ terraform refresh ... $ terraform state show aws_organizations_account.bflad-dev1 | grep parent_id parent_id = r-cg2b ``` Add organizational unit to configuration and add `parent_id` to an existing account pointing to it: ```hcl resource "aws_organizations_organization" "organization" { feature_set = "ALL" } resource "aws_organizations_organizational_unit" "test1" { name = "test1" parent_id = "${aws_organizations_organization.organization.roots.0.id}" } resource "aws_organizations_account" "bflad-dev1" { name = "bflad-dev1" email = "--OMITTED--" parent_id = "${aws_organizations_organizational_unit.test1.id}" } resource "aws_organizations_account" "bflad-dev2" { name = "bflad-dev2" email = "--OMITTED--" } ``` Verifying `Update` functionality: ``` $ terraform apply ... An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create ~ update in-place Terraform will perform the following actions: ~ aws_organizations_account.bflad-dev1 parent_id: "r-cg2b" => "${aws_organizations_organizational_unit.test1.id}" + aws_organizations_organizational_unit.test1 id: <computed> arn: <computed> name: "test1" parent_id: "r-cg2b" Plan: 1 to add, 1 to change, 0 to destroy. ... aws_organizations_organizational_unit.test1: Creating... arn: "" => "<computed>" name: "" => "test1" parent_id: "" => "r-cg2b" aws_organizations_organizational_unit.test1: Creation complete after 0s (ID: ou-cg2b-7aa8b56k) aws_organizations_account.bflad-dev1: Modifying... (ID: --OMITTED--) parent_id: "r-cg2b" => "ou-cg2b-7aa8b56k" aws_organizations_account.bflad-dev1: Modifications complete after 1s (ID: --OMITTED--) $ terraform state show aws_organizations_account.bflad-dev1 | grep parent_id parent_id = ou-cg2b-7aa8b56k ``` Add account with `parent_id` to configuration: ```hcl resource "aws_organizations_organization" "organization" { feature_set = "ALL" } resource "aws_organizations_organizational_unit" "test1" { name = "test1" parent_id = "${aws_organizations_organization.organization.roots.0.id}" } resource "aws_organizations_account" "bflad-dev1" { name = "bflad-dev1" email = "--OMITTED--" parent_id = "${aws_organizations_organizational_unit.test1.id}" } resource "aws_organizations_account" "bflad-dev2" { name = "bflad-dev2" email = "--OMITTED--" } resource "aws_organizations_account" "bflad-dev3" { name = "bflad-dev3" email = "--OMITTED--" parent_id = "${aws_organizations_organizational_unit.test1.id}" } ``` Verifying `Create` functionality: ``` $ terraform apply ... An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: + aws_organizations_account.bflad-dev3 id: <computed> arn: <computed> email: "--OMITTED--" joined_method: <computed> joined_timestamp: <computed> name: "bflad-dev3" parent_id: "ou-cg2b-7aa8b56k" status: <computed> Plan: 1 to add, 0 to change, 0 to destroy. ... aws_organizations_account.bflad-dev3: Creating... arn: "" => "<computed>" email: "" => "--OMITTED--" joined_method: "" => "<computed>" joined_timestamp: "" => "<computed>" name: "" => "bflad-dev3" parent_id: "" => "ou-cg2b-7aa8b56k" status: "" => "<computed>" aws_organizations_account.bflad-dev3: Still creating... (10s elapsed) aws_organizations_account.bflad-dev3: Creation complete after 12s (ID: --OMITTED--) $ terraform state show aws_organizations_account.bflad-dev3 | grep parent_id parent_id = ou-cg2b-7aa8b56k ```
bflad
added
enhancement
ghost
added
size/L
This was referenced May 9, 2019
|
This really is they key to making orgs usable in tf. Keep up the great work! |
nywilken
reviewed
May 17, 2019
| @@ -12,7 +12,8 @@ func TestAccAWSOrganizations(t *testing.T) { | |||
| "FeatureSet": testAccAwsOrganizationsOrganization_FeatureSet, | |||
| }, | |||
| "Account": { | |||
| "basic": testAccAwsOrganizationsAccount_basic, | |||
| "basic": testAccAwsOrganizationsAccount_basic, | |||
nywilken
reviewed
May 17, 2019
| @@ -12,6 +12,8 @@ import ( | |||
| ) | |||
|
|
|||
| func testAccAwsOrganizationsAccount_basic(t *testing.T) { | |||
| t.Skip("AWS Organizations Account testing is not currently automated due to manual account deletion steps.") | |||
There was a problem hiding this comment.
Does it make sense to include a comment with a link back to this PR to show the verification steps taken as an example? Or maybe a comment with the link https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html?
There was a problem hiding this comment.
Including testing documentation in some form is probably not a bad idea. Let's discuss what form this should take (probably in a multi-line skip message) after we cut the release.
Luckily this is the first time we've needed to touch this resource since its creation so this awful manual process isn't required too much, but surely easy to forget!
nywilken
approved these changes
May 17, 2019
|
This has been released in version 2.11.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Community Note
Includes 2 relevant commits from #4405
Closes #8281
Release note for CHANGELOG:
Please note that automated acceptance testing is not currently possible with this resource, due to manual steps required to remove an account from an organization: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html
These changes were manually verified via the following.
Given an existing configuration, previously applied with version 2.9.0 of the Terraform AWS Provider:
Overwrite Terraform AWS Provider binary including this changeset, ensure plan shows no changes, and ensure
parent_idis properly written to Terraform state:Add organizational unit to configuration and add
parent_idto an existing account pointing to it:Verifying
Updatefunctionality:Add account with
parent_idto configuration:Verifying
Createfunctionality: