Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds support for AMI sharing to Orgs and OUs #21694

Merged
merged 31 commits into from
Apr 13, 2022

Conversation

joraff
Copy link
Contributor

@joraff joraff commented Nov 9, 2021

This PR adds two new arguments to the aws_ami_launch_permission resource to allow for Organization and OrganizationalUnit sharing.

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #21617.
Closes #11101.

Output from acceptance testing:

$ make testacc TESTARGS='-run TestAccEC2AMILaunchPermission_organization' PKG_NAME=internal/service/ec2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 20  -run TestAccEC2AMILaunchPermission_organization -timeout 180m
=== RUN   TestAccEC2AMILaunchPermission_organization
=== PAUSE TestAccEC2AMILaunchPermission_organization
=== CONT  TestAccEC2AMILaunchPermission_organization
2022/04/06 23:24:53 Waiting for AMI ami-0dddfaa907ae8da63 to become available...
2022/04/06 23:30:23 Waiting for AMI ami-0dddfaa907ae8da63 to be deleted...
--- PASS: TestAccEC2AMILaunchPermission_organization (344.49s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/ec2        346.991s

@github-actions github-actions bot added size/L Managed by automation to categorize the size of a PR. service/ec2 Issues and PRs that pertain to the ec2 service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. needs-triage Waiting for first response or review from a maintainer. labels Nov 9, 2021
@joraff
Copy link
Contributor Author

joraff commented Nov 9, 2021

You will need to use an AWS account that's linked to an AWS Organization to be able to use the Organization's ARN as a data source. What should the default behavior be if the testing account is not in an Organization?

Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome @joraff 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTING guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

@joraff joraff closed this Nov 10, 2021
@joraff joraff reopened this Nov 10, 2021
@github-actions github-actions bot removed the needs-triage Waiting for first response or review from a maintainer. label Nov 10, 2021
@joraff
Copy link
Contributor Author

joraff commented Nov 10, 2021

Regarding default behavior if the testing account is not in an org, I found the PreCheck to handle this behavior.

@mattrobinsonsre
Copy link
Contributor

Could this be added to the imagebuilder as well? It's in the api.

@dmccaffery
Copy link

I'm not a fan of the "arn_type" property -- the underlying API is strongly-typed with UserId, Group, OrganizationalUnitArn, or OrganizationArn. I think it makes more sense to have:

organization_unit_arn string
organization_arn string

This makes the api more self-documenting and aligns with the other SDKs around this resource. It also reduces the need to lookup a case-sensitive string in the docs.

Here are the docs for the launch permission:
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_LaunchPermission.html

@github-actions github-actions bot added service/ec2 Issues and PRs that pertain to the ec2 service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. size/XL Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. and removed tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/ec2 Issues and PRs that pertain to the ec2 service. size/L Managed by automation to categorize the size of a PR. labels Apr 6, 2022
@joraff joraff marked this pull request as ready for review April 7, 2022 04:21
@joraff
Copy link
Contributor Author

joraff commented Apr 7, 2022

I agree with the use of distinct, strongly-types arguments as suggested above, and have implemented the changes. Tests and website docs have been added.

$ make testacc TESTARGS='-run TestAccEC2AMILaunchPermission_organization' PKG_NAME=internal/service/ec2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 20  -run TestAccEC2AMILaunchPermission_organization -timeout 180m
=== RUN   TestAccEC2AMILaunchPermission_organization
=== PAUSE TestAccEC2AMILaunchPermission_organization
=== CONT  TestAccEC2AMILaunchPermission_organization
2022/04/06 23:24:53 Waiting for AMI ami-0dddfaa907ae8da63 to become available...
2022/04/06 23:30:23 Waiting for AMI ami-0dddfaa907ae8da63 to be deleted...
--- PASS: TestAccEC2AMILaunchPermission_organization (344.49s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/ec2        346.991s

Acceptance test output:

% make testacc TESTS=TestAccEC2AMILaunchPermission_basic PKG=ec2 ACCTEST_PARALLELISM=3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 3 -run='TestAccEC2AMILaunchPermission_basic'  -timeout 180m
=== RUN   TestAccEC2AMILaunchPermission_basic
=== PAUSE TestAccEC2AMILaunchPermission_basic
=== CONT  TestAccEC2AMILaunchPermission_basic
--- PASS: TestAccEC2AMILaunchPermission_basic (357.87s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	361.846s
Acceptance test output:

% make testacc TESTARGS='-run=TestAccEC2AMILaunchPermission_group\|TestAccEC2AMILaunchPermission_basic' PKG=ec2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 20  -run=TestAccEC2AMILaunchPermission_group\|TestAccEC2AMILaunchPermission_basic -timeout 180m
=== RUN   TestAccEC2AMILaunchPermission_basic
=== PAUSE TestAccEC2AMILaunchPermission_basic
=== RUN   TestAccEC2AMILaunchPermission_group
=== PAUSE TestAccEC2AMILaunchPermission_group
=== CONT  TestAccEC2AMILaunchPermission_basic
=== CONT  TestAccEC2AMILaunchPermission_group
--- PASS: TestAccEC2AMILaunchPermission_basic (361.32s)
--- PASS: TestAccEC2AMILaunchPermission_group (364.94s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	371.503s
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTS=TestAccEC2AMILaunchPermission_ PKG=ec2 ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 2 -run='TestAccEC2AMILaunchPermission_'  -timeout 180m
=== RUN   TestAccEC2AMILaunchPermission_basic
=== PAUSE TestAccEC2AMILaunchPermission_basic
=== RUN   TestAccEC2AMILaunchPermission_disappears
=== PAUSE TestAccEC2AMILaunchPermission_disappears
=== RUN   TestAccEC2AMILaunchPermission_Disappears_ami
=== PAUSE TestAccEC2AMILaunchPermission_Disappears_ami
=== RUN   TestAccEC2AMILaunchPermission_group
=== PAUSE TestAccEC2AMILaunchPermission_group
=== RUN   TestAccEC2AMILaunchPermission_organizationARN
=== PAUSE TestAccEC2AMILaunchPermission_organizationARN
=== RUN   TestAccEC2AMILaunchPermission_organizationalUnitARN
=== PAUSE TestAccEC2AMILaunchPermission_organizationalUnitARN
=== CONT  TestAccEC2AMILaunchPermission_basic
=== CONT  TestAccEC2AMILaunchPermission_group
--- PASS: TestAccEC2AMILaunchPermission_group (361.35s)
=== CONT  TestAccEC2AMILaunchPermission_Disappears_ami
--- PASS: TestAccEC2AMILaunchPermission_basic (361.98s)
=== CONT  TestAccEC2AMILaunchPermission_organizationalUnitARN
    acctest.go:688: skipping tests; this AWS account must not be an existing member of an AWS Organization
--- SKIP: TestAccEC2AMILaunchPermission_organizationalUnitARN (0.23s)
=== CONT  TestAccEC2AMILaunchPermission_organizationARN
--- PASS: TestAccEC2AMILaunchPermission_Disappears_ami (350.94s)
=== CONT  TestAccEC2AMILaunchPermission_disappears
--- PASS: TestAccEC2AMILaunchPermission_organizationARN (355.95s)
--- PASS: TestAccEC2AMILaunchPermission_disappears (355.58s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	1071.663s
% make testacc TESTS=TestAccEC2AMILaunchPermission_organizationalUnitARN PKG=ec2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 20 -run='TestAccEC2AMILaunchPermission_organizationalUnitARN'  -timeout 180m
=== RUN   TestAccEC2AMILaunchPermission_organizationalUnitARN
=== PAUSE TestAccEC2AMILaunchPermission_organizationalUnitARN
=== CONT  TestAccEC2AMILaunchPermission_organizationalUnitARN
--- PASS: TestAccEC2AMILaunchPermission_organizationalUnitARN (345.34s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	349.518s

@ewbankkit
Copy link
Contributor

@joraff @grahamc Thanks for the contribution 🎉 👏.

@ewbankkit ewbankkit merged commit ad07902 into hashicorp:main Apr 13, 2022
@github-actions github-actions bot added this to the v4.10.0 milestone Apr 13, 2022
@github-actions
Copy link

This functionality has been released in v4.10.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 15, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Introduces or discusses updates to documentation. service/ec2 Issues and PRs that pertain to the ec2 service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
5 participants