provider/aws: Add aws_caller_identity data source

This data source provides access during configuration to the ID of the
AWS account for the connection to AWS. It is primarily useful for
interpolating into policy documents, for example when creating the
policy for an ELB or ALB access log bucket.

This will need revisiting and further testing once the work for
AssumeRole is integrated.
This commit is contained in:
James Nugent 2016-08-15 16:43:24 -05:00
parent cb1787c2f7
commit 3e14f56a96
5 changed files with 128 additions and 0 deletions

View File

@ -0,0 +1,40 @@
package aws
import (
"fmt"
"log"
"time"
"github.com/hashicorp/terraform/helper/schema"
)
func dataSourceAwsCallerIdentity() *schema.Resource {
return &schema.Resource{
Read: dataSourceAwsCallerIdentityRead,
Schema: map[string]*schema.Schema{
"account_id": {
Type: schema.TypeString,
Computed: true,
},
},
}
}
func dataSourceAwsCallerIdentityRead(d *schema.ResourceData, meta interface{}) error {
client := meta.(*AWSClient)
log.Printf("[DEBUG] Reading Caller Identity.")
d.SetId(time.Now().UTC().String())
if client.accountid == "" {
log.Println("[DEBUG] No Account ID available, failing")
return fmt.Errorf("No AWS Account ID is available to the provider. Please ensure that\n" +
"skip_requesting_account_id is not set on the AWS provider.")
}
log.Printf("[DEBUG] Setting AWS Account ID to %s.", client.accountid)
d.Set("account_id", meta.(*AWSClient).accountid)
return nil
}

View File

@ -0,0 +1,48 @@
package aws
import (
"fmt"
"testing"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccAWSCallerIdentity_basic(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
{
Config: testAccCheckAwsCallerIdentityConfig_basic,
Check: resource.ComposeTestCheckFunc(
testAccCheckAwsCallerIdentityAccountId("data.aws_caller_identity.current"),
),
},
},
})
}
func testAccCheckAwsCallerIdentityAccountId(n string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Can't find AccountID resource: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("Account Id resource ID not set.")
}
expected := testAccProvider.Meta().(*AWSClient).accountid
if rs.Primary.Attributes["account_id"] != expected {
return fmt.Errorf("Incorrect Account ID: expected %q, got %q", expected, rs.Primary.ID)
}
return nil
}
}
const testAccCheckAwsCallerIdentityConfig_basic = `
data "aws_caller_identity" "current" { }
`

View File

@ -142,6 +142,7 @@ func Provider() terraform.ResourceProvider {
DataSourcesMap: map[string]*schema.Resource{ DataSourcesMap: map[string]*schema.Resource{
"aws_ami": dataSourceAwsAmi(), "aws_ami": dataSourceAwsAmi(),
"aws_availability_zones": dataSourceAwsAvailabilityZones(), "aws_availability_zones": dataSourceAwsAvailabilityZones(),
"aws_caller_identity": dataSourceAwsCallerIdentity(),
"aws_iam_policy_document": dataSourceAwsIamPolicyDocument(), "aws_iam_policy_document": dataSourceAwsIamPolicyDocument(),
"aws_ip_ranges": dataSourceAwsIPRanges(), "aws_ip_ranges": dataSourceAwsIPRanges(),
"aws_s3_bucket_object": dataSourceAwsS3BucketObject(), "aws_s3_bucket_object": dataSourceAwsS3BucketObject(),

View File

@ -0,0 +1,35 @@
---
layout: "aws"
page_title: "AWS: aws_caller_identity"
sidebar_current: "docs-aws-datasource-caller-identity"
description: |-
Get information about the identity of the caller for the provider
connection to AWS.
---
# aws\_caller\_identity
Use this data source to get the access to the effective Account ID in
which Terraform is working.
~> **NOTE on `aws_caller_identity`:** - an Account ID is only available
if `skip_requesting_account_id` is not set on the AWS provider. In such
cases, the data source will return an error.
## Example Usage
```
data "aws_caller_identity" "current" { }
output "account_id" {
value = "${data.aws_caller_identity.current.account_id}"
}
```
## Argument Reference
There are no arguments available for this data source.
## Attributes Reference
`account_id` is set to the ID of the AWS account.

View File

@ -13,12 +13,16 @@
<li<%= sidebar_current(/^docs-aws-datasource/) %>> <li<%= sidebar_current(/^docs-aws-datasource/) %>>
<a href="#">Data Sources</a> <a href="#">Data Sources</a>
<ul class="nav nav-visible"> <ul class="nav nav-visible">
<li<%= sidebar_current("docs-aws-datasource-ami") %>> <li<%= sidebar_current("docs-aws-datasource-ami") %>>
<a href="/docs/providers/aws/d/ami.html">aws_ami</a> <a href="/docs/providers/aws/d/ami.html">aws_ami</a>
</li> </li>
<li<%= sidebar_current("docs-aws-datasource-availability-zones") %>> <li<%= sidebar_current("docs-aws-datasource-availability-zones") %>>
<a href="/docs/providers/aws/d/availability_zones.html">aws_availability_zones</a> <a href="/docs/providers/aws/d/availability_zones.html">aws_availability_zones</a>
</li> </li>
<li<%= sidebar_current("docs-aws-datasource-caller-identity") %>>
<a href="/docs/providers/aws/d/caller_identity.html">aws_caller_identity</a>
</li>
<li<%= sidebar_current("docs-aws-datasource-ecs-container-definition") %>> <li<%= sidebar_current("docs-aws-datasource-ecs-container-definition") %>>
<a href="/docs/providers/aws/d/ecs_container_definition.html">aws_ecs_container_definition</a> <a href="/docs/providers/aws/d/ecs_container_definition.html">aws_ecs_container_definition</a>
</li> </li>