feat(aws): Support identitystore and ssoadmin#3005
feat(aws): Support identitystore and ssoadmin#3005kodiakhq[bot] merged 13 commits intocloudquery:mainfrom
Conversation
|
refs #1418 |
plugins/source/aws/resources/services/ssoadmin/instances_fetch.go
Outdated
Show resolved
Hide resolved
plugins/source/aws/resources/services/ssoadmin/instances_fetch.go
Outdated
Show resolved
Hide resolved
erezrokah
left a comment
There was a problem hiding this comment.
Thanks @jhudson10x, added a few comments too?
What do you think about breaking this into multiple PRs per resource? Then it will be easier to merge the completed ones
plugins/source/aws/resources/services/identitystore/users_fetch.go
Outdated
Show resolved
Hide resolved
I am ok with breaking these into multiple PRs. I apologize for the delay in wrapping this one up. Last week was very busy with an onsite meeting and did not get a chance to do much. |
Just to be clear in case it wasn't from context - the identitystore service depends on the ssoadmin instance resource. This PR is ready for review for merge. I'm going to be finishing the remaining ssoadmin resources today, but if you want me to go ahead and wrap this one up I can open a new PR for those resources. |
erezrokah
left a comment
There was a problem hiding this comment.
This is great work @jhudson10x, sorry for the late re-review.
This looks great pending a few comments. Please let me know what you think
plugins/source/aws/resources/services/identitystore/identitystore_fetch.go
Outdated
Show resolved
Hide resolved
plugins/source/aws/resources/services/identitystore/users_fetch.go
Outdated
Show resolved
Hide resolved
| func fetchSsoadminInstances(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- interface{}) error { | ||
| svc := meta.(*client.Client).Services().SSOAdmin | ||
| config := ssoadmin.ListInstancesInput{} | ||
| response, err := svc.ListInstances(ctx, &config) |
There was a problem hiding this comment.
Does this API needs to be paginated like the others? It seems it supports that functionality
There was a problem hiding this comment.
I think there is no possibility for more than 1 instance to exist. I will paginate it to be safe. It raises another question but we can look at that in next PR.
|
Additionally to get the CI passing you'll need to run Finally if it makes sense, you can add mock tests to verify the fetch functions work as expected, see example(s) in https://github.com/cloudquery/cloudquery/blob/9a313bb24316b02538d2abde79bd0873bf81fe03/plugins/source/aws/resources/services/elbv2/load_balancers_mock_test.go |
|
@erezrokah I thought we could delay answering the question "is there ever more than 1 SSO instance in an account" but maybe we should address it now because I have assumed this in the change, e.g.: FWIW the AWS docs clearly state you can only have one:
If there is a better way to access that identiy-store-id (this is what instance is needed for in above code) then I can change it. Maybe doing table relation? I do not know if that will work across services though. |
#### Summary Related to #3326. This PRs changes the `/docs` command to a `/gen` command so it generates both code and docs. See example for the docs command in: #3005 (comment) c7f72fd We could have separate commands, but I think an update to code generation always requires a doc generation <!--
95d65fa to
3afec60
Compare
erezrokah
left a comment
There was a problem hiding this comment.
Thanks for the follow up digging into AWS docs 🙃
It all makes sense to me so I approved the PR. I'm planning to add mock tests for it today/tomorrow and then I'll merge it
SSOAdmin Instances table is passing validation but the resolver is not being called.
Probably needs its own dedicated region provider because looking at the AWS dashboard there appear to be more available regions than the 13 provided by the identitystore provider.
Need to determine appropriate method for using identity-store-id (from ssoadmin service instance resource) in the identitystore service resources.
Redundant information; all of it's contained in the group memberships table.
1acf344 to
23c5190
Compare
🤖 I have created a release *beep* *boop* --- ## [4.6.0](plugins-source-aws-v4.5.0...plugins-source-aws-v4.6.0) (2022-11-06) ### Features * AppRunner add support for Connections ([#3602](#3602)) ([b6c17a2](b6c17a2)) * **aws:** AppRunner Resources: VPC Connector, VPC Ingress Connection And Autotscaling ([#3450](#3450)) ([f5cd42c](f5cd42c)) * **aws:** AppRunner support ObservabilityConfiguration ([#3603](#3603)) ([b93a66d](b93a66d)) * **aws:** Support identitystore and ssoadmin ([#3005](#3005)) ([afa463d](afa463d)) ### Bug Fixes * **aws:** Elasticache Engine Versions PK ([#3562](#3562)) ([59a7400](59a7400)), closes [#3561](#3561) * **deps:** Update plugin-sdk for aws to v0.13.20 ([#3569](#3569)) ([3876311](3876311)) * Fix bug in s3_cross_region_replication policy ([#3565](#3565)) ([515a7d0](515a7d0)) * Fix documentation ([#3608](#3608)) ([ea14f06](ea14f06)) * Update endpoints ([#3605](#3605)) ([20b9f4f](20b9f4f)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
This PR is ready for review for merge.There remains ssoadmin resources to be added. I can add them as part of this PR or I can open a new PR for those resources. Please advise.
Summary
Add support for the IAM Identity Center (Successor to AWS Single Sign-On) a.k.a
ssoadminandidentitystoreAPIs