From 3a897c4e94de7bd0bb5741fee4057f4a83ee9600 Mon Sep 17 00:00:00 2001 From: badra001 Date: Thu, 1 Apr 2021 09:23:34 -0400 Subject: [PATCH] change null_resource to external data --- iam-saml/README.md | 4 +-- iam-saml/bin/external_get-saml-metadata.sh | 41 ++++++++++++++++++++++ iam-saml/bin/get-saml-metadata.sh | 3 +- iam-saml/main.tf | 38 +++++++++++++------- 4 files changed, 69 insertions(+), 17 deletions(-) create mode 100755 iam-saml/bin/external_get-saml-metadata.sh diff --git a/iam-saml/README.md b/iam-saml/README.md index 34f2226..85d2582 100644 --- a/iam-saml/README.md +++ b/iam-saml/README.md @@ -39,7 +39,7 @@ No requirements. | Name | Version | |------|---------| | [aws](#provider\_aws) | n/a | -| [null](#provider\_null) | n/a | +| [external](#provider\_external) | n/a | ## Modules @@ -50,11 +50,11 @@ No modules. | Name | Type | |------|------| | [aws_iam_saml_provider.saml](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_saml_provider) | resource | -| [null_resource.saml_metadata](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_iam_policy_document.saml_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [external_external.saml_metadata](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | ## Inputs diff --git a/iam-saml/bin/external_get-saml-metadata.sh b/iam-saml/bin/external_get-saml-metadata.sh new file mode 100755 index 0000000..21a3986 --- /dev/null +++ b/iam-saml/bin/external_get-saml-metadata.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +#set -e +eval "$(jq -r '@sh "AWS_ENVIRONMENT=\(.aws_environment) OUTPUT=\(.output_file) URL_PREFIX=\(.url_prefix)"')" + +if [ -z $AWS_ENVIRONMENT ] +then + AWS_ENVIRONMENT="east-west" +fi + +if [ -z $URL_PREFIX ] +then + URL_PREFIX="https://id-provider.tco.census.gov/nidp/saml2/metadata?PID=" +fi + +if [[ $AWS_ENVIRONMENT == "east-west" ]] || [[ $AWS_ENVIRONMENT == "ew" ]] +then + SELECT="urn:amazon:webservices" +fi +if [[ $AWS_ENVIRONMENT == "govcloud" ]] || [[ $AWS_ENVIRONMENT == "gov" ]] +then + SELECT="urn:amazon:webservices:govcloud" +fi + +if [ -z $SELECT ] +then + echo "* no URL available for AWS_ENVIRONMENT=$AWS_ENVIRONMENT" + exit 1 +fi + +if [ -z $OUTPUT ] +then + OUTPUT="metadata.$(date +%s).xml" +fi + +URL="${URL_PREFIX}${SELECT}" +curl -q -k $URL > $OUTPUT +status=$? +result=$(cat $OUTPUT) + +jq -n --arg output_file "$OUTPUT" --arg value "$result" --arg status "$status" '{"output_file":$output_file,"value":$value,"status":$status}' diff --git a/iam-saml/bin/get-saml-metadata.sh b/iam-saml/bin/get-saml-metadata.sh index 993c49f..a73ca2f 100755 --- a/iam-saml/bin/get-saml-metadata.sh +++ b/iam-saml/bin/get-saml-metadata.sh @@ -30,8 +30,7 @@ then fi URL="${URL_PREFIX}${SELECT}" -#OUTFILE="metadata.xml" -echo "# environment=$AWS_ENVIRONMENT command=curl -q -k $URL" >&2 +# echo "# environment=$AWS_ENVIRONMENT command=curl -q -k $URL" >&2 curl -q -k $URL status=$? exit $status diff --git a/iam-saml/main.tf b/iam-saml/main.tf index e82bf1f..2d10719 100644 --- a/iam-saml/main.tf +++ b/iam-saml/main.tf @@ -47,25 +47,37 @@ locals { } } -resource "null_resource" "saml_metadata" { - provisioner "local-exec" { - command = "test -d ${path.root}/setup || mkdir ${path.root}/setup" - } +# resource "null_resource" "saml_metadata" { +# provisioner "local-exec" { +# command = "test -d ${path.root}/setup || mkdir ${path.root}/setup" +# } +# +# provisioner "local-exec" { +# command = "bash ${path.module}/bin/get-saml-metadata.sh > ${path.root}/setup/metadata.xml" +# environment = { +# # AWS_ENVIRONMENT = var.aws_environment +# AWS_ENVIRONMENT = local.account_environment +# } +# } +# } - provisioner "local-exec" { - command = "bash ${path.module}/bin/get-saml-metadata.sh > ${path.root}/setup/metadata.xml" - environment = { - # AWS_ENVIRONMENT = var.aws_environment - AWS_ENVIRONMENT = local.account_environment - } +data "external" "saml_metadata" { + program = ["bash", "${path.module}/bin/external_get_saml_metadata.sh"] + # output {object}.results.{output_file,status,value} + query = { + "aws_environment" = local.account_environment + "output_file" = local.saml_metadata_file + # "url_prefix" = "" } + # depends_on = [null_resource.saml_metadata] } resource "aws_iam_saml_provider" "saml" { # count = fileexists(local.saml_metadata_file) ? 1 : 0 - name = var.saml_provider_name - saml_metadata_document = fileexists(local.saml_metadata_file) ? file(local.saml_metadata_file) : file("${path.module}/empty_metadata.xml") - depends_on = [null_resource.saml_metadata] + name = var.saml_provider_name + # saml_metadata_document = fileexists(local.saml_metadata_file) ? file(local.saml_metadata_file) : file("${path.module}/empty_metadata.xml") + saml_metadata_document = data.external.saml_metadata.result.value + # depends_on = [null_resource.saml_metadata] # when the provider supports tags, enable this section # tags = merge(