Merge pull request #1 from nullstone-io/draft

Initial draft

.github/dependabot.yml

@@ -0,0 +1,15 @@
+# See GitHub's documentation for more information on this file:
+# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # TODO: Dependabot only updates hashicorp GHAs in the template repository, the following lines can be removed for consumers of this template
+    allow:
+      - dependency-name: "hashicorp/*"

.github/workflows/issue-comment-triage.yml

@@ -0,0 +1,21 @@
+# DO NOT EDIT - This GitHub Workflow is managed by automation
+# https://github.com/hashicorp/terraform-devex-repos
+name: Issue Comment Triage
+
+on:
+  issue_comment:
+    types: [created]
+
+jobs:
+  issue_comment_triage:
+    runs-on: ubuntu-latest
+    env:
+      # issue_comment events are triggered by comments on issues and pull requests. Checking the
+      # value of github.event.issue.pull_request tells us whether the issue is an issue or is
+      # actually a pull request, allowing us to dynamically set the gh subcommand:
+      # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issue_comment-on-issues-only-or-pull-requests-only
+      COMMAND: ${{ github.event.issue.pull_request && 'pr' || 'issue' }}
+      GH_TOKEN: ${{ github.token }}
+    steps:
+      - name: 'Remove waiting-response on comment'
+        run: gh ${{ env.COMMAND }} edit ${{ github.event.issue.html_url }} --remove-label waiting-response

.github/workflows/lock.yml

@@ -0,0 +1,21 @@
+# DO NOT EDIT - This GitHub Workflow is managed by automation
+# https://github.com/hashicorp/terraform-devex-repos
+name: 'Lock Threads'
+
+on:
+  schedule:
+    - cron: '43 20 * * *'
+
+jobs:
+  lock:
+    runs-on: ubuntu-latest
+    steps:
+      # NOTE: When TSCCR updates the GitHub action version, update the template workflow file to avoid drift:
+      # https://github.com/hashicorp/terraform-devex-repos/blob/main/modules/repo/workflows/lock.tftpl
+      - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1
+        with:
+          github-token: ${{ github.token }}
+          issue-inactive-days: '30'
+          issue-lock-reason: resolved
+          pr-inactive-days: '30'
+          pr-lock-reason: resolved

.github/workflows/release.yml

@@ -0,0 +1,41 @@
+# Terraform Provider release workflow.
+name: Release
+
+# This GitHub action creates a release when a tag that matches the pattern
+# "v*" (e.g. v0.1.0) is created.
+on:
+  push:
+    tags:
+      - 'v*'
+
+# Releases need permissions to read and write the repository contents.
+# GitHub considers creating releases and uploading assets as writing contents.
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          # Allow goreleaser to access older tag information.
+          fetch-depth: 0
+      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
+        id: import_gpg
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
+        with:
+          args: release --clean
+        env:
+          # GitHub sets the GITHUB_TOKEN secret automatically.
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}

.github/workflows/test.yml

@@ -0,0 +1,87 @@
+# Terraform Provider testing workflow.
+name: Tests
+
+# This GitHub action runs your tests for each pull request and push.
+# Optionally, you can turn it on using a schedule for regular testing.
+on:
+  pull_request:
+    paths-ignore:
+      - 'README.md'
+  push:
+    paths-ignore:
+      - 'README.md'
+
+# Testing only needs permissions to read the repository contents.
+permissions:
+  contents: read
+
+jobs:
+  # Ensure project builds before running testing matrix
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+      - run: go mod download
+      - run: go build -v .
+      - name: Run linters
+        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
+        with:
+          version: latest
+
+  generate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+      # Temporarily download Terraform 1.8 prerelease for function documentation support.
+      # When Terraform 1.8.0 final is released, this can be removed.
+      - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
+        with:
+          terraform_version: '1.8.0-alpha20240216'
+          terraform_wrapper: false
+      - run: go generate ./...
+      - name: git diff
+        run: |
+          git diff --compact-summary --exit-code || \
+            (echo; echo "Unexpected difference in directories after code generation. Run 'go generate ./...' command and commit."; exit 1)
+
+  # Run acceptance tests in a matrix with Terraform CLI versions
+  test:
+    name: Terraform Provider Acceptance Tests
+    needs: build
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    strategy:
+      fail-fast: false
+      matrix:
+        # list whatever Terraform versions here you would like to support
+        terraform:
+          - '1.0.*'
+          - '1.1.*'
+          - '1.2.*'
+          - '1.3.*'
+          - '1.4.*'
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
+        with:
+          go-version-file: 'go.mod'
+          cache: true
+      - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
+        with:
+          terraform_version: ${{ matrix.terraform }}
+          terraform_wrapper: false
+      - run: go mod download
+      - env:
+          TF_ACC: "1"
+        run: go test -v -cover ./internal/provider/
+        timeout-minutes: 10

.gitignore

@@ -1,6 +1,11 @@
 # If you prefer the allow list template instead of the deny list, see community template:
 # https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
 #
+
+# IDEs
+.idea/
+.vscode/
+
 # Binaries for programs and plugins
 *.exe
 *.exe~
@@ -15,7 +20,7 @@
 *.out
 
 # Dependency directories (remove the comment below to include it)
-# vendor/
+vendor/
 
 # Go workspace file
 go.work

.golangci.yml

@@ -0,0 +1,27 @@
+# Visit https://golangci-lint.run/ for usage documentation
+# and information on other useful linters
+issues:
+  max-per-linter: 0
+  max-same-issues: 0
+
+linters:
+  disable-all: true
+  enable:
+    - durationcheck
+    - errcheck
+    - exportloopref
+    - forcetypeassert
+    - godot
+    - gofmt
+    - gosimple
+    - ineffassign
+    - makezero
+    - misspell
+    - nilerr
+    - predeclared
+    - staticcheck
+    - tenv
+    - unconvert
+    - unparam
+    - unused
+    - govet

.goreleaser.yml

@@ -0,0 +1,61 @@
+# Visit https://goreleaser.com for documentation on how to customize this
+# behavior.
+version: 2
+before:
+  hooks:
+    # this is just an example and not a requirement for provider building/publishing
+    - go mod tidy
+builds:
+- env:
+    # goreleaser does not work with CGO, it could also complicate
+    # usage by users in CI/CD systems like HCP Terraform where
+    # they are unable to install libraries.
+    - CGO_ENABLED=0
+  mod_timestamp: '{{ .CommitTimestamp }}'
+  flags:
+    - -trimpath
+  ldflags:
+    - '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}'
+  goos:
+    - freebsd
+    - windows
+    - linux
+    - darwin
+  goarch:
+    - amd64
+    - '386'
+    - arm
+    - arm64
+  ignore:
+    - goos: darwin
+      goarch: '386'
+  binary: '{{ .ProjectName }}_v{{ .Version }}'
+archives:
+- format: zip
+  name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
+checksum:
+  extra_files:
+    - glob: 'terraform-registry-manifest.json'
+      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+  name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
+  algorithm: sha256
+signs:
+  - artifacts: checksum
+    args:
+      # if you are using this in a GitHub action or some other automated pipeline, you 
+      # need to pass the batch flag to indicate its not interactive.
+      - "--batch"
+      - "--local-user"
+      - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
+      - "--output"
+      - "${signature}"
+      - "--detach-sign"
+      - "${artifact}"
+release:
+  extra_files:
+    - glob: 'terraform-registry-manifest.json'
+      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+  # If you want to manually examine the release before its live, uncomment this line:
+  # draft: true
+changelog:
+  disable: true

CHANGELOG.md

@@ -0,0 +1,3 @@
+## 0.1.0 (Unreleased)
+
+FEATURES:

GNUmakefile

@@ -0,0 +1,6 @@
+default: testacc
+
+# Run acceptance tests
+.PHONY: testacc
+testacc:
+	TF_ACC=1 go test ./... -v $(TESTARGS) -timeout 120m

README.md

@@ -1,2 +1,9 @@
-# terraform-provider-awsex
-A Terraform provider to extend the functionality of the AWS provider
+# Terraform AWS (Extensions) Provider
+
+This is a Terraform provider to extend the functionality of the [AWS Provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs).
+
+At time of creation, Hashicorp had few review resources dedicated to the provider.
+As a result, there are over 400 open pull requests, many older than 4 years.
+
+The purpose of this provider is to rapidly augment the official provider.
+This can also be used to rapidly experiment with new resources.

docs/index.md

@@ -0,0 +1,71 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "awsex Provider"
+subcategory: ""
+description: |-
+  
+---
+
+# awsex Provider
+
+
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `access_key` (String) The access key for API operations. You can retrieve this
+from the 'Security & Credentials' section of the AWS console.
+- `assume_role` (Attributes) (see [below for nested schema](#nestedatt--assume_role))
+- `assume_role_with_web_identity` (Attributes) (see [below for nested schema](#nestedatt--assume_role_with_web_identity))
+- `custom_ca_bundle` (String) File containing custom root and intermediate certificates. Can also be configured using the `AWS_CA_BUNDLE` environment variable. (Setting `ca_bundle` in the shared config file is not supported.)
+- `http_proxy` (String) URL of a proxy to use for HTTP requests when accessing the AWS API. Can also be set using the `HTTP_PROXY` or `http_proxy` environment variables.
+- `https_proxy` (String) URL of a proxy to use for HTTPS requests when accessing the AWS API. Can also be set using the `HTTPS_PROXY` or `https_proxy` environment variables.
+- `insecure` (Boolean) Explicitly allow the provider to perform "insecure" SSL requests. If omitted, default value is `false`
+- `max_retries` (Number) The maximum number of times an AWS API request is
+being executed. If the API request still fails, an error is
+thrown.
+- `no_proxy` (String) Comma-separated list of hosts that should not use HTTP or HTTPS proxies. Can also be set using the `NO_PROXY` or `no_proxy` environment variables.
+- `profile` (String) The profile for API operations. If not set, the default profile
+created with `aws configure` will be used.
+- `region` (String) The region where AWS operations will take place. Examples
+are us-east-1, us-west-2, etc.
+- `retry_mode` (String) Specifies how retries are attempted. Valid values are `standard` and `adaptive`. Can also be configured using the `AWS_RETRY_MODE` environment variable.
+- `secret_key` (String) The secret key for API operations. You can retrieve this
+from the 'Security & Credentials' section of the AWS console.
+- `shared_config_files` (List of String) List of paths to shared config files. If not set, defaults to [~/.aws/config].
+- `shared_credentials_files` (List of String) List of paths to shared credentials files. If not set, defaults to [~/.aws/credentials].
+- `token` (String) session token. A session token is only required if you are
+using temporary security credentials.
+
+<a id="nestedatt--assume_role"></a>
+### Nested Schema for `assume_role`
+
+Optional:
+
+- `duration` (String) The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m.
+- `external_id` (String) A unique identifier that might be required when you assume a role in another account.
+- `policy` (String) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
+- `policy_arns` (Set of String) Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
+- `role_arn` (String) Amazon Resource Name (ARN) of an IAM Role to assume prior to making API calls.
+- `session_name` (String) An identifier for the assumed role session.
+- `source_identity` (String) Source identity specified by the principal assuming the role.
+- `tags` (Map of String) Assume role session tags.
+- `transitive_tag_keys` (Set of String) Assume role session tag keys to pass to any subsequent sessions.
+
+
+<a id="nestedatt--assume_role_with_web_identity"></a>
+### Nested Schema for `assume_role_with_web_identity`
+
+Optional:
+
+- `duration` (String) The duration, between 15 minutes and 12 hours, of the role session. Valid time units are ns, us (or µs), ms, s, h, or m.
+- `policy` (String) IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
+- `policy_arns` (Set of String) Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the IAM Role being assumed.
+- `role_arn` (String) Amazon Resource Name (ARN) of an IAM Role to assume prior to making API calls.
+- `session_name` (String) An identifier for the assumed role session.
+- `web_identity_token` (String)
+- `web_identity_token_file` (String)