-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add organizations ou child and descendant accounts data source #1
Add organizations ou child and descendant accounts data source #1
Conversation
func flattenAccounts(accounts []*organizations.Account) []map[string]interface{} { | ||
if len(accounts) == 0 { | ||
return nil | ||
} | ||
var result []map[string]interface{} | ||
for _, account := range accounts { | ||
result = append(result, map[string]interface{}{ | ||
"arn": aws.StringValue(account.Arn), | ||
"email": aws.StringValue(account.Email), | ||
"id": aws.StringValue(account.Id), | ||
"joined_method": aws.StringValue(account.JoinedMethod), | ||
"joined_timestamp": aws.TimeValue(account.JoinedTimestamp).String(), | ||
"name": aws.StringValue(account.Name), | ||
"status": aws.StringValue(account.Status), | ||
}) | ||
} | ||
return result | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the point of this function? Isn't the input already in this format? https://docs.aws.amazon.com/sdk-for-go/api/service/organizations/#Account
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe it's main point is to get the account info into a format that fits the schema defined in DataSourceOrganizationalUnitChildAccounts
. organizational_unit_child_accounts.go
is based on organizational_units_data_source.go
which has a similar function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Huh, wonder if there's a typing thing I missed in the AWS SDK. Or maybe go does something weird and requires this, which wouldn't be the first time I've seen it (had to do some odd stuff to get terraform plan
to be usable in tests).
internal/service/organizations/organizational_unit_descendant_accounts.go
Outdated
Show resolved
Hide resolved
} | ||
|
||
//Base Case. ParentId has no children. | ||
return nil, nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since you could have some results at this point, could you return those and then ditch the entire internal/service/organizations/organizational_unit_child_accounts.go
file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
organizational_unit_child_accounts.go
is needed so that we can have two separate data sources. In the case where an OU has no child OUs both data sources should return the same data.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, so if both data sources return the same thing in that case, then we don't need the other one. Right? If you can stick all the logic into a single data source, then consumers don't need to know their organization in order to call the right one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had it in my head that there would be a valid use case where I had an OU that contained both child OUs and immediate child accounts, and I wanted just those immediate child accounts and not the other "generations" of children. If there was only one data source you would only be able to get all generations of child accounts.
I think that's still a valid use case, but i guess it's debatable whether it's a common use case.
@@ -0,0 +1,51 @@ | |||
package organizations_test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you document how we run these? Is it just go test
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's some documentation here on provider acceptance testing. Just under that section is instructions for using the provider locally for manual testing. That's how I did all my testing so far. The automated tests are tricky b/c you can't easily destroy the account resources after creating them so in practicality you get one run before you have to change the tests.
"github.com/hashicorp/terraform-provider-aws/internal/acctest" | ||
) | ||
|
||
func testAccOrganizationalUnitDescendantAccountsDataSource_basic(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if the Terraform source tests allow for this behavior, but I assume you want to check all them. If possible, you can try the t.Run
method with 0, 1, 2, 3
for that resource.TestCheckResourceAttr(dataSourceName, "accounts.#", "3"),
line. https://go.dev/blog/subtests
This PR adds two data sources that allow the retrieval of a list of account IDs based on an AWS organizations Organizational Unit ID.
The
aws_organizations_organizational_unit_child_accounts
data source provides the immediate child accounts while theaws_organizations_organizational_unit_descendant_accounts
provides all generations of child account IDs under the given OU.Community Note
Output from acceptance testing:
I'm still having trouble getting acceptance tests to run. I'm sure it's something simple I'm missing with the test framework. (Open to any suggestions!)
Cleanup from testing is tricky since all the accounts need to be manually deleted.
My test org for manual testing looks like this:
Output from some manual testing: