Merge pull request #2 from awsiv/terraform_registry

Release to terraform registry

.github/workflows/main.yml

@@ -0,0 +1,38 @@
+name: goreleaser
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Unshallow
+        run: git fetch --prune --unshallow
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.14
+      - name: Test
+        run: go test ./...
+      - name: Import GPG key
+        id: import_gpg
+        uses: paultyng/ghaction-import-gpg@v2.1.0
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          PASSPHRASE: ${{ secrets.PASSPHRASE }}
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: release --rm-dist --skip-publish --snapshot
+        env:
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -0,0 +1,35 @@
+name: goreleaser
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Unshallow
+        run: git fetch --prune --unshallow
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.14
+      - name: Test
+        run: go test ./...
+      - name: Import GPG key
+        id: import_gpg
+        uses: paultyng/ghaction-import-gpg@v2.1.0
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          PASSPHRASE: ${{ secrets.PASSPHRASE }}
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -12,3 +12,6 @@
 *.out
 
 /dist
+vendor/*
+
+terraform-provider-rdsdataservice

.goreleaser.yml

@@ -1,28 +1,54 @@
-# This is an example goreleaser.yaml file with some sane defaults.
-# Make sure to check the documentation at http://goreleaser.com
+# Visit https://goreleaser.com for documentation on how to customize this
+# behavior.
 before:
   hooks:
-    # you may remove this if you don't use vgo
-    - go mod tidy
-    # you may remove this if you don't need go generate
+    - go mod download
     - go generate ./...
 builds:
-- env:
-  - CGO_ENABLED=0
+  - env:
+      # goreleaser does not work with CGO, it could also complicate
+      # usage by users in CI/CD systems like Terraform Cloud where
+      # they are unable to install libraries.
+      - CGO_ENABLED=0
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    flags:
+      - -trimpath
+    ldflags:
+      - "-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}"
+    goos:
+      - linux
+      - darwin
+    goarch:
+      - amd64
+    ignore:
+      - goos: darwin
+        goarch: "386"
+    binary: "{{ .ProjectName }}_v{{ .Version }}"
 archives:
-- replacements:
-    darwin: Darwin
-    linux: Linux
-    windows: Windows
-    386: i386
-    amd64: x86_64
+  - format: zip
+    name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
 checksum:
-  name_template: 'checksums.txt'
-snapshot:
-  name_template: "{{ .Tag }}-next"
+  name_template: "{{ .ProjectName }}_{{ .Version }}_SHA256SUMS"
+  algorithm: sha256
+signs:
+  - artifacts: checksum
+    args:
+      # if you are using this is a GitHub action or some other automated pipeline, you
+      # need to pass the batch flag to indicate its not interactive.
+      - "--batch"
+      - "--local-user"
+      - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
+      - "--output"
+      - "${signature}"
+      - "--detach-sign"
+      - "${artifact}"
+release:
+  prerelease: auto
+  # If you want to manually examine the release before its live, uncomment this line:
+  # draft: true
 changelog:
   sort: asc
   filters:
     exclude:
-    - '^docs:'
-    - '^test:'
+      - "^docs:"
+      - "^test:"

README.md

@@ -1,25 +1,27 @@
 # terraform-provider-rdsdataservice
+
 Manage Postgres db resources using the AWS Data API - Heavily inspired by [terraform-provider-postgresql](https://github.com/terraform-providers/terraform-provider-postgresql)
 
-[AWS Data API](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) allows us to run SQL using HTTP endpoint and AWS SDKs. This is awesome because it means that we no longer need to manage connections :).
+[AWS Data API](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) allows us to run SQL using HTTP endpoint and AWS SDK. This is awesome because it means that we no longer need to manage connections. This also uses secretsmanager secret so we no longer have to worry about secrets ending up in terraform state.
 
-I have tried to put together a PoC here. Since it uses AWS SDK, it might  as well belong to terraform-provider-aws itself, but then, the CRUD operations are SQL statements instead of actual API calls - so maybe it has its own place? I am working on porting more resources and more importantly the acceptance tests. Let me know what you think about it :)
+Since it uses AWS SDK, it might as well belong to terraform-provider-aws itself, but then, the CRUD operations are SQL statements instead of actual API calls - so maybe it has its own place? I am working on porting more resources and more importantly the acceptance tests. Let me know what you think about it :)
 
 API documentation: [package rdsdataservice](https://godoc.org/github.com/aws/aws-sdk-go/service/rdsdataservice)
 
-## Requirements ##
+## Requirements
+
 Terraform 0.12+
 Go 1.13 (to build the provider plugin)
 
-## Install ##
+## Install
 
-You will need to install the binary as a [terraform third party plugin](https://www.terraform.io/docs/configuration/providers.html#third-party-plugins).  Terraform will then pick up the binary from the local filesystem when you run `terraform init`.
+You will need to install the binary as a [terraform third party plugin](https://www.terraform.io/docs/configuration/providers.html#third-party-plugins). Terraform will then pick up the binary from the local filesystem when you run `terraform init`.
 
 ```sh
 curl -s https://raw.githubusercontent.com/awsiv/terraform-provider-rdsdataservice/master/install.sh | bash
 ```
 
-## Usage ##
+## Usage
 
 ```terraform
 provider "rdsdataservice" {

docs/index.md

@@ -0,0 +1,42 @@
+---
+page_title: "Provider: RDS DataService - DataAPI"
+---
+
+# RDSDataService Provider
+
+Manage Aurora Serverless databases with Terraform.
+
+[AWS RDSDataService/Data API](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) allows us to run SQL using HTTP endpoint and AWS SDK.
+
+Due to this, we have the following advantages:
+
+- We no longer need to manage connections
+- We can use secretsmanager secret and not have to worry about secrets ending up in terraform state.
+
+## Example Usage
+
+```hcl
+provider "rdsdataservice" {
+    version = "1.0.0"
+    region  = var.aws_region
+    profile = var.aws_profile
+}
+
+resource "rdsdataservice_postgres_database" "test" {
+    name         = "test"
+    resource_arn = var.db_arn
+    secret_arn   = var.secret_arn
+    owner        = "postgres"
+}
+
+resource "rdsdataservice_postgres_role" "test" {
+    name         = "test"
+    resource_arn = var.db_arn
+    secret_arn   = var.secret_arn
+    login        = true
+}
+```
+
+## Argument Reference
+
+This provider is built to be compatible/similar to [terraform-provider-aws](https://registry.terraform.io/providers/hashicorp/aws/latest/docs), since it uses the AWS SDK and the provider implemenation is inspired by it.

docs/resources/rdsdataservice_postgres_database.md

@@ -0,0 +1,27 @@
+---
+page_title: "rdsdataservice_postgres_database"
+---
+
+# rdsdataservice_postgres_database Resource
+
+Manage postgres databases
+
+## Example Usage
+
+```hcl
+resource "rdsdataservice_postgres_database" "test" {
+  name         = "test"
+  resource_arn = var.db_arn
+  secret_arn   = var.secret_arn
+  owner        = "postgres"
+}
+```
+
+## Argument Reference
+
+- `name` - (Required) The PostgreSQL database name.
+- `resource_arn` - (Required) DB ARN.
+- `secret_arn` - (Required) DBA Secret ARN.
+- `owner` - (Optional) The ROLE which owns the database.. (Default: `postgres`)
+
+## Attribute Reference

docs/resources/rdsdataservice_postgres_role.md

@@ -0,0 +1,33 @@
+---
+page_title: "rdsdataservice_postgres_role"
+---
+
+# rdsdataservice_postgres_role Resource
+
+Manage postgres roles
+
+## Example Usage
+
+```hcl
+resource "rdsdataservice_postgres_role" "test" {
+  name         = "test"
+  resource_arn = var.db_arn
+  secret_arn   = var.secret_arn
+  login        = true
+}
+```
+
+## Argument Reference
+
+- `name` - (Required) The PostgreSQL database name to connect to.
+- `resource_arn` - (Required) DB ARN.
+- `secret_arn` - (Required) DBA Secret ARN.
+- `login` - (Optional) Determine whether a role is allowed to log in. (Default: `false`)
+- `inherit` - (Optional) Determine whether a role "inherits" the privileges of roles it is a member of. (Default: `true`)
+- `create_database` - (Optional) Define a role's ability to create databases. (Default: `false`)
+- `create_role` - (Optional) Determine whether this role will be permitted to create new roles. (Default: `false`)
+- `password` - (Optional) Set the role's password.
+- `roles` - (Optional) Role(s) to grant to this new role.
+- `superuser` - (Optional) Determine whether the new role is a "superuser". (Default: `false`)
+
+## Attribute Reference

rdsdataservice/resource_rdsdataservice_postgres_database.go

@@ -25,23 +25,23 @@ func resourceAwsRdsdataservicePostgresDatabase() *schema.Resource {
 			"name": {
 				Type:        schema.TypeString,
 				Required:    true,
-				Description: "The PostgreSQL database name to connect to",
+				Description: "Database name.",
 			},
 			"resource_arn": {
 				Type:        schema.TypeString,
 				Required:    true,
-				Description: "The PostgreSQL database name to connect to",
+				Description: "DB ARN.",
 			},
 			"secret_arn": {
 				Type:        schema.TypeString,
 				Required:    true,
-				Description: "The PostgreSQL database name to connect to",
+				Description: "DBA Secret ARN.",
 			},
 			"owner": {
 				Type:        schema.TypeString,
 				Optional:    true,
 				Default:     "postgres",
-				Description: "The ROLE which owns the database",
+				Description: "The ROLE which owns the database.",
 			},
 		},
 	}

rdsdataservice/resource_rdsdataservice_postgres_role.go

@@ -25,62 +25,62 @@ func resourceAwsRdsdataservicePostgresRole() *schema.Resource {
 			"name": {
 				Type:        schema.TypeString,
 				Required:    true,
-				Description: "The PostgreSQL database name to connect to",
+				Description: "The PostgreSQL database name to connect to.",
 			},
 			"login": {
 				Type:        schema.TypeBool,
 				Optional:    true,
 				Default:     false,
-				Description: "Determine whether a role is allowed to log in",
+				Description: "Determine whether a role is allowed to log in.",
 			},
 			"inherit": {
 				Type:        schema.TypeBool,
 				Optional:    true,
 				Default:     true,
-				Description: `Determine whether a role "inherits" the privileges of roles it is a member of`,
+				Description: `Determine whether a role "inherits" the privileges of roles it is a member of.`,
 			},
 			"create_database": {
 				Type:        schema.TypeBool,
 				Optional:    true,
 				Default:     false,
-				Description: "Define a role's ability to create databases",
+				Description: "Define a role's ability to create databases.",
 			},
 			"create_role": {
 				Type:        schema.TypeBool,
 				Optional:    true,
 				Default:     false,
-				Description: "Determine whether this role will be permitted to create new roles",
+				Description: "Determine whether this role will be permitted to create new roles.",
 			},
 			"password": {
 				Type:        schema.TypeString,
 				Optional:    true,
 				Sensitive:   true,
-				Description: "Sets the role's password",
+				Description: "Sets the role's password.",
 			},
 			"roles": {
 				Type:        schema.TypeSet,
 				Optional:    true,
 				Elem:        &schema.Schema{Type: schema.TypeString},
 				Set:         schema.HashString,
 				MinItems:    0,
-				Description: "Role(s) to grant to this new role",
+				Description: "Role(s) to grant to this new role.",
 			},
 			"superuser": {
 				Type:        schema.TypeBool,
 				Optional:    true,
 				Default:     false,
-				Description: `Determine whether the new role is a "superuser"`,
+				Description: `Determine whether the new role is a "superuser".`,
 			},
 			"secret_arn": {
 				Type:        schema.TypeString,
 				Required:    true,
-				Description: "The PostgreSQL database name to connect to",
+				Description: "The PostgreSQL database name to connect to.",
 			},
 			"resource_arn": {
 				Type:        schema.TypeString,
 				Optional:    true,
 				Default:     "postgres",
-				Description: "The PostgreSQL database name to connect to",
+				Description: "The PostgreSQL database name to connect to.",
 			},
 		},
 	}