provider/aws: Add aws_account_id data source #8206
Conversation
|
This seems to be an implementation for #4390. (Just noting for the benefit of those following the other one.) |
|
@apparentlymart I prefer your terminology as it allows for expansion later. I'll update this PR. |
|
Re terminology: keep in mind the account ID may not always come from STS at this point, although we could probably ditch all other methods now when we have Although it may be obvious, would you mind adding a warning/notice to docs that account ID may be unavailable under certain circumstances? https://github.com/hashicorp/terraform/blob/master/website/source/docs/providers/aws/index.html.markdown => if Also the data source should IMO be returning error in such case ^. |
jen20
force-pushed
the
f-aws-account-id
branch
from
5a89b48
to
5a8e360
Compare
|
@radeksimko, @apparentlymart - Thanks for the feedback here. I've adjusted the terminology to match the discussion in #4390 and added the error condition suggested by @radeksimko! |
| log.Printf("[DEBUG] Reading Caller Identity.") | ||
| d.SetId(time.Now().UTC().String()) | ||
|
|
||
| if client.accountid != "" { |
There was a problem hiding this comment.
This looks inverted... don't we want to produce this error if the account id is empty?
There was a problem hiding this comment.
Hah yes. Apparently last minute alterations are what code review is intended to catch ;-)
jen20
force-pushed
the
f-aws-account-id
branch
from
5a8e360
to
b9d7133
Compare
|
LGTM! Nice addition :) |
| Read: dataSourceAwsCallerIdentityRead, | ||
|
|
||
| Schema: map[string]*schema.Schema{ | ||
| "account_id": { |
There was a problem hiding this comment.
This field is not actually set in Read, is it?
This data source provides access during configuration to the ID of the AWS account for the connection to AWS. It is primarily useful for interpolating into policy documents, for example when creating the policy for an ELB or ALB access log bucket. This will need revisiting and further testing once the work for AssumeRole is integrated.
jen20
force-pushed
the
f-aws-account-id
branch
from
b9d7133
to
3e14f56
Compare
|
@radeksimko fixed up now. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
This data source provides access during configuration to the ID of the AWS account for the connection to AWS. It is primarily useful for interpolating into policy documents, for example when creating the policy for an ELB or ALB access log bucket.
This will need revisiting and further testing once the work for AssumeRole is integrated.