chore: applies review comments and readme

idealo · Jan 10, 2025 · e4fef9a · e4fef9a
1 parent 1978241
commit e4fef9a
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -26,12 +26,22 @@ You can test the provider locally before creating a PR by following the steps be
 
 ```sh
 $ make build # make sure to have the build version in the executable name as a postfix e.g. terraform-provider-controltower_v2.0.0
-$ mkdir -p ~/.terraform.d/plugins/registry.terraform.io/idealo/controltower/<some version>/darwin_arm64 # arch can be different depending on your system
-$ mv bin/terraform-provider-controltower_<some version> ~/.terraform.d/plugins/registry.terraform.io/idealo/controltower/<some version>/darwin_arm64 # some version should be the future version of the provider after the changes.
 ```
+create a `~/.terraformrc` file your home directory with the following content:
+```hcl
+provider_installation {
+  dev_overrides {
+    "registry.terraform.io/idealo/controltower" = "path-to-the-built-binary/terraform-provider-controltower"  # e.g /Users/username/repo/terraform-provider-controltower/bin/terraform-provider-controltower"
+  }
+  # For all other providers, install them directly from their origin provider
+  # registries as normal. If you omit this, Terraform will _only_ use
+  # the dev_overrides block, and so no other providers will be available.
+  direct {}
+}
 
+```
 Then you can test your changes in your terraform configuration by running `terraform init` in the directory where your terraform configuration is located. 
 
 Make sure to define the new version under the `required_providers` block. 
 
-Alternatively, if you're using terraform 0.14 or later, you can make use of `dev_overrides` as described [here](https://developer.hashicorp.com/terraform/cli/config/config-file#development-overrides-for-provider-developers) and point the provider to your `~/.terraformrc`.
+A complete reference can be found [here](https://developer.hashicorp.com/terraform/cli/config/config-file#development-overrides-for-provider-developers).
diff --git a/internal/provider/resource_aws_account.go b/internal/provider/resource_aws_account.go
@@ -431,7 +431,7 @@ func resourceAWSAccountUpdate(ctx context.Context, d *schema.ResourceData, m int
 
 	isRemoveAccountAssignmentOnUpdate := sso["remove_account_assignment_on_update"].(bool)
 
-	if d.HasChange("sso") && isRemoveAccountAssignmentOnUpdate {
+	if isRemoveAccountAssignmentOnUpdate && d.HasChange("sso") {
 		ssoadminconn := ssoadmin.NewFromConfig(cfg)
 		identitystoreconn := identitystore.NewFromConfig(cfg)
 
@@ -458,22 +458,10 @@ func updateAccountAssignment(ctx context.Context, ssoadminconn *ssoadmin.Client,
 	if err != nil {
 		return fmt.Errorf("error listing SSO instances: %v", err)
 	}
-	identityStoreId := ssoInstances.Instances[0].IdentityStoreId
 	instanceArn := ssoInstances.Instances[0].InstanceArn
-
-	alternateIdentifier := &types.AlternateIdentifierMemberUniqueAttribute{
-		Value: types.UniqueAttribute{
-			AttributePath:  aws.String("UserName"),
-			AttributeValue: document.NewLazyDocument(oldEmail),
-		},
-	}
-
-	principal, err := identitystoreconn.GetUserId(ctx, &identitystore.GetUserIdInput{
-		IdentityStoreId:     identityStoreId,
-		AlternateIdentifier: alternateIdentifier,
-	})
+	principalUserId, err := findPrincipalUserId(ctx, ssoInstances, oldEmail, err, identitystoreconn)
 	if err != nil {
-		return fmt.Errorf("error getting principal id: %v", err)
+		return err
 	}
 
 	permissionSetArn, err := findPermissionSetArn(ctx, ssoadminconn, instanceArn, permissionSetName)
@@ -488,7 +476,7 @@ func updateAccountAssignment(ctx context.Context, ssoadminconn *ssoadmin.Client,
 			TargetId:         &accountId,
 			TargetType:       "AWS_ACCOUNT",
 			PrincipalType:    "USER",
-			PrincipalId:      principal.UserId,
+			PrincipalId:      principalUserId,
 			PermissionSetArn: &permissionSetArn,
 		})
 		if err != nil {
@@ -497,6 +485,26 @@ func updateAccountAssignment(ctx context.Context, ssoadminconn *ssoadmin.Client,
 	}
 	return nil
 }
+
+func findPrincipalUserId(ctx context.Context, ssoInstances *ssoadmin.ListInstancesOutput, oldEmail string, err error, identitystoreconn *identitystore.Client) (*string, error) {
+	identityStoreId := ssoInstances.Instances[0].IdentityStoreId
+
+	alternateIdentifier := &types.AlternateIdentifierMemberUniqueAttribute{
+		Value: types.UniqueAttribute{
+			AttributePath:  aws.String("UserName"),
+			AttributeValue: document.NewLazyDocument(oldEmail),
+		},
+	}
+
+	principal, err := identitystoreconn.GetUserId(ctx, &identitystore.GetUserIdInput{
+		IdentityStoreId:     identityStoreId,
+		AlternateIdentifier: alternateIdentifier,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("error getting principal id: %v", err)
+	}
+	return principal.UserId, nil
+}
 func findPermissionSetArn(ctx context.Context, ssoadminconn *ssoadmin.Client, instanceArn *string, permissionSetName string) (string, error) {
 	paginator := ssoadmin.NewListPermissionSetsPaginator(ssoadminconn, &ssoadmin.ListPermissionSetsInput{
 		InstanceArn: instanceArn,