fix: implemented requested changes

Infisical · Nov 14, 2024 · db7d732 · db7d732
1 parent 7ed4651
commit db7d732
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 48 deletions.
diff --git a/docs/resources/integration_aws_parameter_store.md b/docs/resources/integration_aws_parameter_store.md
@@ -71,10 +71,10 @@ resource "infisical_integration_aws_parameter_store" "parameter-store-integratio
 
 ### Optional
 
-- `access_key_id` (String, Sensitive) The AWS access key ID. Used to authenticate with AWS Secrets Manager. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.
+- `access_key_id` (String, Sensitive) The AWS access key ID. Used to authenticate with AWS Parameter Store. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.
 - `assume_role_arn` (String) The ARN of the role to assume when syncing secrets to AWS Parameter Store. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.
 - `options` (Attributes) Integration options (see [below for nested schema](#nestedatt--options))
-- `secret_access_key` (String, Sensitive) The AWS secret access key. Used to authenticate with AWS Secrets Manager. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.
+- `secret_access_key` (String, Sensitive) The AWS secret access key. Used to authenticate with AWS Parameter Store. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.
 
 ### Read-Only
 

diff --git a/docs/resources/integration_aws_secrets_manager.md b/docs/resources/integration_aws_secrets_manager.md
@@ -69,7 +69,7 @@ resource "infisical_integration_aws_secrets_manager" "secrets-manager-integratio
 ### Optional
 
 - `access_key_id` (String, Sensitive) The AWS access key ID. Used to authenticate with AWS Secrets Manager. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.
-- `assume_role_arn` (String) The ARN of the role to assume when syncing secrets to AWS Parameter Store. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.
+- `assume_role_arn` (String) The ARN of the role to assume when syncing secrets to AWS Secrets Manager. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.
 - `mapping_behavior` (String) The behavior of the mapping. Can be 'many-to-one' or 'one-to-one'. Many to One: All Infisical secrets will be mapped to a single AWS secret. One to One: Each Infisical secret will be mapped to its own AWS secret.
 - `options` (Attributes) Integration options (see [below for nested schema](#nestedatt--options))
 - `secret_access_key` (String, Sensitive) The AWS secret access key. Used to authenticate with AWS Secrets Manager. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.

diff --git a/internal/pkg/input/validate-aws.go b/internal/pkg/input/validate-aws.go
@@ -9,7 +9,7 @@ import (
 func ValidateAwsInputCredentials(accessKeyId basetypes.StringValue, secretAccessKey basetypes.StringValue, assumeRoleArn basetypes.StringValue) (AwsAuthenticationMethod, error) {
 
 	// No credentials provided at all
-	if assumeRoleArn.ValueString() == "" && (accessKeyId.ValueString() == "" || secretAccessKey.ValueString() == "") {
+	if assumeRoleArn.ValueString() == "" && (accessKeyId.ValueString() == "" && secretAccessKey.ValueString() == "") {
 		return "", fmt.Errorf("No credentials provided. Either set access_key_id and secret_access_key, or assume_role_arn.")
 	}
 

diff --git a/internal/provider/resource/integration_aws_parameter_store.go b/internal/provider/resource/integration_aws_parameter_store.go
@@ -133,14 +133,14 @@ func (r *IntegrationAWSParameterStoreResource) Schema(_ context.Context, _ resou
 			"access_key_id": schema.StringAttribute{
 				Sensitive:     true,
 				Optional:      true,
-				Description:   "The AWS access key ID. Used to authenticate with AWS Secrets Manager. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.",
+				Description:   "The AWS access key ID. Used to authenticate with AWS Parameter Store. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.",
 				PlanModifiers: []planmodifier.String{stringplanmodifier.RequiresReplace()},
 			},
 
 			"secret_access_key": schema.StringAttribute{
 				Sensitive:     true,
 				Optional:      true,
-				Description:   "The AWS secret access key. Used to authenticate with AWS Secrets Manager. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.",
+				Description:   "The AWS secret access key. Used to authenticate with AWS Parameter Store. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.",
 				PlanModifiers: []planmodifier.String{stringplanmodifier.RequiresReplace()},
 			},
 
@@ -311,15 +311,6 @@ func (r *IntegrationAWSParameterStoreResource) Read(ctx context.Context, req res
 	if resp.Diagnostics.HasError() {
 		return
 	}
-	_, err := pkg.ValidateAwsInputCredentials(state.AccessKeyID, state.SecretAccessKey, state.AssumeRoleArn)
-
-	if err != nil {
-		resp.Diagnostics.AddError(
-			"Error validating AWS credentials",
-			err.Error(),
-		)
-		return
-	}
 
 	integration, err := r.client.GetIntegration(infisical.GetIntegrationRequest{
 		ID: state.IntegrationID.ValueString(),
@@ -475,17 +466,7 @@ func (r *IntegrationAWSParameterStoreResource) Delete(ctx context.Context, req r
 		return
 	}
 
-	_, err := pkg.ValidateAwsInputCredentials(state.AccessKeyID, state.SecretAccessKey, state.AssumeRoleArn)
-
-	if err != nil {
-		resp.Diagnostics.AddError(
-			"Error validating AWS credentials",
-			err.Error(),
-		)
-		return
-	}
-
-	_, err = r.client.DeleteIntegrationAuth(infisical.DeleteIntegrationAuthRequest{
+	_, err := r.client.DeleteIntegrationAuth(infisical.DeleteIntegrationAuthRequest{
 		ID: state.IntegrationAuthID.ValueString(),
 	})
 

diff --git a/internal/provider/resource/integration_aws_secrets_manager.go b/internal/provider/resource/integration_aws_secrets_manager.go
@@ -151,7 +151,7 @@ func (r *IntegrationAWSSecretsManagerResource) Schema(_ context.Context, _ resou
 
 			"assume_role_arn": schema.StringAttribute{
 				Optional:      true,
-				Description:   "The ARN of the role to assume when syncing secrets to AWS Parameter Store. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.",
+				Description:   "The ARN of the role to assume when syncing secrets to AWS Secrets Manager. You must either set secret_access_key and access_key_id, or set assume_role_arn to assume a role.",
 				PlanModifiers: []planmodifier.String{stringplanmodifier.RequiresReplace()},
 			},
 
@@ -354,16 +354,6 @@ func (r *IntegrationAWSSecretsManagerResource) Read(ctx context.Context, req res
 		return
 	}
 
-	_, err := pkg.ValidateAwsInputCredentials(state.AccessKeyID, state.SecretAccessKey, state.AssumeRoleArn)
-
-	if err != nil {
-		resp.Diagnostics.AddError(
-			"Error validating AWS credentials",
-			err.Error(),
-		)
-		return
-	}
-
 	integration, err := r.client.GetIntegration(infisical.GetIntegrationRequest{
 		ID: state.IntegrationID.ValueString(),
 	})
@@ -522,17 +512,7 @@ func (r *IntegrationAWSSecretsManagerResource) Delete(ctx context.Context, req r
 		return
 	}
 
-	_, err := pkg.ValidateAwsInputCredentials(state.AccessKeyID, state.SecretAccessKey, state.AssumeRoleArn)
-
-	if err != nil {
-		resp.Diagnostics.AddError(
-			"Error validating AWS credentials",
-			err.Error(),
-		)
-		return
-	}
-
-	_, err = r.client.DeleteIntegrationAuth(infisical.DeleteIntegrationAuthRequest{
+	_, err := r.client.DeleteIntegrationAuth(infisical.DeleteIntegrationAuthRequest{
 		ID: state.IntegrationAuthID.ValueString(),
 	})