Refactor AWS integration to use REST API provider for state token generation

- Replaced shell script resource with REST API provider for creating state tokens.
- Updated parameters in CloudFormation stack resources to retrieve tokens from the new REST API resource.
- Configured REST API provider with global headers for authentication.
- Updated Terraform version requirements to include the new REST API provider.

Author: arielb135

src/integrations/aws_integration_automation/main.tf

@@ -1,3 +1,16 @@
+# Configure the REST API provider with global headers
+provider "restapi" {
+  uri                   = local.jit_api_endpoint
+  write_returns_object  = true
+  create_returns_object = true
+  
+  headers = {
+    "Accept"        = "application/json"
+    "Content-Type"  = "application/json"
+    "Authorization" = "Bearer ${jsondecode(data.http.jit_auth.response_body).accessToken}"
+  }
+}
+
 # Authentication with JIT API to get access token
 data "http" "jit_auth" {
   url    = "${local.jit_api_endpoint}/authentication/login"
@@ -21,45 +34,21 @@ data "http" "jit_auth" {
   }
 }
 
-# Create state token using shell script resource
-resource "shell_script" "jit_state_token" {
-  triggers = {
-    client_id        = var.jit_client_id
-    integration_type = var.integration_type
-    regions          = join(",", var.aws_regions_to_monitor)
-    org_root_id      = var.organization_root_id
-  }
-  
-  environment = {
-    JIT_API_ENDPOINT      = local.jit_api_endpoint
-    STATE_TOKEN_BODY      = jsonencode(local.state_token_request_body)
-  }
-
-  sensitive_environment = {
-    JIT_AUTH_RESPONSE = data.http.jit_auth.response_body
-  }
-  
-  lifecycle_commands {
-    create = <<-EOT
-      ACCESS_TOKEN=$(echo "$JIT_AUTH_RESPONSE" | jq -r '.accessToken')
-      TOKEN=$(curl -s -X POST "$JIT_API_ENDPOINT/oauth/state-token" \
-        -H "Authorization: Bearer $ACCESS_TOKEN" \
-        -H "Accept: application/json" \
-        -H "Content-Type: application/json" \
-        -d "$STATE_TOKEN_BODY" \
-        | jq -r '.token')
-      echo "{\"token\": \"$TOKEN\"}"
-    EOT
-    
-    delete = "echo 'State token cleanup - no action needed'"
-  }
-  
+# Create state token using REST API provider
+resource "restapi_object" "jit_state_token" {
+  path            = "/oauth/state-token"
+  create_method   = "POST"
+  read_path       = "/oauth/state-token/{id}/echo"
+  id_attribute    = "id"
+  ignore_changes_to = ["token"]
+  # Request body with state token parameters
+  data = jsonencode(local.state_token_request_body)
+  
+  # Ignore changes to data since read endpoint returns different structure
   lifecycle {
-    ignore_changes = [environment, sensitive_environment]
+    ignore_changes = [data]
   }
 
-  interpreter = ["/bin/bash", "-c"]
-  
   depends_on = [data.http.jit_auth]
 }
 
@@ -71,20 +60,20 @@ resource "aws_cloudformation_stack" "jit_integration_account" {
   template_url  = local.cloudformation_template_url
   capabilities  = var.capabilities
 
-  parameters = {
-    "ExternalId"                = shell_script.jit_state_token.output["token"]
-    "ResourceNamePrefix"        = local.resource_name_prefix
-    "AccountName"               = var.account_name
-    "ShouldIncludeRootAccount"  = tostring(var.should_include_root_account)
-  }
+     parameters = {
+     "ExternalId"                = jsondecode(restapi_object.jit_state_token.create_response)["token"]
+     "ResourceNamePrefix"        = local.resource_name_prefix
+     "AccountName"               = var.account_name
+     "ShouldIncludeRootAccount"  = tostring(var.should_include_root_account)
+   }
 
   lifecycle {
     prevent_destroy = true
   }
 
   depends_on = [
     data.http.jit_auth,
-    shell_script.jit_state_token
+    restapi_object.jit_state_token
   ]
 }
 
@@ -96,12 +85,12 @@ resource "aws_cloudformation_stack_set" "jit_integration_org" {
   template_url  = local.cloudformation_template_url
   capabilities  = var.capabilities
 
-  parameters = {
-    "ExternalId"                = shell_script.jit_state_token.output["token"]
-    "ResourceNamePrefix"        = local.resource_name_prefix
-    "OrganizationRootId"        = var.organization_root_id
-    "ShouldIncludeRootAccount" = tostring(var.should_include_root_account)
-  }
+     parameters = {
+     "ExternalId"                = jsondecode(restapi_object.jit_state_token.create_response)["token"]
+     "ResourceNamePrefix"        = local.resource_name_prefix
+     "OrganizationRootId"        = var.organization_root_id
+     "ShouldIncludeRootAccount" = tostring(var.should_include_root_account)
+   }
 
   # Auto deployment configuration for organization
   auto_deployment {
@@ -118,7 +107,7 @@ resource "aws_cloudformation_stack_set" "jit_integration_org" {
 
   depends_on = [
     data.http.jit_auth,
-    shell_script.jit_state_token
+    restapi_object.jit_state_token
   ]
 }
 

src/integrations/aws_integration_automation/versions.tf

@@ -17,9 +17,9 @@ terraform {
       version = ">= 2.0"
     }
 
-    shell = {
-      source  = "scottwinkler/shell"
-      version = ">= 1.7.0"
+    restapi = {
+      source  = "Mastercard/restapi"
+      version = ">= 1.19.1"
     }
   }
 }