Merge pull request #21239 from DrFaust92/r/glue_policy_hybrid

r/glue_resource_policy - add support for `enable_hybrid`

.changelog/21239.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_glue_resource_policy: Add `enable_hybrid` argument.
+```

aws/resource_aws_glue_resource_policy.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/glue"
+	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 )
@@ -27,6 +28,11 @@ func resourceAwsGlueResourcePolicy() *schema.Resource {
 				ValidateFunc:     validation.StringIsJSON,
 				DiffSuppressFunc: suppressEquivalentAwsPolicyDiffs,
 			},
+			"enable_hybrid": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: validation.StringInSlice(glue.EnableHybridValues_Values(), false),
+			},
 		},
 	}
 }
@@ -35,10 +41,16 @@ func resourceAwsGlueResourcePolicyPut(condition string) func(d *schema.ResourceD
 	return func(d *schema.ResourceData, meta interface{}) error {
 		conn := meta.(*AWSClient).glueconn
 
-		_, err := conn.PutResourcePolicy(&glue.PutResourcePolicyInput{
+		input := &glue.PutResourcePolicyInput{
 			PolicyInJson:          aws.String(d.Get("policy").(string)),
 			PolicyExistsCondition: aws.String(condition),
-		})
+		}
+
+		if v, ok := d.GetOk("enable_hybrid"); ok {
+			input.EnableHybrid = aws.String(v.(string))
+		}
+
+		_, err := conn.PutResourcePolicy(input)
 		if err != nil {
 			return fmt.Errorf("error putting policy request: %s", err)
 		}
@@ -57,7 +69,7 @@ func resourceAwsGlueResourcePolicyRead(d *schema.ResourceData, meta interface{})
 		return nil
 	}
 	if err != nil {
-		return fmt.Errorf("error reading policy request: %s", err)
+		return fmt.Errorf("error reading policy request: %w", err)
 	}
 
 	if *resourcePolicy.PolicyInJson == "" {
@@ -74,7 +86,10 @@ func resourceAwsGlueResourcePolicyDelete(d *schema.ResourceData, meta interface{
 
 	_, err := conn.DeleteResourcePolicy(&glue.DeleteResourcePolicyInput{})
 	if err != nil {
-		return fmt.Errorf("error deleting policy request: %s", err)
+		if tfawserr.ErrCodeEquals(err, glue.ErrCodeEntityNotFoundException) {
+			return nil
+		}
+		return fmt.Errorf("error deleting policy request: %w", err)
 	}
 
 	return nil

aws/resource_aws_glue_resource_policy_test.go

@@ -51,6 +51,41 @@ func testAccAWSGlueResourcePolicy_basic(t *testing.T) {
 	})
 }
 
+func testAccAWSGlueResourcePolicy_hybrid(t *testing.T) {
+	resourceName := "aws_glue_resource_policy.test"
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		ErrorCheck:   testAccErrorCheck(t, glue.EndpointsID),
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSGlueResourcePolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSGlueResourcePolicyHybrid("glue:CreateTable", "TRUE"),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "enable_hybrid", "TRUE"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"enable_hybrid"},
+			},
+			{
+				Config: testAccAWSGlueResourcePolicyHybrid("glue:CreateTable", "FALSE"),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "enable_hybrid", "FALSE"),
+				),
+			},
+			{
+				Config: testAccAWSGlueResourcePolicyHybrid("glue:CreateTable", "TRUE"),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "enable_hybrid", "TRUE"),
+				),
+			},
+		},
+	})
+}
 func testAccAWSGlueResourcePolicy_disappears(t *testing.T) {
 	resourceName := "aws_glue_resource_policy.test"
 	resource.Test(t, resource.TestCase{
@@ -64,6 +99,7 @@ func testAccAWSGlueResourcePolicy_disappears(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccAWSGlueResourcePolicy(resourceName, "glue:CreateTable"),
 					testAccCheckResourceDisappears(testAccProvider, resourceAwsGlueResourcePolicy(), resourceName),
+					testAccCheckResourceDisappears(testAccProvider, resourceAwsGlueResourcePolicy(), resourceName),
 				),
 				ExpectNonEmptyPlan: true,
 			},
@@ -96,6 +132,32 @@ resource "aws_glue_resource_policy" "test" {
 `, action)
 }
 
+func testAccAWSGlueResourcePolicyHybrid(action, hybrid string) string {
+	return fmt.Sprintf(`
+data "aws_caller_identity" "current" {}
+
+data "aws_partition" "current" {}
+
+data "aws_region" "current" {}
+
+data "aws_iam_policy_document" "glue-example-policy" {
+  statement {
+    actions   = ["%[1]s"]
+    resources = ["arn:${data.aws_partition.current.partition}:glue:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:*"]
+    principals {
+      identifiers = ["*"]
+      type        = "AWS"
+    }
+  }
+}
+
+resource "aws_glue_resource_policy" "test" {
+  policy        = data.aws_iam_policy_document.glue-example-policy.json
+  enable_hybrid = %[2]q
+}
+`, action, hybrid)
+}
+
 func testAccAWSGlueResourcePolicy_update(t *testing.T) {
 	resourceName := "aws_glue_resource_policy.test"
 	resource.Test(t, resource.TestCase{

aws/resource_aws_glue_test.go

@@ -7,6 +7,7 @@ func TestAccAWSGlue_serial(t *testing.T) {
 		"ResourcePolicy": {
 			"basic":      testAccAWSGlueResourcePolicy_basic,
 			"update":     testAccAWSGlueResourcePolicy_update,
+			"hybrid":     testAccAWSGlueResourcePolicy_hybrid,
 			"disappears": testAccAWSGlueResourcePolicy_disappears,
 		},
 	}

website/docs/r/glue_resource_policy.html.markdown

@@ -43,6 +43,7 @@ resource "aws_glue_resource_policy" "example" {
 The following arguments are supported:
 
 * `policy` – (Required) The policy to be applied to the aws glue data catalog.
+* `enable_hybrid` - (Optional) Indicates that you are using both methods to grant cross-account. Valid values are `TRUE` and `FALSE`. Note the terraform will not perform drift detetction on this field as its not return on read.
 
 ## Attributes Reference