Merge pull request #4379 from terraform-providers/b-aws_iam_group_pol…

…icy-updates resource/aws_iam_group_policy: Properly handle generated policy name updates
hashicorp · May 2, 2018 · bfaaf12 · bfaaf12
2 parents 1d5d36a + 681482a
commit bfaaf12
Show file tree

Hide file tree

Showing 3 changed files with 150 additions and 31 deletions.
diff --git a/aws/resource_aws_iam_group_policy.go b/aws/resource_aws_iam_group_policy.go
@@ -102,7 +102,12 @@ func resourceAwsIamGroupPolicyRead(d *schema.ResourceData, meta interface{}) err
 	if err != nil {
 		return err
 	}
-	return d.Set("policy", policy)
+
+	d.Set("group", group)
+	d.Set("name", name)
+	d.Set("policy", policy)
+
+	return nil
 }
 
 func resourceAwsIamGroupPolicyDelete(d *schema.ResourceData, meta interface{}) error {

diff --git a/aws/resource_aws_iam_group_policy_test.go b/aws/resource_aws_iam_group_policy_test.go
@@ -1,6 +1,7 @@
 package aws
 
 import (
+	"errors"
 	"fmt"
 	"testing"
 
@@ -13,6 +14,7 @@ import (
 )
 
 func TestAccAWSIAMGroupPolicy_basic(t *testing.T) {
+	var groupPolicy1, groupPolicy2 iam.GetGroupPolicyOutput
 	rInt := acctest.RandInt()
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -22,26 +24,30 @@ func TestAccAWSIAMGroupPolicy_basic(t *testing.T) {
 			{
 				Config: testAccIAMGroupPolicyConfig(rInt),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckIAMGroupPolicy(
+					testAccCheckIAMGroupPolicyExists(
 						"aws_iam_group.group",
 						"aws_iam_group_policy.foo",
+						&groupPolicy1,
 					),
 				),
 			},
 			{
 				Config: testAccIAMGroupPolicyConfigUpdate(rInt),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckIAMGroupPolicy(
+					testAccCheckIAMGroupPolicyExists(
 						"aws_iam_group.group",
 						"aws_iam_group_policy.bar",
+						&groupPolicy2,
 					),
+					testAccCheckAWSIAMGroupPolicyNameChanged(&groupPolicy1, &groupPolicy2),
 				),
 			},
 		},
 	})
 }
 
 func TestAccAWSIAMGroupPolicy_namePrefix(t *testing.T) {
+	var groupPolicy1, groupPolicy2 iam.GetGroupPolicyOutput
 	rInt := acctest.RandInt()
 	resource.Test(t, resource.TestCase{
 		PreCheck:      func() { testAccPreCheck(t) },
@@ -50,19 +56,32 @@ func TestAccAWSIAMGroupPolicy_namePrefix(t *testing.T) {
 		CheckDestroy:  testAccCheckIAMGroupPolicyDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccIAMGroupPolicyConfig_namePrefix(rInt),
+				Config: testAccIAMGroupPolicyConfig_namePrefix(rInt, "*"),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckIAMGroupPolicy(
+					testAccCheckIAMGroupPolicyExists(
 						"aws_iam_group.test",
 						"aws_iam_group_policy.test",
+						&groupPolicy1,
 					),
 				),
 			},
+			{
+				Config: testAccIAMGroupPolicyConfig_namePrefix(rInt, "ec2:*"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIAMGroupPolicyExists(
+						"aws_iam_group.test",
+						"aws_iam_group_policy.test",
+						&groupPolicy2,
+					),
+					testAccCheckAWSIAMGroupPolicyNameMatches(&groupPolicy1, &groupPolicy2),
+				),
+			},
 		},
 	})
 }
 
 func TestAccAWSIAMGroupPolicy_generatedName(t *testing.T) {
+	var groupPolicy1, groupPolicy2 iam.GetGroupPolicyOutput
 	rInt := acctest.RandInt()
 	resource.Test(t, resource.TestCase{
 		PreCheck:      func() { testAccPreCheck(t) },
@@ -71,12 +90,24 @@ func TestAccAWSIAMGroupPolicy_generatedName(t *testing.T) {
 		CheckDestroy:  testAccCheckIAMGroupPolicyDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccIAMGroupPolicyConfig_generatedName(rInt),
+				Config: testAccIAMGroupPolicyConfig_generatedName(rInt, "*"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIAMGroupPolicyExists(
+						"aws_iam_group.test",
+						"aws_iam_group_policy.test",
+						&groupPolicy1,
+					),
+				),
+			},
+			{
+				Config: testAccIAMGroupPolicyConfig_generatedName(rInt, "ec2:*"),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckIAMGroupPolicy(
+					testAccCheckIAMGroupPolicyExists(
 						"aws_iam_group.test",
 						"aws_iam_group_policy.test",
+						&groupPolicy2,
 					),
+					testAccCheckAWSIAMGroupPolicyNameMatches(&groupPolicy1, &groupPolicy2),
 				),
 			},
 		},
@@ -113,9 +144,10 @@ func testAccCheckIAMGroupPolicyDestroy(s *terraform.State) error {
 	return nil
 }
 
-func testAccCheckIAMGroupPolicy(
+func testAccCheckIAMGroupPolicyExists(
 	iamGroupResource string,
-	iamGroupPolicyResource string) resource.TestCheckFunc {
+	iamGroupPolicyResource string,
+	groupPolicy *iam.GetGroupPolicyOutput) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[iamGroupResource]
 		if !ok {
@@ -133,7 +165,7 @@ func testAccCheckIAMGroupPolicy(
 
 		iamconn := testAccProvider.Meta().(*AWSClient).iamconn
 		group, name := resourceAwsIamGroupPolicyParseId(policy.Primary.ID)
-		_, err := iamconn.GetGroupPolicy(&iam.GetGroupPolicyInput{
+		output, err := iamconn.GetGroupPolicy(&iam.GetGroupPolicyInput{
 			GroupName:  aws.String(group),
 			PolicyName: aws.String(name),
 		})
@@ -142,6 +174,28 @@ func testAccCheckIAMGroupPolicy(
 			return err
 		}
 
+		*groupPolicy = *output
+
+		return nil
+	}
+}
+
+func testAccCheckAWSIAMGroupPolicyNameChanged(i, j *iam.GetGroupPolicyOutput) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		if aws.StringValue(i.PolicyName) == aws.StringValue(j.PolicyName) {
+			return errors.New("IAM Group Policy name did not change")
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckAWSIAMGroupPolicyNameMatches(i, j *iam.GetGroupPolicyOutput) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		if aws.StringValue(i.PolicyName) != aws.StringValue(j.PolicyName) {
+			return errors.New("IAM Group Policy name did not match")
+		}
+
 		return nil
 	}
 }
@@ -169,7 +223,7 @@ EOF
 	}`, rInt, rInt)
 }
 
-func testAccIAMGroupPolicyConfig_namePrefix(rInt int) string {
+func testAccIAMGroupPolicyConfig_namePrefix(rInt int, policyAction string) string {
 	return fmt.Sprintf(`
 	resource "aws_iam_group" "test" {
 		name = "test_group_%d"
@@ -184,15 +238,15 @@ func testAccIAMGroupPolicyConfig_namePrefix(rInt int) string {
 	"Version": "2012-10-17",
 	"Statement": {
 		"Effect": "Allow",
-		"Action": "*",
+		"Action": "%s",
 		"Resource": "*"
 	}
 }
 EOF
-	}`, rInt, rInt)
+	}`, rInt, rInt, policyAction)
 }
 
-func testAccIAMGroupPolicyConfig_generatedName(rInt int) string {
+func testAccIAMGroupPolicyConfig_generatedName(rInt int, policyAction string) string {
 	return fmt.Sprintf(`
 	resource "aws_iam_group" "test" {
 		name = "test_group_%d"
@@ -206,12 +260,12 @@ func testAccIAMGroupPolicyConfig_generatedName(rInt int) string {
 	"Version": "2012-10-17",
 	"Statement": {
 		"Effect": "Allow",
-		"Action": "*",
+		"Action": "%s",
 		"Resource": "*"
 	}
 }
 EOF
-	}`, rInt)
+	}`, rInt, policyAction)
 }
 
 func testAccIAMGroupPolicyConfigUpdate(rInt int) string {