Skip to content

Commit

Permalink
Merge pull request #17423 from hashicorp/b-ssoadmin-permission-set-up…
Browse files Browse the repository at this point in the history 
…date-with-relay-state

r/ssoadmin_permission_set: include relay_state in the UpdatePermissionSet request when available
  • Loading branch information
@anGie44
anGie44 authored Feb 4, 2021
2 parents cc38d70 + e6556f6 commit c389d36
Show file tree
Hide file tree
Showing 3 changed files with 83 additions and 6 deletions.
3 changes: 3 additions & 0 deletions .changelog/17423.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
resource/aws_ssoadmin_permission_set: Properly update resource with `relay_state` argument
```
17 changes: 11 additions & 6 deletions aws/resource_aws_ssoadmin_permission_set.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,16 +190,21 @@ func resourceAwsSsoAdminPermissionSetUpdate(d *schema.ResourceData, meta interfa
PermissionSetArn: aws.String(arn),
}

if d.HasChange("description") {
input.Description = aws.String(d.Get("description").(string))
// The AWS SSO API requires we send the RelayState value regardless if it's unchanged
// else the existing Permission Set's RelayState value will be cleared;
// for consistency, we'll check for the "presence of" instead of "if changed" for all input fields
// Reference: https://github.com/hashicorp/terraform-provider-aws/issues/17411

if v, ok := d.GetOk("description"); ok {
input.Description = aws.String(v.(string))
}

if d.HasChange("relay_state") {
input.RelayState = aws.String(d.Get("relay_state").(string))
if v, ok := d.GetOk("relay_state"); ok {
input.RelayState = aws.String(v.(string))
}

if d.HasChange("session_duration") {
input.SessionDuration = aws.String(d.Get("session_duration").(string))
if v, ok := d.GetOk("session_duration"); ok {
input.SessionDuration = aws.String(v.(string))
}

_, err := conn.UpdatePermissionSet(input)
Expand Down
69 changes: 69 additions & 0 deletions aws/resource_aws_ssoadmin_permission_set_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,6 +272,47 @@ func TestAccAWSSSOAdminPermissionSet_updateSessionDuration(t *testing.T) {
})
}

// TestAccAWSSSOAdminPermissionSet_relayState_updateSessionDuration validates
// the resource's unchanged values (primarily relay_state) after updating the session_duration argument
// Reference: https://github.com/hashicorp/terraform-provider-aws/issues/17411
func TestAccAWSSSOAdminPermissionSet_relayState_updateSessionDuration(t *testing.T) {
resourceName := "aws_ssoadmin_permission_set.test"
rName := acctest.RandomWithPrefix("tf-acc-test")

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSSSOAdminInstances(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSSSOAdminPermissionSetDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSSSOAdminPermissionSetRelayStateConfig(rName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSSOAdminPermissionSetExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "description", rName),
resource.TestCheckResourceAttr(resourceName, "name", rName),
resource.TestCheckResourceAttr(resourceName, "relay_state", "https://example.com"),
resource.TestCheckResourceAttr(resourceName, "session_duration", "PT1H"),
),
},
{
Config: testAccAWSSSOAdminPermissionSetRelayStateConfig_updateSessionDuration(rName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSSOAdminPermissionSetExists(resourceName),
resource.TestCheckResourceAttr(resourceName, "description", rName),
resource.TestCheckResourceAttr(resourceName, "name", rName),
resource.TestCheckResourceAttr(resourceName, "relay_state", "https://example.com"),
resource.TestCheckResourceAttr(resourceName, "session_duration", "PT2H"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccAWSSSOAdminPermissionSet_mixedPolicyAttachments(t *testing.T) {
resourceName := "aws_ssoadmin_permission_set.test"
rName := acctest.RandomWithPrefix("tf-acc-test")
Expand Down Expand Up @@ -416,6 +457,34 @@ resource "aws_ssoadmin_permission_set" "test" {
`, rName)
}

func testAccAWSSSOAdminPermissionSetRelayStateConfig(rName string) string {
return fmt.Sprintf(`
data "aws_ssoadmin_instances" "test" {}
resource "aws_ssoadmin_permission_set" "test" {
description = %[1]q
name = %[1]q
instance_arn = tolist(data.aws_ssoadmin_instances.test.arns)[0]
relay_state = "https://example.com"
session_duration = "PT1H"
}
`, rName)
}

func testAccAWSSSOAdminPermissionSetRelayStateConfig_updateSessionDuration(rName string) string {
return fmt.Sprintf(`
data "aws_ssoadmin_instances" "test" {}
resource "aws_ssoadmin_permission_set" "test" {
description = %[1]q
name = %[1]q
instance_arn = tolist(data.aws_ssoadmin_instances.test.arns)[0]
relay_state = "https://example.com"
session_duration = "PT2H"
}
`, rName)
}

func testAccAWSSSOAdminPermissionSetConfigTagsSingle(rName, tagKey1, tagValue1 string) string {
return fmt.Sprintf(`
data "aws_ssoadmin_instances" "test" {}
Expand Down

0 comments on commit c389d36

Please sign in to comment.