From 0a78b6e0f64847fa435a8d456a82e5dac7aa6e29 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 6 Dec 2021 11:18:24 -0500 Subject: [PATCH 01/16] iam/group_policy: Only set policy if actually changed --- internal/service/iam/group_policy.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/internal/service/iam/group_policy.go b/internal/service/iam/group_policy.go index 685b604551a..571ebada500 100644 --- a/internal/service/iam/group_policy.go +++ b/internal/service/iam/group_policy.go @@ -138,10 +138,14 @@ func resourceGroupPolicyRead(d *schema.ResourceData, meta interface{}) error { return err } - if err := d.Set("policy", policy); err != nil { - return fmt.Errorf("error setting policy: %s", err) + policyToSet, err := verify.SecondJSONUnlessEquivalent(d.Get("policy").(string), policy) + + if err != nil { + return fmt.Errorf("while setting policy (%s), encountered: %w", policyToSet, err) } + d.Set("policy", policyToSet) + if err := d.Set("name", name); err != nil { return fmt.Errorf("error setting name: %s", err) } From 3feaa08e46d51a738829224641f19a5137220716 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 6 Dec 2021 11:25:29 -0500 Subject: [PATCH 02/16] Add changelog --- .changelog/22067.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/22067.txt diff --git a/.changelog/22067.txt b/.changelog/22067.txt new file mode 100644 index 00000000000..dd65f90bf60 --- /dev/null +++ b/.changelog/22067.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_iam_group_policy: Fix order-related diffs in `policy` +``` \ No newline at end of file From c0e53bf445956ece2cf030125be8ffb1f6726baa Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 6 Dec 2021 12:20:06 -0500 Subject: [PATCH 03/16] Fix group policy tests --- internal/service/iam/group_policy_test.go | 61 ++++++++++++----------- 1 file changed, 32 insertions(+), 29 deletions(-) diff --git a/internal/service/iam/group_policy_test.go b/internal/service/iam/group_policy_test.go index b0af048fa83..bf7ae14da90 100644 --- a/internal/service/iam/group_policy_test.go +++ b/internal/service/iam/group_policy_test.go @@ -18,7 +18,8 @@ import ( func TestAccIAMGroupPolicy_basic(t *testing.T) { var groupPolicy1, groupPolicy2 iam.GetGroupPolicyOutput - rInt := sdkacctest.RandInt() + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID), @@ -26,7 +27,7 @@ func TestAccIAMGroupPolicy_basic(t *testing.T) { CheckDestroy: testAccCheckIAMGroupPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccIAMGroupPolicyConfig(rInt), + Config: testAccIAMGroupPolicyConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckIAMGroupPolicyExists( "aws_iam_group.group", @@ -41,7 +42,7 @@ func TestAccIAMGroupPolicy_basic(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccIAMGroupPolicyConfigUpdate(rInt), + Config: testAccIAMGroupPolicyConfigUpdate(rName), Check: resource.ComposeTestCheckFunc( testAccCheckIAMGroupPolicyExists( "aws_iam_group.group", @@ -62,7 +63,7 @@ func TestAccIAMGroupPolicy_basic(t *testing.T) { func TestAccIAMGroupPolicy_disappears(t *testing.T) { var out iam.GetGroupPolicyOutput - rInt := sdkacctest.RandInt() + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, @@ -71,7 +72,7 @@ func TestAccIAMGroupPolicy_disappears(t *testing.T) { CheckDestroy: testAccCheckIAMGroupPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccIAMGroupPolicyConfig(rInt), + Config: testAccIAMGroupPolicyConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckIAMGroupPolicyExists( "aws_iam_group.group", @@ -88,7 +89,8 @@ func TestAccIAMGroupPolicy_disappears(t *testing.T) { func TestAccIAMGroupPolicy_namePrefix(t *testing.T) { var groupPolicy1, groupPolicy2 iam.GetGroupPolicyOutput - rInt := sdkacctest.RandInt() + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID), @@ -96,7 +98,7 @@ func TestAccIAMGroupPolicy_namePrefix(t *testing.T) { CheckDestroy: testAccCheckIAMGroupPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccIAMGroupPolicyConfig_namePrefix(rInt, "*"), + Config: testAccIAMGroupPolicyConfig_namePrefix(rName, "*"), Check: resource.ComposeTestCheckFunc( testAccCheckIAMGroupPolicyExists( "aws_iam_group.test", @@ -106,7 +108,7 @@ func TestAccIAMGroupPolicy_namePrefix(t *testing.T) { ), }, { - Config: testAccIAMGroupPolicyConfig_namePrefix(rInt, "ec2:*"), + Config: testAccIAMGroupPolicyConfig_namePrefix(rName, "ec2:*"), Check: resource.ComposeTestCheckFunc( testAccCheckIAMGroupPolicyExists( "aws_iam_group.test", @@ -128,7 +130,8 @@ func TestAccIAMGroupPolicy_namePrefix(t *testing.T) { func TestAccIAMGroupPolicy_generatedName(t *testing.T) { var groupPolicy1, groupPolicy2 iam.GetGroupPolicyOutput - rInt := sdkacctest.RandInt() + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID), @@ -136,7 +139,7 @@ func TestAccIAMGroupPolicy_generatedName(t *testing.T) { CheckDestroy: testAccCheckIAMGroupPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccIAMGroupPolicyConfig_generatedName(rInt, "*"), + Config: testAccIAMGroupPolicyConfig_generatedName(rName, "*"), Check: resource.ComposeTestCheckFunc( testAccCheckIAMGroupPolicyExists( "aws_iam_group.test", @@ -146,7 +149,7 @@ func TestAccIAMGroupPolicy_generatedName(t *testing.T) { ), }, { - Config: testAccIAMGroupPolicyConfig_generatedName(rInt, "ec2:*"), + Config: testAccIAMGroupPolicyConfig_generatedName(rName, "ec2:*"), Check: resource.ComposeTestCheckFunc( testAccCheckIAMGroupPolicyExists( "aws_iam_group.test", @@ -274,15 +277,15 @@ func testAccCheckGroupPolicyNameMatches(i, j *iam.GetGroupPolicyOutput) resource } } -func testAccIAMGroupPolicyConfig(rInt int) string { +func testAccIAMGroupPolicyConfig(rName string) string { return fmt.Sprintf(` resource "aws_iam_group" "group" { - name = "test_group_%d" + name = %[1]q path = "/" } resource "aws_iam_group_policy" "foo" { - name = "foo_policy_%d" + name = %[1]q group = aws_iam_group.group.name policy = < Date: Mon, 6 Dec 2021 12:20:44 -0500 Subject: [PATCH 04/16] iam/policy: Disregard order in policies --- .changelog/22067.txt | 4 ++++ internal/service/iam/policy.go | 31 ++++++++++++++++++++++++++--- internal/service/iam/policy_test.go | 19 ++++-------------- 3 files changed, 36 insertions(+), 18 deletions(-) diff --git a/.changelog/22067.txt b/.changelog/22067.txt index dd65f90bf60..9ea4534f5ba 100644 --- a/.changelog/22067.txt +++ b/.changelog/22067.txt @@ -1,3 +1,7 @@ ```release-note:bug resource/aws_iam_group_policy: Fix order-related diffs in `policy` +``` + +```release-note:bug +resource/aws_iam_policy: Fix order-related diffs in `policy` ``` \ No newline at end of file diff --git a/internal/service/iam/policy.go b/internal/service/iam/policy.go index 9e2d5dd26ef..f33e02e0b26 100644 --- a/internal/service/iam/policy.go +++ b/internal/service/iam/policy.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/aws-sdk-go-base/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/hashicorp/terraform-provider-aws/internal/conns" tftags "github.com/hashicorp/terraform-provider-aws/internal/tags" @@ -97,10 +98,16 @@ func resourcePolicyCreate(d *schema.ResourceData, meta interface{}) error { name = resource.UniqueId() } + policy, err := structure.NormalizeJsonString(d.Get("policy").(string)) + + if err != nil { + return fmt.Errorf("policy (%s) is invalid JSON: %w", policy, err) + } + request := &iam.CreatePolicyInput{ Description: aws.String(d.Get("description").(string)), Path: aws.String(d.Get("path").(string)), - PolicyDocument: aws.String(d.Get("policy").(string)), + PolicyDocument: aws.String(policy), PolicyName: aws.String(name), Tags: Tags(tags.IgnoreAWS()), } @@ -227,7 +234,19 @@ func resourcePolicyRead(d *schema.ResourceData, meta interface{}) error { } } - d.Set("policy", policyDocument) + policyToSet, err := verify.SecondJSONUnlessEquivalent(d.Get("policy").(string), policyDocument) + + if err != nil { + return fmt.Errorf("while setting policy (%s), encountered: %w", policyToSet, err) + } + + policyToSet, err = structure.NormalizeJsonString(policyToSet) + + if err != nil { + return fmt.Errorf("policy (%s) is invalid JSON: %w", policyToSet, err) + } + + d.Set("policy", policyToSet) return nil } @@ -241,9 +260,15 @@ func resourcePolicyUpdate(d *schema.ResourceData, meta interface{}) error { return err } + policy, err := structure.NormalizeJsonString(d.Get("policy").(string)) + + if err != nil { + return fmt.Errorf("policy (%s) is invalid JSON: %w", policy, err) + } + request := &iam.CreatePolicyVersionInput{ PolicyArn: aws.String(d.Id()), - PolicyDocument: aws.String(d.Get("policy").(string)), + PolicyDocument: aws.String(policy), SetAsDefault: aws.Bool(true), } diff --git a/internal/service/iam/policy_test.go b/internal/service/iam/policy_test.go index e15ddc18ebb..8b4e3f7db1f 100644 --- a/internal/service/iam/policy_test.go +++ b/internal/service/iam/policy_test.go @@ -20,19 +20,8 @@ func TestAccIAMPolicy_basic(t *testing.T) { var out iam.GetPolicyOutput rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_iam_policy.test" - expectedPolicyText := `{ - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ] -} -` + expectedPolicyText := `{"Statement":[{"Action":["ec2:Describe*"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"}` + resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID), @@ -215,8 +204,8 @@ func TestAccIAMPolicy_policy(t *testing.T) { var out iam.GetPolicyOutput rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_iam_policy.test" - policy1 := "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ec2:Describe*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}]}" - policy2 := "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"ec2:*\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}]}" + policy1 := `{"Statement":[{"Action":["ec2:Describe*"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"}` + policy2 := `{"Statement":[{"Action":["ec2:*"],"Effect":"Allow","Resource":"*"}],"Version":"2012-10-17"}` resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, From 6411e057fcf39a9c15bd24a20e36355ca15a9336 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 6 Dec 2021 12:57:59 -0500 Subject: [PATCH 05/16] iam/role: Clean up names, add order test --- internal/service/iam/role.go | 62 ++++++++--------- internal/service/iam/role_test.go | 110 ++++++++++++++++++++++++++++++ 2 files changed, 141 insertions(+), 31 deletions(-) diff --git a/internal/service/iam/role.go b/internal/service/iam/role.go index eae982af18f..aec0d9344b1 100644 --- a/internal/service/iam/role.go +++ b/internal/service/iam/role.go @@ -212,15 +212,15 @@ func resourceRoleCreate(d *schema.ResourceData, meta interface{}) error { roleName := aws.StringValue(outputRaw.(*iam.CreateRoleOutput).Role.RoleName) if v, ok := d.GetOk("inline_policy"); ok && v.(*schema.Set).Len() > 0 { - policies := expandIamInlinePolicies(roleName, v.(*schema.Set).List()) - if err := addIamInlinePolicies(policies, meta); err != nil { + policies := expandRoleInlinePolicies(roleName, v.(*schema.Set).List()) + if err := addRoleInlinePolicies(policies, meta); err != nil { return err } } if v, ok := d.GetOk("managed_policy_arns"); ok && v.(*schema.Set).Len() > 0 { managedPolicies := flex.ExpandStringSet(v.(*schema.Set)) - if err := addIamManagedPolicies(roleName, managedPolicies, meta); err != nil { + if err := addRoleManagedPolicies(roleName, managedPolicies, meta); err != nil { return err } } @@ -288,15 +288,15 @@ func resourceRoleRead(d *schema.ResourceData, meta interface{}) error { return err } - inlinePolicies, err := readIamInlinePolicies(aws.StringValue(role.RoleName), meta) + inlinePolicies, err := readRoleInlinePolicies(aws.StringValue(role.RoleName), meta) if err != nil { return fmt.Errorf("reading inline policies for IAM role %s, error: %s", d.Id(), err) } - if err := d.Set("inline_policy", flattenIamInlinePolicies(inlinePolicies)); err != nil { + if err := d.Set("inline_policy", flattenRoleInlinePolicies(inlinePolicies)); err != nil { return fmt.Errorf("error setting inline_policy: %w", err) } - managedPolicies, err := readIamRolePolicyAttachments(conn, aws.StringValue(role.RoleName)) + managedPolicies, err := readRolePolicyAttachments(conn, aws.StringValue(role.RoleName)) if err != nil { return fmt.Errorf("reading managed policies for IAM role %s, error: %s", d.Id(), err) } @@ -420,12 +420,12 @@ func resourceRoleUpdate(d *schema.ResourceData, meta interface{}) error { policyNames = append(policyNames, aws.String(tfMap["name"].(string))) } } - if err := deleteIamRolePolicies(conn, roleName, policyNames); err != nil { + if err := deleteRolePolicies(conn, roleName, policyNames); err != nil { return fmt.Errorf("unable to delete inline policies: %w", err) } - policies := expandIamInlinePolicies(roleName, add) - if err := addIamInlinePolicies(policies, meta); err != nil { + policies := expandRoleInlinePolicies(roleName, add) + if err := addRoleInlinePolicies(policies, meta); err != nil { return err } } @@ -446,11 +446,11 @@ func resourceRoleUpdate(d *schema.ResourceData, meta interface{}) error { remove := flex.ExpandStringSet(os.Difference(ns)) add := flex.ExpandStringSet(ns.Difference(os)) - if err := deleteIamRolePolicyAttachments(conn, roleName, remove); err != nil { + if err := deleteRolePolicyAttachments(conn, roleName, remove); err != nil { return fmt.Errorf("unable to detach policies: %w", err) } - if err := addIamManagedPolicies(roleName, add, meta); err != nil { + if err := addRoleManagedPolicies(roleName, add, meta); err != nil { return err } } @@ -485,28 +485,28 @@ func resourceRoleDelete(d *schema.ResourceData, meta interface{}) error { } func DeleteRole(conn *iam.IAM, roleName string, forceDetach, hasInline, hasManaged bool) error { - if err := deleteIamRoleInstanceProfiles(conn, roleName); err != nil { + if err := deleteRoleInstanceProfiles(conn, roleName); err != nil { return fmt.Errorf("unable to detach instance profiles: %w", err) } if forceDetach || hasManaged { - managedPolicies, err := readIamRolePolicyAttachments(conn, roleName) + managedPolicies, err := readRolePolicyAttachments(conn, roleName) if err != nil { return err } - if err := deleteIamRolePolicyAttachments(conn, roleName, managedPolicies); err != nil { + if err := deleteRolePolicyAttachments(conn, roleName, managedPolicies); err != nil { return fmt.Errorf("unable to detach policies: %w", err) } } if forceDetach || hasInline { - inlinePolicies, err := readIamRolePolicyNames(conn, roleName) + inlinePolicies, err := readRolePolicyNames(conn, roleName) if err != nil { return err } - if err := deleteIamRolePolicies(conn, roleName, inlinePolicies); err != nil { + if err := deleteRolePolicies(conn, roleName, inlinePolicies); err != nil { return fmt.Errorf("unable to delete inline policies: %w", err) } } @@ -532,7 +532,7 @@ func DeleteRole(conn *iam.IAM, roleName string, forceDetach, hasInline, hasManag return err } -func deleteIamRoleInstanceProfiles(conn *iam.IAM, roleName string) error { +func deleteRoleInstanceProfiles(conn *iam.IAM, roleName string) error { resp, err := conn.ListInstanceProfilesForRole(&iam.ListInstanceProfilesForRoleInput{ RoleName: aws.String(roleName), }) @@ -562,7 +562,7 @@ func deleteIamRoleInstanceProfiles(conn *iam.IAM, roleName string) error { return nil } -func readIamRolePolicyAttachments(conn *iam.IAM, roleName string) ([]*string, error) { +func readRolePolicyAttachments(conn *iam.IAM, roleName string) ([]*string, error) { managedPolicies := make([]*string, 0) input := &iam.ListAttachedRolePoliciesInput{ RoleName: aws.String(roleName), @@ -581,7 +581,7 @@ func readIamRolePolicyAttachments(conn *iam.IAM, roleName string) ([]*string, er return managedPolicies, nil } -func deleteIamRolePolicyAttachments(conn *iam.IAM, roleName string, managedPolicies []*string) error { +func deleteRolePolicyAttachments(conn *iam.IAM, roleName string, managedPolicies []*string) error { for _, parn := range managedPolicies { input := &iam.DetachRolePolicyInput{ PolicyArn: parn, @@ -600,7 +600,7 @@ func deleteIamRolePolicyAttachments(conn *iam.IAM, roleName string, managedPolic return nil } -func readIamRolePolicyNames(conn *iam.IAM, roleName string) ([]*string, error) { +func readRolePolicyNames(conn *iam.IAM, roleName string) ([]*string, error) { inlinePolicies := make([]*string, 0) input := &iam.ListRolePoliciesInput{ RoleName: aws.String(roleName), @@ -618,7 +618,7 @@ func readIamRolePolicyNames(conn *iam.IAM, roleName string) ([]*string, error) { return inlinePolicies, nil } -func deleteIamRolePolicies(conn *iam.IAM, roleName string, policyNames []*string) error { +func deleteRolePolicies(conn *iam.IAM, roleName string, policyNames []*string) error { for _, name := range policyNames { if len(aws.StringValue(name)) == 0 { continue @@ -641,7 +641,7 @@ func deleteIamRolePolicies(conn *iam.IAM, roleName string, policyNames []*string return nil } -func flattenIamInlinePolicy(apiObject *iam.PutRolePolicyInput) map[string]interface{} { +func flattenRoleInlinePolicy(apiObject *iam.PutRolePolicyInput) map[string]interface{} { if apiObject == nil { return nil } @@ -654,7 +654,7 @@ func flattenIamInlinePolicy(apiObject *iam.PutRolePolicyInput) map[string]interf return tfMap } -func flattenIamInlinePolicies(apiObjects []*iam.PutRolePolicyInput) []interface{} { +func flattenRoleInlinePolicies(apiObjects []*iam.PutRolePolicyInput) []interface{} { if len(apiObjects) == 0 { return nil } @@ -666,13 +666,13 @@ func flattenIamInlinePolicies(apiObjects []*iam.PutRolePolicyInput) []interface{ continue } - tfList = append(tfList, flattenIamInlinePolicy(apiObject)) + tfList = append(tfList, flattenRoleInlinePolicy(apiObject)) } return tfList } -func expandIamInlinePolicy(roleName string, tfMap map[string]interface{}) *iam.PutRolePolicyInput { +func expandRoleInlinePolicy(roleName string, tfMap map[string]interface{}) *iam.PutRolePolicyInput { if tfMap == nil { return nil } @@ -692,7 +692,7 @@ func expandIamInlinePolicy(roleName string, tfMap map[string]interface{}) *iam.P return apiObject } -func expandIamInlinePolicies(roleName string, tfList []interface{}) []*iam.PutRolePolicyInput { +func expandRoleInlinePolicies(roleName string, tfList []interface{}) []*iam.PutRolePolicyInput { if len(tfList) == 0 { return nil } @@ -706,7 +706,7 @@ func expandIamInlinePolicies(roleName string, tfList []interface{}) []*iam.PutRo continue } - apiObject := expandIamInlinePolicy(roleName, tfMap) + apiObject := expandRoleInlinePolicy(roleName, tfMap) if apiObject == nil { continue @@ -718,7 +718,7 @@ func expandIamInlinePolicies(roleName string, tfList []interface{}) []*iam.PutRo return apiObjects } -func addIamInlinePolicies(policies []*iam.PutRolePolicyInput, meta interface{}) error { +func addRoleInlinePolicies(policies []*iam.PutRolePolicyInput, meta interface{}) error { conn := meta.(*conns.AWSClient).IAMConn var errs *multierror.Error @@ -737,7 +737,7 @@ func addIamInlinePolicies(policies []*iam.PutRolePolicyInput, meta interface{}) return errs.ErrorOrNil() } -func addIamManagedPolicies(roleName string, policies []*string, meta interface{}) error { +func addRoleManagedPolicies(roleName string, policies []*string, meta interface{}) error { conn := meta.(*conns.AWSClient).IAMConn var errs *multierror.Error @@ -752,10 +752,10 @@ func addIamManagedPolicies(roleName string, policies []*string, meta interface{} return errs.ErrorOrNil() } -func readIamInlinePolicies(roleName string, meta interface{}) ([]*iam.PutRolePolicyInput, error) { +func readRoleInlinePolicies(roleName string, meta interface{}) ([]*iam.PutRolePolicyInput, error) { conn := meta.(*conns.AWSClient).IAMConn - policyNames, err := readIamRolePolicyNames(conn, roleName) + policyNames, err := readRolePolicyNames(conn, roleName) if err != nil { return nil, err } diff --git a/internal/service/iam/role_test.go b/internal/service/iam/role_test.go index 45217be656f..686de02c26b 100644 --- a/internal/service/iam/role_test.go +++ b/internal/service/iam/role_test.go @@ -451,6 +451,36 @@ func TestAccIAMRole_policyBasicInline(t *testing.T) { }) } +// Reference: https://github.com/hashicorp/terraform-provider-aws/issues/19444 +// This test currently fails but should not. A new PR will fix it. +func TestAccIAMRole_InlinePolicy_ignoreOrder(t *testing.T) { + var role iam.Role + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_iam_role.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID), + Providers: acctest.Providers, + CheckDestroy: testAccCheckRoleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccRolePolicyInlineActionOrderConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckRoleExists(resourceName, &role), + resource.TestCheckResourceAttr(resourceName, "inline_policy.#", "1"), + resource.TestCheckResourceAttr(resourceName, "name", rName), + resource.TestCheckResourceAttr(resourceName, "managed_policy_arns.#", "0"), + ), + }, + { + Config: testAccRolePolicyInlineActionNewOrderConfig(rName), + PlanOnly: true, + }, + }, + }) +} + func TestAccIAMRole_policyBasicInlineEmpty(t *testing.T) { var role iam.Role rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -1629,6 +1659,86 @@ EOF `, roleName, policyName3) } +func testAccRolePolicyInlineActionOrderConfig(roleName string) string { + return fmt.Sprintf(` +data "aws_partition" "current" {} + +resource "aws_iam_role" "test" { + name = %[1]q + + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [{ + Action = "sts:AssumeRole", + Principal = { + Service = "ec2.${data.aws_partition.current.dns_suffix}", + } + Effect = "Allow" + Sid = "" + }] + }) + + inline_policy { + name = %[1]q + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [{ + Action = [ + "ec2:DescribeScheduledInstances", + "ec2:DescribeScheduledInstanceAvailability", + "ec2:DescribeFastSnapshotRestores", + "ec2:DescribeElasticGpus", + ] + Effect = "Allow" + Resource = "*" + }] + }) + } +} +`, roleName) +} + +func testAccRolePolicyInlineActionNewOrderConfig(roleName string) string { + return fmt.Sprintf(` +data "aws_partition" "current" {} + +resource "aws_iam_role" "test" { + name = %[1]q + + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [{ + Action = "sts:AssumeRole", + Principal = { + Service = "ec2.${data.aws_partition.current.dns_suffix}", + } + Effect = "Allow" + Sid = "" + }] + }) + + inline_policy { + name = %[1]q + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [{ + Action = [ + "ec2:DescribeElasticGpus", + "ec2:DescribeScheduledInstances", + "ec2:DescribeFastSnapshotRestores", + "ec2:DescribeScheduledInstanceAvailability", + ] + Effect = "Allow" + Resource = "*" + }] + }) + } +} +`, roleName) +} + func testAccRolePolicyManagedConfig(roleName, policyName string) string { return fmt.Sprintf(` data "aws_partition" "current" {} From 7899cf16978512b823c3360d5aa9a5e575ec5bd5 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 6 Dec 2021 13:01:47 -0500 Subject: [PATCH 06/16] Linted windows --- internal/service/iam/role_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/service/iam/role_test.go b/internal/service/iam/role_test.go index 686de02c26b..cc2c1d65e25 100644 --- a/internal/service/iam/role_test.go +++ b/internal/service/iam/role_test.go @@ -1674,7 +1674,7 @@ resource "aws_iam_role" "test" { Service = "ec2.${data.aws_partition.current.dns_suffix}", } Effect = "Allow" - Sid = "" + Sid = "" }] }) @@ -1690,7 +1690,7 @@ resource "aws_iam_role" "test" { "ec2:DescribeFastSnapshotRestores", "ec2:DescribeElasticGpus", ] - Effect = "Allow" + Effect = "Allow" Resource = "*" }] }) @@ -1714,7 +1714,7 @@ resource "aws_iam_role" "test" { Service = "ec2.${data.aws_partition.current.dns_suffix}", } Effect = "Allow" - Sid = "" + Sid = "" }] }) @@ -1730,7 +1730,7 @@ resource "aws_iam_role" "test" { "ec2:DescribeFastSnapshotRestores", "ec2:DescribeScheduledInstanceAvailability", ] - Effect = "Allow" + Effect = "Allow" Resource = "*" }] }) From cd17ad642a3f2c69217b2a97e114e2638f9c5782 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 6 Dec 2021 13:34:12 -0500 Subject: [PATCH 07/16] iam/role_policy: Disregard order in policies --- internal/service/iam/role_policy.go | 10 +- internal/service/iam/role_policy_test.go | 122 +++++++++++++++++++++++ 2 files changed, 130 insertions(+), 2 deletions(-) diff --git a/internal/service/iam/role_policy.go b/internal/service/iam/role_policy.go index b17c8bb948a..f5e40c52ca2 100644 --- a/internal/service/iam/role_policy.go +++ b/internal/service/iam/role_policy.go @@ -138,9 +138,15 @@ func resourceRolePolicyRead(d *schema.ResourceData, meta interface{}) error { if err != nil { return err } - if err := d.Set("policy", policy); err != nil { - return err + + policyToSet, err := verify.SecondJSONUnlessEquivalent(d.Get("policy").(string), policy) + + if err != nil { + return fmt.Errorf("while setting policy (%s), encountered: %w", policyToSet, err) } + + d.Set("policy", policyToSet) + if err := d.Set("name", name); err != nil { return err } diff --git a/internal/service/iam/role_policy_test.go b/internal/service/iam/role_policy_test.go index e720aaa5062..9caaaa70e3e 100644 --- a/internal/service/iam/role_policy_test.go +++ b/internal/service/iam/role_policy_test.go @@ -68,6 +68,36 @@ func TestAccIAMRolePolicy_basic(t *testing.T) { }) } +func TestAccIAMRolePolicy_policyOrder(t *testing.T) { + var rolePolicy1 iam.GetRolePolicyOutput + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_iam_role_policy.test" + roleName := "aws_iam_role.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID), + Providers: acctest.Providers, + CheckDestroy: testAccCheckIAMRolePolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccIAMRolePolicyOrderConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckIAMRolePolicyExists( + roleName, + resourceName, + &rolePolicy1, + ), + ), + }, + { + Config: testAccIAMRolePolicyNewOrderConfig(rName), + PlanOnly: true, + }, + }, + }) +} + func TestAccIAMRolePolicy_disappears(t *testing.T) { var out iam.GetRolePolicyOutput suffix := sdkacctest.RandStringFromCharSet(10, sdkacctest.CharSetAlpha) @@ -624,3 +654,95 @@ resource "aws_iam_role_policy" "test" { } `, rName) } + +func testAccIAMRolePolicyOrderConfig(rName string) string { + return fmt.Sprintf(` +resource "aws_iam_role" "test" { + name = %[1]q + path = "/" + + assume_role_policy = < Date: Mon, 6 Dec 2021 13:34:54 -0500 Subject: [PATCH 08/16] Update changelog --- .changelog/22067.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.changelog/22067.txt b/.changelog/22067.txt index 9ea4534f5ba..888419a12d7 100644 --- a/.changelog/22067.txt +++ b/.changelog/22067.txt @@ -4,4 +4,8 @@ resource/aws_iam_group_policy: Fix order-related diffs in `policy` ```release-note:bug resource/aws_iam_policy: Fix order-related diffs in `policy` +``` + +```release-note:bug +resource/aws_iam_role_policy: Fix order-related diffs in `policy` ``` \ No newline at end of file From 9cafdae7783dda07dca42fea6a952389375d4552 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 6 Dec 2021 14:17:34 -0500 Subject: [PATCH 09/16] Switch test order --- internal/service/iam/role_policy_test.go | 48 ++++++++++++------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/internal/service/iam/role_policy_test.go b/internal/service/iam/role_policy_test.go index 9caaaa70e3e..fa0c90e0da4 100644 --- a/internal/service/iam/role_policy_test.go +++ b/internal/service/iam/role_policy_test.go @@ -68,11 +68,11 @@ func TestAccIAMRolePolicy_basic(t *testing.T) { }) } -func TestAccIAMRolePolicy_policyOrder(t *testing.T) { - var rolePolicy1 iam.GetRolePolicyOutput - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) - resourceName := "aws_iam_role_policy.test" - roleName := "aws_iam_role.test" +func TestAccIAMRolePolicy_disappears(t *testing.T) { + var out iam.GetRolePolicyOutput + suffix := sdkacctest.RandStringFromCharSet(10, sdkacctest.CharSetAlpha) + roleResourceName := fmt.Sprintf("aws_iam_role.role_%s", suffix) + rolePolicyResourceName := fmt.Sprintf("aws_iam_role_policy.test_%s", suffix) resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, @@ -81,28 +81,26 @@ func TestAccIAMRolePolicy_policyOrder(t *testing.T) { CheckDestroy: testAccCheckIAMRolePolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccIAMRolePolicyOrderConfig(rName), + Config: testAccRolePolicyConfig(suffix), Check: resource.ComposeTestCheckFunc( testAccCheckIAMRolePolicyExists( - roleName, - resourceName, - &rolePolicy1, + roleResourceName, + rolePolicyResourceName, + &out, ), + testAccCheckIAMRolePolicyDisappears(&out), ), - }, - { - Config: testAccIAMRolePolicyNewOrderConfig(rName), - PlanOnly: true, + ExpectNonEmptyPlan: true, }, }, }) } -func TestAccIAMRolePolicy_disappears(t *testing.T) { - var out iam.GetRolePolicyOutput - suffix := sdkacctest.RandStringFromCharSet(10, sdkacctest.CharSetAlpha) - roleResourceName := fmt.Sprintf("aws_iam_role.role_%s", suffix) - rolePolicyResourceName := fmt.Sprintf("aws_iam_role_policy.test_%s", suffix) +func TestAccIAMRolePolicy_policyOrder(t *testing.T) { + var rolePolicy1 iam.GetRolePolicyOutput + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_iam_role_policy.test" + roleName := "aws_iam_role.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, @@ -111,16 +109,18 @@ func TestAccIAMRolePolicy_disappears(t *testing.T) { CheckDestroy: testAccCheckIAMRolePolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccRolePolicyConfig(suffix), + Config: testAccIAMRolePolicyOrderConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckIAMRolePolicyExists( - roleResourceName, - rolePolicyResourceName, - &out, + roleName, + resourceName, + &rolePolicy1, ), - testAccCheckIAMRolePolicyDisappears(&out), ), - ExpectNonEmptyPlan: true, + }, + { + Config: testAccIAMRolePolicyNewOrderConfig(rName), + PlanOnly: true, }, }, }) From 5c5a16989e46be7f588f4766c54a81858b84cfcd Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 6 Dec 2021 14:17:59 -0500 Subject: [PATCH 10/16] iam/user_policy: Ignore policy order --- internal/service/iam/user_policy.go | 10 ++- internal/service/iam/user_policy_test.go | 86 ++++++++++++++++++++++++ 2 files changed, 94 insertions(+), 2 deletions(-) diff --git a/internal/service/iam/user_policy.go b/internal/service/iam/user_policy.go index 5a09ebc0fcd..941b51f962b 100644 --- a/internal/service/iam/user_policy.go +++ b/internal/service/iam/user_policy.go @@ -142,9 +142,15 @@ func resourceUserPolicyRead(d *schema.ResourceData, meta interface{}) error { if err != nil { return err } - if err := d.Set("policy", policy); err != nil { - return err + + policyToSet, err := verify.SecondJSONUnlessEquivalent(d.Get("policy").(string), policy) + + if err != nil { + return fmt.Errorf("while setting policy (%s), encountered: %w", policyToSet, err) } + + d.Set("policy", policyToSet) + if err := d.Set("name", name); err != nil { return err } diff --git a/internal/service/iam/user_policy_test.go b/internal/service/iam/user_policy_test.go index 11e959304b1..59f5d51a418 100644 --- a/internal/service/iam/user_policy_test.go +++ b/internal/service/iam/user_policy_test.go @@ -231,6 +231,32 @@ func TestAccIAMUserPolicy_multiplePolicies(t *testing.T) { }) } +func TestAccIAMUserPolicy_policyOrder(t *testing.T) { + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + policyResourceName := "aws_iam_user_policy.test" + userResourceName := "aws_iam_user.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, iam.EndpointsID), + Providers: acctest.Providers, + CheckDestroy: testAccCheckIAMUserPolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccUserPolicyOrderConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckIAMUserPolicy(userResourceName, policyResourceName), + testAccCheckIAMUserPolicyExpectedPolicies(userResourceName, 1), + ), + }, + { + Config: testAccUserPolicyNewOrderConfig(rName), + PlanOnly: true, + }, + }, + }) +} + func testAccCheckIAMUserPolicyExists(resource string, res *iam.GetUserPolicyOutput) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[resource] @@ -450,3 +476,63 @@ resource "aws_iam_user_policy" "bar" { } `, testAccUserConfig(fmt.Sprintf("test_user_%d", rInt), "/"), rInt, policy1, policy2) } + +func testAccUserPolicyOrderConfig(suffix string) string { + return fmt.Sprintf(` +resource "aws_iam_user" "test" { + name = %[1]q + path = "/" +} + +resource "aws_iam_user_policy" "test" { + name = %[1]q + user = aws_iam_user.test.name + + policy = < Date: Mon, 6 Dec 2021 14:19:16 -0500 Subject: [PATCH 11/16] Update changelog --- .changelog/22067.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.changelog/22067.txt b/.changelog/22067.txt index 888419a12d7..a8fae83f0b9 100644 --- a/.changelog/22067.txt +++ b/.changelog/22067.txt @@ -8,4 +8,8 @@ resource/aws_iam_policy: Fix order-related diffs in `policy` ```release-note:bug resource/aws_iam_role_policy: Fix order-related diffs in `policy` +``` + +```release-note:bug +resource/aws_iam_user_policy: Fix order-related diffs in `policy` ``` \ No newline at end of file From 3c98d0b4ad6fa48d240b7b481df4f52e55c2aa52 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 6 Dec 2021 14:39:38 -0500 Subject: [PATCH 12/16] iam/role: Standardize tests --- internal/service/iam/role_test.go | 49 +++++++++++++++---------------- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/internal/service/iam/role_test.go b/internal/service/iam/role_test.go index cc2c1d65e25..0e79d04b954 100644 --- a/internal/service/iam/role_test.go +++ b/internal/service/iam/role_test.go @@ -20,7 +20,7 @@ import ( func TestAccIAMRole_basic(t *testing.T) { var conf iam.Role - rName := sdkacctest.RandString(10) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_iam_role.test" resource.ParallelTest(t, resource.TestCase{ @@ -48,7 +48,7 @@ func TestAccIAMRole_basic(t *testing.T) { func TestAccIAMRole_basicWithDescription(t *testing.T) { var conf iam.Role - rName := sdkacctest.RandString(10) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_iam_role.test" resource.ParallelTest(t, resource.TestCase{ @@ -119,7 +119,6 @@ func TestAccIAMRole_nameGenerated(t *testing.T) { func TestAccIAMRole_namePrefix(t *testing.T) { var conf iam.Role - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_iam_role.test" resource.ParallelTest(t, resource.TestCase{ @@ -129,11 +128,11 @@ func TestAccIAMRole_namePrefix(t *testing.T) { CheckDestroy: testAccCheckRoleDestroy, Steps: []resource.TestStep{ { - Config: testAccRoleNamePrefixConfig(rName), + Config: testAccRoleNamePrefixConfig(acctest.ResourcePrefix), Check: resource.ComposeTestCheckFunc( testAccCheckRoleExists(resourceName, &conf), - create.TestCheckResourceAttrNameFromPrefix(resourceName, "name", rName), - resource.TestCheckResourceAttr(resourceName, "name_prefix", rName), + create.TestCheckResourceAttrNameFromPrefix(resourceName, "name", acctest.ResourcePrefix), + resource.TestCheckResourceAttr(resourceName, "name_prefix", acctest.ResourcePrefix), ), }, { @@ -147,7 +146,7 @@ func TestAccIAMRole_namePrefix(t *testing.T) { func TestAccIAMRole_testNameChange(t *testing.T) { var conf iam.Role - rName := sdkacctest.RandString(10) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_iam_role.test" resource.ParallelTest(t, resource.TestCase{ @@ -178,7 +177,7 @@ func TestAccIAMRole_testNameChange(t *testing.T) { } func TestAccIAMRole_badJSON(t *testing.T) { - rName := sdkacctest.RandString(10) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, @@ -218,9 +217,9 @@ func TestAccIAMRole_disappears(t *testing.T) { }) } -func TestAccIAMRole_ForceDetach_policies(t *testing.T) { +func TestAccIAMRole_policiesForceDetach(t *testing.T) { var conf iam.Role - rName := sdkacctest.RandString(10) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_iam_role.test" resource.ParallelTest(t, resource.TestCase{ @@ -248,7 +247,7 @@ func TestAccIAMRole_ForceDetach_policies(t *testing.T) { func TestAccIAMRole_maxSessionDuration(t *testing.T) { var conf iam.Role - rName := sdkacctest.RandString(10) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_iam_role.test" resource.ParallelTest(t, resource.TestCase{ @@ -296,7 +295,7 @@ func TestAccIAMRole_maxSessionDuration(t *testing.T) { func TestAccIAMRole_permissionsBoundary(t *testing.T) { var role iam.Role - rName := sdkacctest.RandString(10) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_iam_role.test" permissionsBoundary1 := fmt.Sprintf("arn:%s:iam::aws:policy/AdministratorAccess", acctest.Partition()) @@ -403,7 +402,7 @@ func TestAccIAMRole_tags(t *testing.T) { }) } -func TestAccIAMRole_policyBasicInline(t *testing.T) { +func TestAccIAMRole_InlinePolicy_basic(t *testing.T) { var role iam.Role rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policyName1 := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -481,7 +480,7 @@ func TestAccIAMRole_InlinePolicy_ignoreOrder(t *testing.T) { }) } -func TestAccIAMRole_policyBasicInlineEmpty(t *testing.T) { +func TestAccIAMRole_InlinePolicy_empty(t *testing.T) { var role iam.Role rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_iam_role.test" @@ -502,7 +501,7 @@ func TestAccIAMRole_policyBasicInlineEmpty(t *testing.T) { }) } -func TestAccIAMRole_policyBasicManaged(t *testing.T) { +func TestAccIAMRole_ManagedPolicy_basic(t *testing.T) { var role iam.Role rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policyName1 := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -549,7 +548,7 @@ func TestAccIAMRole_policyBasicManaged(t *testing.T) { // TestAccIAMRole_PolicyOutOfBandRemovalAddedBack_managedNonEmpty: if a policy is detached // out of band, it should be reattached. -func TestAccIAMRole_PolicyOutOfBandRemovalAddedBack_managedNonEmpty(t *testing.T) { +func TestAccIAMRole_ManagedPolicy_outOfBandRemovalAddedBack(t *testing.T) { var role iam.Role rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policyName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -582,7 +581,7 @@ func TestAccIAMRole_PolicyOutOfBandRemovalAddedBack_managedNonEmpty(t *testing.T // TestAccIAMRole_PolicyOutOfBandRemovalAddedBack_inlineNonEmpty: if a policy is removed // out of band, it should be recreated. -func TestAccIAMRole_PolicyOutOfBandRemovalAddedBack_inlineNonEmpty(t *testing.T) { +func TestAccIAMRole_InlinePolicy_outOfBandRemovalAddedBack(t *testing.T) { var role iam.Role rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policyName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -613,9 +612,9 @@ func TestAccIAMRole_PolicyOutOfBandRemovalAddedBack_inlineNonEmpty(t *testing.T) }) } -// TestAccIAMRole_PolicyOutOfBandAdditionRemoved_managedNonEmpty: if managed_policies arg +// TestAccIAMRole_ManagedPolicy_outOfBandAdditionRemoved: if managed_policy_arns arg // exists and is non-empty, policy attached out of band should be removed -func TestAccIAMRole_PolicyOutOfBandAdditionRemoved_managedNonEmpty(t *testing.T) { +func TestAccIAMRole_ManagedPolicy_outOfBandAdditionRemoved(t *testing.T) { var role iam.Role rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policyName1 := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -649,7 +648,7 @@ func TestAccIAMRole_PolicyOutOfBandAdditionRemoved_managedNonEmpty(t *testing.T) // TestAccIAMRole_PolicyOutOfBandAdditionRemoved_inlineNonEmpty: if inline_policy arg // exists and is non-empty, policy added out of band should be removed -func TestAccIAMRole_PolicyOutOfBandAdditionRemoved_inlineNonEmpty(t *testing.T) { +func TestAccIAMRole_InlinePolicy_outOfBandAdditionRemoved(t *testing.T) { var role iam.Role rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policyName1 := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -684,7 +683,7 @@ func TestAccIAMRole_PolicyOutOfBandAdditionRemoved_inlineNonEmpty(t *testing.T) // TestAccIAMRole_PolicyOutOfBandAdditionIgnored_inlineNonExistent: if there is no // inline_policy attribute, out of band changes should be ignored. -func TestAccIAMRole_PolicyOutOfBandAdditionIgnored_inlineNonExistent(t *testing.T) { +func TestAccIAMRole_InlinePolicy_outOfBandAdditionIgnored(t *testing.T) { var role iam.Role rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policyName1 := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -724,8 +723,8 @@ func TestAccIAMRole_PolicyOutOfBandAdditionIgnored_inlineNonExistent(t *testing. } // TestAccIAMRole_PolicyOutOfBandAdditionIgnored_managedNonExistent: if there is no -// managed_policies attribute, out of band changes should be ignored. -func TestAccIAMRole_PolicyOutOfBandAdditionIgnored_managedNonExistent(t *testing.T) { +// managed_policy_arns attribute, out of band changes should be ignored. +func TestAccIAMRole_ManagedPolicy_outOfBandAdditionIgnored(t *testing.T) { var role iam.Role rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policyName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -757,7 +756,7 @@ func TestAccIAMRole_PolicyOutOfBandAdditionIgnored_managedNonExistent(t *testing // TestAccIAMRole_PolicyOutOfBandAdditionRemoved_inlineEmpty: if inline is added // out of band with empty inline arg, should be removed -func TestAccIAMRole_PolicyOutOfBandAdditionRemoved_inlineEmpty(t *testing.T) { +func TestAccIAMRole_InlinePolicy_outOfBandAdditionRemovedEmpty(t *testing.T) { var role iam.Role rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policyName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -789,7 +788,7 @@ func TestAccIAMRole_PolicyOutOfBandAdditionRemoved_inlineEmpty(t *testing.T) { // TestAccIAMRole_PolicyOutOfBandAdditionRemoved_managedEmpty: if managed is attached // out of band with empty managed arg, should be detached -func TestAccIAMRole_PolicyOutOfBandAdditionRemoved_managedEmpty(t *testing.T) { +func TestAccIAMRole_ManagedPolicy_outOfBandAdditionRemovedEmpty(t *testing.T) { var role iam.Role rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policyName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) From ff98904cf02e321302239500cd3183061d0c6a91 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 6 Dec 2021 15:03:26 -0500 Subject: [PATCH 13/16] Standardize tests --- internal/service/iam/role_policy_test.go | 88 ++++++++++++------------ 1 file changed, 43 insertions(+), 45 deletions(-) diff --git a/internal/service/iam/role_policy_test.go b/internal/service/iam/role_policy_test.go index fa0c90e0da4..c1b96b39fed 100644 --- a/internal/service/iam/role_policy_test.go +++ b/internal/service/iam/role_policy_test.go @@ -19,9 +19,7 @@ import ( func TestAccIAMRolePolicy_basic(t *testing.T) { var rolePolicy1, rolePolicy2, rolePolicy3 iam.GetRolePolicyOutput - role := sdkacctest.RandString(10) - policy1 := sdkacctest.RandString(10) - policy2 := sdkacctest.RandString(10) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_iam_role_policy.test" resourceName2 := "aws_iam_role_policy.test2" roleName := "aws_iam_role.test" @@ -33,7 +31,7 @@ func TestAccIAMRolePolicy_basic(t *testing.T) { CheckDestroy: testAccCheckIAMRolePolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccIAMRolePolicyConfig(role, policy1), + Config: testAccIAMRolePolicyConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckIAMRolePolicyExists( roleName, @@ -48,7 +46,7 @@ func TestAccIAMRolePolicy_basic(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccIAMRolePolicyConfigUpdate(role, policy1, policy2), + Config: testAccIAMRolePolicyConfigUpdate(rName), Check: resource.ComposeTestCheckFunc( testAccCheckIAMRolePolicyExists( roleName, @@ -70,9 +68,9 @@ func TestAccIAMRolePolicy_basic(t *testing.T) { func TestAccIAMRolePolicy_disappears(t *testing.T) { var out iam.GetRolePolicyOutput - suffix := sdkacctest.RandStringFromCharSet(10, sdkacctest.CharSetAlpha) - roleResourceName := fmt.Sprintf("aws_iam_role.role_%s", suffix) - rolePolicyResourceName := fmt.Sprintf("aws_iam_role_policy.test_%s", suffix) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + roleResourceName := "aws_iam_role.test" + rolePolicyResourceName := "aws_iam_role_policy.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, @@ -81,7 +79,7 @@ func TestAccIAMRolePolicy_disappears(t *testing.T) { CheckDestroy: testAccCheckIAMRolePolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccRolePolicyConfig(suffix), + Config: testAccRolePolicyConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckIAMRolePolicyExists( roleResourceName, @@ -128,7 +126,7 @@ func TestAccIAMRolePolicy_policyOrder(t *testing.T) { func TestAccIAMRolePolicy_namePrefix(t *testing.T) { var rolePolicy1, rolePolicy2 iam.GetRolePolicyOutput - role := sdkacctest.RandString(10) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_iam_role_policy.test" roleName := "aws_iam_role.test" @@ -139,7 +137,7 @@ func TestAccIAMRolePolicy_namePrefix(t *testing.T) { CheckDestroy: testAccCheckIAMRolePolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccIAMRolePolicyConfig_namePrefix(role, "*"), + Config: testAccIAMRolePolicyConfig_namePrefix(rName, "*"), Check: resource.ComposeTestCheckFunc( testAccCheckIAMRolePolicyExists( roleName, @@ -156,7 +154,7 @@ func TestAccIAMRolePolicy_namePrefix(t *testing.T) { ImportStateVerifyIgnore: []string{"name_prefix"}, }, { - Config: testAccIAMRolePolicyConfig_namePrefix(role, "ec2:*"), + Config: testAccIAMRolePolicyConfig_namePrefix(rName, "ec2:*"), Check: resource.ComposeTestCheckFunc( testAccCheckIAMRolePolicyExists( roleName, @@ -173,7 +171,7 @@ func TestAccIAMRolePolicy_namePrefix(t *testing.T) { func TestAccIAMRolePolicy_generatedName(t *testing.T) { var rolePolicy1, rolePolicy2 iam.GetRolePolicyOutput - role := sdkacctest.RandString(10) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_iam_role_policy.test" roleName := "aws_iam_role.test" @@ -184,7 +182,7 @@ func TestAccIAMRolePolicy_generatedName(t *testing.T) { CheckDestroy: testAccCheckIAMRolePolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccIAMRolePolicyConfig_generatedName(role, "*"), + Config: testAccIAMRolePolicyConfig_generatedName(rName, "*"), Check: resource.ComposeTestCheckFunc( testAccCheckIAMRolePolicyExists( roleName, @@ -200,7 +198,7 @@ func TestAccIAMRolePolicy_generatedName(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccIAMRolePolicyConfig_generatedName(role, "ec2:*"), + Config: testAccIAMRolePolicyConfig_generatedName(rName, "ec2:*"), Check: resource.ComposeTestCheckFunc( testAccCheckIAMRolePolicyExists( roleName, @@ -216,7 +214,7 @@ func TestAccIAMRolePolicy_generatedName(t *testing.T) { } func TestAccIAMRolePolicy_invalidJSON(t *testing.T) { - role := sdkacctest.RandString(10) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, @@ -225,7 +223,7 @@ func TestAccIAMRolePolicy_invalidJSON(t *testing.T) { CheckDestroy: testAccCheckIAMRolePolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccIAMRolePolicyConfig_invalidJSON(role), + Config: testAccIAMRolePolicyConfig_invalidJSON(rName), ExpectError: regexp.MustCompile("invalid JSON"), }, }, @@ -357,10 +355,10 @@ func testAccCheckRolePolicyNameMatches(i, j *iam.GetRolePolicyOutput) resource.T } } -func testAccRolePolicyConfig(suffix string) string { +func testAccRolePolicyConfig(rName string) string { return fmt.Sprintf(` -resource "aws_iam_role" "role_%[1]s" { - name = "tf_test_role_test_%[1]s" +resource "aws_iam_role" "test" { + name = %[1]q path = "/" assume_role_policy = < Date: Mon, 6 Dec 2021 15:06:23 -0500 Subject: [PATCH 14/16] iam/policy: Standardize tests --- internal/service/iam/policy_test.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/internal/service/iam/policy_test.go b/internal/service/iam/policy_test.go index 8b4e3f7db1f..8d1741181fb 100644 --- a/internal/service/iam/policy_test.go +++ b/internal/service/iam/policy_test.go @@ -147,7 +147,6 @@ func TestAccIAMPolicy_disappears(t *testing.T) { func TestAccIAMPolicy_namePrefix(t *testing.T) { var out iam.GetPolicyOutput - namePrefix := "tf-acc-test-" resourceName := "aws_iam_policy.test" resource.ParallelTest(t, resource.TestCase{ @@ -157,10 +156,10 @@ func TestAccIAMPolicy_namePrefix(t *testing.T) { CheckDestroy: testAccCheckPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccPolicyNamePrefixConfig(namePrefix), + Config: testAccPolicyNamePrefixConfig(acctest.ResourcePrefix), Check: resource.ComposeTestCheckFunc( testAccCheckPolicyExists(resourceName, &out), - resource.TestMatchResourceAttr(resourceName, "name", regexp.MustCompile(fmt.Sprintf("^%s", namePrefix))), + resource.TestMatchResourceAttr(resourceName, "name", regexp.MustCompile(fmt.Sprintf("^%s", acctest.ResourcePrefix))), ), }, { From e752b8b501c26dfcdbe5c88a1f7cd05d4ef5e6f8 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 6 Dec 2021 16:43:45 -0500 Subject: [PATCH 15/16] iam/user_policy: Standardize tests --- internal/service/iam/user_policy_test.go | 203 +++++++++++------------ 1 file changed, 98 insertions(+), 105 deletions(-) diff --git a/internal/service/iam/user_policy_test.go b/internal/service/iam/user_policy_test.go index 59f5d51a418..d91c51bd562 100644 --- a/internal/service/iam/user_policy_test.go +++ b/internal/service/iam/user_policy_test.go @@ -18,13 +18,11 @@ import ( ) func TestAccIAMUserPolicy_basic(t *testing.T) { - rInt := sdkacctest.RandInt() + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policy1 := `{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"*","Resource":"*"}}` policy2 := `{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"iam:*","Resource":"*"}}` - policyName := fmt.Sprintf("foo_policy_%d", rInt) - policyResourceName := "aws_iam_user_policy.foo" - userResourceName := "aws_iam_user.user" - userName := fmt.Sprintf("test_user_%d", rInt) + policyResourceName := "aws_iam_user_policy.test" + userResourceName := "aws_iam_user.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, @@ -33,18 +31,18 @@ func TestAccIAMUserPolicy_basic(t *testing.T) { CheckDestroy: testAccCheckIAMUserPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccIAMUserPolicyConfig_name(rInt, strconv.Quote("NonJSONString")), + Config: testAccIAMUserPolicyConfig_name(rName, strconv.Quote("NonJSONString")), ExpectError: regexp.MustCompile("invalid JSON"), }, { - Config: testAccIAMUserPolicyConfig_name(rInt, strconv.Quote(policy1)), + Config: testAccIAMUserPolicyConfig_name(rName, strconv.Quote(policy1)), Check: resource.ComposeTestCheckFunc( testAccCheckIAMUserPolicy(userResourceName, policyResourceName), testAccCheckIAMUserPolicyExpectedPolicies(userResourceName, 1), - resource.TestMatchResourceAttr(policyResourceName, "id", regexp.MustCompile(fmt.Sprintf("^%s:%s$", userName, policyName))), - resource.TestCheckResourceAttr(policyResourceName, "name", policyName), + resource.TestMatchResourceAttr(policyResourceName, "id", regexp.MustCompile(fmt.Sprintf("^%[1]s:%[1]s$", rName))), + resource.TestCheckResourceAttr(policyResourceName, "name", rName), resource.TestCheckResourceAttr(policyResourceName, "policy", policy1), - resource.TestCheckResourceAttr(policyResourceName, "user", userName), + resource.TestCheckResourceAttr(policyResourceName, "user", rName), ), }, { @@ -53,7 +51,7 @@ func TestAccIAMUserPolicy_basic(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccIAMUserPolicyConfig_name(rInt, strconv.Quote(policy2)), + Config: testAccIAMUserPolicyConfig_name(rName, strconv.Quote(policy2)), Check: resource.ComposeTestCheckFunc( testAccCheckIAMUserPolicy(userResourceName, policyResourceName), testAccCheckIAMUserPolicyExpectedPolicies(userResourceName, 1), @@ -66,8 +64,8 @@ func TestAccIAMUserPolicy_basic(t *testing.T) { func TestAccIAMUserPolicy_disappears(t *testing.T) { var out iam.GetUserPolicyOutput - suffix := sdkacctest.RandStringFromCharSet(10, sdkacctest.CharSetAlpha) - resourceName := fmt.Sprintf("aws_iam_user_policy.foo_%s", suffix) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_iam_user_policy.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, @@ -76,7 +74,7 @@ func TestAccIAMUserPolicy_disappears(t *testing.T) { CheckDestroy: testAccCheckIAMUserPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccUserPolicyConfig(suffix), + Config: testAccUserPolicyConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckIAMUserPolicyExists(resourceName, &out), testAccCheckIAMUserPolicyDisappears(&out), @@ -88,13 +86,11 @@ func TestAccIAMUserPolicy_disappears(t *testing.T) { } func TestAccIAMUserPolicy_namePrefix(t *testing.T) { - rInt := sdkacctest.RandInt() + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policy1 := `{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"*","Resource":"*"}}` policy2 := `{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"iam:*","Resource":"*"}}` - policyNamePrefix := "foo_policy_" - policyResourceName := "aws_iam_user_policy.foo" - userResourceName := "aws_iam_user.user" - userName := fmt.Sprintf("test_user_%d", rInt) + policyResourceName := "aws_iam_user_policy.test" + userResourceName := "aws_iam_user.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, @@ -103,12 +99,12 @@ func TestAccIAMUserPolicy_namePrefix(t *testing.T) { CheckDestroy: testAccCheckIAMUserPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccIAMUserPolicyConfig_namePrefix(rInt, strconv.Quote(policy1)), + Config: testAccIAMUserPolicyConfig_namePrefix(rName, acctest.ResourcePrefix, strconv.Quote(policy1)), Check: resource.ComposeTestCheckFunc( testAccCheckIAMUserPolicy(userResourceName, policyResourceName), testAccCheckIAMUserPolicyExpectedPolicies(userResourceName, 1), - resource.TestMatchResourceAttr(policyResourceName, "id", regexp.MustCompile(fmt.Sprintf("^%s:%s.+$", userName, policyNamePrefix))), - resource.TestCheckResourceAttr(policyResourceName, "name_prefix", policyNamePrefix), + resource.TestMatchResourceAttr(policyResourceName, "id", regexp.MustCompile(fmt.Sprintf("^%s:%s.+$", rName, acctest.ResourcePrefix))), + resource.TestCheckResourceAttr(policyResourceName, "name_prefix", acctest.ResourcePrefix), resource.TestCheckResourceAttr(policyResourceName, "policy", policy1), ), }, @@ -119,7 +115,7 @@ func TestAccIAMUserPolicy_namePrefix(t *testing.T) { ImportStateVerifyIgnore: []string{"name_prefix"}, }, { - Config: testAccIAMUserPolicyConfig_namePrefix(rInt, strconv.Quote(policy2)), + Config: testAccIAMUserPolicyConfig_namePrefix(rName, acctest.ResourcePrefix, strconv.Quote(policy2)), Check: resource.ComposeTestCheckFunc( testAccCheckIAMUserPolicy(userResourceName, policyResourceName), testAccCheckIAMUserPolicyExpectedPolicies(userResourceName, 1), @@ -131,12 +127,11 @@ func TestAccIAMUserPolicy_namePrefix(t *testing.T) { } func TestAccIAMUserPolicy_generatedName(t *testing.T) { - rInt := sdkacctest.RandInt() + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policy1 := `{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"*","Resource":"*"}}` policy2 := `{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"iam:*","Resource":"*"}}` - policyResourceName := "aws_iam_user_policy.foo" - userResourceName := "aws_iam_user.user" - userName := fmt.Sprintf("test_user_%d", rInt) + policyResourceName := "aws_iam_user_policy.test" + userResourceName := "aws_iam_user.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, @@ -145,11 +140,11 @@ func TestAccIAMUserPolicy_generatedName(t *testing.T) { CheckDestroy: testAccCheckIAMUserPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccIAMUserPolicyConfig_generatedName(rInt, strconv.Quote(policy1)), + Config: testAccIAMUserPolicyConfig_generatedName(rName, strconv.Quote(policy1)), Check: resource.ComposeTestCheckFunc( testAccCheckIAMUserPolicy(userResourceName, policyResourceName), testAccCheckIAMUserPolicyExpectedPolicies(userResourceName, 1), - resource.TestMatchResourceAttr(policyResourceName, "id", regexp.MustCompile(fmt.Sprintf("^%s:.+$", userName))), + resource.TestMatchResourceAttr(policyResourceName, "id", regexp.MustCompile(fmt.Sprintf("^%s:.+$", rName))), resource.TestCheckResourceAttr(policyResourceName, "policy", policy1), ), }, @@ -159,7 +154,7 @@ func TestAccIAMUserPolicy_generatedName(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccIAMUserPolicyConfig_generatedName(rInt, strconv.Quote(policy2)), + Config: testAccIAMUserPolicyConfig_generatedName(rName, strconv.Quote(policy2)), Check: resource.ComposeTestCheckFunc( testAccCheckIAMUserPolicy(userResourceName, policyResourceName), testAccCheckIAMUserPolicyExpectedPolicies(userResourceName, 1), @@ -171,14 +166,12 @@ func TestAccIAMUserPolicy_generatedName(t *testing.T) { } func TestAccIAMUserPolicy_multiplePolicies(t *testing.T) { - rInt := sdkacctest.RandInt() + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) policy1 := `{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"*","Resource":"*"}}` policy2 := `{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"iam:*","Resource":"*"}}` - policyName1 := fmt.Sprintf("foo_policy_%d", rInt) - policyName2 := fmt.Sprintf("bar_policy_%d", rInt) - policyResourceName1 := "aws_iam_user_policy.foo" - policyResourceName2 := "aws_iam_user_policy.bar" - userResourceName := "aws_iam_user.user" + policyResourceName1 := "aws_iam_user_policy.test" + policyResourceName2 := "aws_iam_user_policy.test2" + userResourceName := "aws_iam_user.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, @@ -187,11 +180,11 @@ func TestAccIAMUserPolicy_multiplePolicies(t *testing.T) { CheckDestroy: testAccCheckIAMUserPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccIAMUserPolicyConfig_name(rInt, strconv.Quote(policy1)), + Config: testAccIAMUserPolicyConfig_name(rName, strconv.Quote(policy1)), Check: resource.ComposeTestCheckFunc( testAccCheckIAMUserPolicy(userResourceName, policyResourceName1), testAccCheckIAMUserPolicyExpectedPolicies(userResourceName, 1), - resource.TestCheckResourceAttr(policyResourceName1, "name", policyName1), + resource.TestCheckResourceAttr(policyResourceName1, "name", rName), resource.TestCheckResourceAttr(policyResourceName1, "policy", policy1), ), }, @@ -201,18 +194,18 @@ func TestAccIAMUserPolicy_multiplePolicies(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccIAMUserPolicyConfig_multiplePolicies(rInt, strconv.Quote(policy1), strconv.Quote(policy2)), + Config: testAccIAMUserPolicyConfig_multiplePolicies(rName, strconv.Quote(policy1), strconv.Quote(policy2)), Check: resource.ComposeTestCheckFunc( testAccCheckIAMUserPolicy(userResourceName, policyResourceName1), testAccCheckIAMUserPolicy(userResourceName, policyResourceName2), testAccCheckIAMUserPolicyExpectedPolicies(userResourceName, 2), resource.TestCheckResourceAttr(policyResourceName1, "policy", policy1), - resource.TestCheckResourceAttr(policyResourceName2, "name", policyName2), + resource.TestCheckResourceAttr(policyResourceName2, "name", fmt.Sprintf("%s-2", rName)), resource.TestCheckResourceAttr(policyResourceName2, "policy", policy2), ), }, { - Config: testAccIAMUserPolicyConfig_multiplePolicies(rInt, strconv.Quote(policy2), strconv.Quote(policy2)), + Config: testAccIAMUserPolicyConfig_multiplePolicies(rName, strconv.Quote(policy2), strconv.Quote(policy2)), Check: resource.ComposeTestCheckFunc( testAccCheckIAMUserPolicy(userResourceName, policyResourceName1), testAccCheckIAMUserPolicy(userResourceName, policyResourceName2), @@ -221,7 +214,7 @@ func TestAccIAMUserPolicy_multiplePolicies(t *testing.T) { ), }, { - Config: testAccIAMUserPolicyConfig_name(rInt, strconv.Quote(policy2)), + Config: testAccIAMUserPolicyConfig_name(rName, strconv.Quote(policy2)), Check: resource.ComposeTestCheckFunc( testAccCheckIAMUserPolicy(userResourceName, policyResourceName1), testAccCheckIAMUserPolicyExpectedPolicies(userResourceName, 1), @@ -399,16 +392,22 @@ func testAccCheckIAMUserPolicyExpectedPolicies(iamUserResource string, expected } } -func testAccUserPolicyConfig(suffix string) string { +func testAccUserPolicyUserBaseConfig(rName, path string) string { return fmt.Sprintf(` -resource "aws_iam_user" "user_%[1]s" { - name = "tf_test_user_test_%[1]s" - path = "/" +resource "aws_iam_user" "test" { + name = %[1]q + path = %[2]q +} +`, rName, path) } -resource "aws_iam_user_policy" "foo_%[1]s" { - name = "tf_test_policy_test_%[1]s" - user = "${aws_iam_user.user_%[1]s.name}" +func testAccUserPolicyConfig(rName string) string { + return acctest.ConfigCompose( + testAccUserPolicyUserBaseConfig(rName, "/"), + fmt.Sprintf(` +resource "aws_iam_user_policy" "test" { + name = %[1]q + user = aws_iam_user.test.name policy = < Date: Mon, 6 Dec 2021 16:45:10 -0500 Subject: [PATCH 16/16] Use updated awspolicyequivalence --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 42f8d9cfa4e..d94c3aabe31 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/fatih/color v1.9.0 // indirect github.com/hashicorp/aws-cloudformation-resource-schema-sdk-go v0.14.0 github.com/hashicorp/aws-sdk-go-base v1.0.0 - github.com/hashicorp/awspolicyequivalence v1.3.0 + github.com/hashicorp/awspolicyequivalence v1.4.0 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 github.com/hashicorp/go-multierror v1.1.1 diff --git a/go.sum b/go.sum index 745d3aa6118..2d8e44f5d2a 100644 --- a/go.sum +++ b/go.sum @@ -170,8 +170,8 @@ github.com/hashicorp/aws-cloudformation-resource-schema-sdk-go v0.14.0 h1:2Usl5C github.com/hashicorp/aws-cloudformation-resource-schema-sdk-go v0.14.0/go.mod h1:C6GVuO9RWOrt6QCGTmLCOYuSHpkfQSBDuRqTteOlo0g= github.com/hashicorp/aws-sdk-go-base v1.0.0 h1:J7MMLOfSoDWkusy+cSzKYG1/aFyCzYJmdE0mod3/WLw= github.com/hashicorp/aws-sdk-go-base v1.0.0/go.mod h1:2fRjWDv3jJBeN6mVWFHV6hFTNeFBx2gpDLQaZNxUVAY= -github.com/hashicorp/awspolicyequivalence v1.3.0 h1:T6GloJqof+yP6Gf4NAfIRPrTIIsJohVAk5z6MHuJK2U= -github.com/hashicorp/awspolicyequivalence v1.3.0/go.mod h1:9IOaIHx+a7C0NfUNk1A93M7kHd5rJ19aoUx37LZGC14= +github.com/hashicorp/awspolicyequivalence v1.4.0 h1:mpQ7/MnyOsaMcXQcJiYbE3LAONzMH1MnwEK/HMvE6Ss= +github.com/hashicorp/awspolicyequivalence v1.4.0/go.mod h1:9IOaIHx+a7C0NfUNk1A93M7kHd5rJ19aoUx37LZGC14= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=