Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

aws_ssm_maintenance_window_task: allow service_role_arn to be optional #12200

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 9 additions & 3 deletions aws/resource_aws_ssm_maintenance_window_task.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ func resourceAwsSsmMaintenanceWindowTask() *schema.Resource {

"service_role_arn": {
Type: schema.TypeString,
Required: true,
Optional: true,
ValidateFunc: validateArn,
},

Expand Down Expand Up @@ -655,14 +655,17 @@ func resourceAwsSsmMaintenanceWindowTaskCreate(d *schema.ResourceData, meta inte
MaxConcurrency: aws.String(d.Get("max_concurrency").(string)),
MaxErrors: aws.String(d.Get("max_errors").(string)),
TaskType: aws.String(d.Get("task_type").(string)),
ServiceRoleArn: aws.String(d.Get("service_role_arn").(string)),
TaskArn: aws.String(d.Get("task_arn").(string)),
}

if v, ok := d.GetOk("targets"); ok {
params.Targets = expandAwsSsmTargets(v.([]interface{}))
}

if v, ok := d.GetOk("service_role_arn"); ok {
params.ServiceRoleArn = aws.String(v.(string))
}

if v, ok := d.GetOk("name"); ok {
params.Name = aws.String(v.(string))
}
Expand Down Expand Up @@ -739,12 +742,15 @@ func resourceAwsSsmMaintenanceWindowTaskUpdate(d *schema.ResourceData, meta inte
WindowTaskId: aws.String(d.Id()),
MaxConcurrency: aws.String(d.Get("max_concurrency").(string)),
MaxErrors: aws.String(d.Get("max_errors").(string)),
ServiceRoleArn: aws.String(d.Get("service_role_arn").(string)),
TaskArn: aws.String(d.Get("task_arn").(string)),
Targets: expandAwsSsmTargets(d.Get("targets").([]interface{})),
Replace: aws.Bool(true),
}

if v, ok := d.GetOk("service_role_arn"); ok {
params.ServiceRoleArn = aws.String(v.(string))
}

if v, ok := d.GetOk("name"); ok {
params.Name = aws.String(v.(string))
}
Expand Down
50 changes: 50 additions & 0 deletions aws/resource_aws_ssm_maintenance_window_task_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,27 @@ func TestAccAWSSSMMaintenanceWindowTask_basic(t *testing.T) {
})
}

func TestAccAWSSSMMaintenanceWindowTask_noRole(t *testing.T) {
var task ssm.MaintenanceWindowTask
rName := acctest.RandomWithPrefix("tf-acc-test")
resourceName := "aws_ssm_maintenance_window_task.test"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSSSMMaintenanceWindowTaskDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSSSMMaintenanceWindowTaskNoRoleConfig(rName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSSSMMaintenanceWindowTaskExists(resourceName, &task),
),
ExpectNonEmptyPlan: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding this type of handling in a test is indicative of a problem that practitioners would face in real world configurations:

=== CONT  TestAccAWSSSMMaintenanceWindowTask_noRole
    resource_aws_ssm_maintenance_window_task_test.go:59: Step 1/1 error: After applying this test step, the plan was not empty.
        stdout:


        An execution plan has been generated and is shown below.
        Resource actions are indicated with the following symbols:
          ~ update in-place

        Terraform will perform the following actions:

          # aws_ssm_maintenance_window_task.test will be updated in-place
          ~ resource "aws_ssm_maintenance_window_task" "test" {
                id               = "b9865b4e-8afd-40da-89ec-4c90009f40c6"
                name             = "TestMaintenanceWindowTask"
              - service_role_arn = "arn:aws:iam::123456789012:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM" -> null
                # (7 unchanged attributes hidden)


                # (2 unchanged blocks hidden)
            }

        Plan: 0 to add, 1 to change, 0 to destroy.

The solution in this case is to mark service_role_arn with Computed: true to allow Terraform to ignore the value being filled in when it is not configured. 👍

},
},
})
}

func TestAccAWSSSMMaintenanceWindowTask_updateForcesNewResource(t *testing.T) {
var before, after ssm.MaintenanceWindowTask
rName := acctest.RandomWithPrefix("tf-acc-test")
Expand Down Expand Up @@ -627,6 +648,35 @@ resource "aws_ssm_maintenance_window_task" "test" {
`)
}

func testAccAWSSSMMaintenanceWindowTaskNoRoleConfig(rName string) string {
return fmt.Sprintf(testAccAWSSSMMaintenanceWindowTaskConfigBase(rName)+`
resource "aws_ssm_maintenance_window_task" "test" {
window_id = aws_ssm_maintenance_window.test.id
task_type = "RUN_COMMAND"
task_arn = "AWS-RunShellScript"
priority = 1
max_concurrency = "2"
max_errors = "1"
name = "TestMaintenanceWindowTask"
description = "This resource is for test purpose only"

targets {
key = "WindowTargetIds"
values = [aws_ssm_maintenance_window_target.test.id]
}

task_invocation_parameters {
run_command_parameters {
parameter {
name = "commands"
values = ["pwd"]
}
}
}
}
`)
}

func testAccAWSSSMMaintenanceWindowTaskAutomationConfig(rName, version string) string {
return fmt.Sprintf(testAccAWSSSMMaintenanceWindowTaskConfigBase(rName)+`

Expand Down
54 changes: 25 additions & 29 deletions website/docs/r/ssm_maintenance_window_task.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -16,13 +16,12 @@ Provides an SSM Maintenance Window Task resource

```hcl
resource "aws_ssm_maintenance_window_task" "example" {
max_concurrency = 2
max_errors = 1
priority = 1
service_role_arn = aws_iam_role.example.arn
task_arn = "AWS-RestartEC2Instance"
task_type = "AUTOMATION"
window_id = aws_ssm_maintenance_window.example.id
max_concurrency = 2
max_errors = 1
priority = 1
task_arn = "AWS-RestartEC2Instance"
task_type = "AUTOMATION"
window_id = aws_ssm_maintenance_window.example.id

targets {
key = "InstanceIds"
Expand All @@ -46,13 +45,12 @@ resource "aws_ssm_maintenance_window_task" "example" {

```hcl
resource "aws_ssm_maintenance_window_task" "example" {
max_concurrency = 2
max_errors = 1
priority = 1
service_role_arn = aws_iam_role.example.arn
task_arn = aws_lambda_function.example.arn
task_type = "LAMBDA"
window_id = aws_ssm_maintenance_window.example.id
max_concurrency = 2
max_errors = 1
priority = 1
task_arn = aws_lambda_function.example.arn
task_type = "LAMBDA"
window_id = aws_ssm_maintenance_window.example.id

targets {
key = "InstanceIds"
Expand All @@ -72,13 +70,12 @@ resource "aws_ssm_maintenance_window_task" "example" {

```hcl
resource "aws_ssm_maintenance_window_task" "example" {
max_concurrency = 2
max_errors = 1
priority = 1
service_role_arn = aws_iam_role.example.arn
task_arn = "AWS-RunShellScript"
task_type = "RUN_COMMAND"
window_id = aws_ssm_maintenance_window.example.id
max_concurrency = 2
max_errors = 1
priority = 1
task_arn = "AWS-RunShellScript"
task_type = "RUN_COMMAND"
window_id = aws_ssm_maintenance_window.example.id

targets {
key = "InstanceIds"
Expand Down Expand Up @@ -111,13 +108,12 @@ resource "aws_ssm_maintenance_window_task" "example" {

```hcl
resource "aws_ssm_maintenance_window_task" "example" {
max_concurrency = 2
max_errors = 1
priority = 1
service_role_arn = aws_iam_role.example.arn
task_arn = aws_sfn_activity.example.id
task_type = "STEP_FUNCTIONS"
window_id = aws_ssm_maintenance_window.example.id
max_concurrency = 2
max_errors = 1
priority = 1
task_arn = aws_sfn_activity.example.id
task_type = "STEP_FUNCTIONS"
window_id = aws_ssm_maintenance_window.example.id

targets {
key = "InstanceIds"
Expand All @@ -142,7 +138,7 @@ The following arguments are supported:
* `max_errors` - (Required) The maximum number of errors allowed before this task stops being scheduled.
* `task_type` - (Required) The type of task being registered. Valid values: `AUTOMATION`, `LAMBDA`, `RUN_COMMAND` or `STEP_FUNCTIONS`.
* `task_arn` - (Required) The ARN of the task to execute.
* `service_role_arn` - (Required) The role that should be assumed when executing the task.
* `service_role_arn` - (Optional) The role that should be assumed when executing the task. If a role is not provided, Systems Manager uses your account's service-linked role. If no service-linked role for Systems Manager exists in your account, it is created for you.
* `name` - (Optional) The name of the maintenance window task.
* `description` - (Optional) The description of the maintenance window task.
* `targets` - (Required) The targets (either instances or window target ids). Instances are specified using Key=InstanceIds,Values=instanceid1,instanceid2. Window target ids are specified using Key=WindowTargetIds,Values=window target id1, window target id2.
Expand Down