From b45ec4bd1368f68d1389bcf27d6d36ae1007ca7c Mon Sep 17 00:00:00 2001 From: Rob Houghton Date: Thu, 3 Nov 2022 17:35:17 +0000 Subject: [PATCH 1/7] ID changed to user Service Permission ID --- .../ec2/vpc_endpoint_service_allowed_principal.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/internal/service/ec2/vpc_endpoint_service_allowed_principal.go b/internal/service/ec2/vpc_endpoint_service_allowed_principal.go index f4861c546d0..88f6439abf7 100644 --- a/internal/service/ec2/vpc_endpoint_service_allowed_principal.go +++ b/internal/service/ec2/vpc_endpoint_service_allowed_principal.go @@ -2,7 +2,6 @@ package ec2 import ( "context" - "fmt" "log" "github.com/aws/aws-sdk-go/aws" @@ -11,7 +10,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" - "github.com/hashicorp/terraform-provider-aws/internal/create" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" "github.com/hashicorp/terraform-provider-aws/internal/tfresource" ) @@ -45,7 +43,7 @@ func resourceVPCEndpointServiceAllowedPrincipalCreate(ctx context.Context, d *sc serviceID := d.Get("vpc_endpoint_service_id").(string) principalARN := d.Get("principal_arn").(string) - _, err := conn.ModifyVpcEndpointServicePermissionsWithContext(ctx, &ec2.ModifyVpcEndpointServicePermissionsInput{ + output, err := conn.ModifyVpcEndpointServicePermissionsWithContext(ctx, &ec2.ModifyVpcEndpointServicePermissionsInput{ AddAllowedPrincipals: aws.StringSlice([]string{principalARN}), ServiceId: aws.String(serviceID), }) @@ -54,7 +52,11 @@ func resourceVPCEndpointServiceAllowedPrincipalCreate(ctx context.Context, d *sc return sdkdiag.AppendErrorf(diags, "modifying EC2 VPC Endpoint Service (%s) permissions: %s", serviceID, err) } - d.SetId(fmt.Sprintf("a-%s%d", serviceID, create.StringHashcode(principalARN))) + for _, v := range output.AddedPrincipals { + if aws.StringValue(v.Principal) == principalARN { + d.SetId(aws.StringValue(v.ServicePermissionId)) + } + } return append(diags, resourceVPCEndpointServiceAllowedPrincipalRead(ctx, d, meta)...) } From d68480eb25c5889a87a96c070b3df87cd4f75ee0 Mon Sep 17 00:00:00 2001 From: Rob Houghton Date: Thu, 3 Nov 2022 17:50:48 +0000 Subject: [PATCH 2/7] Added changelog --- .changelog/27640.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/27640.txt diff --git a/.changelog/27640.txt b/.changelog/27640.txt new file mode 100644 index 00000000000..c5dcf40cd04 --- /dev/null +++ b/.changelog/27640.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_vpc_endpoint_service_allowed_principal: Changed id to use ServicePermissionId +``` \ No newline at end of file From ca64d6539d8970182dc9e2b6cb896ced5eeb390d Mon Sep 17 00:00:00 2001 From: Graham Davison Date: Fri, 14 Apr 2023 13:50:10 -0700 Subject: [PATCH 3/7] Improves `basic` test --- ...c_endpoint_service_allowed_principal_test.go | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go b/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go index b17b42c4037..8b0d475643a 100644 --- a/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go +++ b/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go @@ -3,6 +3,7 @@ package ec2_test import ( "context" "fmt" + "regexp" "testing" "github.com/aws/aws-sdk-go/service/ec2" @@ -18,7 +19,7 @@ import ( func TestAccVPCEndpointServiceAllowedPrincipal_basic(t *testing.T) { ctx := acctest.Context(t) resourceName := "aws_vpc_endpoint_service_allowed_principal.test" - rName := sdkacctest.RandomWithPrefix("tfacctest") // 32 character limit + rName := sdkacctest.RandomWithPrefix("tfacctest") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(ctx, t) }, @@ -28,8 +29,11 @@ func TestAccVPCEndpointServiceAllowedPrincipal_basic(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccVPCEndpointServiceAllowedPrincipalConfig_basic(rName), - Check: resource.ComposeTestCheckFunc( + Check: resource.ComposeAggregateTestCheckFunc( testAccCheckVPCEndpointServiceAllowedPrincipalExists(ctx, resourceName), + resource.TestMatchResourceAttr(resourceName, "id", regexp.MustCompile(`^vpce-svc-perm-\w{17}$`)), + resource.TestCheckResourceAttrPair(resourceName, "vpc_endpoint_service_id", "aws_vpc_endpoint_service.test", "id"), + resource.TestCheckResourceAttrPair(resourceName, "principal_arn", "data.aws_iam_session_context.current", "issuer_arn"), ), }, }, @@ -80,7 +84,8 @@ func testAccCheckVPCEndpointServiceAllowedPrincipalExists(ctx context.Context, n } func testAccVPCEndpointServiceAllowedPrincipalConfig_basic(rName string) string { - return acctest.ConfigCompose(testAccVPCEndpointServiceConfig_networkLoadBalancerBase(rName, 1), fmt.Sprintf(` + return acctest.ConfigCompose( + testAccVPCEndpointServiceConfig_networkLoadBalancerBase(rName, 1), ` data "aws_caller_identity" "current" {} data "aws_iam_session_context" "current" { @@ -90,10 +95,6 @@ data "aws_iam_session_context" "current" { resource "aws_vpc_endpoint_service" "test" { acceptance_required = false network_load_balancer_arns = aws_lb.test[*].arn - - tags = { - Name = %[1]q - } } resource "aws_vpc_endpoint_service_allowed_principal" "test" { @@ -101,5 +102,5 @@ resource "aws_vpc_endpoint_service_allowed_principal" "test" { principal_arn = data.aws_iam_session_context.current.issuer_arn } -`, rName)) +`) } From c42fb07b638e4c988c5aad354824fb971db21dac Mon Sep 17 00:00:00 2001 From: Graham Davison Date: Fri, 14 Apr 2023 13:57:15 -0700 Subject: [PATCH 4/7] Adds ID migration test --- ...endpoint_service_allowed_principal_test.go | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go b/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go index 8b0d475643a..9c9fe424b84 100644 --- a/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go +++ b/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go @@ -40,6 +40,37 @@ func TestAccVPCEndpointServiceAllowedPrincipal_basic(t *testing.T) { }) } +func TestAccVPCEndpointServiceAllowedPrincipal_migrateID(t *testing.T) { + ctx := acctest.Context(t) + resourceName := "aws_vpc_endpoint_service_allowed_principal.test" + rName := sdkacctest.RandomWithPrefix("tfacctest") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, ec2.EndpointsID), + CheckDestroy: testAccCheckVPCEndpointServiceAllowedPrincipalDestroy(ctx), + Steps: []resource.TestStep{ + { + ExternalProviders: map[string]resource.ExternalProvider{ + "aws": { + Source: "hashicorp/aws", + VersionConstraint: "4.63.0", + }, + }, + Config: testAccVPCEndpointServiceAllowedPrincipalConfig_basic(rName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckVPCEndpointServiceAllowedPrincipalExists(ctx, resourceName), + ), + }, + { + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + Config: testAccVPCEndpointServiceAllowedPrincipalConfig_basic(rName), + PlanOnly: true, + }, + }, + }) +} + func testAccCheckVPCEndpointServiceAllowedPrincipalDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn() From 866e0ed93d3e1f215cd819086bd032dc0c572027 Mon Sep 17 00:00:00 2001 From: Graham Davison Date: Fri, 14 Apr 2023 14:09:56 -0700 Subject: [PATCH 5/7] Adds tagging test --- ...endpoint_service_allowed_principal_test.go | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go b/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go index 9c9fe424b84..9e4204d5af9 100644 --- a/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go +++ b/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go @@ -40,6 +40,32 @@ func TestAccVPCEndpointServiceAllowedPrincipal_basic(t *testing.T) { }) } +func TestAccVPCEndpointServiceAllowedPrincipal_tags(t *testing.T) { + ctx := acctest.Context(t) + rName := sdkacctest.RandomWithPrefix("tfacctest") + + resourceName := "aws_vpc_endpoint_service_allowed_principal.test" + tagResourceName := "aws_ec2_tag.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, ec2.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckVPCEndpointServiceAllowedPrincipalDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccVPCEndpointServiceAllowedPrincipalConfig_tag(rName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckVPCEndpointServiceAllowedPrincipalExists(ctx, resourceName), + resource.TestCheckResourceAttrPair(tagResourceName, "resource_id", resourceName, "id"), + resource.TestCheckResourceAttr(tagResourceName, "key", "Name"), + resource.TestCheckResourceAttr(tagResourceName, "value", rName), + ), + }, + }, + }) +} + func TestAccVPCEndpointServiceAllowedPrincipal_migrateID(t *testing.T) { ctx := acctest.Context(t) resourceName := "aws_vpc_endpoint_service_allowed_principal.test" @@ -135,3 +161,31 @@ resource "aws_vpc_endpoint_service_allowed_principal" "test" { } `) } + +func testAccVPCEndpointServiceAllowedPrincipalConfig_tag(rName string) string { + return acctest.ConfigCompose(testAccVPCEndpointServiceConfig_networkLoadBalancerBase(rName, 1), fmt.Sprintf(` +data "aws_caller_identity" "current" {} + +data "aws_iam_session_context" "current" { + arn = data.aws_caller_identity.current.arn +} + +resource "aws_vpc_endpoint_service" "test" { + acceptance_required = false + network_load_balancer_arns = aws_lb.test[*].arn +} + +resource "aws_vpc_endpoint_service_allowed_principal" "test" { + vpc_endpoint_service_id = aws_vpc_endpoint_service.test.id + + principal_arn = data.aws_iam_session_context.current.issuer_arn +} + +resource "aws_ec2_tag" "test" { + resource_id = aws_vpc_endpoint_service_allowed_principal.test.id + + key = "Name" + value = %[1]q +} +`, rName)) +} From 09ec0a3ef7dba9083a7c7a6f874a42246b2be416 Mon Sep 17 00:00:00 2001 From: Graham Davison Date: Fri, 14 Apr 2023 14:43:44 -0700 Subject: [PATCH 6/7] Renames `tfresource.ExpectSingleResult` to `tfresource.AssertSingleResult` and returns the value --- internal/service/cognitoidp/find.go | 5 +++-- internal/tfresource/not_found_error.go | 10 +++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/internal/service/cognitoidp/find.go b/internal/service/cognitoidp/find.go index 937395b443c..8b8c3501ea7 100644 --- a/internal/service/cognitoidp/find.go +++ b/internal/service/cognitoidp/find.go @@ -112,11 +112,12 @@ func FindCognitoUserPoolClientByName(ctx context.Context, conn *cognitoidentityp return nil, err } - if err := tfresource.ExpectSingleResult(clientDescs); err != nil { + client, err := tfresource.AssertSingleResult(clientDescs) + if err != nil { return nil, err } - return FindCognitoUserPoolClientByID(ctx, conn, userPoolId, aws.StringValue(clientDescs[0].ClientId)) + return FindCognitoUserPoolClientByID(ctx, conn, userPoolId, aws.StringValue(client.ClientId)) } type cognitoUserPoolClientDescriptionNameFilter func(string) (bool, error) diff --git a/internal/tfresource/not_found_error.go b/internal/tfresource/not_found_error.go index b7106f1d07c..bb7e19e2498 100644 --- a/internal/tfresource/not_found_error.go +++ b/internal/tfresource/not_found_error.go @@ -92,13 +92,13 @@ func SingularDataSourceFindError(resourceType string, err error) error { return fmt.Errorf("reading %s: %w", resourceType, err) } -func ExpectSingleResult[T any](a []*T) error { +func AssertSingleResult[T any](a []*T) (*T, error) { if l := len(a); l == 0 { - return NewEmptyResultError(nil) + return nil, NewEmptyResultError(nil) } else if l > 1 { - return NewTooManyResultsError(l, nil) + return nil, NewTooManyResultsError(l, nil) } else if a[0] == nil { - return NewEmptyResultError(nil) + return nil, NewEmptyResultError(nil) } - return nil + return a[0], nil } From 9606b4465f2dd0c27e882ca37a66e2be3c3b0445 Mon Sep 17 00:00:00 2001 From: Graham Davison Date: Fri, 14 Apr 2023 15:17:10 -0700 Subject: [PATCH 7/7] Allows creating tag after migration --- internal/service/ec2/find.go | 19 ++--- internal/service/ec2/vpc_endpoint_service.go | 2 +- .../vpc_endpoint_service_allowed_principal.go | 4 +- ...endpoint_service_allowed_principal_test.go | 73 +++++++++++++------ 4 files changed, 60 insertions(+), 38 deletions(-) diff --git a/internal/service/ec2/find.go b/internal/service/ec2/find.go index 7d9b69c3e92..cc4b9f5dc67 100644 --- a/internal/service/ec2/find.go +++ b/internal/service/ec2/find.go @@ -3345,7 +3345,7 @@ func FindVPCEndpointServicePermissions(ctx context.Context, conn *ec2.EC2, input return output, nil } -func FindVPCEndpointServicePermissionsByID(ctx context.Context, conn *ec2.EC2, id string) ([]*ec2.AllowedPrincipal, error) { +func FindVPCEndpointServicePermissionsByServiceID(ctx context.Context, conn *ec2.EC2, id string) ([]*ec2.AllowedPrincipal, error) { input := &ec2.DescribeVpcEndpointServicePermissionsInput{ ServiceId: aws.String(id), } @@ -3353,22 +3353,13 @@ func FindVPCEndpointServicePermissionsByID(ctx context.Context, conn *ec2.EC2, i return FindVPCEndpointServicePermissions(ctx, conn, input) } -func FindVPCEndpointServicePermissionExists(ctx context.Context, conn *ec2.EC2, serviceID, principalARN string) error { - allowedPrincipals, err := FindVPCEndpointServicePermissionsByID(ctx, conn, serviceID) - +func FindVPCEndpointServicePermission(ctx context.Context, conn *ec2.EC2, serviceID, principalARN string) (*ec2.AllowedPrincipal, error) { + allowedPrincipals, err := FindVPCEndpointServicePermissionsByServiceID(ctx, conn, serviceID) if err != nil { - return err - } - - for _, v := range allowedPrincipals { - if aws.StringValue(v.Principal) == principalARN { - return nil - } + return nil, err } - return &retry.NotFoundError{ - LastError: fmt.Errorf("VPC Endpoint Service (%s) Principal (%s) not found", serviceID, principalARN), - } + return tfresource.AssertSingleResult(allowedPrincipals) } // FindVPCEndpointRouteTableAssociationExists returns NotFoundError if no association for the specified VPC endpoint and route table IDs is found. diff --git a/internal/service/ec2/vpc_endpoint_service.go b/internal/service/ec2/vpc_endpoint_service.go index 1aee3c408ce..ab199246182 100644 --- a/internal/service/ec2/vpc_endpoint_service.go +++ b/internal/service/ec2/vpc_endpoint_service.go @@ -248,7 +248,7 @@ func resourceVPCEndpointServiceRead(ctx context.Context, d *schema.ResourceData, SetTagsOut(ctx, svcCfg.Tags) - allowedPrincipals, err := FindVPCEndpointServicePermissionsByID(ctx, conn, d.Id()) + allowedPrincipals, err := FindVPCEndpointServicePermissionsByServiceID(ctx, conn, d.Id()) if err != nil { return sdkdiag.AppendErrorf(diags, "reading EC2 VPC Endpoint Service (%s) permissions: %s", d.Id(), err) diff --git a/internal/service/ec2/vpc_endpoint_service_allowed_principal.go b/internal/service/ec2/vpc_endpoint_service_allowed_principal.go index 88f6439abf7..48949722b45 100644 --- a/internal/service/ec2/vpc_endpoint_service_allowed_principal.go +++ b/internal/service/ec2/vpc_endpoint_service_allowed_principal.go @@ -68,7 +68,7 @@ func resourceVPCEndpointServiceAllowedPrincipalRead(ctx context.Context, d *sche serviceID := d.Get("vpc_endpoint_service_id").(string) principalARN := d.Get("principal_arn").(string) - err := FindVPCEndpointServicePermissionExists(ctx, conn, serviceID, principalARN) + output, err := FindVPCEndpointServicePermission(ctx, conn, serviceID, principalARN) if !d.IsNewResource() && tfresource.NotFound(err) { log.Printf("[WARN] EC2 VPC Endpoint Service Allowed Principal %s not found, removing from state", d.Id()) @@ -80,6 +80,8 @@ func resourceVPCEndpointServiceAllowedPrincipalRead(ctx context.Context, d *sche return sdkdiag.AppendErrorf(diags, "reading EC2 VPC Endpoint Service (%s) Allowed Principal (%s): %s", serviceID, principalARN, err) } + d.SetId(aws.StringValue(output.ServicePermissionId)) + return diags } diff --git a/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go b/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go index 9e4204d5af9..bee677253d2 100644 --- a/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go +++ b/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go @@ -18,9 +18,10 @@ import ( func TestAccVPCEndpointServiceAllowedPrincipal_basic(t *testing.T) { ctx := acctest.Context(t) - resourceName := "aws_vpc_endpoint_service_allowed_principal.test" rName := sdkacctest.RandomWithPrefix("tfacctest") + resourceName := "aws_vpc_endpoint_service_allowed_principal.test" + resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, ec2.EndpointsID), @@ -68,9 +69,10 @@ func TestAccVPCEndpointServiceAllowedPrincipal_tags(t *testing.T) { func TestAccVPCEndpointServiceAllowedPrincipal_migrateID(t *testing.T) { ctx := acctest.Context(t) - resourceName := "aws_vpc_endpoint_service_allowed_principal.test" rName := sdkacctest.RandomWithPrefix("tfacctest") + resourceName := "aws_vpc_endpoint_service_allowed_principal.test" + resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, ec2.EndpointsID), @@ -97,6 +99,46 @@ func TestAccVPCEndpointServiceAllowedPrincipal_migrateID(t *testing.T) { }) } +// Verify that the resource returns an ID usable for creating an `aws_ec2_tag` +func TestAccVPCEndpointServiceAllowedPrincipal_migrateAndTag(t *testing.T) { + ctx := acctest.Context(t) + rName := sdkacctest.RandomWithPrefix("tfacctest") + + resourceName := "aws_vpc_endpoint_service_allowed_principal.test" + tagResourceName := "aws_ec2_tag.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, ec2.EndpointsID), + CheckDestroy: testAccCheckVPCEndpointServiceAllowedPrincipalDestroy(ctx), + Steps: []resource.TestStep{ + { + ExternalProviders: map[string]resource.ExternalProvider{ + "aws": { + Source: "hashicorp/aws", + VersionConstraint: "4.63.0", + }, + }, + Config: testAccVPCEndpointServiceAllowedPrincipalConfig_basic(rName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckVPCEndpointServiceAllowedPrincipalExists(ctx, resourceName), + ), + }, + { + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + Config: testAccVPCEndpointServiceAllowedPrincipalConfig_tag(rName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckVPCEndpointServiceAllowedPrincipalExists(ctx, resourceName), + resource.TestMatchResourceAttr(resourceName, "id", regexp.MustCompile(`^vpce-svc-perm-\w{17}$`)), + resource.TestCheckResourceAttrPair(tagResourceName, "resource_id", resourceName, "id"), + resource.TestCheckResourceAttr(tagResourceName, "key", "Name"), + resource.TestCheckResourceAttr(tagResourceName, "value", rName), + ), + }, + }, + }) +} + func testAccCheckVPCEndpointServiceAllowedPrincipalDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn() @@ -106,7 +148,7 @@ func testAccCheckVPCEndpointServiceAllowedPrincipalDestroy(ctx context.Context) continue } - err := tfec2.FindVPCEndpointServicePermissionExists(ctx, conn, rs.Primary.Attributes["vpc_endpoint_service_id"], rs.Primary.Attributes["principal_arn"]) + _, err := tfec2.FindVPCEndpointServicePermission(ctx, conn, rs.Primary.Attributes["vpc_endpoint_service_id"], rs.Primary.Attributes["principal_arn"]) if tfresource.NotFound(err) { continue @@ -136,7 +178,9 @@ func testAccCheckVPCEndpointServiceAllowedPrincipalExists(ctx context.Context, n conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn() - return tfec2.FindVPCEndpointServicePermissionExists(ctx, conn, rs.Primary.Attributes["vpc_endpoint_service_id"], rs.Primary.Attributes["principal_arn"]) + _, err := tfec2.FindVPCEndpointServicePermission(ctx, conn, rs.Primary.Attributes["vpc_endpoint_service_id"], rs.Primary.Attributes["principal_arn"]) + + return err } } @@ -163,24 +207,9 @@ resource "aws_vpc_endpoint_service_allowed_principal" "test" { } func testAccVPCEndpointServiceAllowedPrincipalConfig_tag(rName string) string { - return acctest.ConfigCompose(testAccVPCEndpointServiceConfig_networkLoadBalancerBase(rName, 1), fmt.Sprintf(` -data "aws_caller_identity" "current" {} - -data "aws_iam_session_context" "current" { - arn = data.aws_caller_identity.current.arn -} - -resource "aws_vpc_endpoint_service" "test" { - acceptance_required = false - network_load_balancer_arns = aws_lb.test[*].arn -} - -resource "aws_vpc_endpoint_service_allowed_principal" "test" { - vpc_endpoint_service_id = aws_vpc_endpoint_service.test.id - - principal_arn = data.aws_iam_session_context.current.issuer_arn -} - + return acctest.ConfigCompose( + testAccVPCEndpointServiceAllowedPrincipalConfig_basic(rName), + fmt.Sprintf(` resource "aws_ec2_tag" "test" { resource_id = aws_vpc_endpoint_service_allowed_principal.test.id