From 92637745344429a0e63726808d779a6c0014c8d6 Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Thu, 6 Apr 2017 12:23:07 +0100 Subject: [PATCH] aws: Allow import of OID connect provider + allow disappearance --- ...esource_aws_iam_openid_connect_provider.go | 27 +++++++- ...ce_aws_iam_openid_connect_provider_test.go | 61 +++++++++++++++++++ .../iam_openid_connect_provider.html.markdown | 8 +++ website/source/layouts/aws.erb | 4 ++ 4 files changed, 97 insertions(+), 3 deletions(-) diff --git a/builtin/providers/aws/resource_aws_iam_openid_connect_provider.go b/builtin/providers/aws/resource_aws_iam_openid_connect_provider.go index 0e25bca14447..1791da4ecb2e 100644 --- a/builtin/providers/aws/resource_aws_iam_openid_connect_provider.go +++ b/builtin/providers/aws/resource_aws_iam_openid_connect_provider.go @@ -16,6 +16,10 @@ func resourceAwsIamOpenIDConnectProvider() *schema.Resource { Read: resourceAwsIamOpenIDConnectProviderRead, Update: resourceAwsIamOpenIDConnectProviderUpdate, Delete: resourceAwsIamOpenIDConnectProviderDelete, + Exists: resourceAwsIamOpenIDConnectProviderExists, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, Schema: map[string]*schema.Schema{ "arn": &schema.Schema{ @@ -77,8 +81,8 @@ func resourceAwsIamOpenIDConnectProviderRead(d *schema.ResourceData, meta interf d.Set("arn", d.Id()) d.Set("url", out.Url) - d.Set("client_id_list", out.ClientIDList) - d.Set("thumbprint_list", out.ThumbprintList) + d.Set("client_id_list", flattenStringList(out.ClientIDList)) + d.Set("thumbprint_list", flattenStringList(out.ThumbprintList)) return nil } @@ -110,7 +114,7 @@ func resourceAwsIamOpenIDConnectProviderDelete(d *schema.ResourceData, meta inte _, err := iamconn.DeleteOpenIDConnectProvider(input) if err != nil { - if err, ok := err.(awserr.Error); ok && err.Code() == "NotFound" { + if err, ok := err.(awserr.Error); ok && err.Code() == "NoSuchEntity" { return nil } return fmt.Errorf("Error deleting platform application %s", err) @@ -118,3 +122,20 @@ func resourceAwsIamOpenIDConnectProviderDelete(d *schema.ResourceData, meta inte return nil } + +func resourceAwsIamOpenIDConnectProviderExists(d *schema.ResourceData, meta interface{}) (bool, error) { + iamconn := meta.(*AWSClient).iamconn + + input := &iam.GetOpenIDConnectProviderInput{ + OpenIDConnectProviderArn: aws.String(d.Id()), + } + _, err := iamconn.GetOpenIDConnectProvider(input) + if err != nil { + if err, ok := err.(awserr.Error); ok && err.Code() == "NoSuchEntity" { + return false, nil + } + return true, err + } + + return true, nil +} diff --git a/builtin/providers/aws/resource_aws_iam_openid_connect_provider_test.go b/builtin/providers/aws/resource_aws_iam_openid_connect_provider_test.go index 6fb72aa90fae..6cf10d8b80ca 100644 --- a/builtin/providers/aws/resource_aws_iam_openid_connect_provider_test.go +++ b/builtin/providers/aws/resource_aws_iam_openid_connect_provider_test.go @@ -49,6 +49,48 @@ func TestAccAWSIAMOpenIDConnectProvider_basic(t *testing.T) { }) } +func TestAccAWSIAMOpenIDConnectProvider_importBasic(t *testing.T) { + resourceName := "aws_iam_openid_connect_provider.goog" + rString := acctest.RandString(5) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckIAMOpenIDConnectProviderDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccIAMOpenIDConnectProviderConfig_modified(rString), + }, + + resource.TestStep{ + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccAWSIAMOpenIDConnectProvider_disappears(t *testing.T) { + rString := acctest.RandString(5) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckIAMOpenIDConnectProviderDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccIAMOpenIDConnectProviderConfig(rString), + Check: resource.ComposeTestCheckFunc( + testAccCheckIAMOpenIDConnectProvider("aws_iam_openid_connect_provider.goog"), + testAccCheckIAMOpenIDConnectProviderDisappears("aws_iam_openid_connect_provider.goog"), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + func testAccCheckIAMOpenIDConnectProviderDestroy(s *terraform.State) error { iamconn := testAccProvider.Meta().(*AWSClient).iamconn @@ -77,6 +119,25 @@ func testAccCheckIAMOpenIDConnectProviderDestroy(s *terraform.State) error { return nil } +func testAccCheckIAMOpenIDConnectProviderDisappears(id string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[id] + if !ok { + return fmt.Errorf("Not Found: %s", id) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No ID is set") + } + + iamconn := testAccProvider.Meta().(*AWSClient).iamconn + _, err := iamconn.DeleteOpenIDConnectProvider(&iam.DeleteOpenIDConnectProviderInput{ + OpenIDConnectProviderArn: aws.String(rs.Primary.ID), + }) + return err + } +} + func testAccCheckIAMOpenIDConnectProvider(id string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[id] diff --git a/website/source/docs/providers/aws/r/iam_openid_connect_provider.html.markdown b/website/source/docs/providers/aws/r/iam_openid_connect_provider.html.markdown index 194a080c6c66..2e312e5b97ab 100644 --- a/website/source/docs/providers/aws/r/iam_openid_connect_provider.html.markdown +++ b/website/source/docs/providers/aws/r/iam_openid_connect_provider.html.markdown @@ -35,3 +35,11 @@ The following arguments are supported: The following attributes are exported: * `arn` - The ARN assigned by AWS for this provider. + +## Import + +IAM OpenID Connect Providers can be imported using the `arn`, e.g. + +``` +$ terraform import aws_iam_openid_connect_provider.default arn:aws:iam::123456789012:oidc-provider/accounts.google.com +``` diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb index c7b6474919c6..af78e992ca5f 100644 --- a/website/source/layouts/aws.erb +++ b/website/source/layouts/aws.erb @@ -745,6 +745,10 @@ aws_iam_instance_profile + > + aws_iam_openid_connect_provider + + > aws_iam_policy