provider/aws: Added the ability to import aws_iam_role's #7617
Conversation
|
Hi @bigkraig Any reason you are ignoring the Paul |
stack72
added
enhancement
waiting-response
|
@stack72 I looked around at other import resources and it seems to be done the same way, without the ignore the test will fail since the assume_role_policy text doesn't get imported. |
jen20
removed
the
waiting-response
|
Hey @bigkraig I think the issue here is that the AssumeRolePolicy isn't actually set back to state in the Read func. I think rather than ignoring it from state, we should add it there. The nice thing about the import work is that it has shown up some areas where we are not setting the state in the Read func :) P. |
|
@stack72 OK, I need to url decode the string when it comes back from Amazon and the response doesn't have an array for a couple of the values, but this passes the tests now. |
|
What happens if that P. |
|
@stack72 it shouldn't matter, the import is done from the API right, so its however AWS is serving it up. |
| "github.com/hashicorp/terraform/helper/resource" | ||
| ) | ||
|
|
||
| func TestAccAWSIAMRole_importBasic(t *testing.T) { |
There was a problem hiding this comment.
This should be TestAccAWSRole_importBasic - then it will get run with the other IAM Role tests :)
|
ok, just running all the tests now |
|
After making the small change to the test name, I can run all of the AWS IAM Role tests: |
stack72
added
the
waiting-response
|
I've renamed it |
bigkraig
force-pushed
the
role-imports
branch
2 times, most recently
from
58b12c2 to
221a0c6
Compare
|
Hi @bigkraig The tests still fail here, I'm afraid P. |
|
@stack72 this one is tough. since we weren't reading in the policy before the test cases are littered with different spacing for the policy and updates are causing diffs everywhere. Since the policy is compared as a generic string and not the data structure, it breaks a lot of things. we could go and update assume_role_policy strings all over the place to make them consistent, but i wonder if this was solved in a better way somewhere else already? |
… highlights all of the tests that change this, so I've fixed a bunch of those while i'm in here.
|
@stack72 OK, here are the files that I've modified and verified these tests are passing |
|
@stack72 ping! =) |
bigkraig
changed the title
|
@stack72 hey Paul, can you check this out? |
|
Hi @bigkraig Apologies for taking so long to get back to you on this - tests look solid now :) Thanks so much Paul |
|
Hello friends – I reverted this PR in #8112 after noticing that our nightly test suite took a nose dive into a sea of bad times: After another review and some + policy, _ := url.QueryUnescape(*role.AssumeRolePolicyDocument)
+ if err := d.Set("assume_role_policy", aws.String(policy)); err != nil {
+ return err
+ }and this: resource "aws_iam_role" "role" {
- name = "test-role"
- assume_role_policy = <<EOF
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Principal": {
- "Service": "ec2.amazonaws.com"
- },
- "Effect": "Allow",
- "Sid": ""
- }
- ]
-}
-EOF
+ name = "test-role"
+ assume_role_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}"
}What's happened here is users can no longer use the It seems we ran into this (comment above) but to address it we just didn't use We need to work into this PR a way to allow the |
|
Heredoc problems have been addressed in #9398 |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
Not much to it, needed this to build a tf configuration for our core configs.