diff --git a/.changelog/28863.txt b/.changelog/28863.txt new file mode 100644 index 00000000000..96887d899c1 --- /dev/null +++ b/.changelog/28863.txt @@ -0,0 +1,7 @@ +```release-note:bug +resource/aws_secretsmanager_secret: Improve refresh to avoid unnecessary diffs in `policy` +``` + +```release-note:bug +resource/aws_secretsmanager_secret_policy: Improve refresh to avoid unnecessary diffs in `policy` +``` \ No newline at end of file diff --git a/internal/service/secretsmanager/secret.go b/internal/service/secretsmanager/secret.go index 381d4e2c8ee..08c9c27103a 100644 --- a/internal/service/secretsmanager/secret.go +++ b/internal/service/secretsmanager/secret.go @@ -66,11 +66,12 @@ func ResourceSecret() *schema.Resource { ValidateFunc: validSecretNamePrefix, }, "policy": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ValidateFunc: validation.StringIsJSON, - DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.StringIsJSON, + DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + DiffSuppressOnRefresh: true, StateFunc: func(v interface{}) string { json, _ := structure.NormalizeJsonString(v) return json @@ -203,7 +204,6 @@ func resourceSecretCreate(d *schema.ResourceData, meta interface{}) error { if v, ok := d.GetOk("policy"); ok && v.(string) != "" && v.(string) != "{}" { policy, err := structure.NormalizeJsonString(v.(string)) - if err != nil { return fmt.Errorf("policy (%s) is invalid JSON: %w", v.(string), err) } @@ -299,7 +299,6 @@ func resourceSecretRead(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("reading Secrets Manager Secret (%s) policy: %w", d.Id(), err) } else if v := output.ResourcePolicy; v != nil { policyToSet, err := verify.PolicyToSet(d.Get("policy").(string), aws.StringValue(v)) - if err != nil { return err } @@ -378,7 +377,6 @@ func resourceSecretUpdate(d *schema.ResourceData, meta interface{}) error { if d.HasChange("policy") { if v, ok := d.GetOk("policy"); ok && v.(string) != "" && v.(string) != "{}" { policy, err := structure.NormalizeJsonString(v.(string)) - if err != nil { return fmt.Errorf("policy contains an invalid JSON: %w", err) } diff --git a/internal/service/secretsmanager/secret_policy.go b/internal/service/secretsmanager/secret_policy.go index fa00a8dff22..2a1c196d182 100644 --- a/internal/service/secretsmanager/secret_policy.go +++ b/internal/service/secretsmanager/secret_policy.go @@ -34,10 +34,11 @@ func ResourceSecretPolicy() *schema.Resource { ValidateFunc: verify.ValidARN, }, "policy": { - Type: schema.TypeString, - Required: true, - ValidateFunc: validation.StringIsJSON, - DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringIsJSON, + DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + DiffSuppressOnRefresh: true, StateFunc: func(v interface{}) string { json, _ := structure.NormalizeJsonString(v) return json @@ -55,7 +56,6 @@ func resourceSecretPolicyCreate(d *schema.ResourceData, meta interface{}) error conn := meta.(*conns.AWSClient).SecretsManagerConn() policy, err := structure.NormalizeJsonString(d.Get("policy").(string)) - if err != nil { return fmt.Errorf("policy (%s) is invalid JSON: %w", d.Get("policy").(string), err) } @@ -125,7 +125,6 @@ func resourceSecretPolicyRead(d *schema.ResourceData, meta interface{}) error { if output.ResourcePolicy != nil { policyToSet, err := verify.PolicyToSet(d.Get("policy").(string), aws.StringValue(output.ResourcePolicy)) - if err != nil { return err }