Skip to content

Commit

Permalink
provider: Support default tags (resources aws_i*) (#18723)
Browse files Browse the repository at this point in the history
* provider: Support default tags (resources aws_i*)

Reference: #7926

* docs/provider: Update tagging documentation (resources aws_i*)

* Update aws/resource_aws_iam_policy.go

* provider: Add missing default tag Read functionality
  • Loading branch information
bflad authored Apr 21, 2021
1 parent 1962b97 commit 83a19e7
Show file tree
Hide file tree
Showing 34 changed files with 371 additions and 120 deletions.
23 changes: 18 additions & 5 deletions aws/resource_aws_iam_instance_profile.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,13 +69,18 @@ func resourceAwsIamInstanceProfile() *schema.Resource {
Type: schema.TypeString,
Computed: true,
},
"tags": tagsSchema(),
"tags": tagsSchema(),
"tags_all": tagsSchemaComputed(),
},

CustomizeDiff: SetTagsDiff,
}
}

func resourceAwsIamInstanceProfileCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).iamconn
defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig
tags := defaultTagsConfig.MergeTags(keyvaluetags.New(d.Get("tags").(map[string]interface{})))

var name string
if v, ok := d.GetOk("name"); ok {
Expand All @@ -89,7 +94,7 @@ func resourceAwsIamInstanceProfileCreate(d *schema.ResourceData, meta interface{
request := &iam.CreateInstanceProfileInput{
InstanceProfileName: aws.String(name),
Path: aws.String(d.Get("path").(string)),
Tags: keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().IamTags(),
Tags: tags.IgnoreAws().IamTags(),
}

var err error
Expand Down Expand Up @@ -190,8 +195,8 @@ func resourceAwsIamInstanceProfileUpdate(d *schema.ResourceData, meta interface{
}
}

if d.HasChange("tags") {
o, n := d.GetChange("tags")
if d.HasChange("tags_all") {
o, n := d.GetChange("tags_all")

if err := keyvaluetags.IamInstanceProfileUpdateTags(conn, d.Id(), o, n); err != nil {
return fmt.Errorf("error updating tags for IAM Instance Profile (%s): %w", d.Id(), err)
Expand Down Expand Up @@ -262,6 +267,7 @@ func resourceAwsIamInstanceProfileDelete(d *schema.ResourceData, meta interface{
}

func instanceProfileReadResult(d *schema.ResourceData, result *iam.InstanceProfile, meta interface{}) error {
defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig
ignoreTagsConfig := meta.(*AWSClient).IgnoreTagsConfig

d.SetId(aws.StringValue(result.InstanceProfileName))
Expand All @@ -283,9 +289,16 @@ func instanceProfileReadResult(d *schema.ResourceData, result *iam.InstanceProfi
d.Set("role", result.Roles[0].RoleName) //there will only be 1 role returned
}

if err := d.Set("tags", keyvaluetags.IamKeyValueTags(result.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
tags := keyvaluetags.IamKeyValueTags(result.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig)

//lintignore:AWSR002
if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
return fmt.Errorf("error setting tags: %w", err)
}

if err := d.Set("tags_all", tags.Map()); err != nil {
return fmt.Errorf("error setting tags_all: %w", err)
}

return nil
}
23 changes: 18 additions & 5 deletions aws/resource_aws_iam_openid_connect_provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,19 +50,24 @@ func resourceAwsIamOpenIDConnectProvider() *schema.Resource {
Type: schema.TypeList,
Required: true,
},
"tags": tagsSchema(),
"tags": tagsSchema(),
"tags_all": tagsSchemaComputed(),
},

CustomizeDiff: SetTagsDiff,
}
}

func resourceAwsIamOpenIDConnectProviderCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).iamconn
defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig
tags := defaultTagsConfig.MergeTags(keyvaluetags.New(d.Get("tags").(map[string]interface{})))

input := &iam.CreateOpenIDConnectProviderInput{
Url: aws.String(d.Get("url").(string)),
ClientIDList: expandStringList(d.Get("client_id_list").([]interface{})),
ThumbprintList: expandStringList(d.Get("thumbprint_list").([]interface{})),
Tags: keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().IamTags(),
Tags: tags.IgnoreAws().IamTags(),
}

out, err := conn.CreateOpenIDConnectProvider(input)
Expand All @@ -77,6 +82,7 @@ func resourceAwsIamOpenIDConnectProviderCreate(d *schema.ResourceData, meta inte

func resourceAwsIamOpenIDConnectProviderRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).iamconn
defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig
ignoreTagsConfig := meta.(*AWSClient).IgnoreTagsConfig

input := &iam.GetOpenIDConnectProviderInput{
Expand All @@ -97,10 +103,17 @@ func resourceAwsIamOpenIDConnectProviderRead(d *schema.ResourceData, meta interf
d.Set("client_id_list", flattenStringList(out.ClientIDList))
d.Set("thumbprint_list", flattenStringList(out.ThumbprintList))

if err := d.Set("tags", keyvaluetags.IamKeyValueTags(out.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
tags := keyvaluetags.IamKeyValueTags(out.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig)

//lintignore:AWSR002
if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
return fmt.Errorf("error setting tags: %w", err)
}

if err := d.Set("tags_all", tags.Map()); err != nil {
return fmt.Errorf("error setting tags_all: %w", err)
}

return nil
}

Expand All @@ -119,8 +132,8 @@ func resourceAwsIamOpenIDConnectProviderUpdate(d *schema.ResourceData, meta inte
}
}

if d.HasChange("tags") {
o, n := d.GetChange("tags")
if d.HasChange("tags_all") {
o, n := d.GetChange("tags_all")

if err := keyvaluetags.IamOpenIDConnectProviderUpdateTags(conn, d.Id(), o, n); err != nil {
return fmt.Errorf("error updating tags for IAM OIDC Provider (%s): %w", d.Id(), err)
Expand Down
25 changes: 19 additions & 6 deletions aws/resource_aws_iam_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,13 +74,18 @@ func resourceAwsIamPolicy() *schema.Resource {
Type: schema.TypeString,
Computed: true,
},
"tags": tagsSchema(),
"tags": tagsSchema(),
"tags_all": tagsSchemaComputed(),
},

CustomizeDiff: SetTagsDiff,
}
}

func resourceAwsIamPolicyCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).iamconn
defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig
tags := defaultTagsConfig.MergeTags(keyvaluetags.New(d.Get("tags").(map[string]interface{})))

var name string
if v, ok := d.GetOk("name"); ok {
Expand All @@ -96,7 +101,7 @@ func resourceAwsIamPolicyCreate(d *schema.ResourceData, meta interface{}) error
Path: aws.String(d.Get("path").(string)),
PolicyDocument: aws.String(d.Get("policy").(string)),
PolicyName: aws.String(name),
Tags: keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().IamTags(),
Tags: tags.IgnoreAws().IamTags(),
}

response, err := conn.CreatePolicy(request)
Expand All @@ -111,6 +116,7 @@ func resourceAwsIamPolicyCreate(d *schema.ResourceData, meta interface{}) error

func resourceAwsIamPolicyRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).iamconn
defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig
ignoreTagsConfig := meta.(*AWSClient).IgnoreTagsConfig

input := &iam.GetPolicyInput{
Expand Down Expand Up @@ -162,10 +168,17 @@ func resourceAwsIamPolicyRead(d *schema.ResourceData, meta interface{}) error {
d.Set("path", policy.Path)
d.Set("policy_id", policy.PolicyId)

if err := d.Set("tags", keyvaluetags.IamKeyValueTags(policy.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
tags := keyvaluetags.IamKeyValueTags(policy.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig)

//lintignore:AWSR002
if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
return fmt.Errorf("error setting tags: %w", err)
}

if err := d.Set("tags_all", tags.Map()); err != nil {
return fmt.Errorf("error setting tags_all: %w", err)
}

// Retrieve policy

getPolicyVersionRequest := &iam.GetPolicyVersionInput{
Expand Down Expand Up @@ -221,7 +234,7 @@ func resourceAwsIamPolicyRead(d *schema.ResourceData, meta interface{}) error {
func resourceAwsIamPolicyUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).iamconn

if d.HasChangeExcept("tags") {
if d.HasChangesExcept("tags", "tags_all") {

if err := iamPolicyPruneVersions(d.Id(), conn); err != nil {
return err
Expand All @@ -238,8 +251,8 @@ func resourceAwsIamPolicyUpdate(d *schema.ResourceData, meta interface{}) error
}
}

if d.HasChange("tags") {
o, n := d.GetChange("tags")
if d.HasChange("tags_all") {
o, n := d.GetChange("tags_all")

if err := keyvaluetags.IamPolicyUpdateTags(conn, d.Id(), o, n); err != nil {
return fmt.Errorf("error updating tags for IAM Policy (%s): %w", d.Id(), err)
Expand Down
27 changes: 20 additions & 7 deletions aws/resource_aws_iam_role.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,8 @@ func resourceAwsIamRole() *schema.Resource {
ValidateFunc: validation.IntBetween(3600, 43200),
},

"tags": tagsSchema(),
"tags": tagsSchema(),
"tags_all": tagsSchemaComputed(),

"inline_policy": {
Type: schema.TypeSet,
Expand Down Expand Up @@ -144,6 +145,8 @@ func resourceAwsIamRole() *schema.Resource {
Set: schema.HashString,
},
},

CustomizeDiff: SetTagsDiff,
}
}

Expand All @@ -155,6 +158,8 @@ func resourceAwsIamRoleImport(

func resourceAwsIamRoleCreate(d *schema.ResourceData, meta interface{}) error {
iamconn := meta.(*AWSClient).iamconn
defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig
tags := defaultTagsConfig.MergeTags(keyvaluetags.New(d.Get("tags").(map[string]interface{})))

var name string
if v, ok := d.GetOk("name"); ok {
Expand Down Expand Up @@ -183,8 +188,8 @@ func resourceAwsIamRoleCreate(d *schema.ResourceData, meta interface{}) error {
request.PermissionsBoundary = aws.String(v.(string))
}

if v := d.Get("tags").(map[string]interface{}); len(v) > 0 {
request.Tags = keyvaluetags.New(v).IgnoreAws().IamTags()
if len(tags) > 0 {
request.Tags = tags.IgnoreAws().IamTags()
}

var createResp *iam.CreateRoleOutput
Expand Down Expand Up @@ -230,6 +235,7 @@ func resourceAwsIamRoleCreate(d *schema.ResourceData, meta interface{}) error {

func resourceAwsIamRoleRead(d *schema.ResourceData, meta interface{}) error {
iamconn := meta.(*AWSClient).iamconn
defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig
ignoreTagsConfig := meta.(*AWSClient).IgnoreTagsConfig

request := &iam.GetRoleInput{
Expand Down Expand Up @@ -287,8 +293,15 @@ func resourceAwsIamRoleRead(d *schema.ResourceData, meta interface{}) error {
}
d.Set("unique_id", role.RoleId)

if err := d.Set("tags", keyvaluetags.IamKeyValueTags(role.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
return fmt.Errorf("error setting tags: %s", err)
tags := keyvaluetags.IamKeyValueTags(role.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig)

//lintignore:AWSR002
if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
return fmt.Errorf("error setting tags: %w", err)
}

if err := d.Set("tags_all", tags.Map()); err != nil {
return fmt.Errorf("error setting tags_all: %w", err)
}

assumeRolePolicy, err := url.QueryUnescape(*role.AssumeRolePolicyDocument)
Expand Down Expand Up @@ -386,8 +399,8 @@ func resourceAwsIamRoleUpdate(d *schema.ResourceData, meta interface{}) error {
}
}

if d.HasChange("tags") {
o, n := d.GetChange("tags")
if d.HasChange("tags_all") {
o, n := d.GetChange("tags_all")

if err := keyvaluetags.IamRoleUpdateTags(iamconn, d.Id(), o, n); err != nil {
return fmt.Errorf("error updating IAM Role (%s) tags: %s", d.Id(), err)
Expand Down
25 changes: 19 additions & 6 deletions aws/resource_aws_iam_saml_provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,18 +45,23 @@ func resourceAwsIamSamlProvider() *schema.Resource {
Required: true,
ValidateFunc: validation.StringLenBetween(1000, 10000000),
},
"tags": tagsSchema(),
"tags": tagsSchema(),
"tags_all": tagsSchemaComputed(),
},

CustomizeDiff: SetTagsDiff,
}
}

func resourceAwsIamSamlProviderCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).iamconn
defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig
tags := defaultTagsConfig.MergeTags(keyvaluetags.New(d.Get("tags").(map[string]interface{})))

input := &iam.CreateSAMLProviderInput{
Name: aws.String(d.Get("name").(string)),
SAMLMetadataDocument: aws.String(d.Get("saml_metadata_document").(string)),
Tags: keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().IamTags(),
Tags: tags.IgnoreAws().IamTags(),
}

out, err := conn.CreateSAMLProvider(input)
Expand All @@ -71,6 +76,7 @@ func resourceAwsIamSamlProviderCreate(d *schema.ResourceData, meta interface{})

func resourceAwsIamSamlProviderRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).iamconn
defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig
ignoreTagsConfig := meta.(*AWSClient).IgnoreTagsConfig

input := &iam.GetSAMLProviderInput{
Expand All @@ -95,17 +101,24 @@ func resourceAwsIamSamlProviderRead(d *schema.ResourceData, meta interface{}) er
d.Set("valid_until", out.ValidUntil.Format(time.RFC1123))
d.Set("saml_metadata_document", out.SAMLMetadataDocument)

if err := d.Set("tags", keyvaluetags.IamKeyValueTags(out.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
tags := keyvaluetags.IamKeyValueTags(out.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig)

//lintignore:AWSR002
if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
return fmt.Errorf("error setting tags: %w", err)
}

if err := d.Set("tags_all", tags.Map()); err != nil {
return fmt.Errorf("error setting tags_all: %w", err)
}

return nil
}

func resourceAwsIamSamlProviderUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).iamconn

if d.HasChangeExcept("tags") {
if d.HasChangesExcept("tags", "tags_all") {
input := &iam.UpdateSAMLProviderInput{
SAMLProviderArn: aws.String(d.Id()),
SAMLMetadataDocument: aws.String(d.Get("saml_metadata_document").(string)),
Expand All @@ -116,8 +129,8 @@ func resourceAwsIamSamlProviderUpdate(d *schema.ResourceData, meta interface{})
}
}

if d.HasChange("tags") {
o, n := d.GetChange("tags")
if d.HasChange("tags_all") {
o, n := d.GetChange("tags_all")

if err := keyvaluetags.IamSAMLProviderUpdateTags(conn, d.Id(), o, n); err != nil {
return fmt.Errorf("error updating tags for IAM SAML Provider (%s): %w", d.Id(), err)
Expand Down
Loading

0 comments on commit 83a19e7

Please sign in to comment.