Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

r/aws_iam_role_policy_attachments_exclusive: new resource #39718

Merged
merged 2 commits into from
Oct 15, 2024
Merged

r/aws_iam_role_policy_attachments_exclusive: new resource #39718

merged 2 commits into from
Oct 15, 2024
+759 −1

Conversation

jar-b
Copy link
Member

@jar-b jar-b commented Oct 14, 2024

Description

This resource will allow practitioners to retain exclusive ownership of customer managed policy attachments to IAM roles via Terraform.

Relations

Relates #39376
Closes #39379

References

Output from Acceptance Testing

% make testacc PKG=iam TESTS=TestAccIAMRolePolicyAttachmentsExclusive_
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.2 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMRolePolicyAttachmentsExclusive_'  -timeout 360m
2024/10/14 15:25:06 Initializing Terraform AWS Provider...

--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_empty (16.00s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_disappears_Policy (17.99s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_disappears_Role (18.13s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_basic (18.24s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition (26.34s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_outOfBandRemoval (26.48s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_multiple (26.84s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/iam        33.206s

@github-actions GitHub Actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/iam Issues and PRs that pertain to the iam service. generators Relates to code generators. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. labels Oct 14, 2024
@jar-b jar-b added the new-resource Introduces a new resource. label Oct 14, 2024
@jar-b jar-b marked this pull request as ready for review October 14, 2024 20:36
@jar-b jar-b requested a review from a team as a code owner October 14, 2024 20:36
ewbankkit
ewbankkit approved these changes Oct 15, 2024
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccIAMRolePolicyAttachmentsExclusive_' PKG=iam ACCTEST_PARALLELISM=3
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.2 test ./internal/service/iam/... -v -count 1 -parallel 3  -run=TestAccIAMRolePolicyAttachmentsExclusive_ -timeout 360m
2024/10/15 09:24:25 Initializing Terraform AWS Provider...
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_basic
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_basic
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_disappears_Role
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_disappears_Role
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_disappears_Policy
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_disappears_Policy
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_multiple
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_multiple
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_empty
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_empty
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_outOfBandRemoval
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_outOfBandRemoval
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_basic
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_empty
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_disappears_Policy
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_empty (11.22s)
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_disappears_Role
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_disappears_Policy (11.44s)
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_basic (13.03s)
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_multiple
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_disappears_Role (10.80s)
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_outOfBandRemoval
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition (17.81s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_multiple (19.86s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_outOfBandRemoval (18.22s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/iam	45.200s

The first time I ran the tests I saw an error:

=== NAME  TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition
    role_policy_attachments_exclusive_test.go:260: Step 2/2 error: Error running apply: exit status 1
        
        Error: deleting IAM Policy (arn:aws:iam::187416307283:policy/tf-testing/tf-acc-test-2996109381719547812-out-of-band): operation error IAM: DeletePolicy, https response error StatusCode: 409, RequestID: de36e887-b4e3-4d33-ab8e-71b4913c9c5b, DeleteConflict: Cannot delete a policy attached to entities.
        
--- FAIL: TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition (13.69s)

which suggests a retry may be necessary.

@jar-b
r/aws_iam_role_policy_attachments_exclusive: new resource
4bfe765 
This resource will allow practitioners to retain exclusive ownership of
customer managed policy attachments to IAM roles via Terraform.

```console
% make testacc PKG=iam TESTS=TestAccIAMRolePolicyAttachmentsExclusive_
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.2 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMRolePolicyAttachmentsExclusive_'  -timeout 360m
2024/10/14 15:25:06 Initializing Terraform AWS Provider...

--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_empty (16.00s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_disappears_Policy (17.99s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_disappears_Role (18.13s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_basic (18.24s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition (26.34s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_outOfBandRemoval (26.48s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_multiple (26.84s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/iam        33.206s
```
@jar-b
r/aws_iam_role: deprecate managed_policy_arns argument
e5dcea9
@jar-b jar-b merged commit 78b760a into main Oct 15, 2024
41 checks passed
@jar-b jar-b deleted the f-attachment_exclusive branch October 15, 2024 17:26
@github-actions github-actions bot added this to the v5.72.0 milestone Oct 15, 2024
terraform-aws-provider bot pushed a commit that referenced this pull request Oct 15, 2024
Update CHANGELOG.md for #39718
3af9727
@jar-b
Copy link
Member Author

jar-b commented Oct 15, 2024

The first time I ran the tests I saw an error:

=== NAME TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition
role_policy_attachments_exclusive_test.go:260: Step 2/2 error: Error running apply: exit status 1

    Error: deleting IAM Policy (arn:aws:iam::187416307283:policy/tf-testing/tf-acc-test-2996109381719547812-out-of-band): operation error IAM: DeletePolicy, https response error StatusCode: 409, RequestID: de36e887-b4e3-4d33-ab8e-71b4913c9c5b, DeleteConflict: Cannot delete a policy attached to entities.

--- FAIL: TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition (13.69s)

which suggests a retry may be necessary.

Apologies, missed this part of the review comment earlier. This is a bug in the test case I missed when refactoring (the configuration switches between steps when it should not). I'll open a follow up PR.

@jar-b jar-b mentioned this pull request Oct 15, 2024
Merged
@github-actions GitHub Actions
Copy link

This functionality has been released in v5.72.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Oct 15, 2024
@mimozell mimozell mentioned this pull request Oct 18, 2024
Open
@jar-b jar-b mentioned this pull request Nov 1, 2024
Merged
@ryosukes ryosukes mentioned this pull request Nov 8, 2024
Open
@github-actions GitHub Actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. generators Relates to code generators. new-resource Introduces a new resource. service/iam Issues and PRs that pertain to the iam service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v5.72.0
Development

Successfully merging this pull request may close these issues.

[New Resource]: aws_iam_role_policy_attachments_exclusive
2 participants
@jar-b @ewbankkit