From cd2e75c3b5446b2baf4ea5a4734679ce613b0a6b Mon Sep 17 00:00:00 2001 From: Graham Davison Date: Thu, 29 Oct 2020 14:17:44 -0700 Subject: [PATCH 1/2] Adds custom event bus support to EventBridge permission resource --- aws/internal/service/cloudwatchevents/id.go | 21 +++ ...esource_aws_cloudwatch_event_permission.go | 92 +++++++---- ...ce_aws_cloudwatch_event_permission_test.go | 145 ++++++++++++++---- .../cloudwatch_event_permission.html.markdown | 5 +- .../r/cloudwatch_event_rule.html.markdown | 2 +- 5 files changed, 203 insertions(+), 62 deletions(-) diff --git a/aws/internal/service/cloudwatchevents/id.go b/aws/internal/service/cloudwatchevents/id.go index 80d947370ff..34901eae773 100644 --- a/aws/internal/service/cloudwatchevents/id.go +++ b/aws/internal/service/cloudwatchevents/id.go @@ -7,6 +7,27 @@ import ( const DefaultEventBusName = "default" +const PermissionIDSeparator = "/" + +func PermissionCreateID(eventBusName, statementID string) string { + if eventBusName == "" || eventBusName == DefaultEventBusName { + return statementID + } + return eventBusName + PermissionIDSeparator + statementID +} + +func PermissionParseID(id string) (string, string, error) { + parts := strings.Split(id, PermissionIDSeparator) + if len(parts) == 1 && parts[0] != "" { + return DefaultEventBusName, parts[0], nil + } + if len(parts) == 2 && parts[0] != "" && parts[1] != "" { + return parts[0], parts[1], nil + } + + return "", "", fmt.Errorf("unexpected format for ID (%q), expected "+PermissionIDSeparator+" or ", id) +} + const ruleIDSeparator = "/" func RuleCreateID(eventBusName, ruleName string) string { diff --git a/aws/resource_aws_cloudwatch_event_permission.go b/aws/resource_aws_cloudwatch_event_permission.go index 2c526c4ae83..0cf6f7885c4 100644 --- a/aws/resource_aws_cloudwatch_event_permission.go +++ b/aws/resource_aws_cloudwatch_event_permission.go @@ -5,7 +5,6 @@ import ( "fmt" "log" "regexp" - "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/arn" @@ -14,6 +13,8 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + tfevents "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/cloudwatchevents" + iamwaiter "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/iam/waiter" ) func resourceAwsCloudWatchEventPermission() *schema.Resource { @@ -57,6 +58,13 @@ func resourceAwsCloudWatchEventPermission() *schema.Resource { }, }, }, + "event_bus_name": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + ValidateFunc: validateCloudWatchEventBusName, + Default: tfevents.DefaultEventBusName, + }, "principal": { Type: schema.TypeString, Required: true, @@ -75,22 +83,25 @@ func resourceAwsCloudWatchEventPermission() *schema.Resource { func resourceAwsCloudWatchEventPermissionCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).cloudwatcheventsconn + eventBusName := d.Get("event_bus_name").(string) statementID := d.Get("statement_id").(string) input := events.PutPermissionInput{ - Action: aws.String(d.Get("action").(string)), - Condition: expandCloudWatchEventsCondition(d.Get("condition").([]interface{})), - Principal: aws.String(d.Get("principal").(string)), - StatementId: aws.String(statementID), + Action: aws.String(d.Get("action").(string)), + Condition: expandCloudWatchEventsCondition(d.Get("condition").([]interface{})), + EventBusName: aws.String(eventBusName), + Principal: aws.String(d.Get("principal").(string)), + StatementId: aws.String(statementID), } log.Printf("[DEBUG] Creating CloudWatch Events permission: %s", input) _, err := conn.PutPermission(&input) if err != nil { - return fmt.Errorf("Creating CloudWatch Events permission failed: %s", err.Error()) + return fmt.Errorf("Creating CloudWatch Events permission failed: %w", err) } - d.SetId(statementID) + id := tfevents.PermissionCreateID(eventBusName, statementID) + d.SetId(id) return resourceAwsCloudWatchEventPermissionRead(d, meta) } @@ -98,19 +109,26 @@ func resourceAwsCloudWatchEventPermissionCreate(d *schema.ResourceData, meta int // See also: https://docs.aws.amazon.com/AmazonCloudWatchEvents/latest/APIReference/API_DescribeEventBus.html func resourceAwsCloudWatchEventPermissionRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).cloudwatcheventsconn - input := events.DescribeEventBusInput{} + + eventBusName, statementID, err := tfevents.PermissionParseID(d.Id()) + if err != nil { + return fmt.Errorf("error reading CloudWatch Events permission (%s): %w", d.Id(), err) + } + input := events.DescribeEventBusInput{ + Name: aws.String(eventBusName), + } var output *events.DescribeEventBusOutput var policyStatement *CloudWatchEventPermissionPolicyStatement // Especially with concurrent PutPermission calls there can be a slight delay - err := resource.Retry(1*time.Minute, func() *resource.RetryError { + err = resource.Retry(iamwaiter.PropagationTimeout, func() *resource.RetryError { log.Printf("[DEBUG] Reading CloudWatch Events bus: %s", input) - output, err := conn.DescribeEventBus(&input) + output, err = conn.DescribeEventBus(&input) if err != nil { - return resource.NonRetryableError(fmt.Errorf("Reading CloudWatch Events permission '%s' failed: %s", d.Id(), err.Error())) + return resource.NonRetryableError(fmt.Errorf("reading CloudWatch Events permission (%s) failed: %w", d.Id(), err)) } - policyStatement, err = getPolicyStatement(output, d.Id()) + policyStatement, err = getPolicyStatement(output, statementID) if err != nil { return resource.RetryableError(err) } @@ -120,24 +138,28 @@ func resourceAwsCloudWatchEventPermissionRead(d *schema.ResourceData, meta inter if isResourceTimeoutError(err) { output, err = conn.DescribeEventBus(&input) if output != nil { - policyStatement, err = getPolicyStatement(output, d.Id()) + policyStatement, err = getPolicyStatement(output, statementID) } } if isResourceNotFoundError(err) { - log.Printf("[WARN] %s", err) + log.Printf("[WARN] CloudWatch Events permission (%s) not found, removing from state", d.Id()) d.SetId("") return nil } if err != nil { - // Missing statement inside valid policy - return err + return fmt.Errorf("error reading CloudWatch Events permission (%s): %w", d.Id(), err) } d.Set("action", policyStatement.Action) + busName := aws.StringValue(output.Name) + if busName == "" { + busName = tfevents.DefaultEventBusName + } + d.Set("event_bus_name", busName) if err := d.Set("condition", flattenCloudWatchEventPermissionPolicyStatementCondition(policyStatement.Condition)); err != nil { - return fmt.Errorf("error setting condition: %s", err) + return fmt.Errorf("error setting condition: %w", err) } principalString, ok := policyStatement.Principal.(string) @@ -147,7 +169,7 @@ func resourceAwsCloudWatchEventPermissionRead(d *schema.ResourceData, meta inter principalMap := policyStatement.Principal.(map[string]interface{}) policyARN, err := arn.Parse(principalMap["AWS"].(string)) if err != nil { - return fmt.Errorf("Reading CloudWatch Events permission '%s' failed: %s", d.Id(), err) + return fmt.Errorf("error reading CloudWatch Events permission (%s): %w", d.Id(), err) } d.Set("principal", policyARN.AccountID) } @@ -161,15 +183,14 @@ func getPolicyStatement(output *events.DescribeEventBusOutput, statementID strin if output == nil || output.Policy == nil { return nil, &resource.NotFoundError{ - Message: fmt.Sprintf("CloudWatch Events permission %q not found"+ - "in given results from DescribeEventBus", statementID), + Message: fmt.Sprintf("CloudWatch Events permission %q not found", statementID), LastResponse: output, } } err := json.Unmarshal([]byte(*output.Policy), &policyDoc) if err != nil { - return nil, fmt.Errorf("Reading CloudWatch Events permission '%s' failed: %s", statementID, err) + return nil, fmt.Errorf("error reading CloudWatch Events permission (%s): %w", statementID, err) } return findCloudWatchEventPermissionPolicyStatementByID(&policyDoc, statementID) @@ -178,22 +199,27 @@ func getPolicyStatement(output *events.DescribeEventBusOutput, statementID strin func resourceAwsCloudWatchEventPermissionUpdate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).cloudwatcheventsconn + eventBusName, statementID, err := tfevents.PermissionParseID(d.Id()) + if err != nil { + return fmt.Errorf("error updating CloudWatch Events permission (%s): %w", d.Id(), err) + } input := events.PutPermissionInput{ - Action: aws.String(d.Get("action").(string)), - Condition: expandCloudWatchEventsCondition(d.Get("condition").([]interface{})), - Principal: aws.String(d.Get("principal").(string)), - StatementId: aws.String(d.Get("statement_id").(string)), + Action: aws.String(d.Get("action").(string)), + Condition: expandCloudWatchEventsCondition(d.Get("condition").([]interface{})), + EventBusName: aws.String(eventBusName), + Principal: aws.String(d.Get("principal").(string)), + StatementId: aws.String(statementID), } log.Printf("[DEBUG] Update CloudWatch Events permission: %s", input) - _, err := conn.PutPermission(&input) + _, err = conn.PutPermission(&input) if isAWSErr(err, events.ErrCodeResourceNotFoundException, "") { log.Printf("[WARN] CloudWatch Events permission %q not found, removing from state", d.Id()) d.SetId("") return nil } if err != nil { - return fmt.Errorf("Updating CloudWatch Events permission '%s' failed: %s", d.Id(), err.Error()) + return fmt.Errorf("error updating CloudWatch Events permission (%s): %w", d.Id(), err) } return resourceAwsCloudWatchEventPermissionRead(d, meta) @@ -201,17 +227,23 @@ func resourceAwsCloudWatchEventPermissionUpdate(d *schema.ResourceData, meta int func resourceAwsCloudWatchEventPermissionDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).cloudwatcheventsconn + + eventBusName, statementID, err := tfevents.PermissionParseID(d.Id()) + if err != nil { + return fmt.Errorf("error deleting CloudWatch Events permission (%s): %w", d.Id(), err) + } input := events.RemovePermissionInput{ - StatementId: aws.String(d.Id()), + EventBusName: aws.String(eventBusName), + StatementId: aws.String(statementID), } log.Printf("[DEBUG] Delete CloudWatch Events permission: %s", input) - _, err := conn.RemovePermission(&input) + _, err = conn.RemovePermission(&input) if isAWSErr(err, events.ErrCodeResourceNotFoundException, "") { return nil } if err != nil { - return fmt.Errorf("Deleting CloudWatch Events permission '%s' failed: %s", d.Id(), err.Error()) + return fmt.Errorf("error deleting CloudWatch Events permission (%s): %w", d.Id(), err) } return nil } diff --git a/aws/resource_aws_cloudwatch_event_permission_test.go b/aws/resource_aws_cloudwatch_event_permission_test.go index 144544c0eca..c9f8a9b2c23 100644 --- a/aws/resource_aws_cloudwatch_event_permission_test.go +++ b/aws/resource_aws_cloudwatch_event_permission_test.go @@ -10,10 +10,10 @@ import ( "github.com/aws/aws-sdk-go/aws" events "github.com/aws/aws-sdk-go/service/cloudwatchevents" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + tfevents "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/cloudwatchevents" ) func init() { @@ -26,7 +26,7 @@ func init() { func testSweepCloudWatchEventPermissions(region string) error { client, err := sharedClientForRegion(region) if err != nil { - return fmt.Errorf("Error getting client: %s", err) + return fmt.Errorf("Error getting client: %w", err) } conn := client.(*AWSClient).cloudwatcheventsconn @@ -36,7 +36,7 @@ func testSweepCloudWatchEventPermissions(region string) error { log.Printf("[WARN] Skipping CloudWatch Event Permission sweep for %s: %s", region, err) return nil } - return fmt.Errorf("Error retrieving CloudWatch Event Permissions: %s", err) + return fmt.Errorf("Error retrieving CloudWatch Event Permissions: %w", err) } policy := aws.StringValue(output.Policy) @@ -49,7 +49,7 @@ func testSweepCloudWatchEventPermissions(region string) error { var policyDoc CloudWatchEventPermissionPolicyDoc err = json.Unmarshal([]byte(policy), &policyDoc) if err != nil { - return fmt.Errorf("Parsing CloudWatch Event Permissions policy %q failed: %s", policy, err) + return fmt.Errorf("Parsing CloudWatch Event Permissions policy %q failed: %w", policy, err) } for _, statement := range policyDoc.Statements { @@ -60,7 +60,7 @@ func testSweepCloudWatchEventPermissions(region string) error { StatementId: aws.String(sid), }) if err != nil { - return fmt.Errorf("Error deleting CloudWatch Event Permission %s: %s", sid, err) + return fmt.Errorf("Error deleting CloudWatch Event Permission %s: %w", sid, err) } } @@ -70,8 +70,8 @@ func testSweepCloudWatchEventPermissions(region string) error { func TestAccAWSCloudWatchEventPermission_basic(t *testing.T) { principal1 := "111111111111" principal2 := "*" - statementID := acctest.RandomWithPrefix(t.Name()) - resourceName := "aws_cloudwatch_event_permission.test1" + statementID := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_cloudwatch_event_permission.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -114,6 +114,7 @@ func TestAccAWSCloudWatchEventPermission_basic(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "condition.#", "0"), resource.TestCheckResourceAttr(resourceName, "principal", principal1), resource.TestCheckResourceAttr(resourceName, "statement_id", statementID), + resource.TestCheckResourceAttr(resourceName, "event_bus_name", tfevents.DefaultEventBusName), ), }, { @@ -128,14 +129,50 @@ func TestAccAWSCloudWatchEventPermission_basic(t *testing.T) { ImportState: true, ImportStateVerify: true, }, + { + Config: testAccCheckAwsCloudWatchEventPermissionResourceConfigDefaultEventBusName(principal2, statementID), + PlanOnly: true, + }, + }, + }) +} + +func TestAccAWSCloudWatchEventPermission_EventBusName(t *testing.T) { + principal1 := "111111111111" + statementID := acctest.RandomWithPrefix("tf-acc-test") + busName := acctest.RandomWithPrefix("tf-acc-test-bus") + + resourceName := "aws_cloudwatch_event_permission.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckCloudWatchEventPermissionDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckAwsCloudWatchEventPermissionResourceConfigEventBusName(principal1, busName, statementID), + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudWatchEventPermissionExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "action", "events:PutEvents"), + resource.TestCheckResourceAttr(resourceName, "condition.#", "0"), + resource.TestCheckResourceAttr(resourceName, "principal", principal1), + resource.TestCheckResourceAttr(resourceName, "statement_id", statementID), + resource.TestCheckResourceAttr(resourceName, "event_bus_name", busName), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, }, }) } func TestAccAWSCloudWatchEventPermission_Action(t *testing.T) { principal := "111111111111" - statementID := acctest.RandomWithPrefix(t.Name()) - resourceName := "aws_cloudwatch_event_permission.test1" + statementID := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_cloudwatch_event_permission.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -175,7 +212,7 @@ func TestAccAWSCloudWatchEventPermission_Action(t *testing.T) { } func TestAccAWSCloudWatchEventPermission_Condition(t *testing.T) { - statementID := acctest.RandomWithPrefix("TestAcc") + statementID := acctest.RandomWithPrefix("tf-acc-test") resourceName := "aws_cloudwatch_event_permission.test" resource.ParallelTest(t, resource.TestCase{ @@ -215,9 +252,9 @@ func TestAccAWSCloudWatchEventPermission_Condition(t *testing.T) { func TestAccAWSCloudWatchEventPermission_Multiple(t *testing.T) { principal1 := "111111111111" principal2 := "222222222222" - statementID1 := acctest.RandomWithPrefix(t.Name()) - statementID2 := acctest.RandomWithPrefix(t.Name()) - resourceName1 := "aws_cloudwatch_event_permission.test1" + statementID1 := acctest.RandomWithPrefix("tf-acc-test") + statementID2 := acctest.RandomWithPrefix("tf-acc-test") + resourceName1 := "aws_cloudwatch_event_permission.test" resourceName2 := "aws_cloudwatch_event_permission.test2" resource.ParallelTest(t, resource.TestCase{ @@ -249,9 +286,9 @@ func TestAccAWSCloudWatchEventPermission_Multiple(t *testing.T) { } func TestAccAWSCloudWatchEventPermission_Disappears(t *testing.T) { - resourceName := "aws_cloudwatch_event_permission.test1" + resourceName := "aws_cloudwatch_event_permission.test" principal := "111111111111" - statementID := fmt.Sprintf("tf-acc-test-%s", acctest.RandStringFromCharSet(52, acctest.CharSetAlphaNum)) // len = 64 + statementID := acctest.RandomWithPrefix("tf-acc-test") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -262,7 +299,7 @@ func TestAccAWSCloudWatchEventPermission_Disappears(t *testing.T) { Config: testAccCheckAwsCloudWatchEventPermissionResourceConfigBasic(principal, statementID), Check: resource.ComposeTestCheckFunc( testAccCheckCloudWatchEventPermissionExists(resourceName), - testAccCheckCloudWatchEventPermissionDisappears(resourceName), + testAccCheckResourceDisappears(testAccProvider, resourceAwsCloudWatchEventPermission(), resourceName), ), ExpectNonEmptyPlan: true, }, @@ -302,9 +339,16 @@ func testAccCheckCloudWatchEventPermissionExists(pr string) resource.TestCheckFu return fmt.Errorf("No ID is set") } - debo, err := conn.DescribeEventBus(&events.DescribeEventBusInput{}) + eventBusName, statementID, err := tfevents.PermissionParseID(rs.Primary.ID) if err != nil { - return fmt.Errorf("Reading CloudWatch Events bus policy for '%s' failed: %s", pr, err.Error()) + return fmt.Errorf("error reading CloudWatch Events permission (%s): %w", pr, err) + } + input := &events.DescribeEventBusInput{ + Name: aws.String(eventBusName), + } + debo, err := conn.DescribeEventBus(input) + if err != nil { + return fmt.Errorf("Reading CloudWatch Events bus policy for '%s' failed: %w", pr, err) } if debo.Policy == nil { @@ -314,10 +358,10 @@ func testAccCheckCloudWatchEventPermissionExists(pr string) resource.TestCheckFu var policyDoc CloudWatchEventPermissionPolicyDoc err = json.Unmarshal([]byte(*debo.Policy), &policyDoc) if err != nil { - return fmt.Errorf("Reading CloudWatch Events bus policy for '%s' failed: %s", pr, err.Error()) + return fmt.Errorf("Reading CloudWatch Events bus policy for '%s' failed: %w", pr, err) } - _, err = findCloudWatchEventPermissionPolicyStatementByID(&policyDoc, rs.Primary.ID) + _, err = findCloudWatchEventPermissionPolicyStatementByID(&policyDoc, statementID) return err } } @@ -330,10 +374,18 @@ func testAccCheckCloudWatchEventPermissionDestroy(s *terraform.State) error { continue } - err := resource.Retry(1*time.Minute, func() *resource.RetryError { - input := events.DescribeEventBusInput{} - - debo, err := conn.DescribeEventBus(&input) + eventBusName, statementID, err := tfevents.PermissionParseID(rs.Primary.ID) + if err != nil { + return fmt.Errorf("error reading CloudWatch Events permission (%s): %w", rs.Primary.ID, err) + } + input := &events.DescribeEventBusInput{ + Name: aws.String(eventBusName), + } + err = resource.Retry(1*time.Minute, func() *resource.RetryError { + debo, err := conn.DescribeEventBus(input) + if isAWSErr(err, events.ErrCodeResourceNotFoundException, "") { + return nil + } if err != nil { return resource.NonRetryableError(err) } @@ -344,10 +396,10 @@ func testAccCheckCloudWatchEventPermissionDestroy(s *terraform.State) error { var policyDoc CloudWatchEventPermissionPolicyDoc err = json.Unmarshal([]byte(*debo.Policy), &policyDoc) if err != nil { - return resource.NonRetryableError(fmt.Errorf("Reading CloudWatch Events permission '%s' failed: %s", rs.Primary.ID, err.Error())) + return resource.NonRetryableError(fmt.Errorf("Reading CloudWatch Events permission '%s' failed: %w", rs.Primary.ID, err)) } - _, err = findCloudWatchEventPermissionPolicyStatementByID(&policyDoc, rs.Primary.ID) + _, err = findCloudWatchEventPermissionPolicyStatementByID(&policyDoc, statementID) if err == nil { return resource.RetryableError(fmt.Errorf("CloudWatch Events permission exists: %s", rs.Primary.ID)) } @@ -363,18 +415,53 @@ func testAccCheckCloudWatchEventPermissionDestroy(s *terraform.State) error { return nil } +func testAccAWSCloudWatchEventPermissionDefaultBusNameImportStateIdFunc(resourceName string) resource.ImportStateIdFunc { + return func(s *terraform.State) (string, error) { + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return "", fmt.Errorf("Not found: %s", resourceName) + } + + return tfevents.DefaultEventBusName + tfevents.PermissionIDSeparator + rs.Primary.Attributes["statement_id"], nil + } +} + func testAccCheckAwsCloudWatchEventPermissionResourceConfigBasic(principal, statementID string) string { return fmt.Sprintf(` -resource "aws_cloudwatch_event_permission" "test1" { +resource "aws_cloudwatch_event_permission" "test" { principal = "%[1]s" statement_id = "%[2]s" } `, principal, statementID) } +func testAccCheckAwsCloudWatchEventPermissionResourceConfigDefaultEventBusName(principal, statementID string) string { + return fmt.Sprintf(` +resource "aws_cloudwatch_event_permission" "test" { + principal = %[1]q + statement_id = %[2]q + event_bus_name = "default" +} +`, principal, statementID) +} + +func testAccCheckAwsCloudWatchEventPermissionResourceConfigEventBusName(principal, busName, statementID string) string { + return fmt.Sprintf(` +resource "aws_cloudwatch_event_permission" "test" { + principal = %[1]q + statement_id = %[2]q + event_bus_name = aws_cloudwatch_event_bus.test.name +} + +resource "aws_cloudwatch_event_bus" "test" { + name = %[3]q +} +`, principal, statementID, busName) +} + func testAccCheckAwsCloudWatchEventPermissionResourceConfigAction(action, principal, statementID string) string { return fmt.Sprintf(` -resource "aws_cloudwatch_event_permission" "test1" { +resource "aws_cloudwatch_event_permission" "test" { action = "%[1]s" principal = "%[2]s" statement_id = "%[3]s" @@ -399,7 +486,7 @@ resource "aws_cloudwatch_event_permission" "test" { func testAccCheckAwsCloudWatchEventPermissionResourceConfigMultiple(principal1, statementID1, principal2, statementID2 string) string { return fmt.Sprintf(` -resource "aws_cloudwatch_event_permission" "test1" { +resource "aws_cloudwatch_event_permission" "test" { principal = "%[1]s" statement_id = "%[2]s" } diff --git a/website/docs/r/cloudwatch_event_permission.html.markdown b/website/docs/r/cloudwatch_event_permission.html.markdown index b621508d03d..f48a4114016 100644 --- a/website/docs/r/cloudwatch_event_permission.html.markdown +++ b/website/docs/r/cloudwatch_event_permission.html.markdown @@ -44,6 +44,7 @@ The following arguments are supported: * `statement_id` - (Required) An identifier string for the external account that you are granting permissions to. * `action` - (Optional) The action that you are enabling the other account to perform. Defaults to `events:PutEvents`. * `condition` - (Optional) Configuration block to limit the event bus permissions you are granting to only accounts that fulfill the condition. Specified below. +* `event_bus_name` - (Optional) The event bus to set the permissions on. If you omit this, the permissions are set on the `default` event bus. ### condition @@ -59,8 +60,8 @@ In addition to all arguments above, the following attributes are exported: ## Import -CloudWatch Events permissions can be imported using the statement ID, e.g. +CloudWatch Events permissions can be imported using the `event_bus_name/statement_id` (if you omit `event_bus_name`, the `default` event bus will be used), e.g. ```shell -$ terraform import aws_cloudwatch_event_permission.DevAccountAccess DevAccountAccess +$ terraform import aws_cloudwatch_event_permission.DevAccountAccess example-event-bus/DevAccountAccess ``` diff --git a/website/docs/r/cloudwatch_event_rule.html.markdown b/website/docs/r/cloudwatch_event_rule.html.markdown index 4e111185533..8750f44b5b2 100644 --- a/website/docs/r/cloudwatch_event_rule.html.markdown +++ b/website/docs/r/cloudwatch_event_rule.html.markdown @@ -85,5 +85,5 @@ In addition to all arguments above, the following attributes are exported: Cloudwatch Event Rules can be imported using the `event_bus_name/rule_name` (if you omit `event_bus_name`, the `default` event bus will be used), e.g. ``` -$ terraform import aws_cloudwatch_event_rule.console capture-console-sign-in +$ terraform import aws_cloudwatch_event_rule.console example-event-bus/capture-console-sign-in ``` From 730ea627e13411dbca5c08aea976e69c6763184a Mon Sep 17 00:00:00 2001 From: Graham Davison Date: Thu, 29 Oct 2020 14:37:40 -0700 Subject: [PATCH 2/2] Removes unused functions --- ...ce_aws_cloudwatch_event_permission_test.go | 31 ------------------- 1 file changed, 31 deletions(-) diff --git a/aws/resource_aws_cloudwatch_event_permission_test.go b/aws/resource_aws_cloudwatch_event_permission_test.go index c9f8a9b2c23..5e1471f2076 100644 --- a/aws/resource_aws_cloudwatch_event_permission_test.go +++ b/aws/resource_aws_cloudwatch_event_permission_test.go @@ -307,26 +307,6 @@ func TestAccAWSCloudWatchEventPermission_Disappears(t *testing.T) { }) } -func testAccCheckCloudWatchEventPermissionDisappears(resourceName string) resource.TestCheckFunc { - return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[resourceName] - if !ok { - return fmt.Errorf("Not found: %s", resourceName) - } - - if rs.Primary.ID == "" { - return fmt.Errorf("No resource ID is set") - } - - conn := testAccProvider.Meta().(*AWSClient).cloudwatcheventsconn - input := events.RemovePermissionInput{ - StatementId: aws.String(rs.Primary.ID), - } - _, err := conn.RemovePermission(&input) - return err - } -} - func testAccCheckCloudWatchEventPermissionExists(pr string) resource.TestCheckFunc { return func(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).cloudwatcheventsconn @@ -415,17 +395,6 @@ func testAccCheckCloudWatchEventPermissionDestroy(s *terraform.State) error { return nil } -func testAccAWSCloudWatchEventPermissionDefaultBusNameImportStateIdFunc(resourceName string) resource.ImportStateIdFunc { - return func(s *terraform.State) (string, error) { - rs, ok := s.RootModule().Resources[resourceName] - if !ok { - return "", fmt.Errorf("Not found: %s", resourceName) - } - - return tfevents.DefaultEventBusName + tfevents.PermissionIDSeparator + rs.Primary.Attributes["statement_id"], nil - } -} - func testAccCheckAwsCloudWatchEventPermissionResourceConfigBasic(principal, statementID string) string { return fmt.Sprintf(` resource "aws_cloudwatch_event_permission" "test" {