Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secretsmanager/secret: Fix equivalent policy diffs #22217

Merged
merged 10 commits into from
Dec 16, 2021
Merged

secretsmanager/secret: Fix equivalent policy diffs #22217

merged 10 commits into from
Dec 16, 2021

Conversation

YakDriver
Copy link
Member

@YakDriver YakDriver commented Dec 14, 2021
edited
Loading

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Relates #21968
Closes #21611
Closes #20781
Closes #18461
Relates #22004

Output from acceptance testing (us-west-2):

% make testacc TESTS=TestAccSecretsManagerSecretPolicy PKG=secretsmanager
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/secretsmanager/... -v -count 1 -parallel 20 -run='TestAccSecretsManagerSecretPolicy' -timeout 180m
--- PASS: TestAccSecretsManagerSecretPolicy_disappears (27.58s)
--- PASS: TestAccSecretsManagerSecretPolicy_basic (43.54s)
--- PASS: TestAccSecretsManagerSecretPolicy_blockPublicPolicy (55.29s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/secretsmanager	56.979s
% make testacc TESTS=TestAccSecretsManagerSecret_ PKG=secretsmanager
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/secretsmanager/... -v -count 1 -parallel 20 -run='TestAccSecretsManagerSecret_' -timeout 180m
--- PASS: TestAccSecretsManagerSecret_basicReplica (19.61s)
--- PASS: TestAccSecretsManagerSecret_withNamePrefix (19.84s)
--- PASS: TestAccSecretsManagerSecret_basic (19.98s)
--- PASS: TestAccSecretsManagerSecret_RecoveryWindowInDays_recreate (28.90s)
--- PASS: TestAccSecretsManagerSecret_description (30.69s)
--- PASS: TestAccSecretsManagerSecret_kmsKeyID (36.95s)
--- PASS: TestAccSecretsManagerSecret_policy (51.56s)
--- PASS: TestAccSecretsManagerSecret_overwriteReplica (53.36s)
--- PASS: TestAccSecretsManagerSecret_tags (53.39s)
--- PASS: TestAccSecretsManagerSecret_rotationLambdaARN (63.47s)
--- PASS: TestAccSecretsManagerSecret_rotationRules (69.39s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/secretsmanager	70.799s

# eventual consistency tests for IAM role
--- PASS: TestAccSecretsManagerSecret_policy (44.31s)
--- PASS: TestAccSecretsManagerSecret_policy (44.71s)
--- PASS: TestAccSecretsManagerSecret_policy (44.99s)
--- PASS: TestAccSecretsManagerSecret_policy (45.11s)
--- PASS: TestAccSecretsManagerSecret_policy (45.44s)
--- PASS: TestAccSecretsManagerSecret_policy (45.59s)
--- PASS: TestAccSecretsManagerSecret_policy (45.77s)
--- PASS: TestAccSecretsManagerSecret_policy (45.92s)
--- PASS: TestAccSecretsManagerSecret_policy (46.99s)
--- PASS: TestAccSecretsManagerSecret_policy (47.25s)
--- PASS: TestAccIAMRole_badJSON (5.42s)
--- PASS: TestAccIAMRole_disappears (20.42s)
--- PASS: TestAccIAMRole_InlinePolicy_empty (26.51s)
--- PASS: TestAccIAMRole_basic (29.76s)
--- PASS: TestAccIAMRole_namePrefix (30.42s)
--- PASS: TestAccIAMRole_policiesForceDetach (30.93s)
--- PASS: TestAccIAMRole_ManagedPolicy_outOfBandAdditionIgnored (41.01s)
--- PASS: TestAccIAMRole_InlinePolicy_outOfBandAdditionRemovedEmpty (44.52s)
--- PASS: TestAccIAMRole_ManagedPolicy_outOfBandAdditionRemovedEmpty (44.93s)
--- PASS: TestAccIAMRole_nameGenerated (24.52s)
--- PASS: TestAccIAMRole_InlinePolicy_outOfBandRemovalAddedBack (44.96s)
--- PASS: TestAccIAMRole_InlinePolicy_outOfBandAdditionRemoved (44.96s)
--- PASS: TestAccIAMRole_ManagedPolicy_outOfBandAdditionRemoved (45.38s)
--- PASS: TestAccIAMRole_ManagedPolicy_outOfBandRemovalAddedBack (45.44s)
--- PASS: TestAccIAMRole_tags (46.18s)
--- PASS: TestAccIAMRole_maxSessionDuration (48.21s)
--- PASS: TestAccIAMRole_testNameChange (45.89s)
--- PASS: TestAccIAMRole_InlinePolicy_outOfBandAdditionIgnored (52.15s)
--- PASS: TestAccIAMRole_InlinePolicy_ignoreOrder (55.51s)
--- PASS: TestAccIAMRole_InlinePolicy_basic (58.19s)
--- PASS: TestAccIAMRole_ManagedPolicy_basic (58.63s)
--- PASS: TestAccIAMRole_basicWithDescription (40.18s)
--- PASS: TestAccIAMRole_permissionsBoundary (76.11s)

Output from acceptance testing (GovCloud):

--- PASS: TestAccSecretsManagerSecret_basicReplica (21.30s)
--- PASS: TestAccSecretsManagerSecret_withNamePrefix (22.58s)
--- PASS: TestAccSecretsManagerSecret_basic (22.60s)
--- PASS: TestAccSecretsManagerSecret_RecoveryWindowInDays_recreate (33.28s)
--- PASS: TestAccSecretsManagerSecret_description (35.63s)
--- PASS: TestAccSecretsManagerSecret_kmsKeyID (41.95s)
--- PASS: TestAccSecretsManagerSecret_rotationRules (57.76s)
--- PASS: TestAccSecretsManagerSecret_tags (63.40s)
--- PASS: TestAccSecretsManagerSecret_policy (63.94s)
--- PASS: TestAccSecretsManagerSecret_rotationLambdaARN (71.64s)

--- FAIL: TestAccSecretsManagerSecretPolicy_blockPublicPolicy (20.11s) # flaky GovCloud tests predates these changes
--- PASS: TestAccSecretsManagerSecretPolicy_disappears (24.82s)        # flaky GovCloud tests predates these changes
--- PASS: TestAccSecretsManagerSecretPolicy_basic (41.51s)             # flaky GovCloud tests predates these changes

# IAM role eventual consistency tests
--- PASS: TestAccSecretsManagerSecret_policy (54.69s)
--- PASS: TestAccSecretsManagerSecret_policy (55.05s)
--- PASS: TestAccSecretsManagerSecret_policy (55.56s)
--- PASS: TestAccSecretsManagerSecret_policy (55.57s)
--- PASS: TestAccSecretsManagerSecret_policy (55.97s)
--- PASS: TestAccSecretsManagerSecret_policy (56.21s)
--- PASS: TestAccSecretsManagerSecret_policy (58.64s)
--- PASS: TestAccSecretsManagerSecret_policy (60.40s)
--- PASS: TestAccSecretsManagerSecret_policy (60.78s)
--- PASS: TestAccSecretsManagerSecret_policy (67.79s)

@github-actions github-actions bot added service/secretsmanager Issues and PRs that pertain to the secretsmanager service. size/S Managed by automation to categorize the size of a PR. labels Dec 14, 2021
@YakDriver YakDriver mentioned this pull request Dec 14, 2021
Closed
67 tasks
@github-actions github-actions bot added tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. size/L Managed by automation to categorize the size of a PR. and removed size/S Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Dec 15, 2021
@github-actions github-actions bot added service/iam Issues and PRs that pertain to the iam service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Dec 15, 2021
@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. verify Pertains to the verify package (i.e., provider-level validating, diff suppression, etc.) labels Dec 15, 2021
@YakDriver
Copy link
Member Author

YakDriver commented Dec 15, 2021
edited
Loading

New acceptance test run after a set of fixes:

us-west-2:

% make testacc TESTS=TestAccSecretsManagerSecretPolicy PKG=secretsmanager
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/secretsmanager/... -v -count 1 -parallel 20 -run='TestAccSecretsManagerSecretPolicy' -timeout 180m
--- PASS: TestAccSecretsManagerSecretPolicy_disappears (23.08s)
--- PASS: TestAccSecretsManagerSecretPolicy_basic (39.35s)
--- PASS: TestAccSecretsManagerSecretPolicy_blockPublicPolicy (51.90s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/secretsmanager	53.423s
% make testacc TESTS=TestAccSecretsManagerSecret_ PKG=secretsmanager
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/secretsmanager/... -v -count 1 -parallel 20 -run='TestAccSecretsManagerSecret_' -timeout 180m
--- PASS: TestAccSecretsManagerSecret_basic (14.98s)
--- PASS: TestAccSecretsManagerSecret_withNamePrefix (14.98s)
--- PASS: TestAccSecretsManagerSecret_basicReplica (18.39s)
--- PASS: TestAccSecretsManagerSecret_RecoveryWindowInDays_recreate (22.60s)
--- PASS: TestAccSecretsManagerSecret_description (23.77s)
--- PASS: TestAccSecretsManagerSecret_kmsKeyID (27.33s)
--- PASS: TestAccSecretsManagerSecret_tags (40.14s)
--- PASS: TestAccSecretsManagerSecret_policy (44.49s)
--- PASS: TestAccSecretsManagerSecret_rotationLambdaARN (49.58s)
--- PASS: TestAccSecretsManagerSecret_rotationRules (58.30s)
--- PASS: TestAccSecretsManagerSecret_overwriteReplica (60.48s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/secretsmanager	61.761s

GovCloud (note that GovCloud only has 2 regions):

% make testacc TESTS=TestAccSecretsManagerSecretPolicy_ PKG=secretsmanager 
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/secretsmanager/... -v -count 1 -parallel 20 -run='TestAccSecretsManagerSecretPolicy_' -timeout 180m
--- PASS: TestAccSecretsManagerSecretPolicy_disappears (31.20s)
--- PASS: TestAccSecretsManagerSecretPolicy_basic (52.15s)
--- PASS: TestAccSecretsManagerSecretPolicy_blockPublicPolicy (77.08s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/secretsmanager	78.360s
% make testacc TESTS=TestAccSecretsManagerSecret_ PKG=secretsmanager 
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/secretsmanager/... -v -count 1 -parallel 20 -run='TestAccSecretsManagerSecret_' -timeout 180m
    acctest.go:624: wanted 3 regions, partition (aws-us-gov) only has 2 regions
--- SKIP: TestAccSecretsManagerSecret_overwriteReplica (2.98s)
--- PASS: TestAccSecretsManagerSecret_basicReplica (23.87s)
--- PASS: TestAccSecretsManagerSecret_basic (24.18s)
--- PASS: TestAccSecretsManagerSecret_withNamePrefix (24.33s)
--- PASS: TestAccSecretsManagerSecret_RecoveryWindowInDays_recreate (36.84s)
--- PASS: TestAccSecretsManagerSecret_description (39.62s)
--- PASS: TestAccSecretsManagerSecret_kmsKeyID (48.30s)
--- PASS: TestAccSecretsManagerSecret_rotationRules (66.95s)
--- PASS: TestAccSecretsManagerSecret_policy (70.26s)
--- PASS: TestAccSecretsManagerSecret_tags (73.36s)
--- PASS: TestAccSecretsManagerSecret_rotationLambdaARN (83.36s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/secretsmanager	88.085s

@YakDriver YakDriver mentioned this pull request Dec 15, 2021
Closed
ewbankkit
ewbankkit approved these changes Dec 15, 2021
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccSecretsManagerSecretPolicy_\|TestAccSecretsManagerSecret_' PKG=secretsmanager
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/secretsmanager/... -v -count 1 -parallel 20 -run=TestAccSecretsManagerSecretPolicy_\|TestAccSecretsManagerSecret_ -timeout 180m
=== RUN   TestAccSecretsManagerSecretPolicy_basic
=== PAUSE TestAccSecretsManagerSecretPolicy_basic
=== RUN   TestAccSecretsManagerSecretPolicy_blockPublicPolicy
=== PAUSE TestAccSecretsManagerSecretPolicy_blockPublicPolicy
=== RUN   TestAccSecretsManagerSecretPolicy_disappears
=== PAUSE TestAccSecretsManagerSecretPolicy_disappears
=== RUN   TestAccSecretsManagerSecret_basic
=== PAUSE TestAccSecretsManagerSecret_basic
=== RUN   TestAccSecretsManagerSecret_withNamePrefix
=== PAUSE TestAccSecretsManagerSecret_withNamePrefix
=== RUN   TestAccSecretsManagerSecret_description
=== PAUSE TestAccSecretsManagerSecret_description
=== RUN   TestAccSecretsManagerSecret_basicReplica
=== PAUSE TestAccSecretsManagerSecret_basicReplica
=== RUN   TestAccSecretsManagerSecret_overwriteReplica
=== PAUSE TestAccSecretsManagerSecret_overwriteReplica
=== RUN   TestAccSecretsManagerSecret_kmsKeyID
=== PAUSE TestAccSecretsManagerSecret_kmsKeyID
=== RUN   TestAccSecretsManagerSecret_RecoveryWindowInDays_recreate
=== PAUSE TestAccSecretsManagerSecret_RecoveryWindowInDays_recreate
=== RUN   TestAccSecretsManagerSecret_rotationLambdaARN
=== PAUSE TestAccSecretsManagerSecret_rotationLambdaARN
=== RUN   TestAccSecretsManagerSecret_rotationRules
=== PAUSE TestAccSecretsManagerSecret_rotationRules
=== RUN   TestAccSecretsManagerSecret_tags
=== PAUSE TestAccSecretsManagerSecret_tags
=== RUN   TestAccSecretsManagerSecret_policy
=== PAUSE TestAccSecretsManagerSecret_policy
=== CONT  TestAccSecretsManagerSecretPolicy_basic
=== CONT  TestAccSecretsManagerSecret_kmsKeyID
=== CONT  TestAccSecretsManagerSecret_tags
=== CONT  TestAccSecretsManagerSecret_withNamePrefix
=== CONT  TestAccSecretsManagerSecret_overwriteReplica
=== CONT  TestAccSecretsManagerSecret_basicReplica
=== CONT  TestAccSecretsManagerSecret_rotationLambdaARN
=== CONT  TestAccSecretsManagerSecret_description
=== CONT  TestAccSecretsManagerSecretPolicy_disappears
=== CONT  TestAccSecretsManagerSecret_rotationRules
=== CONT  TestAccSecretsManagerSecret_basic
=== CONT  TestAccSecretsManagerSecretPolicy_blockPublicPolicy
=== CONT  TestAccSecretsManagerSecret_policy
=== CONT  TestAccSecretsManagerSecret_RecoveryWindowInDays_recreate
--- PASS: TestAccSecretsManagerSecret_withNamePrefix (36.24s)
--- PASS: TestAccSecretsManagerSecret_basic (36.47s)
--- PASS: TestAccSecretsManagerSecret_basicReplica (39.87s)
--- PASS: TestAccSecretsManagerSecret_RecoveryWindowInDays_recreate (52.62s)
--- PASS: TestAccSecretsManagerSecretPolicy_disappears (56.85s)
--- PASS: TestAccSecretsManagerSecret_description (57.89s)
--- PASS: TestAccSecretsManagerSecret_kmsKeyID (67.88s)
--- PASS: TestAccSecretsManagerSecretPolicy_basic (74.09s)
--- PASS: TestAccSecretsManagerSecret_rotationRules (84.29s)
--- PASS: TestAccSecretsManagerSecret_policy (86.31s)
--- PASS: TestAccSecretsManagerSecret_tags (90.39s)
--- PASS: TestAccSecretsManagerSecret_rotationLambdaARN (91.87s)
--- PASS: TestAccSecretsManagerSecretPolicy_blockPublicPolicy (92.12s)
--- PASS: TestAccSecretsManagerSecret_overwriteReplica (99.04s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/secretsmanager	103.925s

@YakDriver YakDriver merged commit 03d6856 into main Dec 16, 2021
@YakDriver YakDriver deleted the b-secretsmanager-secret-policy-diffs branch December 16, 2021 14:45
@github-actions github-actions bot added this to the v3.70.0 milestone Dec 16, 2021
github-actions bot pushed a commit that referenced this pull request Dec 16, 2021
Update CHANGELOG.md for #22217
6d0bd77
@github-actions
Copy link

This functionality has been released in v3.70.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

github-actions bot commented Jun 2, 2022

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 2, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. service/iam Issues and PRs that pertain to the iam service. service/secretsmanager Issues and PRs that pertain to the secretsmanager service. size/L Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. verify Pertains to the verify package (i.e., provider-level validating, diff suppression, etc.)
Projects
None yet
Milestone
v3.70.0
2 participants
@YakDriver @ewbankkit