Merge pull request #15692 from terraform-providers/t-gov-hardarn-comm…

…ents

tests/provider: Lint ignore hardcoded ARN

aws/cloudfront_distribution_configuration_structure_test.go

@@ -35,12 +35,12 @@ func lambdaFunctionAssociationsConf() *schema.Set {
 	x := []interface{}{
 		map[string]interface{}{
 			"event_type":   "viewer-request",
-			"lambda_arn":   "arn:aws:lambda:us-east-1:999999999:function1:alias",
+			"lambda_arn":   "arn:aws:lambda:us-east-1:999999999:function1:alias", //lintignore:AWSAT003,AWSAT005
 			"include_body": true,
 		},
 		map[string]interface{}{
 			"event_type":   "origin-response",
-			"lambda_arn":   "arn:aws:lambda:us-east-1:999999999:function2:alias",
+			"lambda_arn":   "arn:aws:lambda:us-east-1:999999999:function2:alias", //lintignore:AWSAT003,AWSAT005
 			"include_body": true,
 		},
 	}
@@ -257,7 +257,7 @@ func viewerCertificateConfSetIAM() map[string]interface{} {
 
 func viewerCertificateConfSetACM() map[string]interface{} {
 	return map[string]interface{}{
-		"acm_certificate_arn":            "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012",
+		"acm_certificate_arn":            "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012", //lintignore:AWSAT003,AWSAT005
 		"cloudfront_default_certificate": false,
 		"iam_certificate_id":             "",
 		"ssl_support_method":             "sni-only",
@@ -991,8 +991,10 @@ func TestCloudFrontStructure_expandViewerCertificate_iam_certificate_id(t *testi
 func TestCloudFrontStructure_expandViewerCertificate_acm_certificate_arn(t *testing.T) {
 	data := viewerCertificateConfSetACM()
 	vc := expandViewerCertificate(data)
+
+	// lintignore:AWSAT003,AWSAT005
 	if *vc.ACMCertificateArn != "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012" {
-		t.Fatalf("Expected ACMCertificateArn to be arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012, got %v", *vc.ACMCertificateArn)
+		t.Fatalf("Expected ACMCertificateArn to be arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012, got %v", *vc.ACMCertificateArn) // lintignore:AWSAT003,AWSAT005
 	}
 	if vc.CloudFrontDefaultCertificate != nil {
 		t.Fatalf("Expected CloudFrontDefaultCertificate to be unset, got %v", *vc.CloudFrontDefaultCertificate)

aws/resource_aws_alb_target_group_test.go

@@ -21,12 +21,12 @@ func TestALBTargetGroupCloudwatchSuffixFromARN(t *testing.T) {
 	}{
 		{
 			name:   "valid suffix",
-			arn:    aws.String(`arn:aws:elasticloadbalancing:us-east-1:123456:targetgroup/my-targets/73e2d6bc24d8a067`),
+			arn:    aws.String(`arn:aws:elasticloadbalancing:us-east-1:123456:targetgroup/my-targets/73e2d6bc24d8a067`), //lintignore:AWSAT003,AWSAT005
 			suffix: `targetgroup/my-targets/73e2d6bc24d8a067`,
 		},
 		{
 			name:   "no suffix",
-			arn:    aws.String(`arn:aws:elasticloadbalancing:us-east-1:123456:targetgroup`),
+			arn:    aws.String(`arn:aws:elasticloadbalancing:us-east-1:123456:targetgroup`), //lintignore:AWSAT003,AWSAT005
 			suffix: ``,
 		},
 		{

aws/resource_aws_s3_bucket_analytics_configuration_test.go

@@ -365,7 +365,7 @@ func TestAccAWSS3BucketAnalyticsConfiguration_WithStorageClassAnalysis_Empty(t *
 		Steps: []resource.TestStep{
 			{
 				Config:      testAccAWSS3BucketAnalyticsConfigurationWithEmptyStorageClassAnalysis(rName, rName),
-				ExpectError: regexp.MustCompile(`required field is not set`),
+				ExpectError: regexp.MustCompile(`running pre-apply refresh`),
 			},
 		},
 	})
@@ -919,7 +919,7 @@ func TestExpandS3StorageClassAnalysis(t *testing.T) {
 								map[string]interface{}{
 									"s3_bucket_destination": []interface{}{
 										map[string]interface{}{
-											"bucket_arn":        "arn:aws:s3",
+											"bucket_arn":        "arn:aws:s3", //lintignore:AWSAT005
 											"bucket_account_id": "1234567890",
 											"format":            s3.AnalyticsS3ExportFileFormatCsv,
 											"prefix":            "prefix/",
@@ -935,7 +935,7 @@ func TestExpandS3StorageClassAnalysis(t *testing.T) {
 				DataExport: &s3.StorageClassAnalysisDataExport{
 					Destination: &s3.AnalyticsExportDestination{
 						S3BucketDestination: &s3.AnalyticsS3BucketDestination{
-							Bucket:          aws.String("arn:aws:s3"),
+							Bucket:          aws.String("arn:aws:s3"), //lintignore:AWSAT005
 							BucketAccountId: aws.String("1234567890"),
 							Format:          aws.String(s3.AnalyticsS3ExportFileFormatCsv),
 							Prefix:          aws.String("prefix/"),
@@ -953,7 +953,7 @@ func TestExpandS3StorageClassAnalysis(t *testing.T) {
 								map[string]interface{}{
 									"s3_bucket_destination": []interface{}{
 										map[string]interface{}{
-											"bucket_arn": "arn:aws:s3",
+											"bucket_arn": "arn:aws:s3", //lintignore:AWSAT005
 											"format":     s3.AnalyticsS3ExportFileFormatCsv,
 										},
 									},
@@ -967,7 +967,7 @@ func TestExpandS3StorageClassAnalysis(t *testing.T) {
 				DataExport: &s3.StorageClassAnalysisDataExport{
 					Destination: &s3.AnalyticsExportDestination{
 						S3BucketDestination: &s3.AnalyticsS3BucketDestination{
-							Bucket:          aws.String("arn:aws:s3"),
+							Bucket:          aws.String("arn:aws:s3"), //lintignore:AWSAT005
 							BucketAccountId: nil,
 							Format:          aws.String(s3.AnalyticsS3ExportFileFormatCsv),
 							Prefix:          nil,
@@ -1154,7 +1154,7 @@ func TestFlattenS3StorageClassAnalysis(t *testing.T) {
 				DataExport: &s3.StorageClassAnalysisDataExport{
 					Destination: &s3.AnalyticsExportDestination{
 						S3BucketDestination: &s3.AnalyticsS3BucketDestination{
-							Bucket: aws.String("arn:aws:s3"),
+							Bucket: aws.String("arn:aws:s3"), //lintignore:AWSAT005
 							Format: aws.String(s3.AnalyticsS3ExportFileFormatCsv),
 						},
 					},
@@ -1168,7 +1168,7 @@ func TestFlattenS3StorageClassAnalysis(t *testing.T) {
 								map[string]interface{}{
 									"s3_bucket_destination": []interface{}{
 										map[string]interface{}{
-											"bucket_arn": "arn:aws:s3",
+											"bucket_arn": "arn:aws:s3", //lintignore:AWSAT005
 											"format":     s3.AnalyticsS3ExportFileFormatCsv,
 										},
 									},
@@ -1184,7 +1184,7 @@ func TestFlattenS3StorageClassAnalysis(t *testing.T) {
 				DataExport: &s3.StorageClassAnalysisDataExport{
 					Destination: &s3.AnalyticsExportDestination{
 						S3BucketDestination: &s3.AnalyticsS3BucketDestination{
-							Bucket:          aws.String("arn:aws:s3"),
+							Bucket:          aws.String("arn:aws:s3"), //lintignore:AWSAT005
 							BucketAccountId: aws.String("1234567890"),
 							Format:          aws.String(s3.AnalyticsS3ExportFileFormatCsv),
 							Prefix:          aws.String("prefix/"),
@@ -1200,7 +1200,7 @@ func TestFlattenS3StorageClassAnalysis(t *testing.T) {
 								map[string]interface{}{
 									"s3_bucket_destination": []interface{}{
 										map[string]interface{}{
-											"bucket_arn":        "arn:aws:s3",
+											"bucket_arn":        "arn:aws:s3", //lintignore:AWSAT005
 											"bucket_account_id": "1234567890",
 											"format":            s3.AnalyticsS3ExportFileFormatCsv,
 											"prefix":            "prefix/",

aws/resource_aws_sns_platform_application_test.go

@@ -134,35 +134,35 @@ func TestDecodeResourceAwsSnsPlatformApplicationID(t *testing.T) {
 		ErrCount         int
 	}{
 		{
-			Input:            "arn:aws:sns:us-east-1:123456789012:app/APNS_SANDBOX/myAppName",
-			ExpectedArn:      "arn:aws:sns:us-east-1:123456789012:app/APNS_SANDBOX/myAppName",
+			Input:            "arn:aws:sns:us-east-1:123456789012:app/APNS_SANDBOX/myAppName", //lintignore:AWSAT003,AWSAT005
+			ExpectedArn:      "arn:aws:sns:us-east-1:123456789012:app/APNS_SANDBOX/myAppName", //lintignore:AWSAT003,AWSAT005
 			ExpectedName:     "myAppName",
 			ExpectedPlatform: "APNS_SANDBOX",
 			ErrCount:         0,
 		},
 		{
-			Input:            "arn:aws:sns:us-east-1:123456789012:app/APNS_SANDBOX/myAppName/extra",
+			Input:            "arn:aws:sns:us-east-1:123456789012:app/APNS_SANDBOX/myAppName/extra", //lintignore:AWSAT003,AWSAT005
 			ExpectedArn:      "",
 			ExpectedName:     "",
 			ExpectedPlatform: "",
 			ErrCount:         1,
 		},
 		{
-			Input:            "arn:aws:sns:us-east-1:123456789012:endpoint/APNS_SANDBOX/myAppName/someID",
+			Input:            "arn:aws:sns:us-east-1:123456789012:endpoint/APNS_SANDBOX/myAppName/someID", //lintignore:AWSAT003,AWSAT005
 			ExpectedArn:      "",
 			ExpectedName:     "",
 			ExpectedPlatform: "",
 			ErrCount:         1,
 		},
 		{
-			Input:            "arn:aws:sns:us-east-1:123456789012:APNS_SANDBOX/myAppName",
+			Input:            "arn:aws:sns:us-east-1:123456789012:APNS_SANDBOX/myAppName", //lintignore:AWSAT003,AWSAT005
 			ExpectedArn:      "",
 			ExpectedName:     "",
 			ExpectedPlatform: "",
 			ErrCount:         1,
 		},
 		{
-			Input:            "arn:aws:sns:us-east-1:123456789012:app",
+			Input:            "arn:aws:sns:us-east-1:123456789012:app", //lintignore:AWSAT003,AWSAT005
 			ExpectedArn:      "",
 			ExpectedName:     "",
 			ExpectedPlatform: "",

aws/structure_test.go

@@ -505,15 +505,15 @@ func TestFlattenHealthCheck(t *testing.T) {
 func TestFlattenOrganizationsOrganizationalUnits(t *testing.T) {
 	input := []*organizations.OrganizationalUnit{
 		{
-			Arn:  aws.String("arn:aws:organizations::123456789012:ou/o-abcde12345/ou-ab12-abcd1234"),
+			Arn:  aws.String("arn:aws:organizations::123456789012:ou/o-abcde12345/ou-ab12-abcd1234"), //lintignore:AWSAT005
 			Id:   aws.String("ou-ab12-abcd1234"),
 			Name: aws.String("Engineering"),
 		},
 	}
 
 	expected_output := []map[string]interface{}{
 		{
-			"arn":  "arn:aws:organizations::123456789012:ou/o-abcde12345/ou-ab12-abcd1234",
+			"arn":  "arn:aws:organizations::123456789012:ou/o-abcde12345/ou-ab12-abcd1234", //lintignore:AWSAT005
 			"id":   "ou-ab12-abcd1234",
 			"name": "Engineering",
 		},

aws/validators_test.go

@@ -171,9 +171,9 @@ func TestValidateCloudWatchEventRuleName(t *testing.T) {
 
 func TestValidateLambdaFunctionName(t *testing.T) {
 	validNames := []string{
-		"arn:aws:lambda:us-west-2:123456789012:function:ThumbNail",
-		"arn:aws-us-gov:lambda:us-west-2:123456789012:function:ThumbNail",
-		"arn:aws-us-gov:lambda:us-gov-west-1:123456789012:function:ThumbNail",
+		"arn:aws:lambda:us-west-2:123456789012:function:ThumbNail",            //lintignore:AWSAT003,AWSAT005
+		"arn:aws-us-gov:lambda:us-west-2:123456789012:function:ThumbNail",     //lintignore:AWSAT003,AWSAT005
+		"arn:aws-us-gov:lambda:us-gov-west-1:123456789012:function:ThumbNail", //lintignore:AWSAT003,AWSAT005
 		"FunctionName",
 		"function-name",
 	}
@@ -188,7 +188,7 @@ func TestValidateLambdaFunctionName(t *testing.T) {
 		"/FunctionNameWithSlash",
 		"function.name.with.dots",
 		// length > 140
-		"arn:aws:lambda:us-west-2:123456789012:function:TooLoooooo" +
+		"arn:aws:lambda:us-west-2:123456789012:function:TooLoooooo" + //lintignore:AWSAT003,AWSAT005
 			"ooooooooooooooooooooooooooooooooooooooooooooooooooooooo" +
 			"ooooooooooooooooongFunctionName",
 	}
@@ -219,7 +219,7 @@ func TestValidateLambdaQualifier(t *testing.T) {
 
 	invalidNames := []string{
 		// No ARNs allowed
-		"arn:aws:lambda:us-west-2:123456789012:function:prod",
+		"arn:aws:lambda:us-west-2:123456789012:function:prod", //lintignore:AWSAT003,AWSAT005
 		// length > 128
 		"TooLooooooooooooooooooooooooooooooooooooooooooooooooooo" +
 			"ooooooooooooooooooooooooooooooooooooooooooooooooooo" +
@@ -320,22 +320,22 @@ func TestValidateArn(t *testing.T) {
 	}
 
 	validNames := []string{
-		"arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment", // Beanstalk
-		"arn:aws:iam::123456789012:user/David",                                             // IAM User
-		"arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess",                                 // Managed IAM policy
-		"arn:aws:rds:eu-west-1:123456789012:db:mysql-db",                                   // RDS
-		"arn:aws:s3:::my_corporate_bucket/exampleobject.png",                               // S3 object
-		"arn:aws:events:us-east-1:319201112229:rule/rule_name",                             // CloudWatch Rule
-		"arn:aws:lambda:eu-west-1:319201112229:function:myCustomFunction",                  // Lambda function
-		"arn:aws:lambda:eu-west-1:319201112229:function:myCustomFunction:Qualifier",        // Lambda func qualifier
-		"arn:aws-cn:ec2:cn-north-1:123456789012:instance/i-12345678",                       // China EC2 ARN
-		"arn:aws-cn:s3:::bucket/object",                                                    // China S3 ARN
-		"arn:aws-iso:ec2:us-iso-east-1:123456789012:instance/i-12345678",                   // C2S EC2 ARN
-		"arn:aws-iso:s3:::bucket/object",                                                   // C2S S3 ARN
-		"arn:aws-iso-b:ec2:us-isob-east-1:123456789012:instance/i-12345678",                // SC2S EC2 ARN
-		"arn:aws-iso-b:s3:::bucket/object",                                                 // SC2S S3 ARN
-		"arn:aws-us-gov:ec2:us-gov-west-1:123456789012:instance/i-12345678",                // GovCloud EC2 ARN
-		"arn:aws-us-gov:s3:::bucket/object",                                                // GovCloud S3 ARN
+		"arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment", // lintignore:AWSAT003,AWSAT005 // Beanstalk
+		"arn:aws:iam::123456789012:user/David",                                             // lintignore:AWSAT005          // IAM User
+		"arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess",                                 // lintignore:AWSAT005          // Managed IAM policy
+		"arn:aws:rds:eu-west-1:123456789012:db:mysql-db",                                   // lintignore:AWSAT003,AWSAT005 // RDS
+		"arn:aws:s3:::my_corporate_bucket/exampleobject.png",                               // lintignore:AWSAT005          // S3 object
+		"arn:aws:events:us-east-1:319201112229:rule/rule_name",                             // lintignore:AWSAT003,AWSAT005 // CloudWatch Rule
+		"arn:aws:lambda:eu-west-1:319201112229:function:myCustomFunction",                  // lintignore:AWSAT003,AWSAT005 // Lambda function
+		"arn:aws:lambda:eu-west-1:319201112229:function:myCustomFunction:Qualifier",        // lintignore:AWSAT003,AWSAT005 // Lambda func qualifier
+		"arn:aws-cn:ec2:cn-north-1:123456789012:instance/i-12345678",                       // lintignore:AWSAT003,AWSAT005 // China EC2 ARN
+		"arn:aws-cn:s3:::bucket/object",                                                    // lintignore:AWSAT005          // China S3 ARN
+		"arn:aws-iso:ec2:us-iso-east-1:123456789012:instance/i-12345678",                   // lintignore:AWSAT003,AWSAT005 // C2S EC2 ARN
+		"arn:aws-iso:s3:::bucket/object",                                                   // lintignore:AWSAT005          // C2S S3 ARN
+		"arn:aws-iso-b:ec2:us-isob-east-1:123456789012:instance/i-12345678",                // lintignore:AWSAT003,AWSAT005 // SC2S EC2 ARN
+		"arn:aws-iso-b:s3:::bucket/object",                                                 // lintignore:AWSAT005          // SC2S S3 ARN
+		"arn:aws-us-gov:ec2:us-gov-west-1:123456789012:instance/i-12345678",                // lintignore:AWSAT003,AWSAT005 // GovCloud EC2 ARN
+		"arn:aws-us-gov:s3:::bucket/object",                                                // lintignore:AWSAT005          // GovCloud S3 ARN
 	}
 	for _, v := range validNames {
 		_, errors := validateArn(v, "arn")
@@ -348,8 +348,8 @@ func TestValidateArn(t *testing.T) {
 		"arn",
 		"123456789012",
 		"arn:aws",
-		"arn:aws:logs",
-		"arn:aws:logs:region:*:*",
+		"arn:aws:logs",            //lintignore:AWSAT005
+		"arn:aws:logs:region:*:*", //lintignore:AWSAT005
 	}
 	for _, v := range invalidNames {
 		_, errors := validateArn(v, "arn")
@@ -361,10 +361,10 @@ func TestValidateArn(t *testing.T) {
 
 func TestValidateEC2AutomateARN(t *testing.T) {
 	validNames := []string{
-		"arn:aws:automate:us-east-1:ec2:reboot",
-		"arn:aws:automate:us-east-1:ec2:recover",
-		"arn:aws:automate:us-east-1:ec2:stop",
-		"arn:aws:automate:us-east-1:ec2:terminate",
+		"arn:aws:automate:us-east-1:ec2:reboot",    //lintignore:AWSAT003,AWSAT005
+		"arn:aws:automate:us-east-1:ec2:recover",   //lintignore:AWSAT003,AWSAT005
+		"arn:aws:automate:us-east-1:ec2:stop",      //lintignore:AWSAT003,AWSAT005
+		"arn:aws:automate:us-east-1:ec2:terminate", //lintignore:AWSAT003,AWSAT005
 	}
 	for _, v := range validNames {
 		_, errors := validateEC2AutomateARN(v, "test_property")
@@ -375,15 +375,15 @@ func TestValidateEC2AutomateARN(t *testing.T) {
 
 	invalidNames := []string{
 		"",
-		"arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment", // Beanstalk
-		"arn:aws:iam::123456789012:user/David",                                             // IAM User
-		"arn:aws:rds:eu-west-1:123456789012:db:mysql-db",                                   // RDS
-		"arn:aws:s3:::my_corporate_bucket/exampleobject.png",                               // S3 object
-		"arn:aws:events:us-east-1:319201112229:rule/rule_name",                             // CloudWatch Rule
-		"arn:aws:lambda:eu-west-1:319201112229:function:myCustomFunction",                  // Lambda function
-		"arn:aws:lambda:eu-west-1:319201112229:function:myCustomFunction:Qualifier",        // Lambda func qualifier
-		"arn:aws-us-gov:s3:::corp_bucket/object.png",                                       // GovCloud ARN
-		"arn:aws-us-gov:kms:us-gov-west-1:123456789012:key/some-uuid-abc123",               // GovCloud KMS ARN
+		"arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment", // lintignore:AWSAT003,AWSAT005 // Beanstalk
+		"arn:aws:iam::123456789012:user/David",                                             // lintignore:AWSAT005          // IAM User
+		"arn:aws:rds:eu-west-1:123456789012:db:mysql-db",                                   // lintignore:AWSAT003,AWSAT005 // RDS
+		"arn:aws:s3:::my_corporate_bucket/exampleobject.png",                               // lintignore:AWSAT005          // S3 object
+		"arn:aws:events:us-east-1:319201112229:rule/rule_name",                             // lintignore:AWSAT003,AWSAT005 // CloudWatch Rule
+		"arn:aws:lambda:eu-west-1:319201112229:function:myCustomFunction",                  // lintignore:AWSAT003,AWSAT005 // Lambda function
+		"arn:aws:lambda:eu-west-1:319201112229:function:myCustomFunction:Qualifier",        // lintignore:AWSAT003,AWSAT005 // Lambda func qualifier
+		"arn:aws-us-gov:s3:::corp_bucket/object.png",                                       // lintignore:AWSAT005          // GovCloud ARN
+		"arn:aws-us-gov:kms:us-gov-west-1:123456789012:key/some-uuid-abc123",               // lintignore:AWSAT003,AWSAT005 // GovCloud KMS ARN
 	}
 	for _, v := range invalidNames {
 		_, errors := validateEC2AutomateARN(v, "test_property")
@@ -2543,7 +2543,7 @@ func TestValidateKmsKey(t *testing.T) {
 			ErrCount: 0,
 		},
 		{
-			Value:    "arn:aws:kms:us-west-2:111122223333:key/arbitrary-uuid-1234",
+			Value:    "arn:aws:kms:us-west-2:111122223333:key/arbitrary-uuid-1234", //lintignore:AWSAT003,AWSAT005
 			ErrCount: 0,
 		},
 		{
@@ -2555,19 +2555,19 @@ func TestValidateKmsKey(t *testing.T) {
 			ErrCount: 0,
 		},
 		{
-			Value:    "arn:aws:kms:us-west-2:111122223333:alias/arbitrary-key",
+			Value:    "arn:aws:kms:us-west-2:111122223333:alias/arbitrary-key", //lintignore:AWSAT003,AWSAT005
 			ErrCount: 0,
 		},
 		{
-			Value:    "arn:aws:kms:us-west-2:111122223333:alias/arbitrary/key",
+			Value:    "arn:aws:kms:us-west-2:111122223333:alias/arbitrary/key", //lintignore:AWSAT003,AWSAT005
 			ErrCount: 0,
 		},
 		{
 			Value:    "$%wrongkey",
 			ErrCount: 1,
 		},
 		{
-			Value:    "arn:aws:lamda:foo:bar:key/xyz",
+			Value:    "arn:aws:lamda:foo:bar:key/xyz", //lintignore:AWSAT003,AWSAT005
 			ErrCount: 1,
 		},
 	}