Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

resource/aws_accessanalyzer_analyzer: Support ORGANIZATION value in type argument #14493

Merged
merged 1 commit into from
Aug 12, 2020

Conversation

bflad
Copy link
Contributor

@bflad bflad commented Aug 6, 2020

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #12593

Release note for CHANGELOG:

* resource/aws_accessanalyzer_analyzer: Support `ORGANIZATION` value in `type` argument

Output from acceptance testing in Organizations testing account:

--- PASS: TestAccAWSAccessAnalyzer_serial (344.90s)
    --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer (344.90s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/basic (10.64s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/disappears (7.41s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Tags (22.00s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization (304.86s)

@bflad bflad added the enhancement Requests to existing resources that expand the functionality or scope. label Aug 6, 2020
@bflad bflad requested a review from a team August 6, 2020 16:59
@ghost ghost added size/M Managed by automation to categorize the size of a PR. service/accessanalyzer Issues and PRs that pertain to the accessanalyzer service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. documentation Introduces or discusses updates to documentation. labels Aug 6, 2020
Copy link
Contributor

@anGie44 anGie44 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple q's otherwise LGTM

Output of acceptance tests:

--- PASS: TestAccAWSAccessAnalyzer_serial (333.17s)
    --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer (333.17s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Tags (28.02s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization (286.18s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/basic (10.91s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/disappears (8.06s)

@@ -27,7 +44,7 @@ The following arguments are required:
The following arguments are optional:

* `tags` - (Optional) Key-value map of resource tags.
* `type` - (Optional) Type of Analyzer. Valid value is currently only `ACCOUNT`. Defaults to `ACCOUNT`.
* `type` - (Optional) Type of Analyzer. Valid values are `ACCOUNT` or `ORGANIZATION`. Defaults to `ACCOUNT`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how do we feel about adding Forces new resource to (Optional) in docs? i've seen it in some places but not strictly everywhere where applicable. this could be a good place since the schema has changed for this attribute but also could apply to the analyzer_name argument

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd say the convention to exclude that information in the resource documentation is more typical for two reasons:

  • The terraform plan/apply output authoritatively shows when and where resource recreation behavior occurs (except of course the TypeSet weirdness we were looking at earlier 😬 )
  • Previous changes to remove ForceNew and support in-place updates where it was documented tended to be forgotten since the information is atypical and changes more frequently than Optional vs Required, so quite a few followup documentation PRs were necessary to bring things up to date

That's not to say we shouldn't do it -- just some insight on the subject. When the provider documentation is more automatically generated based on the schema, I think that will be a good inflection point on whether or not its worth including more holistically across all resources, since then the change will theoretically be trivial.

PreCheck: func() {
testAccPreCheck(t)
testAccPreCheckAWSAccessAnalyzer(t)
// testAccOrganizationsAccountPreCheck(t)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we consider keeping this check to skip this test instead of failing? 🤔

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oi! Good catch. Extraneous code comment there.

@bflad bflad added this to the v3.2.0 milestone Aug 12, 2020
…ype argument

Reference: #12593

Output from acceptance testing in Organizations testing account:

```
--- PASS: TestAccAWSAccessAnalyzer_serial (344.90s)
    --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer (344.90s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/basic (10.64s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/disappears (7.41s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Tags (22.00s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization (304.86s)
```
@bflad bflad force-pushed the f-aws_accessanalyzer_analyzer-organizations branch from 300d57c to f57a0cd Compare August 12, 2020 00:23
@bflad
Copy link
Contributor Author

bflad commented Aug 12, 2020

Rebased with that comment line fixed and re-verified:

Standalone account:

=== RUN   TestAccAWSAccessAnalyzer_serial
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/basic
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/disappears
    TestAccAWSAccessAnalyzer_serial/Analyzer/disappears: resource_aws_accessanalyzer_analyzer_test.go:52: [INFO] Got non-empty plan, as expected
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/Tags
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization
--- PASS: TestAccAWSAccessAnalyzer_serial (313.73s)
    --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer (313.73s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/basic (11.92s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/disappears (8.58s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Tags (30.25s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization (262.98s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	314.629s

Organizations member account:

=== RUN   TestAccAWSAccessAnalyzer_serial
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/basic
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/disappears
    TestAccAWSAccessAnalyzer_serial/Analyzer/disappears: resource_aws_accessanalyzer_analyzer_test.go:52: [INFO] Got non-empty plan, as expected
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/Tags
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization
    TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization: provider_test.go:559: skipping tests; this AWS account must not be an existing member of an AWS Organization
--- PASS: TestAccAWSAccessAnalyzer_serial (52.58s)
    --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer (52.58s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/basic (12.36s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/disappears (8.62s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Tags (30.35s)
        --- SKIP: TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization (1.26s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	54.814s

@bflad bflad merged commit d90279c into master Aug 12, 2020
@bflad bflad deleted the f-aws_accessanalyzer_analyzer-organizations branch August 12, 2020 02:22
bflad added a commit that referenced this pull request Aug 12, 2020
@ghost
Copy link

ghost commented Aug 14, 2020

This has been released in version 3.2.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Sep 12, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Sep 12, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. service/accessanalyzer Issues and PRs that pertain to the accessanalyzer service. size/M Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Use AWS IAM Access Analyzer in AWS Organizations
2 participants