Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add aws_verifiedpermissions_policy #35413

Merged
merged 16 commits into from
Apr 19, 2024
Merged

feat: add aws_verifiedpermissions_policy #35413

merged 16 commits into from
Apr 19, 2024

Conversation

filol
Copy link
Contributor

@filol filol commented Jan 20, 2024
edited by justinretzolk
Loading

Description

Adding Verified Permission Policy
WIP - Need help

Relations

Relates #32158
Closes #35412

References

https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicy.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-verifiedpermissions-policy.html

Output from Acceptance Testing

% make testacc TESTS=TestAccXXX PKG=ec2

...

@github-actions GitHub Actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/verifiedpermissions Issues and PRs that pertain to the verifiedpermissions service. size/XL Managed by automation to categorize the size of a PR. labels Jan 20, 2024
@terraform-aws-provider terraform-aws-provider bot added the needs-triage Waiting for first response or review from a maintainer. label Jan 20, 2024
github-actions[bot]
github-actions bot reviewed Jan 20, 2024
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome @filol 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTOR guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

@justinretzolk justinretzolk added new-resource Introduces a new resource. and removed needs-triage Waiting for first response or review from a maintainer. labels Jan 22, 2024
@hanoj-budime
Copy link

hanoj-budime commented Mar 18, 2024
edited
Loading

Hey, we're eagerly awaiting this. When will it be generally available (GA)?

@ewbankkit
@justinretzolk
@johnsonaj

@ewbankkit ewbankkit mentioned this pull request Mar 21, 2024
Closed
7 tasks
@dguisinger
Copy link

Is this ever going to get released?

@hanoj-budime
Copy link

hanoj-budime commented Apr 10, 2024
edited
Loading

Hey, we're eagerly awaiting this. When will it be generally available (GA)?

@ewbankkit @justinretzolk @johnsonaj

Guy's ? Update please.. we're wait for your PR

@johnsonaj johnsonaj self-assigned this Apr 12, 2024
@terraform-aws-provider terraform-aws-provider bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Apr 12, 2024
@hanoj-budime
Copy link

Hi @johnsonaj,

I'm glad to see some progress here. thanks.

Please make sure to test scenarios where it can update in-place and where it needs to recreate the policy based on a modification.

What's the estimation roadmap for this feature?

@johnsonaj johnsonaj force-pushed the f-aws_verifiedpermissions_policy branch from ff62242 to ae7e9ef Compare April 16, 2024 18:13
@github-actions GitHub Actions
Copy link

Thank you for your contribution! 🚀

Please note that typically Go dependency changes are handled in this repository by dependabot or the maintainers. This is to prevent pull request merge conflicts and further delay reviews of contributions. Remove any changes to the go.mod or go.sum files and commit them into this pull request.

Additional details:

  • Check open pull requests with the dependencies label to view other dependency updates.
  • If this pull request includes an update the AWS Go SDK (or any other dependency) version, only updates submitted via dependabot will be merged. This pull request will need to remove these changes and will need to be rebased after the existing dependency update via dependabot has been merged for this pull request to be reviewed.
  • If this pull request is for supporting a new AWS service:
    • Ensure the new AWS service changes are following the Contributing Guide section on new services, in particular that the dependency addition and initial provider support are in a separate pull request from other changes (e.g. new resources). Contributions not following this item will not be reviewed until the changes are split.
    • If this pull request is already a separate pull request from the above item, you can ignore this message.

@johnsonaj
Copy link
Contributor 

% make sweep SWEEPARGS='-sweep-run=aws_verifiedpermissions_ -sweep-allow-failures'

# make sweep SWEEPARGS=-sweep-run=aws_example_thing
# set SWEEPARGS=-sweep-allow-failures to continue after first failure
WARNING: This will destroy infrastructure. Use only in development accounts.
go1.21.8 test ./internal/sweep -v -sweep=us-west-2,us-east-1,us-east-2,us-west-1 -sweep-run=aws_verifiedpermissions_ -sweep-allow-failures -timeout 360m
2024/04/16 14:02:04 [DEBUG] Running Sweepers for region (us-west-2):
2024/04/16 14:02:04 [DEBUG] Running Sweeper (aws_verifiedpermissions_policy_store) in region (us-west-2)
2024/04/16 14:02:04 [DEBUG] sweeper: Configuring Terraform AWS Provider: sweeper_region=us-west-2
2024-04-16T14:02:04.909-0500 [DEBUG] sweeper.aws-base: Resolving credentials provider: sweeper_region=us-west-2
2024-04-16T14:02:04.910-0500 [DEBUG] sweeper.aws-base: Using profile: tf_aws.profile.source=envvar sweeper_region=us-west-2 tf_aws.profile=default
2024-04-16T14:02:04.910-0500 [DEBUG] sweeper.aws-base: Loading configuration: sweeper_region=us-west-2
2024-04-16T14:02:04.911-0500 [DEBUG] sweeper.aws-base: Retrieving credentials: sweeper_region=us-west-2
2024-04-16T14:02:04.911-0500 [INFO]  sweeper.aws-base: Retrieved credentials: sweeper_region=us-west-2 tf_aws.credentials_source="SharedConfigCredentials: /Users/adrianjohnson/.aws/credentials"
2024-04-16T14:02:04.911-0500 [DEBUG] sweeper.aws-base: Loading configuration: sweeper_region=us-west-2
2024/04/16 14:02:04 [DEBUG] sweeper: Creating AWS SDK v1 session: sweeper_region=us-west-2
2024/04/16 14:02:04 [DEBUG] sweeper: Retrieving AWS account details: sweeper_region=us-west-2
2024-04-16T14:02:04.912-0500 [DEBUG] sweeper.aws-base: Retrieving caller identity from STS: sweeper_region=us-west-2
2024-04-16T14:02:05.210-0500 [INFO]  sweeper.aws-base: Retrieved caller identity from STS: sweeper_region=us-west-2
2024/04/16 14:02:05 [INFO]  sweeper: No resources to sweep: sweeper_region=us-west-2
2024/04/16 14:02:05 [DEBUG] Completed Sweeper (aws_verifiedpermissions_policy_store) in region (us-west-2) in 622.552542ms
2024/04/16 14:02:05 Completed Sweepers for region (us-west-2) in 622.695292ms
2024/04/16 14:02:05 Sweeper Tests for region (us-west-2) ran successfully:
2024/04/16 14:02:05 	- aws_verifiedpermissions_policy_store
2024/04/16 14:02:05 [DEBUG] Running Sweepers for region (us-east-1):
2024/04/16 14:02:05 [DEBUG] Running Sweeper (aws_verifiedpermissions_policy_store) in region (us-east-1)
2024/04/16 14:02:05 [DEBUG] sweeper: Configuring Terraform AWS Provider: sweeper_region=us-east-1
2024-04-16T14:02:05.531-0500 [DEBUG] sweeper.aws-base: Resolving credentials provider: sweeper_region=us-east-1
2024-04-16T14:02:05.531-0500 [DEBUG] sweeper.aws-base: Using profile: sweeper_region=us-east-1 tf_aws.profile=default tf_aws.profile.source=envvar
2024-04-16T14:02:05.531-0500 [DEBUG] sweeper.aws-base: Loading configuration: sweeper_region=us-east-1
2024-04-16T14:02:05.532-0500 [DEBUG] sweeper.aws-base: Retrieving credentials: sweeper_region=us-east-1
2024-04-16T14:02:05.532-0500 [INFO]  sweeper.aws-base: Retrieved credentials: sweeper_region=us-east-1 tf_aws.credentials_source="SharedConfigCredentials: /Users/adrianjohnson/.aws/credentials"
2024-04-16T14:02:05.532-0500 [DEBUG] sweeper.aws-base: Loading configuration: sweeper_region=us-east-1
2024/04/16 14:02:05 [DEBUG] sweeper: Creating AWS SDK v1 session: sweeper_region=us-east-1
2024/04/16 14:02:05 [DEBUG] sweeper: Retrieving AWS account details: sweeper_region=us-east-1
2024-04-16T14:02:05.534-0500 [DEBUG] sweeper.aws-base: Retrieving caller identity from STS: sweeper_region=us-east-1
2024-04-16T14:02:05.747-0500 [INFO]  sweeper.aws-base: Retrieved caller identity from STS: sweeper_region=us-east-1
2024/04/16 14:02:06 [INFO]  sweeper: No resources to sweep: sweeper_region=us-east-1
2024/04/16 14:02:06 [DEBUG] Completed Sweeper (aws_verifiedpermissions_policy_store) in region (us-east-1) in 505.086916ms
2024/04/16 14:02:06 Completed Sweepers for region (us-east-1) in 505.156958ms
2024/04/16 14:02:06 Sweeper Tests for region (us-east-1) ran successfully:
2024/04/16 14:02:06 	- aws_verifiedpermissions_policy_store
2024/04/16 14:02:06 [DEBUG] Running Sweepers for region (us-east-2):
2024/04/16 14:02:06 [DEBUG] Running Sweeper (aws_verifiedpermissions_policy_store) in region (us-east-2)
2024/04/16 14:02:06 [DEBUG] sweeper: Configuring Terraform AWS Provider: sweeper_region=us-east-2
2024-04-16T14:02:06.037-0500 [DEBUG] sweeper.aws-base: Resolving credentials provider: sweeper_region=us-east-2
2024-04-16T14:02:06.037-0500 [DEBUG] sweeper.aws-base: Using profile: tf_aws.profile=default tf_aws.profile.source=envvar sweeper_region=us-east-2
2024-04-16T14:02:06.037-0500 [DEBUG] sweeper.aws-base: Loading configuration: sweeper_region=us-east-2
2024-04-16T14:02:06.038-0500 [DEBUG] sweeper.aws-base: Retrieving credentials: sweeper_region=us-east-2
2024-04-16T14:02:06.038-0500 [INFO]  sweeper.aws-base: Retrieved credentials: tf_aws.credentials_source="SharedConfigCredentials: /Users/adrianjohnson/.aws/credentials" sweeper_region=us-east-2
2024-04-16T14:02:06.038-0500 [DEBUG] sweeper.aws-base: Loading configuration: sweeper_region=us-east-2
2024/04/16 14:02:06 [DEBUG] sweeper: Creating AWS SDK v1 session: sweeper_region=us-east-2
2024/04/16 14:02:06 [DEBUG] sweeper: Retrieving AWS account details: sweeper_region=us-east-2
2024-04-16T14:02:06.040-0500 [DEBUG] sweeper.aws-base: Retrieving caller identity from STS: sweeper_region=us-east-2
2024-04-16T14:02:06.321-0500 [INFO]  sweeper.aws-base: Retrieved caller identity from STS: sweeper_region=us-east-2
2024/04/16 14:02:06 [INFO]  sweeper: No resources to sweep: sweeper_region=us-east-2
2024/04/16 14:02:06 [DEBUG] Completed Sweeper (aws_verifiedpermissions_policy_store) in region (us-east-2) in 487.411208ms
2024/04/16 14:02:06 Completed Sweepers for region (us-east-2) in 487.451833ms
2024/04/16 14:02:06 Sweeper Tests for region (us-east-2) ran successfully:
2024/04/16 14:02:06 	- aws_verifiedpermissions_policy_store
2024/04/16 14:02:06 [DEBUG] Running Sweepers for region (us-west-1):
2024/04/16 14:02:06 [DEBUG] Running Sweeper (aws_verifiedpermissions_policy_store) in region (us-west-1)
2024/04/16 14:02:06 [DEBUG] sweeper: Configuring Terraform AWS Provider: sweeper_region=us-west-1
2024-04-16T14:02:06.524-0500 [DEBUG] sweeper.aws-base: Resolving credentials provider: sweeper_region=us-west-1
2024-04-16T14:02:06.524-0500 [DEBUG] sweeper.aws-base: Using profile: sweeper_region=us-west-1 tf_aws.profile=default tf_aws.profile.source=envvar
2024-04-16T14:02:06.524-0500 [DEBUG] sweeper.aws-base: Loading configuration: sweeper_region=us-west-1
2024-04-16T14:02:06.525-0500 [DEBUG] sweeper.aws-base: Retrieving credentials: sweeper_region=us-west-1
2024-04-16T14:02:06.525-0500 [INFO]  sweeper.aws-base: Retrieved credentials: tf_aws.credentials_source="SharedConfigCredentials: /Users/adrianjohnson/.aws/credentials" sweeper_region=us-west-1
2024-04-16T14:02:06.526-0500 [DEBUG] sweeper.aws-base: Loading configuration: sweeper_region=us-west-1
2024/04/16 14:02:06 [DEBUG] sweeper: Creating AWS SDK v1 session: sweeper_region=us-west-1
2024/04/16 14:02:06 [DEBUG] sweeper: Retrieving AWS account details: sweeper_region=us-west-1
2024-04-16T14:02:06.527-0500 [DEBUG] sweeper.aws-base: Retrieving caller identity from STS: sweeper_region=us-west-1
2024-04-16T14:02:06.828-0500 [INFO]  sweeper.aws-base: Retrieved caller identity from STS: sweeper_region=us-west-1
2024/04/16 14:02:07 [INFO]  sweeper: No resources to sweep: sweeper_region=us-west-1
2024/04/16 14:02:07 [DEBUG] Completed Sweeper (aws_verifiedpermissions_policy_store) in region (us-west-1) in 550.828917ms
2024/04/16 14:02:07 Completed Sweepers for region (us-west-1) in 550.868292ms
2024/04/16 14:02:07 Sweeper Tests for region (us-west-1) ran successfully:
2024/04/16 14:02:07 	- aws_verifiedpermissions_policy_store
ok  	github.com/hashicorp/terraform-provider-aws/internal/sweep	7.175s

@johnsonaj
Copy link
Contributor 

% make testacc TESTARGS='-run=TestAccVerifiedPermissionsPolicy_' PKG=verifiedpermissions

==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.21.8 test ./internal/service/verifiedpermissions/... -v -count 1 -parallel 20  -run=TestAccVerifiedPermissionsPolicy_ -timeout 360m
--- PASS: TestAccVerifiedPermissionsPolicy_disappears (11.82s)
--- PASS: TestAccVerifiedPermissionsPolicy_basic (13.54s)
--- PASS: TestAccVerifiedPermissionsPolicy_templateLinked (14.70s)
--- PASS: TestAccVerifiedPermissionsPolicy_update (24.30s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/verifiedpermissions	29.577s

@johnsonaj johnsonaj force-pushed the f-aws_verifiedpermissions_policy branch from c6c4a29 to 92be836 Compare April 19, 2024 20:14
johnsonaj
johnsonaj approved these changes Apr 19, 2024
View reviewed changes
Copy link
Contributor

@johnsonaj johnsonaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

@johnsonaj
Copy link
Contributor

@filol thank you for the contribution! 🎉

@johnsonaj johnsonaj merged commit f2528d3 into hashicorp:main Apr 19, 2024
49 checks passed
@github-actions github-actions bot added this to the v5.47.0 milestone Apr 19, 2024
@github-actions github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Apr 26, 2024
@github-actions GitHub Actions
Copy link

This functionality has been released in v5.47.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions GitHub Actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 27, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@johnsonaj johnsonaj johnsonaj approved these changes

Assignees

@johnsonaj johnsonaj

Labels
documentation Introduces or discusses updates to documentation. new-resource Introduces a new resource. service/verifiedpermissions Issues and PRs that pertain to the verifiedpermissions service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v5.47.0
Development

Successfully merging this pull request may close these issues.

[New Resource]: aws_verifiedpermissions_policy
5 participants
@filol @hanoj-budime @dguisinger @johnsonaj @justinretzolk