Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

r/aws_iam_role_policies_exclusive: new resource #39203

Merged
merged 3 commits into from
Sep 17, 2024
Merged

r/aws_iam_role_policies_exclusive: new resource #39203

merged 3 commits into from
Sep 17, 2024
+703 −4

Conversation

jar-b
Copy link
Member

@jar-b jar-b commented Sep 6, 2024
edited
Loading

Description

This resource will enable exclusive management of inline policy assignments to an IAM role. This functions similar to the inline_policy blocks when defined on the aws_iam_role resource, but as a standalone resource.

Relations

Relates #22336
Relates #39204

References

Output from Acceptance Testing

% make testacc PKG=iam TESTS=TestAccIAMRolePoliciesExclusive_
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.0 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMRolePoliciesExclusive_'  -timeout 360m

--- PASS: TestAccIAMRolePoliciesExclusive_empty (13.72s)
--- PASS: TestAccIAMRolePoliciesExclusive_disappears_Role (13.72s)
--- PASS: TestAccIAMRolePoliciesExclusive_basic (15.84s)
--- PASS: TestAccIAMRolePoliciesExclusive_multiple (24.25s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/iam        30.454s

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 6, 2024

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/iam Issues and PRs that pertain to the iam service. generators Relates to code generators. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. labels Sep 6, 2024
@jar-b jar-b mentioned this pull request Sep 6, 2024
Merged
@jar-b jar-b force-pushed the f-iam_role_policies_lock branch 2 times, most recently from 12adef9 to d43f0d7 Compare September 9, 2024 20:48
@jar-b jar-b mentioned this pull request Sep 10, 2024
Closed
@jar-b
r/aws_iam_role_policies_exclusive: new resource
b021a90 
This resource will enable exclusive management of inline policy assignments to an IAM role. This functions similar to the `inline_policy` blocks when defined on the `aws_iam_role` resource, but as a standalone resource.

```console
% make testacc PKG=iam TESTS=TestAccIAMRolePoliciesExclusive_
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.0 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMRolePoliciesExclusive_'  -timeout 360m

--- PASS: TestAccIAMRolePoliciesExclusive_empty (13.72s)
--- PASS: TestAccIAMRolePoliciesExclusive_disappears_Role (13.72s)
--- PASS: TestAccIAMRolePoliciesExclusive_basic (15.84s)
--- PASS: TestAccIAMRolePoliciesExclusive_multiple (24.25s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/iam        30.454s
```
@jar-b
r/aws_iam_role: deprecate inline_policy argument
322dbf3 
With the introduction of the `aws_iam_role_policies_exclusive` resource, the provider now has parity with the behavior of the existing `inline_policy` argument. To encourage a single pattern for managing inline policy associations, the inline argument on the role resource is now deprecated. Due to this resources popularity it is undetermined whether the argument will be fully removed in a future major version, but the deprecation warning allows maintainers to direct users to a preferred pattern.
@jar-b jar-b marked this pull request as ready for review September 16, 2024 20:28
@jar-b jar-b requested a review from a team as a code owner September 16, 2024 20:28
YakDriver
YakDriver approved these changes Sep 17, 2024
View reviewed changes
Copy link
Member

@YakDriver YakDriver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd add more tests and not use "lock." Otherwise, looks good!

% make t T=TestAccIAMRolePoliciesExclusive_ K=iam
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.6 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMRolePoliciesExclusive_'  -timeout 360m
=== RUN   TestAccIAMRolePoliciesExclusive_basic
=== PAUSE TestAccIAMRolePoliciesExclusive_basic
=== RUN   TestAccIAMRolePoliciesExclusive_disappears_Role
=== PAUSE TestAccIAMRolePoliciesExclusive_disappears_Role
=== RUN   TestAccIAMRolePoliciesExclusive_multiple
=== PAUSE TestAccIAMRolePoliciesExclusive_multiple
=== RUN   TestAccIAMRolePoliciesExclusive_empty
=== PAUSE TestAccIAMRolePoliciesExclusive_empty
=== CONT  TestAccIAMRolePoliciesExclusive_basic
=== CONT  TestAccIAMRolePoliciesExclusive_multiple
=== CONT  TestAccIAMRolePoliciesExclusive_empty
=== CONT  TestAccIAMRolePoliciesExclusive_disappears_Role
--- PASS: TestAccIAMRolePoliciesExclusive_disappears_Role (17.93s)
--- PASS: TestAccIAMRolePoliciesExclusive_empty (18.03s)
--- PASS: TestAccIAMRolePoliciesExclusive_basic (19.61s)
--- PASS: TestAccIAMRolePoliciesExclusive_multiple (30.24s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/iam	35.400s

internal/service/iam/exports_test.go Outdated Show resolved Hide resolved
internal/service/iam/role_policies_exclusive_test.go Show resolved Hide resolved
@jar-b
r/aws_iam_role_policies_exclusive(test): add out of band tests
2587303 
Adds tests to cover out of band additions and removals of inline policies.

```console
% make testacc PKG=iam TESTS=TestAccIAMRolePoliciesExclusive_
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.6 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMRolePoliciesExclusive_'  -timeout 360m

--- PASS: TestAccIAMRolePoliciesExclusive_empty (15.28s)
--- PASS: TestAccIAMRolePoliciesExclusive_disappears_Role (15.33s)
--- PASS: TestAccIAMRolePoliciesExclusive_basic (17.58s)
--- PASS: TestAccIAMRolePoliciesExclusive_outOfBandAddition (24.33s)
--- PASS: TestAccIAMRolePoliciesExclusive_outOfBandRemoval (24.34s)
--- PASS: TestAccIAMRolePoliciesExclusive_multiple (26.37s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/iam        32.643s
```
@jar-b jar-b merged commit 17421e6 into main Sep 17, 2024
41 checks passed
@jar-b jar-b deleted the f-iam_role_policies_lock branch September 17, 2024 19:27
@github-actions github-actions bot added this to the v5.68.0 milestone Sep 17, 2024
terraform-aws-provider bot pushed a commit that referenced this pull request Sep 17, 2024
Update CHANGELOG.md for #39203
e4a4635
@jar-b jar-b mentioned this pull request Sep 18, 2024
Open
13 tasks
@github-actions github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Sep 20, 2024
@github-actions GitHub Actions
Copy link

This functionality has been released in v5.68.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

This was referenced Sep 20, 2024
Closed
Merged
This was referenced Sep 26, 2024
Open
Open
@github-actions GitHub Actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@YakDriver YakDriver YakDriver approved these changes

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. generators Relates to code generators. service/iam Issues and PRs that pertain to the iam service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v5.68.0
Development

Successfully merging this pull request may close these issues.
2 participants
@jar-b @YakDriver