Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue #6072 datasource/aws_iam_policy: lookup by name #6084

Merged
merged 10 commits into from
Apr 22, 2021

Conversation

saravanan30erd
Copy link
Contributor

Fixes #6072

Output from acceptance testing:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSDataSourceIAMPolicy_withName'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSDataSourceIAMPolicy_withName -timeout 120m
=== RUN   TestAccAWSDataSourceIAMPolicy_withName
--- PASS: TestAccAWSDataSourceIAMPolicy_withName (49.21s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws
...

@ghost ghost added size/M Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. service/iam Issues and PRs that pertain to the iam service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Oct 6, 2018
@bflad
Copy link
Contributor

bflad commented Oct 8, 2018

Hey @saravanan30erd! Thanks for submitting this. 😄 This functionality will be fun to implement as we may need to think about the design a little more. All these below are possible and valid ARNs that we would want to support for lookup via name (the aws is the account ID field below is literally aws):

arn:PARTITION:iam::ACCOUNTID:policy/NAME
arn:PARTITION:iam::ACCOUNTID:policy/PATH/NAME
arn:PARTITION:iam::aws:policy/NAME # e.g. arn:aws:iam::aws:policy/AmazonRDSFullAccess
arn:PARTITION:iam::aws:policy/aws-service-role/NAME # e.g. arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy
arn:PARTITION:iam::aws:policy/service-role/NAME # e.g. arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole

The answer may be to perform the lookup via ListPolicies instead when searching by name and match against all of the PolicyNames returned by that (returning an error if more than 1 is found), but we definitely will need to come up with a solution to this problem before accepting this.

@bflad bflad added the waiting-response Maintainers are waiting on response from community or contributor. label Oct 8, 2018
@saravanan30erd
Copy link
Contributor Author

will look on it.

@saravanan30erd
Copy link
Contributor Author

@bflad covered all the possible ARNs when using name

@saravanan30erd
Copy link
Contributor Author

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSDataSourceIAMPolicy_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -run=TestAccAWSDataSourceIAMPolicy_ -timeout 120m
=== RUN TestAccAWSDataSourceIAMPolicy_basic
--- PASS: TestAccAWSDataSourceIAMPolicy_basic (48.97s)
=== RUN TestAccAWSDataSourceIAMPolicy_withName
--- PASS: TestAccAWSDataSourceIAMPolicy_withName (67.14s)
=== RUN TestAccAWSDataSourceIAMPolicy_withPath
--- PASS: TestAccAWSDataSourceIAMPolicy_withPath (47.69s)
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws 163.836s

@ghost ghost added size/L Managed by automation to categorize the size of a PR. and removed size/M Managed by automation to categorize the size of a PR. labels Oct 13, 2018
@bflad bflad removed the waiting-response Maintainers are waiting on response from community or contributor. label Oct 14, 2018
@saravanan30erd
Copy link
Contributor Author

@bflad anything needed to push this in?

@aeschright aeschright requested a review from a team June 25, 2019 21:35
@edwardbartholomew
Copy link
Contributor

This PR seems to have fallen through the cracks but I feel would be valuable addition to the provider. Is there any chance for a review @bflad @aeschright ?

@aeschright aeschright added the enhancement Requests to existing resources that expand the functionality or scope. label Sep 12, 2019
@anGie44
Copy link
Contributor

anGie44 commented Jul 1, 2020

hi @saravanan30erd, thanks again for creating this PR and apologies for not reaching out sooner! before creating another holistic review of the work here, do you mind rebasing to sync up with the changes from master as it's been quite some time?

@anGie44 anGie44 added the waiting-response Maintainers are waiting on response from community or contributor. label Jul 1, 2020
@saravanan30erd
Copy link
Contributor Author

@anGie44 rebased with master.

@ghost ghost removed the waiting-response Maintainers are waiting on response from community or contributor. label Jul 25, 2020
@teamterraform
Copy link

Notification of Recent and Upcoming Changes to Contributions

Thank you for this contribution! There have been a few recent development changes that affect this pull request. We apologize for the inconvenience, especially if there have been long review delays up until now. Please note that this is automated message from an unmonitored account. See the FAQ for additional information on the maintainer team and review prioritization.

If you are unable to complete these updates, please leave a comment for the community and maintainers so someone can potentially continue the work. The maintainers will encourage other contributors to use the existing contribution as the base for additional changes as appropriate. Otherwise, contributions that do not receive updated code or comments from the original contributor may be closed in the future so the maintainers can focus on active items.

For the most up to date information about Terraform AWS Provider development, see the Contributing Guide. Additional technical debt changes can be tracked with the technical-debt label on issues.

As part of updating a pull request with these changes, the most current unit testing and linting will run. These may report issues that were not previously reported.

Action Required: Terraform 0.12 Syntax

Reference: #8950
Reference: #14417

Version 3 and later of the Terraform AWS Provider, which all existing contributions would potentially be added, only supports Terraform 0.12 and later. Certain syntax elements of Terraform 0.11 and earlier show deprecation warnings during runs with Terraform 0.12. Documentation and test configurations, such as those including deprecated string interpolations (some_attribute = "${aws_service_thing.example.id}") should be updated to the newer syntax (some_attribute = aws_service_thing.example.id). Contribution testing will automatically fail on older syntax in the near future. Please see the referenced issues for additional information.

Action Required: Terraform Plugin SDK Version 2

Reference: #14551

The Terraform AWS Provider has been upgraded to the latest version of the Terraform Plugin SDK. Generally, most changes to contributions should only involve updating Go import paths in source code files. Please see the referenced issue for additional information.

Removal of website/aws.erb File

Reference: #14712

Any changes to the website/aws.erb file are no longer necessary and should be removed from this contribution to prevent merge issues in the near future when the file is removed from the repository. Please see the referenced issue for additional information.

Upcoming Change of Git Branch Naming

Reference: #14292

Development environments will need their upstream Git branch updated from master to main in the near future. Please see the referenced issue for additional information and scheduling.

Upcoming Change of GitHub Organization

Reference: #14715

This repository will be migrating from https://github.com/terraform-providers/terraform-provider-aws to https://github.com/hashicorp/terraform-provider-aws. No practitioner or developer action is anticipated and most GitHub functionality will automatically redirect to the new location. Go import paths including terraform-providers can remain for now. Please see the referenced issue for additional information and scheduling.

Base automatically changed from master to main January 23, 2021 00:55
@breathingdust breathingdust requested a review from a team as a code owner January 23, 2021 00:55
@anGie44
Copy link
Contributor

anGie44 commented Apr 22, 2021

Hi @saravanan30erd , thank you again for this PR and apologies for the delay! Because it's been quite some time and contribution requirements have changed, I'm going to take the work you have here and bring it up to passing our CI checks in addition to refactoring the policy search method to enable use of the List Policies API method with additional filtering by name, arn, and/or path-prefix. The tests have been updated as well to use new naming/config conventions.

Output from acceptance tests (commerical):

--- PASS: TestAccAWSDataSourceIAMPolicy_NonExistent (2.74s)
--- PASS: TestAccAWSDataSourceIAMPolicy_NameAndPathPrefix (12.08s)
--- PASS: TestAccAWSDataSourceIAMPolicy_Arn (17.06s)
--- PASS: TestAccAWSDataSourceIAMPolicy_Name (17.17s)
--- PASS: TestPolicySearchDetails (0.00s)
    --- PASS: TestPolicySearchDetails/#00 (0.00s)
    --- PASS: TestPolicySearchDetails/#01 (0.00s)
    --- PASS: TestPolicySearchDetails/tf-acc-test-policy (0.00s)
    --- PASS: TestPolicySearchDetails/#02 (0.00s)
    --- PASS: TestPolicySearchDetails/tf-acc-test-policy#01 (0.00s)
    --- PASS: TestPolicySearchDetails/#03 (0.00s)
    --- PASS: TestPolicySearchDetails/tf-acc-test-policy#02 (0.00s)
    --- PASS: TestPolicySearchDetails/tf-acc-test-policy#03 (0.00s)

@ghost ghost added size/XL Managed by automation to categorize the size of a PR. and removed size/L Managed by automation to categorize the size of a PR. labels Apr 22, 2021
@anGie44 anGie44 force-pushed the issue-6072 branch 4 times, most recently from cccfaf1 to c0905ee Compare April 22, 2021 14:39
Copy link
Contributor

@anGie44 anGie44 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many thanks @saravanan30erd 🚀 !

Output of acceptance tests:

--- PASS: TestAccAWSDataSourceIAMPolicy_NonExistent (3.02s)
--- PASS: TestAccAWSDataSourceIAMPolicy_NameAndPathPrefix (12.49s)
--- PASS: TestAccAWSDataSourceIAMPolicy_Arn (17.09s)
--- PASS: TestAccAWSDataSourceIAMPolicy_Name (17.15s)
--- PASS: TestPolicySearchDetails (0.00s)
    --- PASS: TestPolicySearchDetails/#00 (0.00s)
    --- PASS: TestPolicySearchDetails/#01 (0.00s)
    --- PASS: TestPolicySearchDetails/tf-acc-test-policy (0.00s)
    --- PASS: TestPolicySearchDetails/#02 (0.00s)
    --- PASS: TestPolicySearchDetails/tf-acc-test-policy#01 (0.00s)
    --- PASS: TestPolicySearchDetails/#03 (0.00s)
    --- PASS: TestPolicySearchDetails/tf-acc-test-policy#02 (0.00s)
    --- PASS: TestPolicySearchDetails/tf-acc-test-policy#03 (0.00s)

@anGie44 anGie44 merged commit cd28d3f into hashicorp:main Apr 22, 2021
@ghost
Copy link

ghost commented Apr 30, 2021

This has been released in version 3.38.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 31, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. service/iam Issues and PRs that pertain to the iam service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

datasource/aws_iam_policy: lookup by name
6 participants