-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New resource: aws_verifiedaccess_group
#33297
New resource: aws_verifiedaccess_group
#33297
Conversation
Community NoteVoting for Prioritization
For Submitters
|
aws_verifiedaccess_group
Requires #33459. |
# Conflicts: # internal/service/ec2/errors.go # internal/service/ec2/service_package_gen.go
% make testacc TESTARGS='-run=TestAccVerifiedAccessGroup_basic' PKG=ec2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 20 -run=TestAccVerifiedAccessGroup_basic -timeout 180m
=== RUN TestAccVerifiedAccessGroup_basic
=== PAUSE TestAccVerifiedAccessGroup_basic
=== CONT TestAccVerifiedAccessGroup_basic
verifiedaccess_group_test.go:25: Step 1/2 error: Error running apply: exit status 1
Error: creating Verified Access Group: operation error EC2: CreateVerifiedAccessGroup, https response error StatusCode: 400, RequestID: 2312b462-547e-4588-9f1b-f00d9ffe30a7, api error InvalidParameterValue: Must attach a TrustProvider to Instance vai-0f22af219faae53fa before you can create a Group
with aws_verifiedaccess_group.test,
on terraform_plugin_test.tf line 8, in resource "aws_verifiedaccess_group" "test":
8: resource "aws_verifiedaccess_group" "test" {
--- FAIL: TestAccVerifiedAccessGroup_basic (12.26s)
FAIL
FAIL github.com/hashicorp/terraform-provider-aws/internal/service/ec2 17.603s
FAIL
make: *** [testacc] Error 1 |
Also requires #33734 since the verified access group can't be created without a trust provider being attached to the instance. Relevant error message:
With the
|
aws_verifiedaccess_group
aws_verifiedaccess_group
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🚀.
% make testacc TESTARGS='-run=TestAccVerifiedAccessGroup_' PKG=ec2 ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 2 -run=TestAccVerifiedAccessGroup_ -timeout 360m
=== RUN TestAccVerifiedAccessGroup_basic
=== PAUSE TestAccVerifiedAccessGroup_basic
=== RUN TestAccVerifiedAccessGroup_disappears
=== PAUSE TestAccVerifiedAccessGroup_disappears
=== RUN TestAccVerifiedAccessGroup_tags
=== PAUSE TestAccVerifiedAccessGroup_tags
=== RUN TestAccVerifiedAccessGroup_policy
=== PAUSE TestAccVerifiedAccessGroup_policy
=== CONT TestAccVerifiedAccessGroup_basic
=== CONT TestAccVerifiedAccessGroup_tags
--- PASS: TestAccVerifiedAccessGroup_basic (31.18s)
=== CONT TestAccVerifiedAccessGroup_disappears
--- PASS: TestAccVerifiedAccessGroup_disappears (25.03s)
=== CONT TestAccVerifiedAccessGroup_policy
--- PASS: TestAccVerifiedAccessGroup_tags (68.59s)
--- PASS: TestAccVerifiedAccessGroup_policy (28.41s)
PASS
ok github.com/hashicorp/terraform-provider-aws/internal/service/ec2 90.212s
This functionality has been released in v5.21.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
When a group is created and we want to add policy I have below error message: # aws_verifiedaccess_group.monitoring will be updated in-place
~ resource "aws_verifiedaccess_group" "monitoring" {
id = "vagr-XYZ"
+ policy_document = <<-EOT
permit(principal,action,resource)
when {
context.test.groups has "XYZ" || context.test.user.email.address like "*@FOOBAR"
};
EOT
tags = {
"Environment" = "monitoring"
"Name" = "monitoring-ava-group"
"system" = "core"
}
# (7 unchanged attributes hidden)
}
...
│ Error: updating Verified Access Group (vagr-043f49684c52f3afb) policy: operation error EC2: ModifyVerifiedAccessGroupPolicy, https response error StatusCode: 400, RequestID: ed72eee9-3fcc-4c2b-8a7b-d492d16d7a4e, api error InvalidParameterValue: Policy Document cannot be provided when Policy Enabled is false or missing When I create group with policy already included, there is no problem. There is no variable to enable/disable policy so I'd assume it's a bug atm? |
Having a look @evilr00t - I can reproduce the behavior. |
@evilr00t Can you open up a bug report so that I can reference that in the PR for the fix? |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Description
Adds support for the Verified Access Group resource.
This PR is a draft since, for proper acceptance testing, the verified access instance and verified access trust provider resources are required. Currently acceptance testing is done by deploying a trust provider and verified access instance in the console and then setting the id in the tests.
Relations
Relates #29689
Depends on #33195
Depends on #29742
References
Link to API reference
Output from Acceptance Testing