resource/aws_accessanalyzer_analyzer: Support ORGANIZATION value in type argument

[bflad]

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #12593

Release note for CHANGELOG:

* resource/aws_accessanalyzer_analyzer: Support `ORGANIZATION` value in `type` argument

Output from acceptance testing in Organizations testing account:

--- PASS: TestAccAWSAccessAnalyzer_serial (344.90s)
    --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer (344.90s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/basic (10.64s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/disappears (7.41s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Tags (22.00s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization (304.86s)

[anGie44]

Just a couple q's otherwise LGTM

Output of acceptance tests:

--- PASS: TestAccAWSAccessAnalyzer_serial (333.17s)
    --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer (333.17s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Tags (28.02s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization (286.18s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/basic (10.91s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/disappears (8.06s)

[anGie44]

how do we feel about adding Forces new resource to (Optional) in docs? i've seen it in some places but not strictly everywhere where applicable. this could be a good place since the schema has changed for this attribute but also could apply to the analyzer_name argument

[bflad]

I'd say the convention to exclude that information in the resource documentation is more typical for two reasons:

• The terraform plan/apply output authoritatively shows when and where resource recreation behavior occurs (except of course the TypeSet weirdness we were looking at earlier 😬 )
• Previous changes to remove ForceNew and support in-place updates where it was documented tended to be forgotten since the information is atypical and changes more frequently than Optional vs Required, so quite a few followup documentation PRs were necessary to bring things up to date

That's not to say we shouldn't do it -- just some insight on the subject. When the provider documentation is more automatically generated based on the schema, I think that will be a good inflection point on whether or not its worth including more holistically across all resources, since then the change will theoretically be trivial.

[anGie44]

should we consider keeping this check to skip this test instead of failing? 🤔

[bflad]

Oi! Good catch. Extraneous code comment there.

[bflad]

Rebased with that comment line fixed and re-verified:

Standalone account:

=== RUN   TestAccAWSAccessAnalyzer_serial
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/basic
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/disappears
    TestAccAWSAccessAnalyzer_serial/Analyzer/disappears: resource_aws_accessanalyzer_analyzer_test.go:52: [INFO] Got non-empty plan, as expected
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/Tags
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization
--- PASS: TestAccAWSAccessAnalyzer_serial (313.73s)
    --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer (313.73s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/basic (11.92s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/disappears (8.58s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Tags (30.25s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization (262.98s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	314.629s

Organizations member account:

=== RUN   TestAccAWSAccessAnalyzer_serial
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/basic
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/disappears
    TestAccAWSAccessAnalyzer_serial/Analyzer/disappears: resource_aws_accessanalyzer_analyzer_test.go:52: [INFO] Got non-empty plan, as expected
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/Tags
=== RUN   TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization
    TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization: provider_test.go:559: skipping tests; this AWS account must not be an existing member of an AWS Organization
--- PASS: TestAccAWSAccessAnalyzer_serial (52.58s)
    --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer (52.58s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/basic (12.36s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/disappears (8.62s)
        --- PASS: TestAccAWSAccessAnalyzer_serial/Analyzer/Tags (30.35s)
        --- SKIP: TestAccAWSAccessAnalyzer_serial/Analyzer/Type_Organization (1.26s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	54.814s

[ghost]

This has been released in version 3.2.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!