-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New resource: aws_iot_policy_attachment #5864
New resource: aws_iot_policy_attachment #5864
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @spirius 👋 Thanks for submitting this! Its off to a good start. Can you see the below initial feedback and let us know if you have any questions or do not have time to implement them?
target := rs.Primary.Attributes["target"] | ||
policyName := rs.Primary.Attributes["policy"] | ||
|
||
out, err := conn.ListAttachedPolicies(&iot.ListAttachedPoliciesInput{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This appears it should be using listIotPolicyAttachmentPages
to properly paginate. 👍
if err != nil { | ||
return fmt.Errorf("Error: Failed to get attached policies for target %s (%s)", target, n) | ||
} | ||
if len(out.Policies) != c { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Exists
acceptance test function should only concern itself with the singular target <-> policy attachment the resource manages.
|
||
} | ||
|
||
func testAccCheckAWSIotPolicyAttchmentDestroy_basic(s *terraform.State) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This testAccCheckAWSIotPolicyAttchmentDestroy_basic
function should be renamed testAccCheckAWSIotPolicyAttchmentDestroy
and perform a check that each resource that defined attachments have been removed as expected:
func testAccCheckAWSIotPolicyAttchmentDestroy(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).iotconn
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_iot_policy_attachment" {
continue
}
input := &iot.ListAttachedPoliciesInput{
PageSize: aws.Int64(250),
Recursive: aws.Bool(false),
Target: aws.String(rs.Primary.Attributes["target"]),
}
var policy *iot.Policy
err := listIotPolicyAttachmentPages(conn, input, /* ... */)
if err != nil {
return err
}
if policy == nil {
continue
}
return fmt.Errorf("IOT Policy Attachment (%s) still exists", d.Id())
}
return nil
}
|
||
var policy *iot.Policy | ||
|
||
err := listIotPolicyAttachmentPages(conn, &iot.ListAttachedPoliciesInput{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems it might make sense to create a wrapper function that encapsulates this logic since it will be needed multiple times, e.g.
func getIotPolicyAttachment(conn, target, policyName) (*iot.Policy, error) {
var policy *iot.Policy
input := &iot.ListAttachedPoliciesInput{
PageSize: aws.Int64(250),
Recursive: aws.Bool(false),
Target: aws.String(target),
}
err := listIotPolicyAttachmentPages(conn, input, func(out *iot.ListAttachedPoliciesOutput, lastPage bool) bool {
for _, att := range out.Policies {
if policyName == aws.StringValue(att.PolicyName) {
policy = att
return false
}
}
return true
})
return policy, err
}
}) | ||
|
||
if err != nil { | ||
log.Printf("[ERROR] Error attaching policy %s to target %s: %s", policyName, target, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: instead of logging the error message, it would be more helpful to return it so operators see it without enabling logging:
if err != nil {
return fmt.Errorf("error attaching policy %s to target %s: %s", policyName, target, err)
}
|
||
if err != nil { | ||
log.Printf("[ERROR] Error listing policy attachments for target %s: %s", target, err) | ||
return err |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: Same here regarding error messages:
if err != nil {
return fmt.Errorf("error listing policy attachments for target %s: %s", target, err)
}
}) | ||
|
||
if err != nil { | ||
log.Printf("[ERROR] Error detaching policy %s from target %s: %s", policyName, target, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: Same here regarding error messages:
if err != nil {
return fmt.Errorf("error detaching policy %s from target %s: %s", policyName, target, err)
}
hi @bflad, thanks for the review, I will update the PR and let you know |
…add destruction check in tests
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's get this in, thanks @spirius! 🚀
--- PASS: TestAccAWSIotPolicyAttachment_basic (14.58s)
This has been released in version 1.42.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Added aws_iot_policy_attachment resource.
Test results: