resource/aws_iam_oidc_provider: Add tagging support + validations + s…

…weeper (#17964) Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAWSIAMOpenIDConnectProvider_disappears (10.03s) --- PASS: TestAccAWSIAMOpenIDConnectProvider_basic (20.50s) --- PASS: TestAccAWSIAMOpenIDConnectProvider_tags (32.26s) ``` Output from acceptance testing in AWS GovCloud (US): ``` --- PASS: TestAccAWSIAMOpenIDConnectProvider_disappears (15.58s) --- PASS: TestAccAWSIAMOpenIDConnectProvider_basic (36.70s) --- PASS: TestAccAWSIAMOpenIDConnectProvider_tags (47.27s) ```
hashicorp · Mar 25, 2021 · 9bdfe01 · 9bdfe01
1 parent 93658ed
commit 9bdfe01
Show file tree

Hide file tree

Showing 5 changed files with 216 additions and 37 deletions.
diff --git a/.changelog/17964.txt b/.changelog/17964.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/aws_iam_openid_connect_provider: Add tagging support
+```
+
+```release-note:enhancement
+resource/aws_iam_openid_connect_provider: Add plan time validation for `client_id_list` and `thumbprint_list`
+```
diff --git a/aws/internal/keyvaluetags/iam_tags.go b/aws/internal/keyvaluetags/iam_tags.go
@@ -81,6 +81,41 @@ func IamUserUpdateTags(conn *iam.IAM, identifier string, oldTagsMap interface{},
 	return nil
 }
 
+// IamOpenIDConnectProviderUpdateTags updates IAM OpenID Connect Provider tags.
+// The identifier is the OpenID Connect Provider ARN.
+func IamOpenIDConnectProviderUpdateTags(conn *iam.IAM, identifier string, oldTagsMap interface{}, newTagsMap interface{}) error {
+	oldTags := New(oldTagsMap)
+	newTags := New(newTagsMap)
+
+	if removedTags := oldTags.Removed(newTags); len(removedTags) > 0 {
+		input := &iam.UntagOpenIDConnectProviderInput{
+			OpenIDConnectProviderArn: aws.String(identifier),
+			TagKeys:                  aws.StringSlice(removedTags.Keys()),
+		}
+
+		_, err := conn.UntagOpenIDConnectProvider(input)
+
+		if err != nil {
+			return fmt.Errorf("error untagging resource (%s): %w", identifier, err)
+		}
+	}
+
+	if updatedTags := oldTags.Updated(newTags); len(updatedTags) > 0 {
+		input := &iam.TagOpenIDConnectProviderInput{
+			OpenIDConnectProviderArn: aws.String(identifier),
+			Tags:                     updatedTags.IgnoreAws().IamTags(),
+		}
+
+		_, err := conn.TagOpenIDConnectProvider(input)
+
+		if err != nil {
+			return fmt.Errorf("error tagging resource (%s): %w", identifier, err)
+		}
+	}
+
+	return nil
+}
+
 // IamSAMLProviderUpdateTags updates IAM SAML Provider tags.
 // The identifier is the SAML Provider ARN.
 func IamSAMLProviderUpdateTags(conn *iam.IAM, identifier string, oldTagsMap interface{}, newTagsMap interface{}) error {

diff --git a/aws/resource_aws_iam_openid_connect_provider.go b/aws/resource_aws_iam_openid_connect_provider.go
@@ -7,6 +7,8 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/iam"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
 )
 
 func resourceAwsIamOpenIDConnectProvider() *schema.Resource {
@@ -32,30 +34,38 @@ func resourceAwsIamOpenIDConnectProvider() *schema.Resource {
 				DiffSuppressFunc: suppressOpenIdURL,
 			},
 			"client_id_list": {
-				Elem:     &schema.Schema{Type: schema.TypeString},
+				Elem: &schema.Schema{
+					Type:         schema.TypeString,
+					ValidateFunc: validation.StringLenBetween(1, 255),
+				},
 				Type:     schema.TypeList,
 				Required: true,
 				ForceNew: true,
 			},
 			"thumbprint_list": {
-				Elem:     &schema.Schema{Type: schema.TypeString},
+				Elem: &schema.Schema{
+					Type:         schema.TypeString,
+					ValidateFunc: validation.StringLenBetween(40, 40),
+				},
 				Type:     schema.TypeList,
 				Required: true,
 			},
+			"tags": tagsSchema(),
 		},
 	}
 }
 
 func resourceAwsIamOpenIDConnectProviderCreate(d *schema.ResourceData, meta interface{}) error {
-	iamconn := meta.(*AWSClient).iamconn
+	conn := meta.(*AWSClient).iamconn
 
 	input := &iam.CreateOpenIDConnectProviderInput{
 		Url:            aws.String(d.Get("url").(string)),
 		ClientIDList:   expandStringList(d.Get("client_id_list").([]interface{})),
 		ThumbprintList: expandStringList(d.Get("thumbprint_list").([]interface{})),
+		Tags:           keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().IamTags(),
 	}
 
-	out, err := iamconn.CreateOpenIDConnectProvider(input)
+	out, err := conn.CreateOpenIDConnectProvider(input)
 	if err != nil {
 		return fmt.Errorf("error creating IAM OIDC Provider: %w", err)
 	}
@@ -66,12 +76,13 @@ func resourceAwsIamOpenIDConnectProviderCreate(d *schema.ResourceData, meta inte
 }
 
 func resourceAwsIamOpenIDConnectProviderRead(d *schema.ResourceData, meta interface{}) error {
-	iamconn := meta.(*AWSClient).iamconn
+	conn := meta.(*AWSClient).iamconn
+	ignoreTagsConfig := meta.(*AWSClient).IgnoreTagsConfig
 
 	input := &iam.GetOpenIDConnectProviderInput{
 		OpenIDConnectProviderArn: aws.String(d.Id()),
 	}
-	out, err := iamconn.GetOpenIDConnectProvider(input)
+	out, err := conn.GetOpenIDConnectProvider(input)
 	if isAWSErr(err, iam.ErrCodeNoSuchEntityException, "") {
 		log.Printf("[WARN] IAM OIDC Provider (%s) not found, removing from state", d.Id())
 		d.SetId("")
@@ -86,34 +97,46 @@ func resourceAwsIamOpenIDConnectProviderRead(d *schema.ResourceData, meta interf
 	d.Set("client_id_list", flattenStringList(out.ClientIDList))
 	d.Set("thumbprint_list", flattenStringList(out.ThumbprintList))
 
+	if err := d.Set("tags", keyvaluetags.IamKeyValueTags(out.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
+		return fmt.Errorf("error setting tags: %w", err)
+	}
+
 	return nil
 }
 
 func resourceAwsIamOpenIDConnectProviderUpdate(d *schema.ResourceData, meta interface{}) error {
-	iamconn := meta.(*AWSClient).iamconn
+	conn := meta.(*AWSClient).iamconn
 
 	if d.HasChange("thumbprint_list") {
 		input := &iam.UpdateOpenIDConnectProviderThumbprintInput{
 			OpenIDConnectProviderArn: aws.String(d.Id()),
 			ThumbprintList:           expandStringList(d.Get("thumbprint_list").([]interface{})),
 		}
 
-		_, err := iamconn.UpdateOpenIDConnectProviderThumbprint(input)
+		_, err := conn.UpdateOpenIDConnectProviderThumbprint(input)
 		if err != nil {
 			return fmt.Errorf("error updating IAM OIDC Provider (%s) thumbprint: %w", d.Id(), err)
 		}
 	}
 
+	if d.HasChange("tags") {
+		o, n := d.GetChange("tags")
+
+		if err := keyvaluetags.IamOpenIDConnectProviderUpdateTags(conn, d.Id(), o, n); err != nil {
+			return fmt.Errorf("error updating tags for IAM OIDC Provider (%s): %w", d.Id(), err)
+		}
+	}
+
 	return resourceAwsIamOpenIDConnectProviderRead(d, meta)
 }
 
 func resourceAwsIamOpenIDConnectProviderDelete(d *schema.ResourceData, meta interface{}) error {
-	iamconn := meta.(*AWSClient).iamconn
+	conn := meta.(*AWSClient).iamconn
 
 	input := &iam.DeleteOpenIDConnectProviderInput{
 		OpenIDConnectProviderArn: aws.String(d.Id()),
 	}
-	_, err := iamconn.DeleteOpenIDConnectProvider(input)
+	_, err := conn.DeleteOpenIDConnectProvider(input)
 	if isAWSErr(err, iam.ErrCodeNoSuchEntityException, "") {
 		return nil
 	}