From 6196205c0dc5693f147317bed5b961e57b896874 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Wed, 26 May 2021 16:56:42 +0300 Subject: [PATCH 1/2] add validations --- aws/resource_aws_iam_role.go | 17 ++++++++++------- ...rce_aws_iam_role_policy_attachment_test.go | 2 +- aws/resource_aws_iam_role_test.go | 19 +------------------ 3 files changed, 12 insertions(+), 26 deletions(-) diff --git a/aws/resource_aws_iam_role.go b/aws/resource_aws_iam_role.go index d19cd23568d..5d6ed0d5ac8 100644 --- a/aws/resource_aws_iam_role.go +++ b/aws/resource_aws_iam_role.go @@ -63,16 +63,17 @@ func resourceAwsIamRole() *schema.Resource { }, "path": { - Type: schema.TypeString, - Optional: true, - Default: "/", - ForceNew: true, + Type: schema.TypeString, + Optional: true, + Default: "/", + ForceNew: true, + ValidateFunc: validation.StringLenBetween(1, 512), }, "permissions_boundary": { Type: schema.TypeString, Optional: true, - ValidateFunc: validation.StringLenBetween(0, 2048), + ValidateFunc: validateArn, }, "description": { @@ -141,8 +142,10 @@ func resourceAwsIamRole() *schema.Resource { Type: schema.TypeSet, Optional: true, Computed: true, - Elem: &schema.Schema{Type: schema.TypeString}, - Set: schema.HashString, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validateArn, + }, }, }, diff --git a/aws/resource_aws_iam_role_policy_attachment_test.go b/aws/resource_aws_iam_role_policy_attachment_test.go index 47e543836c7..2e8fa22aedd 100644 --- a/aws/resource_aws_iam_role_policy_attachment_test.go +++ b/aws/resource_aws_iam_role_policy_attachment_test.go @@ -109,7 +109,7 @@ func TestAccAWSRolePolicyAttachment_disappears_Role(t *testing.T) { testAccCheckAWSRolePolicyAttachmentExists(resourceName, 1, &attachedRolePolicies), // DeleteConflict: Cannot delete entity, must detach all policies first. testAccCheckAWSIAMRolePolicyAttachmentDisappears(resourceName), - testAccCheckAWSRoleDisappears(&role), + testAccCheckResourceDisappears(testAccProvider, resourceAwsIamRole(), iamRoleResourceName), ), ExpectNonEmptyPlan: true, }, diff --git a/aws/resource_aws_iam_role_test.go b/aws/resource_aws_iam_role_test.go index f96d23e048d..6208bfb2938 100644 --- a/aws/resource_aws_iam_role_test.go +++ b/aws/resource_aws_iam_role_test.go @@ -319,7 +319,7 @@ func TestAccAWSIAMRole_disappears(t *testing.T) { Config: testAccAWSIAMRoleConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSRoleExists(resourceName, &role), - testAccCheckAWSRoleDisappears(&role), + testAccCheckResourceDisappears(testAccProvider, resourceAwsIamRole(), resourceName), ), ExpectNonEmptyPlan: true, }, @@ -953,23 +953,6 @@ func testAccCheckAWSRoleExists(n string, res *iam.GetRoleOutput) resource.TestCh } } -func testAccCheckAWSRoleDisappears(getRoleOutput *iam.GetRoleOutput) resource.TestCheckFunc { - return func(s *terraform.State) error { - iamconn := testAccProvider.Meta().(*AWSClient).iamconn - - roleName := aws.StringValue(getRoleOutput.Role.RoleName) - - _, err := iamconn.DeleteRole(&iam.DeleteRoleInput{ - RoleName: aws.String(roleName), - }) - if err != nil { - return fmt.Errorf("error deleting role %q: %s", roleName, err) - } - - return nil - } -} - func testAccCheckAWSRoleGeneratedNamePrefix(resource, prefix string) resource.TestCheckFunc { return func(s *terraform.State) error { r, ok := s.RootModule().Resources[resource] From bba656fa96498c49c2ca5cb2048913cc3df66683 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Wed, 26 May 2021 16:59:37 +0300 Subject: [PATCH 2/2] changelog --- .changelog/19532.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/19532.txt diff --git a/.changelog/19532.txt b/.changelog/19532.txt new file mode 100644 index 00000000000..7a0bf7efc14 --- /dev/null +++ b/.changelog/19532.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_iam_role: Add plan time validation for `path`, `permissions_boundary`, `managed_policy_arns`. +``` \ No newline at end of file