Merge pull request #49 from mvisonneau/policy_arn_role

Fixed parameter name for policy_arn setting

vault/resource_aws_secret_backend_role.go

@@ -67,7 +67,7 @@ func awsSecretBackendRoleWrite(d *schema.ResourceData, meta interface{}) error {
 		data["policy"] = policy
 	}
 	if policyARN != "" {
-		data["policy_arn"] = policyARN
+		data["arn"] = policyARN
 	}
 	log.Printf("[DEBUG] Creating role %q on AWS backend %q", name, backend)
 	_, err := client.Logical().Write(backend+"/roles/"+name, data)

vault/resource_aws_secret_backend_role_test.go

@@ -10,9 +10,10 @@ import (
 	"github.com/hashicorp/vault/api"
 )
 
-const testAccAWSSecretBackendRolePolicy_basic = `{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "iam:*","Resource": "*"}]}`
-
-const testAccAWSSecretBackendRolePolicy_updated = `{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "ec2:*","Resource": "*"}]}`
+const testAccAWSSecretBackendRolePolicyInline_basic = `{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "iam:*","Resource": "*"}]}`
+const testAccAWSSecretBackendRolePolicyInline_updated = `{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "ec2:*","Resource": "*"}]}`
+const testAccAWSSecretBackendRolePolicyArn_basic = "arn:aws:iam::123456789123:policy/foo"
+const testAccAWSSecretBackendRolePolicyArn_updated = "arn:aws:iam::123456789123:policy/bar"
 
 func TestAccAWSSecretBackendRole_basic(t *testing.T) {
 	backend := acctest.RandomWithPrefix("tf-test-aws")
@@ -26,17 +27,23 @@ func TestAccAWSSecretBackendRole_basic(t *testing.T) {
 			{
 				Config: testAccAWSSecretBackendRoleConfig_basic(name, backend, accessKey, secretKey),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test", "name", name),
-					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test", "backend", backend),
-					testCheckResourceAttrJSON("vault_aws_secret_backend_role.test", "policy", testAccAWSSecretBackendRolePolicy_basic),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_inline", "name", name),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_inline", "backend", backend),
+					testCheckResourceAttrJSON("vault_aws_secret_backend_role.test_policy_inline", "policy", testAccAWSSecretBackendRolePolicyInline_basic),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_arn", "name", name),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_arn", "backend", backend),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_arn", "policy_arn", testAccAWSSecretBackendRolePolicyArn_basic),
 				),
 			},
 			{
 				Config: testAccAWSSecretBackendRoleConfig_updated(name, backend, accessKey, secretKey),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test", "name", name),
-					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test", "backend", backend),
-					testCheckResourceAttrJSON("vault_aws_secret_backend_role.test", "policy", testAccAWSSecretBackendRolePolicy_updated),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_inline", "name", name),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_inline", "backend", backend),
+					testCheckResourceAttrJSON("vault_aws_secret_backend_role.test_policy_inline", "policy", testAccAWSSecretBackendRolePolicyInline_updated),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_arn", "name", name),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_arn", "backend", backend),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_arn", "policy_arn", testAccAWSSecretBackendRolePolicyArn_updated),
 				),
 			},
 		},
@@ -55,13 +62,21 @@ func TestAccAWSSecretBackendRole_import(t *testing.T) {
 			{
 				Config: testAccAWSSecretBackendRoleConfig_basic(name, backend, accessKey, secretKey),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test", "name", name),
-					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test", "backend", backend),
-					testCheckResourceAttrJSON("vault_aws_secret_backend_role.test", "policy", testAccAWSSecretBackendRolePolicy_basic),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_inline", "name", name),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_inline", "backend", backend),
+					testCheckResourceAttrJSON("vault_aws_secret_backend_role.test_policy_inline", "policy", testAccAWSSecretBackendRolePolicyInline_basic),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_arn", "name", name),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_arn", "backend", backend),
+					resource.TestCheckResourceAttr("vault_aws_secret_backend_role.test_policy_arn", "policy_arn", testAccAWSSecretBackendRolePolicyArn_basic),
 				),
 			},
 			{
-				ResourceName:      "vault_aws_secret_backend_role.test",
+				ResourceName:      "vault_aws_secret_backend_role.test_policy_inline",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				ResourceName:      "vault_aws_secret_backend_role.test_policy_arn",
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
@@ -95,12 +110,18 @@ resource "vault_aws_secret_backend" "test" {
   secret_key = "%s"
 }
 
-resource "vault_aws_secret_backend_role" "test" {
-  name = "%s"
+resource "vault_aws_secret_backend_role" "test_inline_policy" {
+  name = "%s-policy-inline"
   policy = %q
   backend = "${vault_aws_secret_backend.test.path}"
 }
-`, path, accessKey, secretKey, name, testAccAWSSecretBackendRolePolicy_basic)
+
+resource "vault_aws_secret_backend_role" "test_policy_arn" {
+  name = "%s-policy-arn"
+  policy_arn = "%s"
+  backend = "${vault_aws_secret_backend.test.path}"
+}
+`, path, accessKey, secretKey, name, testAccAWSSecretBackendRolePolicyInline_basic, name, testAccAWSSecretBackendRolePolicyArn_basic)
 }
 
 func testAccAWSSecretBackendRoleConfig_updated(name, path, accessKey, secretKey string) string {
@@ -111,10 +132,16 @@ resource "vault_aws_secret_backend" "test" {
   secret_key = "%s"
 }
 
-resource "vault_aws_secret_backend_role" "test" {
-  name = "%s"
+resource "vault_aws_secret_backend_role" "test_policy_inline" {
+  name = "%s-policy-inline"
   policy = %q
   backend = "${vault_aws_secret_backend.test.path}"
 }
-`, path, accessKey, secretKey, name, testAccAWSSecretBackendRolePolicy_updated)
+
+resource "vault_aws_secret_backend_role" "test_policy_arn" {
+  name = "%s-policy-arn"
+  policy_arn = "%s"
+  backend = "${vault_aws_secret_backend.test.path}"
+}
+`, path, accessKey, secretKey, name, testAccAWSSecretBackendRolePolicyInline_updated, name, testAccAWSSecretBackendRolePolicyArn_updated)
 }