removed conflicts between inline policy and policy_arns, updated tests

[mliang2]

It's ok to have policy_document and policy_arns defined at the same time for the vault_aws_secret_backend_role provider.

CLI equalivent:

vault write aws/roles/foo credential_type=iam_user [email protected] policy_arns=arn:aws:iam::123456789012:policy/policy1,arn:aws:iam::123456789012:policy/policy2

[mliang2]

Are there any concerns on getting this merged? Would really like to get this done.
Thx!

[tyrannosaurus-becks]

Hi @mliang2 ! I see you're right that they can be provided together, thanks for catching this.

When I run the tests against the current branch of Vault master, I get this:

=== RUN   TestAccAWSSecretBackendRole_basic
--- FAIL: TestAccAWSSecretBackendRole_basic (0.00s)
    testing.go:538: Step 0 error: Error loading configuration: Error parsing /tmp/tf-test741671546/main.tf: At 24:21: error parsing list, expected comma or list end, got: IDENT
=== RUN   TestAccAWSSecretBackendRole_import
--- FAIL: TestAccAWSSecretBackendRole_import (0.00s)
    testing.go:538: Step 0 error: Error loading configuration: Error parsing /tmp/tf-test998350737/main.tf: At 24:21: error parsing list, expected comma or list end, got: IDENT
=== RUN   TestAccAWSSecretBackendRole_nested
--- FAIL: TestAccAWSSecretBackendRole_nested (0.00s)
    testing.go:538: Step 0 error: Error loading configuration: Error parsing /tmp/tf-test467045820/main.tf: At 24:21: error parsing list, expected comma or list end, got: IDENT
FAIL

Can you post the version of Vault you're testing against, as well as the test output you're seeing for these?

[mliang2]

My fork was out of date w/ master. Once I synced w/ master, make testacc passed with Vault 1.0.0 and 1.1.0

[mliang2]

Turns out I was not testing w/ my AWS key set, so those tests were skipped; I'll look into how I can fix this

[mliang2]

@tyrannosaurus-becks This errors you're seeing should fixed. It was caused by me putting the wrong order of the sprintf items. (putting ARNs variables into the policy_document field instead of policy_arns. Tested w/ Vault 1.0.0 and 1.1.0 and here's what I got w/ regards to the failed test you were seeing:

=== RUN   TestAccAWSSecretBackendRole_basic
--- PASS: TestAccAWSSecretBackendRole_basic (0.15s)
=== RUN   TestAccAWSSecretBackendRole_import
--- PASS: TestAccAWSSecretBackendRole_import (0.10s)
=== RUN   TestAccAWSSecretBackendRole_nested
--- PASS: TestAccAWSSecretBackendRole_nested (0.16s)

[tyrannosaurus-becks]

@mliang2 fantastic! The tests are working for me now too. Thank you!