Fix update function of minio_iam_policy, ensuring policy gets updated #111
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #105
Currently the update functionality of
minio_iam_policy
resources is not working when the policy property is updated. It silently fails, it appears to run successfully but the changes are never actioned so terraform apply is stuck in a permanent changes state.Of the three properties of the resource
[name, name_prefix, policy]
policy is the only one which does not have theforceNew
flag set.However, inside the
minioUpdatePolicy
function the code primarily handles changes to the name property, even though changes to that field will force the deletion and recreation of the resource.The commit simplifies the update function, and focuses soley on the policy property, using the existing resource id as a reference to the resource on the minio api.
Although the minio api does not have an explicit update policy endpoint, in my testing it seems possible to simply call the
AddCannedPolicy
function and the policy will be updated. The benefit this has over callingRemoveCannedPolicy
beforehand is that dependent resources such asminio_iam_group_policy_attachment
will remain intact.If the
minio_iam_policy
resource is removed and then created, depenedent resources are removed and do not get recreated in the current terraform execution run. They will be flagged as having changes on the subsequent plan/apply operation.