diff --git a/.changelog/26858.txt b/.changelog/26858.txt new file mode 100644 index 000000000000..d721745592cf --- /dev/null +++ b/.changelog/26858.txt @@ -0,0 +1,7 @@ +```release-note:bug +resource/aws_rolesanywhere_profile: Correctly handle updates to `enabled` and `session_policy` +``` + +```release-note:bug +resource/aws_rolesanywhere_trust_anchor: Correctly handle updates to `enabled` +``` \ No newline at end of file diff --git a/internal/service/rolesanywhere/profile.go b/internal/service/rolesanywhere/profile.go index 44a99d9f6a8d..ae0834cbdad9 100644 --- a/internal/service/rolesanywhere/profile.go +++ b/internal/service/rolesanywhere/profile.go @@ -187,7 +187,7 @@ func resourceProfileUpdate(ctx context.Context, d *schema.ResourceData, meta int } if d.HasChange("session_policy") { - input.Name = aws.String(d.Get("session_policy").(string)) + input.SessionPolicy = aws.String(d.Get("session_policy").(string)) } log.Printf("[DEBUG] Updating RolesAnywhere Profile (%s): %#v", d.Id(), input) @@ -199,7 +199,7 @@ func resourceProfileUpdate(ctx context.Context, d *schema.ResourceData, meta int if d.HasChange("enabled") { _, n := d.GetChange("enabled") - if n == "true" { + if n == true { err := enableProfile(ctx, d.Id(), meta) if err != nil { diag.Errorf("enabling RolesAnywhere Profile (%s): %s", d.Id(), err) diff --git a/internal/service/rolesanywhere/profile_test.go b/internal/service/rolesanywhere/profile_test.go index 39748e427d8e..1fcc0d4f49d8 100644 --- a/internal/service/rolesanywhere/profile_test.go +++ b/internal/service/rolesanywhere/profile_test.go @@ -46,7 +46,6 @@ func TestAccRolesAnywhereProfile_basic(t *testing.T) { } func TestAccRolesAnywhereProfile_tags(t *testing.T) { - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) roleName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_rolesanywhere_profile.test" @@ -92,7 +91,6 @@ func TestAccRolesAnywhereProfile_tags(t *testing.T) { } func TestAccRolesAnywhereProfile_disappears(t *testing.T) { - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) roleName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_rolesanywhere_profile.test" @@ -115,6 +113,47 @@ func TestAccRolesAnywhereProfile_disappears(t *testing.T) { }) } +func TestAccRolesAnywhereProfile_enabled(t *testing.T) { + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + roleName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_rolesanywhere_profile.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t); testAccPreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, names.RolesAnywhereEndpointID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckProfileDestroy, + Steps: []resource.TestStep{ + { + Config: testAccProfileConfig_enabled(rName, roleName, true), + Check: resource.ComposeTestCheckFunc( + testAccCheckProfileExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "enabled", "true"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccProfileConfig_enabled(rName, roleName, false), + Check: resource.ComposeTestCheckFunc( + testAccCheckProfileExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "enabled", "false"), + ), + }, + { + Config: testAccProfileConfig_enabled(rName, roleName, true), + Check: resource.ComposeTestCheckFunc( + testAccCheckProfileExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "enabled", "true"), + ), + }, + }, + }) +} + func testAccCheckProfileDestroy(s *terraform.State) error { conn := acctest.Provider.Meta().(*conns.AWSClient).RolesAnywhereConn @@ -225,3 +264,15 @@ resource "aws_rolesanywhere_profile" "test" { } `, rName, tag1, value1, tag2, value2)) } + +func testAccProfileConfig_enabled(rName, roleName string, enabled bool) string { + return acctest.ConfigCompose( + testAccProfileConfig_base(roleName), + fmt.Sprintf(` +resource "aws_rolesanywhere_profile" "test" { + name = %[1]q + role_arns = [aws_iam_role.test.arn] + enabled = %[2]t +} +`, rName, enabled)) +} diff --git a/internal/service/rolesanywhere/trust_anchor.go b/internal/service/rolesanywhere/trust_anchor.go index d4b9757db4c5..97a2107be684 100644 --- a/internal/service/rolesanywhere/trust_anchor.go +++ b/internal/service/rolesanywhere/trust_anchor.go @@ -173,7 +173,7 @@ func resourceTrustAnchorUpdate(ctx context.Context, d *schema.ResourceData, meta if d.HasChange("enabled") { _, n := d.GetChange("enabled") - if n == "true" { + if n == true { if err := enableTrustAnchor(ctx, d.Id(), meta); err != nil { diag.Errorf("enabling RolesAnywhere Trust Anchor (%s): %s", d.Id(), err) } diff --git a/internal/service/rolesanywhere/trust_anchor_test.go b/internal/service/rolesanywhere/trust_anchor_test.go index ca01475c9697..f0419e636b02 100644 --- a/internal/service/rolesanywhere/trust_anchor_test.go +++ b/internal/service/rolesanywhere/trust_anchor_test.go @@ -146,6 +146,46 @@ func TestAccRolesAnywhereTrustAnchor_certificateBundle(t *testing.T) { }) } +func TestAccRolesAnywhereTrustAnchor_enabled(t *testing.T) { + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_rolesanywhere_trust_anchor.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t); testAccPreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, names.RolesAnywhereEndpointID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckTrustAnchorDestroy, + Steps: []resource.TestStep{ + { + Config: testAccTrustAnchorConfig_enabled(rName, true), + Check: resource.ComposeTestCheckFunc( + testAccCheckTrustAnchorExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "enabled", "true"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccTrustAnchorConfig_enabled(rName, false), + Check: resource.ComposeTestCheckFunc( + testAccCheckTrustAnchorExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "enabled", "false"), + ), + }, + { + Config: testAccTrustAnchorConfig_enabled(rName, true), + Check: resource.ComposeTestCheckFunc( + testAccCheckTrustAnchorExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "enabled", "true"), + ), + }, + }, + }) +} + func testAccCheckTrustAnchorDestroy(s *terraform.State) error { conn := acctest.Provider.Meta().(*conns.AWSClient).RolesAnywhereConn @@ -302,6 +342,25 @@ resource "aws_rolesanywhere_trust_anchor" "test" { `, rName, acctest.TLSPEMEscapeNewlines(caCertificate)) } +func testAccTrustAnchorConfig_enabled(rName string, enabled bool) string { + caKey := acctest.TLSRSAPrivateKeyPEM(2048) + caCertificate := acctest.TLSRSAX509SelfSignedCACertificateForRolesAnywhereTrustAnchorPEM(caKey) + + return fmt.Sprintf(` +resource "aws_rolesanywhere_trust_anchor" "test" { + name = %[1]q + source { + source_data { + x509_certificate_data = "%[2]s" + } + source_type = "CERTIFICATE_BUNDLE" + } + + enabled = %[3]t +} +`, rName, acctest.TLSPEMEscapeNewlines(caCertificate), enabled) +} + func testAccPreCheck(t *testing.T) { acctest.PreCheckPartitionHasService(names.RolesAnywhereEndpointID, t)