Additional validation for aws_cloudwatch_event_connection

Signed-off-by: Matt Sladen <matt5188@gmail.com>
mtt88 · Sep 11, 2022 · f3a52fb · f3a52fb
1 parent 22ba951
commit f3a52fb
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 64 deletions.
diff --git a/internal/service/events/connection.go b/internal/service/events/connection.go
@@ -14,77 +14,55 @@ import (
 	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 )
 
-func ResourceConnection() *schema.Resource {
-	connectionHttpParameters := &schema.Resource{
+func connectionHttpParameterSchema(parent string) *schema.Resource {
+	atLeastOneOf := []string{
+		fmt.Sprintf("%s.body", parent),
+		fmt.Sprintf("%s.header", parent),
+		fmt.Sprintf("%s.query_string", parent),
+	}
+	elem := &schema.Resource{
 		Schema: map[string]*schema.Schema{
-			"body": {
-				Type:     schema.TypeList,
+			"key": {
+				Type:     schema.TypeString,
 				Optional: true,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"key": {
-							Type:     schema.TypeString,
-							Optional: true,
-						},
-						"value": {
-							Type:      schema.TypeString,
-							Optional:  true,
-							Sensitive: true,
-						},
-						"is_value_secret": {
-							Type:     schema.TypeBool,
-							Optional: true,
-							Default:  false,
-						},
-					},
-				},
 			},
-			"header": {
-				Type:     schema.TypeList,
+			"value": {
+				Type:      schema.TypeString,
+				Optional:  true,
+				Sensitive: true,
+			},
+			"is_value_secret": {
+				Type:     schema.TypeBool,
 				Optional: true,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"key": {
-							Type:     schema.TypeString,
-							Optional: true,
-						},
-						"value": {
-							Type:      schema.TypeString,
-							Optional:  true,
-							Sensitive: true,
-						},
-						"is_value_secret": {
-							Type:     schema.TypeBool,
-							Optional: true,
-							Default:  false,
-						},
-					},
-				},
+				Default:  false,
+			},
+		},
+	}
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"body": {
+				Type:         schema.TypeList,
+				Optional:     true,
+				AtLeastOneOf: atLeastOneOf,
+				Elem:         elem,
+			},
+			"header": {
+				Type:         schema.TypeList,
+				Optional:     true,
+				AtLeastOneOf: atLeastOneOf,
+				Elem:         elem,
 			},
 			"query_string": {
-				Type:     schema.TypeList,
-				Optional: true,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"key": {
-							Type:     schema.TypeString,
-							Optional: true,
-						},
-						"value": {
-							Type:      schema.TypeString,
-							Optional:  true,
-							Sensitive: true,
-						},
-						"is_value_secret": {
-							Type:     schema.TypeBool,
-							Optional: true,
-							Default:  false,
-						},
-					},
-				},
+				Type:         schema.TypeList,
+				Optional:     true,
+				AtLeastOneOf: atLeastOneOf,
+				Elem:         elem,
 			},
 		},
 	}
+}
+
+func ResourceConnection() *schema.Resource {
 
 	return &schema.Resource{
 		Create: resourceConnectionCreate,
@@ -206,7 +184,7 @@ func ResourceConnection() *schema.Resource {
 										Type:     schema.TypeList,
 										Required: true,
 										MaxItems: 1,
-										Elem:     connectionHttpParameters,
+										Elem:     connectionHttpParameterSchema("auth_parameters.0.oauth.0.oauth_http_parameters.0"),
 									},
 									"client_parameters": {
 										Type:     schema.TypeList,
@@ -239,7 +217,7 @@ func ResourceConnection() *schema.Resource {
 							Type:     schema.TypeList,
 							Optional: true,
 							MaxItems: 1,
-							Elem:     connectionHttpParameters,
+							Elem:     connectionHttpParameterSchema("auth_parameters.0.invocation_http_parameters.0"),
 						},
 					},
 				},

diff --git a/internal/service/events/connection_test.go b/internal/service/events/connection_test.go
@@ -239,6 +239,16 @@ func TestAccEventsConnection_oAuth(t *testing.T) {
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 		CheckDestroy:             testAccCheckConnectionDestroy,
 		Steps: []resource.TestStep{
+			{
+				Config: testAccConnectionConfig_oauthHttpParametersEmpty(
+					nameModified,
+					descriptionModified,
+					authorizationType,
+					authorizationEndpointModified,
+					httpMethod,
+				),
+				ExpectError: regexp.MustCompile("Missing required argument"),
+			},
 			{
 				Config: testAccConnectionConfig_oauth(
 					name,
@@ -404,6 +414,10 @@ func TestAccEventsConnection_invocationHTTPParameters(t *testing.T) {
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 		CheckDestroy:             testAccCheckConnectionDestroy,
 		Steps: []resource.TestStep{
+			{
+				Config:      testAccConnectionConfig_invocationHTTPParametersEmpty(name, description),
+				ExpectError: regexp.MustCompile("Missing required argument"),
+			},
 			{
 				Config: testAccConnectionConfig_invocationHTTPParameters(
 					name,
@@ -822,3 +836,39 @@ resource "aws_cloudwatch_event_connection" "invocation_http_parameters" {
 		queryStringValue,
 		queryStringIsSecretValue)
 }
+
+func testAccConnectionConfig_invocationHTTPParametersEmpty(name, description string) string {
+	return fmt.Sprintf(`
+resource "aws_cloudwatch_event_connection" "invocation_http_parameters" {
+  name               = %[1]q
+  description        = %[2]q
+  auth_parameters {
+    invocation_http_parameters {
+    }
+  }
+}
+`, name, description)
+}
+
+func testAccConnectionConfig_oauthHttpParametersEmpty(
+	name,
+	description,
+	authorizationType,
+	authorizationEndpoint,
+	httpMethod string) string {
+	return fmt.Sprintf(`
+resource "aws_cloudwatch_event_connection" "oauth" {
+  name               = %[1]q
+  description        = %[2]q
+  authorization_type = %[3]q
+  auth_parameters {
+    oauth {
+      authorization_endpoint = %[4]q
+      http_method            = %[5]q
+      oauth_http_parameters {
+      }
+    }
+  }
+}
+`, name, description, authorizationType, authorizationEndpoint, httpMethod)
+}