Skip to content

Commit

Permalink
Merge pull request #37612 from rromic/f-aws_iam_openid_connect_provid…
Browse files Browse the repository at this point in the history
…er-client-ids

feat: modify update method to use api to add or remove client ids wit…
  • Loading branch information
ewbankkit authored May 21, 2024
2 parents 3216de9 + ddb29e6 commit 7ca400c
Show file tree
Hide file tree
Showing 3 changed files with 118 additions and 1 deletion.
3 changes: 3 additions & 0 deletions .changelog/37612.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
resource/aws_iam_openid_connect_provider: Allow `client_id_list` to be updated in-place
```
34 changes: 33 additions & 1 deletion internal/service/iam/openid_connect_provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@ func resourceOpenIDConnectProvider() *schema.Resource {
"client_id_list": {
Type: schema.TypeSet,
Required: true,
ForceNew: true,
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validation.StringLenBetween(1, 255),
Expand Down Expand Up @@ -162,6 +161,39 @@ func resourceOpenIDConnectProviderUpdate(ctx context.Context, d *schema.Resource
}
}

if d.HasChange("client_id_list") {
o, n := d.GetChange("client_id_list")
os, ns := o.(*schema.Set), n.(*schema.Set)

for _, v := range ns.Difference(os).List() {
v := v.(string)
input := &iam.AddClientIDToOpenIDConnectProviderInput{
ClientID: aws.String(v),
OpenIDConnectProviderArn: aws.String(d.Id()),
}

_, err := conn.AddClientIDToOpenIDConnectProvider(ctx, input)

if err != nil {
return sdkdiag.AppendErrorf(diags, "adding IAM OIDC Provider (%s) client ID (%s): %s", d.Id(), v, err)
}
}

for _, v := range os.Difference(ns).List() {
v := v.(string)
input := &iam.RemoveClientIDFromOpenIDConnectProviderInput{
ClientID: aws.String(v),
OpenIDConnectProviderArn: aws.String(d.Id()),
}

_, err := conn.RemoveClientIDFromOpenIDConnectProvider(ctx, input)

if err != nil {
return sdkdiag.AppendErrorf(diags, "removing IAM OIDC Provider (%s) client ID (%s): %s", d.Id(), v, err)
}
}
}

return append(diags, resourceOpenIDConnectProviderRead(ctx, d, meta)...)
}

Expand Down
82 changes: 82 additions & 0 deletions internal/service/iam/openid_connect_provider_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,55 @@ func TestAccIAMOpenIDConnectProvider_clientIDListOrder(t *testing.T) {
})
}

func TestAccIAMOpenIDConnectProvider_clientIDModification(t *testing.T) {
ctx := acctest.Context(t)
rString := sdkacctest.RandString(5)
resourceName := "aws_iam_openid_connect_provider.test"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { acctest.PreCheck(ctx, t) },
ErrorCheck: acctest.ErrorCheck(t, names.IAMServiceID),
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
CheckDestroy: testAccCheckOpenIDConnectProviderDestroy(ctx),
Steps: []resource.TestStep{
{
Config: testAccOpenIDConnectProviderConfig_clientIDList_first(rString),
Check: resource.ComposeTestCheckFunc(
testAccCheckOpenIDConnectProviderExists(ctx, resourceName),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccOpenIDConnectProviderConfig_clientIDList_add(rString),
Check: resource.ComposeTestCheckFunc(
testAccCheckOpenIDConnectProviderExists(ctx, resourceName),
resource.TestCheckResourceAttr(resourceName, "client_id_list.#", acctest.Ct4),
resource.TestCheckResourceAttr(resourceName, "client_id_list.0", "abc.testle.com"),
resource.TestCheckResourceAttr(resourceName, "client_id_list.3", "xyz.testle.com"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccOpenIDConnectProviderConfig_clientIDList_remove(rString),
Check: resource.ComposeTestCheckFunc(
testAccCheckOpenIDConnectProviderExists(ctx, resourceName),
resource.TestCheckResourceAttr(resourceName, "client_id_list.#", acctest.Ct3),
resource.TestCheckResourceAttr(resourceName, "client_id_list.0", "def.testle.com"),
resource.TestCheckResourceAttr(resourceName, "client_id_list.2", "xyz.testle.com"),
),
},
},
})
}

func testAccCheckOpenIDConnectProviderDestroy(ctx context.Context) resource.TestCheckFunc {
return func(s *terraform.State) error {
conn := acctest.Provider.Meta().(*conns.AWSClient).IAMClient(ctx)
Expand Down Expand Up @@ -222,3 +271,36 @@ resource "aws_iam_openid_connect_provider" "test" {
}
`, rName)
}

func testAccOpenIDConnectProviderConfig_clientIDList_add(rName string) string {
return fmt.Sprintf(`
resource "aws_iam_openid_connect_provider" "test" {
url = "https://accounts.testle.com/%[1]s"
client_id_list = [
"abc.testle.com",
"def.testle.com",
"ghi.testle.com",
"xyz.testle.com",
]
thumbprint_list = ["oif8192f189fa2178f-testle.thumbprint.com"]
}
`, rName)
}

func testAccOpenIDConnectProviderConfig_clientIDList_remove(rName string) string {
return fmt.Sprintf(`
resource "aws_iam_openid_connect_provider" "test" {
url = "https://accounts.testle.com/%[1]s"
client_id_list = [
"def.testle.com",
"ghi.testle.com",
"xyz.testle.com",
]
thumbprint_list = ["oif8192f189fa2178f-testle.thumbprint.com"]
}
`, rName)
}

0 comments on commit 7ca400c

Please sign in to comment.