Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix aws_iam_instance_profile detects that the instance profile is not associated with IAM Role. #34099

Merged
merged 4 commits into from
Mar 27, 2024

Conversation

kuredev
Copy link
Contributor

@kuredev kuredev commented Oct 25, 2023

Description

Changed to detect when aws_iam_instance_profile is deleted in the aws environment.

Before/After

example main.tf
required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = "ap-northeast-1"
}

resource "aws_iam_role" "sample_role" {
  name = "sample_role_20231024"
  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

resource "aws_iam_instance_profile" "sample_profile" {
  name  = "sample_profile_20231024"
  role = aws_iam_role.sample_role.name
}
Before
terraform apply
aws iam remove-role-from-instance-profile --instance-profile-name "sample_profile_20231024" --role-name "sample_role_20231024"
terraform apply # => "No changes"
After
terraform apply
aws iam remove-role-from-instance-profile --instance-profile-name "sample_profile_20231024" --role-name "sample_role_20231024"
terraform apply
Output
  ~ resource "aws_iam_instance_profile" "sample_profile" {
        id          = "sample_profile_20231024"
        name        = "sample_profile_20231024"
      + role        = "sample_role_20231024"
        tags        = {}
        # (5 unchanged attributes hidden)
    }

Relations

Closes #32671
Closes #24974
Closes #25646
Closes #24540
Closes #1680

References

Output from Acceptance Testing

 % make testacc TESTS='TestAccIAMInstanceProfile_*' PKG=iam                                  (git)-[b-fix-iam-instance-profile-role-nil] 
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMInstanceProfile_*'  -timeout 360m
=== RUN   TestAccIAMInstanceProfileDataSource_basic
=== PAUSE TestAccIAMInstanceProfileDataSource_basic
=== RUN   TestAccIAMInstanceProfile_basic
=== PAUSE TestAccIAMInstanceProfile_basic
=== RUN   TestAccIAMInstanceProfile_withoutRole
=== PAUSE TestAccIAMInstanceProfile_withoutRole
=== RUN   TestAccIAMInstanceProfile_tags
=== PAUSE TestAccIAMInstanceProfile_tags
=== RUN   TestAccIAMInstanceProfile_nameGenerated
=== PAUSE TestAccIAMInstanceProfile_nameGenerated
=== RUN   TestAccIAMInstanceProfile_namePrefix
=== PAUSE TestAccIAMInstanceProfile_namePrefix
=== RUN   TestAccIAMInstanceProfile_disappears
=== PAUSE TestAccIAMInstanceProfile_disappears
=== RUN   TestAccIAMInstanceProfile_Disappears_role
=== PAUSE TestAccIAMInstanceProfile_Disappears_role
=== RUN   TestAccIAMInstanceProfilesDataSource_basic
=== PAUSE TestAccIAMInstanceProfilesDataSource_basic
=== CONT  TestAccIAMInstanceProfileDataSource_basic
=== CONT  TestAccIAMInstanceProfile_namePrefix
=== CONT  TestAccIAMInstanceProfilesDataSource_basic
=== CONT  TestAccIAMInstanceProfile_Disappears_role
=== CONT  TestAccIAMInstanceProfile_disappears
=== CONT  TestAccIAMInstanceProfile_tags
=== CONT  TestAccIAMInstanceProfile_nameGenerated
=== CONT  TestAccIAMInstanceProfile_withoutRole
=== CONT  TestAccIAMInstanceProfile_basic
--- PASS: TestAccIAMInstanceProfileDataSource_basic (173.54s)
--- PASS: TestAccIAMInstanceProfilesDataSource_basic (173.63s)
--- PASS: TestAccIAMInstanceProfile_Disappears_role (173.70s)
--- PASS: TestAccIAMInstanceProfile_withoutRole (173.72s)
--- PASS: TestAccIAMInstanceProfile_disappears (175.87s)
--- PASS: TestAccIAMInstanceProfile_namePrefix (185.64s)
--- PASS: TestAccIAMInstanceProfile_basic (185.69s)
--- PASS: TestAccIAMInstanceProfile_nameGenerated (185.84s)
--- PASS: TestAccIAMInstanceProfile_tags (227.76s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/iam        227.872s

...

@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added size/XS Managed by automation to categorize the size of a PR. service/iam Issues and PRs that pertain to the iam service. labels Oct 25, 2023
@terraform-aws-provider terraform-aws-provider bot added the needs-triage Waiting for first response or review from a maintainer. label Oct 25, 2023
@kuredev kuredev changed the title Added a case when there is no Role associated with instanceProfile. Fix aws_iam_instance_profile detects that the instance profile is not associated with IAM Role. Oct 25, 2023
@justinretzolk justinretzolk added bug Addresses a defect in current functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels Oct 25, 2023
@kuredev kuredev force-pushed the b-fix-iam-instance-profile-role-nil branch from c67d587 to 56efb8b Compare October 27, 2023 09:38
@kuredev kuredev marked this pull request as ready for review October 27, 2023 10:26
@kuredev kuredev closed this Feb 19, 2024
@kuredev kuredev deleted the b-fix-iam-instance-profile-role-nil branch February 19, 2024 14:01
@kuredev kuredev restored the b-fix-iam-instance-profile-role-nil branch February 19, 2024 14:01
@kuredev kuredev reopened this Feb 20, 2024
@YakDriver YakDriver force-pushed the b-fix-iam-instance-profile-role-nil branch from 56efb8b to 1efd2da Compare March 27, 2024 21:31
Copy link
Member

@YakDriver YakDriver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🎉

% make t T=TestAccIAMInstanceProfile_ K=iam P=8
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.21.8 test ./internal/service/iam/... -v -count 1 -parallel 8 -run='TestAccIAMInstanceProfile_'  -timeout 360m
=== RUN   TestAccIAMInstanceProfile_tags
=== PAUSE TestAccIAMInstanceProfile_tags
=== RUN   TestAccIAMInstanceProfile_tags_null
=== PAUSE TestAccIAMInstanceProfile_tags_null
=== RUN   TestAccIAMInstanceProfile_tags_AddOnUpdate
=== PAUSE TestAccIAMInstanceProfile_tags_AddOnUpdate
=== RUN   TestAccIAMInstanceProfile_tags_EmptyTag_OnCreate
=== PAUSE TestAccIAMInstanceProfile_tags_EmptyTag_OnCreate
=== RUN   TestAccIAMInstanceProfile_tags_EmptyTag_OnUpdate_Add
=== PAUSE TestAccIAMInstanceProfile_tags_EmptyTag_OnUpdate_Add
=== RUN   TestAccIAMInstanceProfile_tags_EmptyTag_OnUpdate_Replace
=== PAUSE TestAccIAMInstanceProfile_tags_EmptyTag_OnUpdate_Replace
=== RUN   TestAccIAMInstanceProfile_tags_DefaultTags_providerOnly
=== PAUSE TestAccIAMInstanceProfile_tags_DefaultTags_providerOnly
=== RUN   TestAccIAMInstanceProfile_tags_DefaultTags_nonOverlapping
=== PAUSE TestAccIAMInstanceProfile_tags_DefaultTags_nonOverlapping
=== RUN   TestAccIAMInstanceProfile_tags_DefaultTags_overlapping
=== PAUSE TestAccIAMInstanceProfile_tags_DefaultTags_overlapping
=== RUN   TestAccIAMInstanceProfile_tags_DefaultTags_updateToProviderOnly
=== PAUSE TestAccIAMInstanceProfile_tags_DefaultTags_updateToProviderOnly
=== RUN   TestAccIAMInstanceProfile_tags_DefaultTags_updateToResourceOnly
=== PAUSE TestAccIAMInstanceProfile_tags_DefaultTags_updateToResourceOnly
=== RUN   TestAccIAMInstanceProfile_tags_DefaultTags_emptyResourceTag
=== PAUSE TestAccIAMInstanceProfile_tags_DefaultTags_emptyResourceTag
=== RUN   TestAccIAMInstanceProfile_tags_DefaultTags_nullOverlappingResourceTag
=== PAUSE TestAccIAMInstanceProfile_tags_DefaultTags_nullOverlappingResourceTag
=== RUN   TestAccIAMInstanceProfile_tags_DefaultTags_nullNonOverlappingResourceTag
=== PAUSE TestAccIAMInstanceProfile_tags_DefaultTags_nullNonOverlappingResourceTag
=== RUN   TestAccIAMInstanceProfile_basic
=== PAUSE TestAccIAMInstanceProfile_basic
=== RUN   TestAccIAMInstanceProfile_withoutRole
=== PAUSE TestAccIAMInstanceProfile_withoutRole
=== RUN   TestAccIAMInstanceProfile_nameGenerated
=== PAUSE TestAccIAMInstanceProfile_nameGenerated
=== RUN   TestAccIAMInstanceProfile_namePrefix
=== PAUSE TestAccIAMInstanceProfile_namePrefix
=== RUN   TestAccIAMInstanceProfile_disappears
=== PAUSE TestAccIAMInstanceProfile_disappears
=== RUN   TestAccIAMInstanceProfile_Disappears_role
=== PAUSE TestAccIAMInstanceProfile_Disappears_role
=== RUN   TestAccIAMInstanceProfile_launchConfiguration
=== PAUSE TestAccIAMInstanceProfile_launchConfiguration
=== CONT  TestAccIAMInstanceProfile_tags
=== CONT  TestAccIAMInstanceProfile_tags_DefaultTags_emptyResourceTag
=== CONT  TestAccIAMInstanceProfile_nameGenerated
=== CONT  TestAccIAMInstanceProfile_basic
=== CONT  TestAccIAMInstanceProfile_tags_DefaultTags_providerOnly
=== CONT  TestAccIAMInstanceProfile_tags_DefaultTags_updateToProviderOnly
=== CONT  TestAccIAMInstanceProfile_tags_EmptyTag_OnUpdate_Replace
=== CONT  TestAccIAMInstanceProfile_tags_EmptyTag_OnUpdate_Add
--- PASS: TestAccIAMInstanceProfile_tags_DefaultTags_emptyResourceTag (21.78s)
=== CONT  TestAccIAMInstanceProfile_tags_EmptyTag_OnCreate
--- PASS: TestAccIAMInstanceProfile_nameGenerated (24.82s)
=== CONT  TestAccIAMInstanceProfile_tags_AddOnUpdate
--- PASS: TestAccIAMInstanceProfile_basic (25.00s)
=== CONT  TestAccIAMInstanceProfile_tags_null
--- PASS: TestAccIAMInstanceProfile_tags_DefaultTags_updateToProviderOnly (37.96s)
=== CONT  TestAccIAMInstanceProfile_withoutRole
--- PASS: TestAccIAMInstanceProfile_tags_EmptyTag_OnUpdate_Replace (40.32s)
=== CONT  TestAccIAMInstanceProfile_Disappears_role
--- PASS: TestAccIAMInstanceProfile_tags_null (33.35s)
=== CONT  TestAccIAMInstanceProfile_launchConfiguration
--- PASS: TestAccIAMInstanceProfile_Disappears_role (20.96s)
=== CONT  TestAccIAMInstanceProfile_tags_DefaultTags_nullNonOverlappingResourceTag
--- PASS: TestAccIAMInstanceProfile_tags_EmptyTag_OnUpdate_Add (61.32s)
=== CONT  TestAccIAMInstanceProfile_disappears
--- PASS: TestAccIAMInstanceProfile_withoutRole (24.00s)
=== CONT  TestAccIAMInstanceProfile_namePrefix
--- PASS: TestAccIAMInstanceProfile_tags_AddOnUpdate (41.36s)
=== CONT  TestAccIAMInstanceProfile_tags_DefaultTags_nullOverlappingResourceTag
--- PASS: TestAccIAMInstanceProfile_tags_EmptyTag_OnCreate (45.85s)
=== CONT  TestAccIAMInstanceProfile_tags_DefaultTags_overlapping
--- PASS: TestAccIAMInstanceProfile_tags_DefaultTags_providerOnly (77.87s)
=== CONT  TestAccIAMInstanceProfile_tags_DefaultTags_updateToResourceOnly
--- PASS: TestAccIAMInstanceProfile_disappears (21.43s)
=== CONT  TestAccIAMInstanceProfile_tags_DefaultTags_nonOverlapping
--- PASS: TestAccIAMInstanceProfile_tags_DefaultTags_nullNonOverlappingResourceTag (22.49s)
--- PASS: TestAccIAMInstanceProfile_tags (86.27s)
--- PASS: TestAccIAMInstanceProfile_namePrefix (24.63s)
--- PASS: TestAccIAMInstanceProfile_tags_DefaultTags_nullOverlappingResourceTag (21.64s)
--- PASS: TestAccIAMInstanceProfile_tags_DefaultTags_updateToResourceOnly (29.87s)
--- PASS: TestAccIAMInstanceProfile_tags_DefaultTags_overlapping (47.52s)
--- PASS: TestAccIAMInstanceProfile_tags_DefaultTags_nonOverlapping (41.24s)
--- PASS: TestAccIAMInstanceProfile_launchConfiguration (79.48s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/iam	140.397s

@YakDriver YakDriver merged commit d3c1cd4 into hashicorp:main Mar 27, 2024
69 checks passed
@github-actions github-actions bot added this to the v5.43.0 milestone Mar 27, 2024
Copy link

This functionality has been released in v5.43.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@kuredev kuredev deleted the b-fix-iam-instance-profile-role-nil branch April 2, 2024 06:05
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 11, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Addresses a defect in current functionality. service/iam Issues and PRs that pertain to the iam service. size/XS Managed by automation to categorize the size of a PR.
Projects
None yet
3 participants