-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws_ssm_maintenance_window_task: allow service_role_arn to be optional #12200
aws_ssm_maintenance_window_task: allow service_role_arn to be optional #12200
Conversation
bump? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quick rebase fixes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for submitting this, @0x91 👍 After rebase and fixing the Computed
issue, this was good to go.
Output from acceptance testing in AWS Commercial:
--- PASS: TestAccAWSSSMMaintenanceWindowTask_disappears (21.36s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_emptyNotificationConfig (22.49s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_noRole (23.79s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationStepFunctionParameters (25.18s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_updateForcesNewResource (37.93s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_basic (38.21s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationAutomationParameters (46.55s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationRunCommandParameters (48.17s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationLambdaParameters (48.58s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationRunCommandParametersCloudWatch (49.26s)
Output from acceptance testing in AWS GovCloud (US):
--- PASS: TestAccAWSSSMMaintenanceWindowTask_noRole (26.04s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_disappears (26.62s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_emptyNotificationConfig (27.01s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationStepFunctionParameters (29.35s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_updateForcesNewResource (43.07s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_basic (43.41s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationLambdaParameters (46.46s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationAutomationParameters (51.63s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationRunCommandParameters (51.98s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationRunCommandParametersCloudWatch (59.12s)
Check: resource.ComposeTestCheckFunc( | ||
testAccCheckAWSSSMMaintenanceWindowTaskExists(resourceName, &task), | ||
), | ||
ExpectNonEmptyPlan: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding this type of handling in a test is indicative of a problem that practitioners would face in real world configurations:
=== CONT TestAccAWSSSMMaintenanceWindowTask_noRole
resource_aws_ssm_maintenance_window_task_test.go:59: Step 1/1 error: After applying this test step, the plan was not empty.
stdout:
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_ssm_maintenance_window_task.test will be updated in-place
~ resource "aws_ssm_maintenance_window_task" "test" {
id = "b9865b4e-8afd-40da-89ec-4c90009f40c6"
name = "TestMaintenanceWindowTask"
- service_role_arn = "arn:aws:iam::123456789012:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM" -> null
# (7 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
The solution in this case is to mark service_role_arn
with Computed: true
to allow Terraform to ignore the value being filled in when it is not configured. 👍
…mputed, add CHANGELOG for #12200 Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAWSSSMMaintenanceWindowTask_disappears (21.36s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_emptyNotificationConfig (22.49s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_noRole (23.79s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationStepFunctionParameters (25.18s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_updateForcesNewResource (37.93s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_basic (38.21s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationAutomationParameters (46.55s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationRunCommandParameters (48.17s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationLambdaParameters (48.58s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationRunCommandParametersCloudWatch (49.26s) ``` Output from acceptance testing in AWS GovCloud (US): ``` --- PASS: TestAccAWSSSMMaintenanceWindowTask_noRole (26.04s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_disappears (26.62s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_emptyNotificationConfig (27.01s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationStepFunctionParameters (29.35s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_updateForcesNewResource (43.07s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_basic (43.41s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationLambdaParameters (46.46s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationAutomationParameters (51.63s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationRunCommandParameters (51.98s) --- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationRunCommandParametersCloudWatch (59.12s) ```
This has been released in version 3.28.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
Thanks @bflad apologies I didn't come back to this. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
The AWS API documentation states:
Therefore, this attribute isn't required. Allowing users to rely on the AWS behaviour simplifies terraform configuration as you do not need to specify and manage an IAM role to use this resource.
I also simplified the acceptance tests for this resource to better re-use some configs. I'm happy to break that into a separate PR if you want.
Community Note
Relates OR Closes #0000
Release note for CHANGELOG:
Output from acceptance testing: