Skip to content

Commit

Permalink
Merge pull request #5859 from mgarstecki/allow_empty_boundary_on_user
Browse files Browse the repository at this point in the history 
Allow empty permissions_boundary attribute on aws_iam_user
  • Loading branch information
@bflad
bflad authored Sep 13, 2018
2 parents 201f435 + ced2fb2 commit 12b93fe
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 2 deletions.
3 changes: 1 addition & 2 deletions aws/resource_aws_iam_user.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (

"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
)

func resourceAwsIamUser() *schema.Resource {
Expand Down Expand Up @@ -54,7 +53,7 @@ func resourceAwsIamUser() *schema.Resource {
"permissions_boundary": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringLenBetween(20, 2048),
ValidateFunc: validateMaxLength(2048),
},
"force_destroy": {
Type: schema.TypeBool,
Expand Down
29 changes: 29 additions & 0 deletions aws/resource_aws_iam_user_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,7 @@ func TestAccAWSUser_permissionsBoundary(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSUserExists(resourceName, &user),
resource.TestCheckResourceAttr(resourceName, "permissions_boundary", permissionsBoundary1),
testAccCheckAWSUserPermissionsBoundary(&user, permissionsBoundary1),
),
},
// Test update
Expand All @@ -186,6 +187,7 @@ func TestAccAWSUser_permissionsBoundary(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSUserExists(resourceName, &user),
resource.TestCheckResourceAttr(resourceName, "permissions_boundary", permissionsBoundary2),
testAccCheckAWSUserPermissionsBoundary(&user, permissionsBoundary2),
),
},
// Test import
Expand All @@ -201,6 +203,7 @@ func TestAccAWSUser_permissionsBoundary(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSUserExists(resourceName, &user),
resource.TestCheckResourceAttr(resourceName, "permissions_boundary", ""),
testAccCheckAWSUserPermissionsBoundary(&user, ""),
),
},
// Test addition
Expand All @@ -209,6 +212,16 @@ func TestAccAWSUser_permissionsBoundary(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSUserExists(resourceName, &user),
resource.TestCheckResourceAttr(resourceName, "permissions_boundary", permissionsBoundary1),
testAccCheckAWSUserPermissionsBoundary(&user, permissionsBoundary1),
),
},
// Test empty value
{
Config: testAccAWSUserConfig_permissionsBoundary(rName, ""),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSUserExists(resourceName, &user),
resource.TestCheckResourceAttr(resourceName, "permissions_boundary", ""),
testAccCheckAWSUserPermissionsBoundary(&user, ""),
),
},
},
Expand Down Expand Up @@ -297,6 +310,22 @@ func testAccCheckAWSUserDisappears(getUserOutput *iam.GetUserOutput) resource.Te
}
}

func testAccCheckAWSUserPermissionsBoundary(getUserOutput *iam.GetUserOutput, expectedPermissionsBoundaryArn string) resource.TestCheckFunc {
return func(s *terraform.State) error {
actualPermissionsBoundaryArn := ""

if getUserOutput.User.PermissionsBoundary != nil {
actualPermissionsBoundaryArn = *getUserOutput.User.PermissionsBoundary.PermissionsBoundaryArn
}

if actualPermissionsBoundaryArn != expectedPermissionsBoundaryArn {
return fmt.Errorf("PermissionsBoundary: '%q', expected '%q'.", actualPermissionsBoundaryArn, expectedPermissionsBoundaryArn)
}

return nil
}
}

func testAccAWSUserConfig(rName, path string) string {
return fmt.Sprintf(`
resource "aws_iam_user" "user" {
Expand Down

0 comments on commit 12b93fe

Please sign in to comment.