Skip to content

Commit

Permalink
Allow empty permissions_boundary attr on aws_iam_user.
Browse files Browse the repository at this point in the history
  • Loading branch information
Mathieu Garstecki committed Sep 12, 2018
1 parent bc93484 commit ced2fb2
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 2 deletions.
3 changes: 1 addition & 2 deletions aws/resource_aws_iam_user.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (

"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/helper/schema"
"github.com/hashicorp/terraform/helper/validation"
)

func resourceAwsIamUser() *schema.Resource {
Expand Down Expand Up @@ -54,7 +53,7 @@ func resourceAwsIamUser() *schema.Resource {
"permissions_boundary": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringLenBetween(20, 2048),
ValidateFunc: validateMaxLength(2048),
},
"force_destroy": {
Type: schema.TypeBool,
Expand Down
29 changes: 29 additions & 0 deletions aws/resource_aws_iam_user_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,7 @@ func TestAccAWSUser_permissionsBoundary(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSUserExists(resourceName, &user),
resource.TestCheckResourceAttr(resourceName, "permissions_boundary", permissionsBoundary1),
testAccCheckAWSUserPermissionsBoundary(&user, permissionsBoundary1),
),
},
// Test update
Expand All @@ -186,6 +187,7 @@ func TestAccAWSUser_permissionsBoundary(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSUserExists(resourceName, &user),
resource.TestCheckResourceAttr(resourceName, "permissions_boundary", permissionsBoundary2),
testAccCheckAWSUserPermissionsBoundary(&user, permissionsBoundary2),
),
},
// Test import
Expand All @@ -201,6 +203,7 @@ func TestAccAWSUser_permissionsBoundary(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSUserExists(resourceName, &user),
resource.TestCheckResourceAttr(resourceName, "permissions_boundary", ""),
testAccCheckAWSUserPermissionsBoundary(&user, ""),
),
},
// Test addition
Expand All @@ -209,6 +212,16 @@ func TestAccAWSUser_permissionsBoundary(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSUserExists(resourceName, &user),
resource.TestCheckResourceAttr(resourceName, "permissions_boundary", permissionsBoundary1),
testAccCheckAWSUserPermissionsBoundary(&user, permissionsBoundary1),
),
},
// Test empty value
{
Config: testAccAWSUserConfig_permissionsBoundary(rName, ""),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSUserExists(resourceName, &user),
resource.TestCheckResourceAttr(resourceName, "permissions_boundary", ""),
testAccCheckAWSUserPermissionsBoundary(&user, ""),
),
},
},
Expand Down Expand Up @@ -297,6 +310,22 @@ func testAccCheckAWSUserDisappears(getUserOutput *iam.GetUserOutput) resource.Te
}
}

func testAccCheckAWSUserPermissionsBoundary(getUserOutput *iam.GetUserOutput, expectedPermissionsBoundaryArn string) resource.TestCheckFunc {
return func(s *terraform.State) error {
actualPermissionsBoundaryArn := ""

if getUserOutput.User.PermissionsBoundary != nil {
actualPermissionsBoundaryArn = *getUserOutput.User.PermissionsBoundary.PermissionsBoundaryArn
}

if actualPermissionsBoundaryArn != expectedPermissionsBoundaryArn {
return fmt.Errorf("PermissionsBoundary: '%q', expected '%q'.", actualPermissionsBoundaryArn, expectedPermissionsBoundaryArn)
}

return nil
}
}

func testAccAWSUserConfig(rName, path string) string {
return fmt.Sprintf(`
resource "aws_iam_user" "user" {
Expand Down

0 comments on commit ced2fb2

Please sign in to comment.