Add role arn #5619
Add role arn #5619
Conversation
|
Hello! I am a robot who works on Magic Modules PRs. I have detected that you are a community contributor, so your PR will be assigned to someone with a commit-bit on this repo for initial review. Thanks for your contribution! A human will be with you soon. @slevenick, please review this PR or find an appropriate assignee. |
| @@ -349,7 +349,7 @@ func awsS3DataSchema() *schema.Resource { | |||
| }, | |||
| "aws_access_key": { | |||
| Type: schema.TypeList, | |||
| Required: true, | |||
| Optional: true, | |||
There was a problem hiding this comment.
Now that we are moving this from Required -> Optional can we add an AtLeastOneOf with aws_access_key & role_arn so that one of them must be specified?
We try to avoid allowing empty blocks in configs as they tend to cause problems
There was a problem hiding this comment.
+1 , either of those is required, won't work with neither
There was a problem hiding this comment.
Does it work with both set? If not, we can use ExactlyOneOf instead
There was a problem hiding this comment.
Technically the backend allows you to set both but
- There's no reason to do so
- aws_access_key is never returned by the service
- If role_arn is set it takes priority
so I think it's fine to wrap this in ExactlyOneOf even though the underlying proto couldn't wrap these fields in a OneOf to maintain backwards compatibility.
|
Sorry I'm having trouble with figuring out what to do for testing. There aren't currently any tests that use AwsS3Data and I'm not really sure how to add one. Do these tests actually end up creating real transfer jobs or are they just testing the parsing/serialization logic? |
|
Specifically this code causes me concern It looks like it's creating a real GCS bucket. I don't think there's any way to do that for an AWS S3 bucket so I don't know how to write a test for this. |
These tests do create real resources when run. Can we set some arbitrary string as the role_arn, or does the API enforce that the AWS resource actually exists? |
Yes the API actually checks that the source bucket exists and that the provided credentials are sufficient to access it. If a fake string is sent we'll get back a 4xx error. |
Ok that's tricky then, we won't have valid AWS credentials in the CI runner. Can you set up the correct resources yourself and test that this field works correctly in a real environment? |
Ok I've got someone with more terraform experience to help out on Tuesday. I'll update with the results thanks! |
|
Carried out the below test with the compiled local provider:
|
|
/gcbrun |
|
I have triggered VCR tests in RECORDING mode for the following tests that failed during VCR: TestAccDatasourceGoogleServiceNetworkingPeeredDnsDomain_basic|TestAccApigeeEnvironmentIamMemberGenerated|TestAccCloudbuildWorkerPool_basic|TestAccContainerNodePool_withInvalidUpgradeSettings|TestAccServiceNetworkingPeeredDNSDomain_basic You can view the result here: https://ci-oss.hashicorp.engineering/viewQueued.html?itemId=246233 |
* Adds support for role_arn for storage_transfer_job * Fix syntax error * Fix build error. * Adds ExactlyOneOf check. Co-authored-by: Joseph Cox <[email protected]>
* Adds support for role_arn for storage_transfer_job * Fix syntax error * Fix build error. * Adds ExactlyOneOf check. Co-authored-by: Joseph Cox <[email protected]>
* Adds support for role_arn for storage_transfer_job * Fix syntax error * Fix build error. * Adds ExactlyOneOf check. Co-authored-by: Joseph Cox <[email protected]>
* Adds support for role_arn for storage_transfer_job * Fix syntax error * Fix build error. * Adds ExactlyOneOf check. Co-authored-by: Joseph Cox <[email protected]>
Adds the option to use role_arn for the transfer service resource. Fixes hashicorp/terraform-provider-google#10880.
If this PR is for Terraform, I acknowledge that I have:
make testandmake lintto ensure it passes unit and linter tests.Release Note Template for Downstream PRs (will be copied)