Skip to content

Commit

Permalink
resource/aws_s3_access_point: Handle bucket as ARN and skip GetAccess…
Browse files Browse the repository at this point in the history 
…PointPolicyStatus API call with S3 on Outposts

Output from acceptance testing:

```
--- SKIP: TestAccAWSS3AccessPoint_Bucket_Arn (2.80s)
--- PASS: TestAccAWSS3AccessPoint_bucketDisappears (23.75s)
--- PASS: TestAccAWSS3AccessPoint_disappears (28.66s)
--- PASS: TestAccAWSS3AccessPoint_PublicAccessBlockConfiguration (32.91s)
--- PASS: TestAccAWSS3AccessPoint_VpcConfiguration (33.05s)
--- PASS: TestAccAWSS3AccessPoint_basic (33.64s)
--- PASS: TestAccAWSS3AccessPoint_Policy (89.22s)
```
  • Loading branch information
@bflad
bflad committed Oct 15, 2020
1 parent c76d63e commit ca90f1c
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 4 deletions.
34 changes: 31 additions & 3 deletions aws/resource_aws_s3_access_point.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,20 +196,41 @@ func resourceAwsS3AccessPointRead(d *schema.ResourceData, meta interface{}) erro
}

if strings.HasPrefix(name, "arn:") {
parsedAccessPointARN, err := arn.Parse(name)

if err != nil {
return fmt.Errorf("error parsing S3 Control Access Point ARN (%s): %w", name, err)
}

bucketARN := arn.ARN{
AccountID: parsedAccessPointARN.AccountID,
Partition: parsedAccessPointARN.Partition,
Region: parsedAccessPointARN.Region,
Resource: strings.Replace(
parsedAccessPointARN.Resource,
fmt.Sprintf("accesspoint/%s", aws.StringValue(output.Name)),
fmt.Sprintf("bucket/%s", aws.StringValue(output.Bucket)),
1,
),
Service: parsedAccessPointARN.Service,
}

d.Set("arn", name)
d.Set("bucket", bucketARN.String())
} else {
builtARN := arn.ARN{
accessPointARN := arn.ARN{
AccountID: accountId,
Partition: meta.(*AWSClient).partition,
Region: meta.(*AWSClient).region,
Resource: fmt.Sprintf("accesspoint/%s", aws.StringValue(output.Name)),
Service: "s3",
}
d.Set("arn", builtARN.String())

d.Set("arn", accessPointARN.String())
d.Set("bucket", output.Bucket)
}

d.Set("account_id", accountId)
d.Set("bucket", output.Bucket)
d.Set("domain_name", meta.(*AWSClient).RegionalHostname(fmt.Sprintf("%s-%s.s3-accesspoint", aws.StringValue(output.Name), accountId)))
d.Set("name", output.Name)
d.Set("network_origin", output.NetworkOrigin)
Expand All @@ -235,6 +256,13 @@ func resourceAwsS3AccessPointRead(d *schema.ResourceData, meta interface{}) erro
d.Set("policy", policyOutput.Policy)
}

// Return early since S3 on Outposts cannot have public policies
if strings.HasPrefix(name, "arn:") {
d.Set("has_public_access_policy", false)

return nil
}

policyStatusOutput, err := conn.GetAccessPointPolicyStatus(&s3control.GetAccessPointPolicyStatusInput{
AccountId: aws.String(accountId),
Name: aws.String(name),
Expand Down
2 changes: 1 addition & 1 deletion aws/resource_aws_s3_access_point_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ func TestAccAWSS3AccessPoint_Bucket_Arn(t *testing.T) {
testAccMatchResourceAttrRegionalHostname(resourceName, "domain_name", "s3-accesspoint", regexp.MustCompile(fmt.Sprintf("^%s-\\d{12}", rName))),
resource.TestCheckResourceAttr(resourceName, "has_public_access_policy", "false"),
resource.TestCheckResourceAttr(resourceName, "name", rName),
resource.TestCheckResourceAttr(resourceName, "network_origin", "VPC"),
resource.TestCheckResourceAttr(resourceName, "network_origin", "Vpc"),
resource.TestCheckResourceAttr(resourceName, "policy", ""),
resource.TestCheckResourceAttr(resourceName, "public_access_block_configuration.#", "1"),
resource.TestCheckResourceAttr(resourceName, "public_access_block_configuration.0.block_public_acls", "true"),
Expand Down

0 comments on commit ca90f1c

Please sign in to comment.