From 603644770c619687b1e46ce97a7803b69a39022f Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Fri, 12 Feb 2021 01:20:51 -0500 Subject: [PATCH] resource/aws_ssm_document: Recreate resource on name update Reference: https://github.com/hashicorp/terraform-provider-aws/issues/7221 Reference: https://github.com/hashicorp/terraform-provider-aws/issues/10004 Reference: https://github.com/hashicorp/terraform-provider-aws/issues/13483 Reference: https://github.com/hashicorp/terraform-provider-aws/issues/14679 The name is the primary identifier for the resource, so calling `UpdateDocument` with a new name is invalid. This attempted in-place update behavior was additionally confusing because it would silently not do anything on just name updates. Previously (just `aws_ssm_document` resource): ``` === CONT TestAccAWSSSMDocument_Name resource_aws_ssm_document_test.go:50: Step 3/3 error: After applying this test step and performing a `terraform refresh`, the plan was not empty. stdout An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_ssm_document.test will be updated in-place ~ resource "aws_ssm_document" "test" { id = "tf-acc-test-3858217851784081459" ~ name = "tf-acc-test-3858217851784081459" -> "tf-acc-test-8266894063699649325" tags = {} # (17 unchanged attributes hidden) } Plan: 0 to add, 1 to change, 0 to destroy. --- FAIL: TestAccAWSSSMDocument_Name (25.03s) ``` Previously (temporarily adding `aws_ssm_association` resource in test): ``` === CONT TestAccAWSSSMDocument_Name resource_aws_ssm_document_test.go:50: Step 3/3 error: Error running apply: exit status 1 Error: Error creating SSM association: InvalidDocument: Invalid document provided testing_new.go:63: Error running post-test destroy, there may be dangling resources: exit status 1 Error: InvalidDocument: Document tf-acc-test-2434960888500369098 does not exist in your account --- FAIL: TestAccAWSSSMDocument_Name (20.39s) ``` Output from acceptance testing in AWS Commercial: ``` --- PASS: TestAccAWSSSMDocument_params (32.31s) --- PASS: TestAccAWSSSMDocument_session (32.42s) --- PASS: TestAccAWSSSMDocument_permission_public (32.93s) --- PASS: TestAccAWSSSMDocument_permission_batching (33.39s) --- PASS: TestAccAWSSSMDocument_permission_private (34.12s) --- PASS: TestAccAWSSSMDocument_basic (41.99s) --- PASS: TestAccAWSSSMDocument_Name (46.45s) --- PASS: TestAccAWSSSMDocument_target_type (50.60s) --- PASS: TestAccAWSSSMDocument_SchemaVersion_1 (50.79s) --- PASS: TestAccAWSSSMDocument_update (50.97s) --- PASS: TestAccAWSSSMDocument_DocumentFormat_YAML (51.02s) --- PASS: TestAccAWSSSMDocument_automation (51.41s) --- PASS: TestAccAWSSSMDocument_VersionName (53.47s) --- PASS: TestAccAWSSSMDocument_Tags (60.30s) --- PASS: TestAccAWSSSMDocument_permission_change (63.56s) --- PASS: TestAccAWSSSMDocument_package (76.31s) ``` Output from acceptance testing in AWS GovCloud (US): ``` --- PASS: TestAccAWSSSMDocument_session (34.91s) --- PASS: TestAccAWSSSMDocument_permission_public (38.16s) --- PASS: TestAccAWSSSMDocument_permission_batching (38.82s) --- PASS: TestAccAWSSSMDocument_params (44.52s) --- PASS: TestAccAWSSSMDocument_basic (48.72s) --- PASS: TestAccAWSSSMDocument_permission_private (49.47s) --- PASS: TestAccAWSSSMDocument_automation (50.99s) --- PASS: TestAccAWSSSMDocument_target_type (52.10s) --- PASS: TestAccAWSSSMDocument_SchemaVersion_1 (52.11s) --- PASS: TestAccAWSSSMDocument_VersionName (54.82s) --- PASS: TestAccAWSSSMDocument_DocumentFormat_YAML (55.16s) --- PASS: TestAccAWSSSMDocument_Name (55.40s) --- PASS: TestAccAWSSSMDocument_update (63.46s) --- PASS: TestAccAWSSSMDocument_Tags (64.97s) --- PASS: TestAccAWSSSMDocument_permission_change (67.99s) --- PASS: TestAccAWSSSMDocument_package (78.07s) ``` --- .changelog/pending.txt | 3 +++ aws/resource_aws_ssm_document.go | 1 + aws/resource_aws_ssm_document_test.go | 33 +++++++++++++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 .changelog/pending.txt diff --git a/.changelog/pending.txt b/.changelog/pending.txt new file mode 100644 index 000000000000..0ccf958d66cc --- /dev/null +++ b/.changelog/pending.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_ssm_document: Recreate resource on `name` update +``` diff --git a/aws/resource_aws_ssm_document.go b/aws/resource_aws_ssm_document.go index 4d02a85d0c8b..1b7f84712683 100644 --- a/aws/resource_aws_ssm_document.go +++ b/aws/resource_aws_ssm_document.go @@ -38,6 +38,7 @@ func resourceAwsSsmDocument() *schema.Resource { "name": { Type: schema.TypeString, Required: true, + ForceNew: true, ValidateFunc: validateAwsSSMName, }, "attachments_source": { diff --git a/aws/resource_aws_ssm_document_test.go b/aws/resource_aws_ssm_document_test.go index f4410d0ca762..0feef954c829 100644 --- a/aws/resource_aws_ssm_document_test.go +++ b/aws/resource_aws_ssm_document_test.go @@ -42,6 +42,39 @@ func TestAccAWSSSMDocument_basic(t *testing.T) { }) } +func TestAccAWSSSMDocument_Name(t *testing.T) { + rName1 := acctest.RandomWithPrefix("tf-acc-test") + rName2 := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_ssm_document.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSSSMDocumentDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSSSMDocumentBasicConfig(rName1), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSSSMDocumentExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "name", rName1), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccAWSSSMDocumentBasicConfig(rName2), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSSSMDocumentExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "name", rName2), + ), + }, + }, + }) +} + func TestAccAWSSSMDocument_target_type(t *testing.T) { name := acctest.RandString(10) resourceName := "aws_ssm_document.test"