New Resource: aws_accessanalyzer_analyzer (#11169)

Reference: #11102 Output from acceptance testing: ``` --- PASS: TestAccAWSAccessAnalyzer (62.76s) --- PASS: TestAccAWSAccessAnalyzer/Analyzer (62.76s) --- PASS: TestAccAWSAccessAnalyzer/Analyzer/disappears (12.93s) --- PASS: TestAccAWSAccessAnalyzer/Analyzer/Tags (34.06s) --- PASS: TestAccAWSAccessAnalyzer/Analyzer/basic (15.77s) ```
hashicorp · Dec 18, 2019 · 3845ea4 · 3845ea4
1 parent 634d7d7
commit 3845ea4
Show file tree

Hide file tree

Showing 6 changed files with 463 additions and 0 deletions.
diff --git a/aws/provider.go b/aws/provider.go
@@ -315,6 +315,7 @@ func Provider() terraform.ResourceProvider {
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
+			"aws_accessanalyzer_analyzer":                             resourceAwsAccessAnalyzerAnalyzer(),
 			"aws_acm_certificate":                                     resourceAwsAcmCertificate(),
 			"aws_acm_certificate_validation":                          resourceAwsAcmCertificateValidation(),
 			"aws_acmpca_certificate_authority":                        resourceAwsAcmpcaCertificateAuthority(),

diff --git a/aws/resource_aws_accessanalyzer_analyzer.go b/aws/resource_aws_accessanalyzer_analyzer.go
@@ -0,0 +1,138 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/accessanalyzer"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
+)
+
+func resourceAwsAccessAnalyzerAnalyzer() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsAccessAnalyzerAnalyzerCreate,
+		Read:   resourceAwsAccessAnalyzerAnalyzerRead,
+		Update: resourceAwsAccessAnalyzerAnalyzerUpdate,
+		Delete: resourceAwsAccessAnalyzerAnalyzerDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"analyzer_name": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validation.NoZeroValues,
+			},
+			"arn": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"tags": tagsSchema(),
+			"type": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  accessanalyzer.TypeAccount,
+				ValidateFunc: validation.StringInSlice([]string{
+					accessanalyzer.TypeAccount,
+				}, false),
+			},
+		},
+	}
+}
+
+func resourceAwsAccessAnalyzerAnalyzerCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).accessanalyzerconn
+	analyzerName := d.Get("analyzer_name").(string)
+
+	input := &accessanalyzer.CreateAnalyzerInput{
+		AnalyzerName: aws.String(analyzerName),
+		ClientToken:  aws.String(resource.UniqueId()),
+		Tags:         keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().AccessanalyzerTags(),
+		Type:         aws.String(d.Get("type").(string)),
+	}
+
+	_, err := conn.CreateAnalyzer(input)
+
+	if err != nil {
+		return fmt.Errorf("error creating Access Analyzer Analyzer (%s): %s", analyzerName, err)
+	}
+
+	d.SetId(analyzerName)
+
+	return resourceAwsAccessAnalyzerAnalyzerRead(d, meta)
+}
+
+func resourceAwsAccessAnalyzerAnalyzerRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).accessanalyzerconn
+
+	input := &accessanalyzer.GetAnalyzerInput{
+		AnalyzerName: aws.String(d.Id()),
+	}
+
+	output, err := conn.GetAnalyzer(input)
+
+	if isAWSErr(err, accessanalyzer.ErrCodeResourceNotFoundException, "") {
+		log.Printf("[WARN] Access Analyzer Analyzer (%s) not found, removing from state", d.Id())
+		d.SetId("")
+		return nil
+	}
+
+	if err != nil {
+		return fmt.Errorf("error getting Access Analyzer Analyzer (%s): %s", d.Id(), err)
+	}
+
+	if output == nil || output.Analyzer == nil {
+		return fmt.Errorf("error getting Access Analyzer Analyzer (%s): empty response", d.Id())
+	}
+
+	d.Set("analyzer_name", output.Analyzer.Name)
+	d.Set("arn", output.Analyzer.Arn)
+
+	if err := d.Set("tags", keyvaluetags.AccessanalyzerKeyValueTags(output.Analyzer.Tags).IgnoreAws().Map()); err != nil {
+		return fmt.Errorf("error setting tags: %s", err)
+	}
+
+	d.Set("type", output.Analyzer.Type)
+
+	return nil
+}
+
+func resourceAwsAccessAnalyzerAnalyzerUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).accessanalyzerconn
+
+	if d.HasChange("tags") {
+		o, n := d.GetChange("tags")
+		if err := keyvaluetags.AccessanalyzerUpdateTags(conn, d.Get("arn").(string), o, n); err != nil {
+			return fmt.Errorf("error updating Access Analyzer Analyzer (%s) tags: %s", d.Id(), err)
+		}
+	}
+
+	return resourceAwsAccessAnalyzerAnalyzerRead(d, meta)
+}
+
+func resourceAwsAccessAnalyzerAnalyzerDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).accessanalyzerconn
+
+	input := &accessanalyzer.DeleteAnalyzerInput{
+		AnalyzerName: aws.String(d.Id()),
+		ClientToken:  aws.String(resource.UniqueId()),
+	}
+
+	_, err := conn.DeleteAnalyzer(input)
+
+	if isAWSErr(err, accessanalyzer.ErrCodeResourceNotFoundException, "") {
+		return nil
+	}
+
+	if err != nil {
+		return fmt.Errorf("error deleting Access Analyzer Analyzer (%s): %s", d.Id(), err)
+	}
+
+	return nil
+}
diff --git a/aws/resource_aws_accessanalyzer_analyzer_test.go b/aws/resource_aws_accessanalyzer_analyzer_test.go
@@ -0,0 +1,220 @@
+package aws
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/accessanalyzer"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+)
+
+// This test can be run via the pattern: TestAccAWSAccessAnalyzer
+func testAccAWSAccessAnalyzerAnalyzer_basic(t *testing.T) {
+	var analyzer accessanalyzer.AnalyzerSummary
+
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "aws_accessanalyzer_analyzer.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t); testAccPreCheckAWSAccessAnalyzer(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAccessAnalyzerAnalyzerDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSAccessAnalyzerAnalyzerConfigAnalyzerName(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAccessAnalyzerAnalyzerExists(resourceName, &analyzer),
+					resource.TestCheckResourceAttr(resourceName, "analyzer_name", rName),
+					testAccCheckResourceAttrRegionalARN(resourceName, "arn", "access-analyzer", fmt.Sprintf("analyzer/%s", rName)),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
+					resource.TestCheckResourceAttr(resourceName, "type", accessanalyzer.TypeAccount),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+// This test can be run via the pattern: TestAccAWSAccessAnalyzer
+func testAccAWSAccessAnalyzerAnalyzer_disappears(t *testing.T) {
+	var analyzer accessanalyzer.AnalyzerSummary
+
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "aws_accessanalyzer_analyzer.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t); testAccPreCheckAWSAccessAnalyzer(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAccessAnalyzerAnalyzerDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSAccessAnalyzerAnalyzerConfigAnalyzerName(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAccessAnalyzerAnalyzerExists(resourceName, &analyzer),
+					testAccCheckAwsAccessAnalyzerAnalyzerDisappears(&analyzer),
+				),
+				ExpectNonEmptyPlan: true,
+			},
+		},
+	})
+}
+
+// This test can be run via the pattern: TestAccAWSAccessAnalyzer
+func testAccAWSAccessAnalyzerAnalyzer_Tags(t *testing.T) {
+	var analyzer accessanalyzer.AnalyzerSummary
+
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "aws_accessanalyzer_analyzer.test"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t); testAccPreCheckAWSAccessAnalyzer(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAccessAnalyzerAnalyzerDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSAccessAnalyzerAnalyzerConfigTags1(rName, "key1", "value1"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAccessAnalyzerAnalyzerExists(resourceName, &analyzer),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
+					resource.TestCheckResourceAttr(resourceName, "tags.key1", "value1"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccAWSAccessAnalyzerAnalyzerConfigTags2(rName, "key1", "value1updated", "key2", "value2"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAccessAnalyzerAnalyzerExists(resourceName, &analyzer),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "2"),
+					resource.TestCheckResourceAttr(resourceName, "tags.key1", "value1updated"),
+					resource.TestCheckResourceAttr(resourceName, "tags.key2", "value2"),
+				),
+			},
+			{
+				Config: testAccAWSAccessAnalyzerAnalyzerConfigTags1(rName, "key2", "value2"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsAccessAnalyzerAnalyzerExists(resourceName, &analyzer),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
+					resource.TestCheckResourceAttr(resourceName, "tags.key2", "value2"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckAccessAnalyzerAnalyzerDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*AWSClient).accessanalyzerconn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_accessanalyzer_analyzer" {
+			continue
+		}
+
+		input := &accessanalyzer.GetAnalyzerInput{
+			AnalyzerName: aws.String(rs.Primary.ID),
+		}
+
+		output, err := conn.GetAnalyzer(input)
+
+		if isAWSErr(err, accessanalyzer.ErrCodeResourceNotFoundException, "") {
+			continue
+		}
+
+		if err != nil {
+			return err
+		}
+
+		if output != nil {
+			return fmt.Errorf("Access Analyzer Analyzer (%s) still exists", rs.Primary.ID)
+		}
+	}
+
+	return nil
+
+}
+
+func testAccCheckAwsAccessAnalyzerAnalyzerDisappears(analyzer *accessanalyzer.AnalyzerSummary) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		conn := testAccProvider.Meta().(*AWSClient).accessanalyzerconn
+
+		input := &accessanalyzer.DeleteAnalyzerInput{
+			AnalyzerName: analyzer.Name,
+		}
+
+		_, err := conn.DeleteAnalyzer(input)
+
+		return err
+	}
+}
+
+func testAccCheckAwsAccessAnalyzerAnalyzerExists(resourceName string, analyzer *accessanalyzer.AnalyzerSummary) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("Resource not found: %s", resourceName)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("Resource (%s) ID not set", resourceName)
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).accessanalyzerconn
+
+		input := &accessanalyzer.GetAnalyzerInput{
+			AnalyzerName: aws.String(rs.Primary.ID),
+		}
+
+		output, err := conn.GetAnalyzer(input)
+
+		if err != nil {
+			return err
+		}
+
+		*analyzer = *output.Analyzer
+
+		return nil
+	}
+}
+
+func testAccAWSAccessAnalyzerAnalyzerConfigAnalyzerName(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_accessanalyzer_analyzer" "test" {
+  analyzer_name = %[1]q
+}
+`, rName)
+}
+
+func testAccAWSAccessAnalyzerAnalyzerConfigTags1(rName, tagKey1, tagValue1 string) string {
+	return fmt.Sprintf(`
+resource "aws_accessanalyzer_analyzer" "test" {
+  analyzer_name = %[1]q
+
+  tags = {
+    %[2]q = %[3]q
+  }
+}
+`, rName, tagKey1, tagValue1)
+}
+
+func testAccAWSAccessAnalyzerAnalyzerConfigTags2(rName, tagKey1, tagValue1, tagKey2, tagValue2 string) string {
+	return fmt.Sprintf(`
+resource "aws_accessanalyzer_analyzer" "test" {
+  analyzer_name = %[1]q
+
+  tags = {
+    %[2]q = %[3]q
+    %[4]q = %[5]q
+  }
+}
+`, rName, tagKey1, tagValue1, tagKey2, tagValue2)
+}