Merge pull request #4237 from terraform-providers/b-aws_cognito_user_…

…group-role_arn-updates resource/aws_cognito_user_group: Fix role_arn updates
hashicorp · Apr 17, 2018 · 53d19d8 · 53d19d8
2 parents 3e14f93 + 935a38e
commit 53d19d8
Show file tree

Hide file tree

Showing 2 changed files with 94 additions and 1 deletion.
diff --git a/aws/resource_aws_cognito_user_group.go b/aws/resource_aws_cognito_user_group.go
@@ -130,7 +130,7 @@ func resourceAwsCognitoUserGroupUpdate(d *schema.ResourceData, meta interface{})
 	}
 
 	if d.HasChange("role_arn") {
-		params.RoleArn = aws.String(d.Get("description").(string))
+		params.RoleArn = aws.String(d.Get("role_arn").(string))
 	}
 
 	log.Print("[DEBUG] Updating Cognito User Group")

diff --git a/aws/resource_aws_cognito_user_group_test.go b/aws/resource_aws_cognito_user_group_test.go
@@ -75,6 +75,33 @@ func TestAccAWSCognitoUserGroup_complex(t *testing.T) {
 	})
 }
 
+func TestAccAWSCognitoUserGroup_RoleArn(t *testing.T) {
+	rName := acctest.RandomWithPrefix("tf-acc")
+	resourceName := "aws_cognito_user_group.main"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCognitoUserGroupDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSCognitoUserGroupConfig_RoleArn(rName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSCognitoUserGroupExists(resourceName),
+					resource.TestCheckResourceAttrSet(resourceName, "role_arn"),
+				),
+			},
+			{
+				Config: testAccAWSCognitoUserGroupConfig_RoleArn_Updated(rName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckAWSCognitoUserGroupExists(resourceName),
+					resource.TestCheckResourceAttrSet(resourceName, "role_arn"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAWSCognitoUserGroup_importBasic(t *testing.T) {
 	resourceName := "aws_cognito_user_group.main"
 	poolName := fmt.Sprintf("tf-acc-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
@@ -218,3 +245,69 @@ resource "aws_cognito_user_group" "main" {
 }
 `, poolName, groupName, groupName, groupDescription, precedence)
 }
+
+func testAccAWSCognitoUserGroupConfig_RoleArn(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_cognito_user_pool" "main" {
+  name = "%[1]s"
+}
+
+resource "aws_iam_role" "group_role" {
+  name = "%[1]s"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Federated": "cognito-identity.amazonaws.com"
+      },
+      "Action": "sts:AssumeRoleWithWebIdentity"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_cognito_user_group" "main" {
+  name         = "%[1]s"
+  user_pool_id = "${aws_cognito_user_pool.main.id}"
+  role_arn     = "${aws_iam_role.group_role.arn}"
+}
+`, rName)
+}
+
+func testAccAWSCognitoUserGroupConfig_RoleArn_Updated(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_cognito_user_pool" "main" {
+  name = "%[1]s"
+}
+
+resource "aws_iam_role" "group_role_updated" {
+  name = "%[1]s-updated"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Federated": "cognito-identity.amazonaws.com"
+      },
+      "Action": "sts:AssumeRoleWithWebIdentity"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_cognito_user_group" "main" {
+  name         = "%[1]s"
+  user_pool_id = "${aws_cognito_user_pool.main.id}"
+  role_arn     = "${aws_iam_role.group_role_updated.arn}"
+}
+`, rName)
+}