diff --git a/.changelog/32352.txt b/.changelog/32352.txt new file mode 100644 index 000000000000..2323a089913c --- /dev/null +++ b/.changelog/32352.txt @@ -0,0 +1,3 @@ +```release-note:bug +provider: Correctly handle `forbidden_account_ids` +``` diff --git a/internal/conns/config.go b/internal/conns/config.go index 66ea3f695e35..f67418a596b6 100644 --- a/internal/conns/config.go +++ b/internal/conns/config.go @@ -132,7 +132,7 @@ func (c *Config) ConfigureProvider(ctx context.Context, client *AWSClient) (*AWS } if len(c.ForbiddenAccountIds) > 0 { - for _, forbiddenAccountID := range c.AllowedAccountIds { + for _, forbiddenAccountID := range c.ForbiddenAccountIds { if accountID == forbiddenAccountID { return nil, diag.Errorf("AWS account ID not allowed: %s", accountID) } diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 013dacf080e9..f2a0e7b042e3 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -42,7 +42,6 @@ func New(ctx context.Context) (*schema.Provider, error) { Elem: &schema.Schema{Type: schema.TypeString}, Optional: true, ConflictsWith: []string{"forbidden_account_ids"}, - Set: schema.HashString, }, "assume_role": assumeRoleSchema(), "assume_role_with_web_identity": assumeRoleWithWebIdentitySchema(), @@ -87,7 +86,6 @@ func New(ctx context.Context) (*schema.Provider, error) { Elem: &schema.Schema{Type: schema.TypeString}, Optional: true, ConflictsWith: []string{"allowed_account_ids"}, - Set: schema.HashString, }, "http_proxy": { Type: schema.TypeString, @@ -106,14 +104,12 @@ func New(ctx context.Context) (*schema.Provider, error) { Type: schema.TypeSet, Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, - Set: schema.HashString, Description: "Resource tag keys to ignore across all resources.", }, "key_prefixes": { Type: schema.TypeSet, Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, - Set: schema.HashString, Description: "Resource tag key prefixes to ignore across all resources.", }, },