From 5fd8f9f827499aebbab3221cb7bfaed1e67ed209 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 9 Jan 2023 18:17:04 -0500 Subject: [PATCH 1/4] iam: Improve diff handling for policies --- internal/service/iam/role.go | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/internal/service/iam/role.go b/internal/service/iam/role.go index 2b24c195e807..57832856b771 100644 --- a/internal/service/iam/role.go +++ b/internal/service/iam/role.go @@ -45,10 +45,11 @@ func ResourceRole() *schema.Resource { Computed: true, }, "assume_role_policy": { - Type: schema.TypeString, - Required: true, - ValidateFunc: validation.StringIsJSON, - DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringIsJSON, + DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + DiffSuppressOnRefresh: true, StateFunc: func(v interface{}) string { json, _ := structure.NormalizeJsonString(v) return json @@ -87,10 +88,11 @@ func ResourceRole() *schema.Resource { ), }, "policy": { - Type: schema.TypeString, - Optional: true, // semantically required but syntactically optional to allow empty inline_policy - ValidateFunc: verify.ValidIAMPolicyJSON, - DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + Type: schema.TypeString, + Optional: true, // semantically required but syntactically optional to allow empty inline_policy + ValidateFunc: verify.ValidIAMPolicyJSON, + DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + DiffSuppressOnRefresh: true, }, }, }, From 9d77330bf364b619f19ba85dd9761e35ec4fd957 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 9 Jan 2023 18:19:32 -0500 Subject: [PATCH 2/4] iam: Improve diff handling for policies --- .changelog/28777.txt | 3 +++ internal/service/iam/group_policy.go | 9 +++++---- internal/service/iam/policy.go | 9 +++++---- internal/service/iam/role_policy.go | 9 +++++---- internal/service/iam/user_policy.go | 9 +++++---- 5 files changed, 23 insertions(+), 16 deletions(-) create mode 100644 .changelog/28777.txt diff --git a/.changelog/28777.txt b/.changelog/28777.txt new file mode 100644 index 000000000000..fb869aa3bbdd --- /dev/null +++ b/.changelog/28777.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_iam_role: Improve refresh to avoid unneccessary diffs in `assume_role_policy` +``` \ No newline at end of file diff --git a/internal/service/iam/group_policy.go b/internal/service/iam/group_policy.go index 44b5cfc5d7cf..261b70a6ebdc 100644 --- a/internal/service/iam/group_policy.go +++ b/internal/service/iam/group_policy.go @@ -31,10 +31,11 @@ func ResourceGroupPolicy() *schema.Resource { Schema: map[string]*schema.Schema{ "policy": { - Type: schema.TypeString, - Required: true, - ValidateFunc: verify.ValidIAMPolicyJSON, - DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidIAMPolicyJSON, + DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + DiffSuppressOnRefresh: true, }, "name": { Type: schema.TypeString, diff --git a/internal/service/iam/policy.go b/internal/service/iam/policy.go index cfbe599efc72..fc3773838f9b 100644 --- a/internal/service/iam/policy.go +++ b/internal/service/iam/policy.go @@ -45,10 +45,11 @@ func ResourcePolicy() *schema.Resource { ForceNew: true, }, "policy": { - Type: schema.TypeString, - Required: true, - ValidateFunc: verify.ValidIAMPolicyJSON, - DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidIAMPolicyJSON, + DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + DiffSuppressOnRefresh: true, }, "name": { Type: schema.TypeString, diff --git a/internal/service/iam/role_policy.go b/internal/service/iam/role_policy.go index a9fa2baa1d56..e1fd1431a492 100644 --- a/internal/service/iam/role_policy.go +++ b/internal/service/iam/role_policy.go @@ -35,10 +35,11 @@ func ResourceRolePolicy() *schema.Resource { Schema: map[string]*schema.Schema{ "policy": { - Type: schema.TypeString, - Required: true, - ValidateFunc: verify.ValidIAMPolicyJSON, - DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidIAMPolicyJSON, + DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + DiffSuppressOnRefresh: true, }, "name": { Type: schema.TypeString, diff --git a/internal/service/iam/user_policy.go b/internal/service/iam/user_policy.go index cbb228c069a2..295a65036695 100644 --- a/internal/service/iam/user_policy.go +++ b/internal/service/iam/user_policy.go @@ -30,10 +30,11 @@ func ResourceUserPolicy() *schema.Resource { Schema: map[string]*schema.Schema{ "policy": { - Type: schema.TypeString, - Required: true, - ValidateFunc: verify.ValidIAMPolicyJSON, - DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidIAMPolicyJSON, + DiffSuppressFunc: verify.SuppressEquivalentPolicyDiffs, + DiffSuppressOnRefresh: true, }, "name": { Type: schema.TypeString, From ad08f013fe118e5e3f57270014b47affc0adab11 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 9 Jan 2023 18:21:53 -0500 Subject: [PATCH 3/4] Update changelog --- .changelog/28777.txt | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/.changelog/28777.txt b/.changelog/28777.txt index fb869aa3bbdd..9f0ca3067e1d 100644 --- a/.changelog/28777.txt +++ b/.changelog/28777.txt @@ -1,3 +1,19 @@ ```release-note:bug -resource/aws_iam_role: Improve refresh to avoid unneccessary diffs in `assume_role_policy` -``` \ No newline at end of file +resource/aws_iam_role: Improve refresh to avoid unneccessary diffs in `assume_role_policy` and `inline_policy` `policy` +``` + +```release-note:bug +resource/aws_iam_group_policy: Improve refresh to avoid unneccessary diffs in `policy` +``` + +```release-note:bug +resource/aws_iam_policy: Improve refresh to avoid unneccessary diffs in `policy` +``` + +```release-note:bug +resource/aws_iam_role_policy: Improve refresh to avoid unneccessary diffs in `policy` +``` + +```release-note:bug +resource/aws_iam_user_policy: Improve refresh to avoid unneccessary diffs in `policy` +``` From 6edffac001d1d7602c9867c62f254fc2d14d6598 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Mon, 9 Jan 2023 18:27:57 -0500 Subject: [PATCH 4/4] changelog spelling --- .changelog/28777.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.changelog/28777.txt b/.changelog/28777.txt index 9f0ca3067e1d..5d97e1315d83 100644 --- a/.changelog/28777.txt +++ b/.changelog/28777.txt @@ -1,19 +1,19 @@ ```release-note:bug -resource/aws_iam_role: Improve refresh to avoid unneccessary diffs in `assume_role_policy` and `inline_policy` `policy` +resource/aws_iam_role: Improve refresh to avoid unnecessary diffs in `assume_role_policy` and `inline_policy` `policy` ``` ```release-note:bug -resource/aws_iam_group_policy: Improve refresh to avoid unneccessary diffs in `policy` +resource/aws_iam_group_policy: Improve refresh to avoid unnecessary diffs in `policy` ``` ```release-note:bug -resource/aws_iam_policy: Improve refresh to avoid unneccessary diffs in `policy` +resource/aws_iam_policy: Improve refresh to avoid unnecessary diffs in `policy` ``` ```release-note:bug -resource/aws_iam_role_policy: Improve refresh to avoid unneccessary diffs in `policy` +resource/aws_iam_role_policy: Improve refresh to avoid unnecessary diffs in `policy` ``` ```release-note:bug -resource/aws_iam_user_policy: Improve refresh to avoid unneccessary diffs in `policy` +resource/aws_iam_user_policy: Improve refresh to avoid unnecessary diffs in `policy` ```