From e1c4194dea92a9e2bd7364254a8c0b8192d756a7 Mon Sep 17 00:00:00 2001 From: Christopher Elkins Date: Tue, 16 May 2017 01:55:42 -0700 Subject: [PATCH] Propagate AWS CodePipeline action roles (#14263) * Propagate AWS CodePipeline action roles * Add acceptance test for AWS CodePipeline action roles * Isolate AWS CodePipeline service role acceptance test --- .../aws/resource_aws_codepipeline.go | 8 + .../aws/resource_aws_codepipeline_test.go | 214 ++++++++++++++++++ 2 files changed, 222 insertions(+) diff --git a/builtin/providers/aws/resource_aws_codepipeline.go b/builtin/providers/aws/resource_aws_codepipeline.go index 9f7e1d6234..29866cb191 100644 --- a/builtin/providers/aws/resource_aws_codepipeline.go +++ b/builtin/providers/aws/resource_aws_codepipeline.go @@ -337,6 +337,10 @@ func expandAwsCodePipelineActions(s []interface{}) []*codepipeline.ActionDeclara action.InputArtifacts = inputArtifacts } + ra := data["role_arn"].(string) + if ra != "" { + action.RoleArn = aws.String(ra) + } ro := data["run_order"].(int) if ro > 0 { action.RunOrder = aws.Int64(int64(ro)) @@ -374,6 +378,10 @@ func flattenAwsCodePipelineStageActions(actions []*codepipeline.ActionDeclaratio values["input_artifacts"] = flattenAwsCodePipelineActionsInputArtifacts(action.InputArtifacts) } + if action.RoleArn != nil { + values["role_arn"] = *action.RoleArn + } + if action.RunOrder != nil { values["run_order"] = int(*action.RunOrder) } diff --git a/builtin/providers/aws/resource_aws_codepipeline_test.go b/builtin/providers/aws/resource_aws_codepipeline_test.go index e9b068435a..a377f5ac7c 100644 --- a/builtin/providers/aws/resource_aws_codepipeline_test.go +++ b/builtin/providers/aws/resource_aws_codepipeline_test.go @@ -3,6 +3,7 @@ package aws import ( "fmt" "os" + "regexp" "testing" "github.com/aws/aws-sdk-go/aws" @@ -46,6 +47,33 @@ func TestAccAWSCodePipeline_basic(t *testing.T) { }) } +func TestAccAWSCodePipeline_deployWithServiceRole(t *testing.T) { + if os.Getenv("GITHUB_TOKEN") == "" { + t.Skip("Environment variable GITHUB_TOKEN is not set") + } + + name := acctest.RandString(10) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSCodePipelineDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSCodePipelineConfig_deployWithServiceRole(name), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSCodePipelineExists("aws_codepipeline.bar"), + resource.TestCheckResourceAttr("aws_codepipeline.bar", "stage.2.name", "Deploy"), + resource.TestCheckResourceAttr("aws_codepipeline.bar", "stage.2.action.0.category", "Deploy"), + resource.TestMatchResourceAttr( + "aws_codepipeline.bar", "stage.2.action.0.role_arn", + regexp.MustCompile("^arn:aws:iam::[0-9]{12}:role/codepipeline-action-role.*")), + ), + }, + }, + }) +} + func testAccCheckAWSCodePipelineExists(n string) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[n] @@ -314,3 +342,189 @@ resource "aws_codepipeline" "bar" { } `, rName, rName, rName) } + +func testAccAWSCodePipelineConfig_deployWithServiceRole(rName string) string { + return fmt.Sprintf(` +resource "aws_s3_bucket" "foo" { + bucket = "tf-test-pipeline-%s" + acl = "private" +} + +resource "aws_iam_role" "codepipeline_role" { + name = "codepipeline-role-%s" + + assume_role_policy = <