Skip to content

Commit 3432040

Browse files
authored
Fix polaris_aws_cnp_permissions id (#208)
The data source's id was accidentally calculated for the complete set of role keys and not just the specified role key.
1 parent 9eabb2d commit 3432040

File tree

5 files changed

+24
-15
lines changed

5 files changed

+24
-15
lines changed

docs/guides/changelog.md

+4
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@ page_title: "Changelog"
44

55
# Changelog
66

7+
## v0.10.0-beta.9
8+
* Fix a bug in the `polaris_aws_cnp_permissions` data source where the data source's id was accidentally calculated for
9+
the complete set of role keys and not just the specified role key.
10+
711
## v0.10.0-beta.8
812
* Add the `permissions` field to the `polaris_aws_cnp_account_attachments` resource. The `permissions` field should be
913
used with the `id` field of the `polaris_aws_cnp_permissions` data source to trigger an update of the resource

docs/resources/aws_cnp_account_attachments.md

+3-2
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,9 @@ resource "polaris_aws_cnp_account_attachments" "attachments" {
3838
dynamic "role" {
3939
for_each = aws_iam_role.role
4040
content {
41-
key = role.key
42-
arn = role.value["arn"]
41+
key = role.key
42+
arn = role.value["arn"]
43+
permissions = data.polaris_aws_cnp_permissions.permissions[role.key].id
4344
}
4445
}
4546
}

examples/resources/polaris_aws_cnp_account_attachments/resource.tf

+3-2
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,9 @@ resource "polaris_aws_cnp_account_attachments" "attachments" {
1616
dynamic "role" {
1717
for_each = aws_iam_role.role
1818
content {
19-
key = role.key
20-
arn = role.value["arn"]
19+
key = role.key
20+
arn = role.value["arn"]
21+
permissions = data.polaris_aws_cnp_permissions.permissions[role.key].id
2122
}
2223
}
2324
}

internal/provider/data_source_aws_cnp_permissions.go

+10-11
Original file line numberDiff line numberDiff line change
@@ -171,6 +171,10 @@ func awsPermissionsRead(ctx context.Context, d *schema.ResourceData, m interface
171171
return diag.FromErr(err)
172172
}
173173

174+
// The hash is created from customer managed policies and managed policies
175+
// matching the role key.
176+
hash := sha256.New()
177+
174178
var customerPoliciesAttr []map[string]string
175179
for _, policy := range customerPolicies {
176180
if roleKey == policy.Artifact {
@@ -179,6 +183,10 @@ func awsPermissionsRead(ctx context.Context, d *schema.ResourceData, m interface
179183
keyName: policy.Name,
180184
keyPolicy: policy.Policy,
181185
})
186+
hash.Write([]byte(policy.Artifact))
187+
hash.Write([]byte(policy.Feature.Name))
188+
hash.Write([]byte(policy.Name))
189+
hash.Write([]byte(policy.Policy))
182190
}
183191
}
184192
if err := d.Set(keyCustomerManagedPolicies, customerPoliciesAttr); err != nil {
@@ -189,23 +197,14 @@ func awsPermissionsRead(ctx context.Context, d *schema.ResourceData, m interface
189197
for _, policy := range managedPolicies {
190198
if roleKey == policy.Artifact {
191199
managedPoliciesAttr = append(managedPoliciesAttr, policy.Name)
200+
hash.Write([]byte(policy.Artifact))
201+
hash.Write([]byte(policy.Name))
192202
}
193203
}
194204
if err := d.Set(keyManagedPolicies, managedPoliciesAttr); err != nil {
195205
return diag.FromErr(err)
196206
}
197207

198-
hash := sha256.New()
199-
for _, policy := range customerPolicies {
200-
hash.Write([]byte(policy.Artifact))
201-
hash.Write([]byte(policy.Feature.Name))
202-
hash.Write([]byte(policy.Name))
203-
hash.Write([]byte(policy.Policy))
204-
}
205-
for _, policy := range managedPolicies {
206-
hash.Write([]byte(policy.Artifact))
207-
hash.Write([]byte(policy.Name))
208-
}
209208
d.SetId(fmt.Sprintf("%x", hash.Sum(nil)))
210209

211210
return nil

templates/guides/changelog.md.tmpl

+4
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,10 @@ page_title: "Changelog"
44

55
# Changelog
66

7+
## v0.10.0-beta.9
8+
* Fix a bug in the `polaris_aws_cnp_permissions` data source where the data source's id was accidentally calculated for
9+
the complete set of role keys and not just the specified role key.
10+
711
## v0.10.0-beta.8
812
* Add the `permissions` field to the `polaris_aws_cnp_account_attachments` resource. The `permissions` field should be
913
used with the `id` field of the `polaris_aws_cnp_permissions` data source to trigger an update of the resource

0 commit comments

Comments
 (0)