Merge pull request #38640 from hashicorp/b-aws_iot_provisioning_templ…

…ate.type-regression r/aws_iot_provisioning_template: Properly send `type` argument on create when configured
hashicorp · Aug 1, 2024 · 18e6a5d · 18e6a5d
2 parents d85ce41 + f33060b
commit 18e6a5d
Show file tree

Hide file tree

Showing 3 changed files with 113 additions and 44 deletions.
diff --git a/.changelog/38640.txt b/.changelog/38640.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_iot_provisioning_template: Properly send `type` argument on create when configured
+```
diff --git a/internal/service/iot/provisioning_template.go b/internal/service/iot/provisioning_template.go
@@ -153,8 +153,8 @@ func resourceProvisioningTemplateCreate(ctx context.Context, d *schema.ResourceD
 		input.TemplateBody = aws.String(v.(string))
 	}
 
-	if v, ok := d.Get(names.AttrType).(awstypes.TemplateType); ok && v != "" {
-		input.Type = v
+	if v, ok := d.Get(names.AttrType).(string); ok && v != "" {
+		input.Type = awstypes.TemplateType(v)
 	}
 
 	outputRaw, err := tfresource.RetryWhenIsA[*awstypes.InvalidRequestException](ctx, propagationTimeout,

diff --git a/internal/service/iot/provisioning_template_test.go b/internal/service/iot/provisioning_template_test.go
@@ -177,17 +177,50 @@ func TestAccIoTProvisioningTemplate_update(t *testing.T) {
 	})
 }
 
+// https://github.com/hashicorp/terraform-provider-aws/issues/38629.
+func TestAccIoTProvisioningTemplate_jitp(t *testing.T) {
+	ctx := acctest.Context(t)
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_iot_provisioning_template.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.IoTServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckProvisioningTemplateDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccProvisioningTemplateConfig_jitp(rName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckProvisioningTemplateExists(ctx, resourceName),
+					testAccCheckProvisioningTemplateNumVersions(ctx, rName, 1),
+					resource.TestCheckResourceAttrSet(resourceName, names.AttrARN),
+					resource.TestCheckResourceAttr(resourceName, names.AttrDescription, ""),
+					resource.TestCheckResourceAttr(resourceName, names.AttrEnabled, acctest.CtFalse),
+					resource.TestCheckResourceAttr(resourceName, names.AttrName, rName),
+					resource.TestCheckResourceAttr(resourceName, "pre_provisioning_hook.#", acctest.Ct0),
+					resource.TestCheckResourceAttrSet(resourceName, "provisioning_role_arn"),
+					resource.TestCheckResourceAttr(resourceName, acctest.CtTagsPercent, acctest.Ct0),
+					resource.TestCheckResourceAttrSet(resourceName, "template_body"),
+					resource.TestCheckResourceAttr(resourceName, names.AttrType, "JITP"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccCheckProvisioningTemplateExists(ctx context.Context, n string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
 		if !ok {
 			return fmt.Errorf("Not found: %s", n)
 		}
 
-		if rs.Primary.ID == "" {
-			return fmt.Errorf("No IoT Provisioning Template ID is set")
-		}
-
 		conn := acctest.Provider.Meta().(*conns.AWSClient).IoTClient(ctx)
 
 		_, err := tfiot.FindProvisioningTemplateByName(ctx, conn, rs.Primary.ID)
@@ -241,7 +274,7 @@ func testAccCheckProvisioningTemplateNumVersions(ctx context.Context, name strin
 	}
 }
 
-func testAccProvisioningTemplateBaseConfig(rName string) string {
+func testAccProvisioningTemplateConfig_base(rName string) string {
 	return fmt.Sprintf(`
 data "aws_iam_policy_document" "assume_role" {
   statement {
@@ -282,7 +315,7 @@ resource "aws_iot_policy" "test" {
 }
 
 func testAccProvisioningTemplateConfig_basic(rName string) string {
-	return acctest.ConfigCompose(testAccProvisioningTemplateBaseConfig(rName), fmt.Sprintf(`
+	return acctest.ConfigCompose(testAccProvisioningTemplateConfig_base(rName), fmt.Sprintf(`
 resource "aws_iot_provisioning_template" "test" {
   name                  = %[1]q
   provisioning_role_arn = aws_iam_role.test.arn
@@ -314,7 +347,7 @@ resource "aws_iot_provisioning_template" "test" {
 }
 
 func testAccProvisioningTemplateConfig_tags1(rName, tagKey1, tagValue1 string) string {
-	return acctest.ConfigCompose(testAccProvisioningTemplateBaseConfig(rName), fmt.Sprintf(`
+	return acctest.ConfigCompose(testAccProvisioningTemplateConfig_base(rName), fmt.Sprintf(`
 resource "aws_iot_provisioning_template" "test" {
   name                  = %[1]q
   provisioning_role_arn = aws_iam_role.test.arn
@@ -350,7 +383,7 @@ resource "aws_iot_provisioning_template" "test" {
 }
 
 func testAccProvisioningTemplateConfig_tags2(rName, tagKey1, tagValue1, tagKey2, tagValue2 string) string {
-	return acctest.ConfigCompose(testAccProvisioningTemplateBaseConfig(rName), fmt.Sprintf(`
+	return acctest.ConfigCompose(testAccProvisioningTemplateConfig_base(rName), fmt.Sprintf(`
 resource "aws_iot_provisioning_template" "test" {
   name                  = %[1]q
   provisioning_role_arn = aws_iam_role.test.arn
@@ -386,9 +419,49 @@ resource "aws_iot_provisioning_template" "test" {
 `, rName, tagKey1, tagValue1, tagKey2, tagValue2))
 }
 
+func testAccProvisioningTemplateConfig_preProvisioningHook(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_iam_role" "test2" {
+  name = "%[1]s-2"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_lambda_permission" "test" {
+  statement_id  = "AllowExecutionFromIot"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.test.arn
+  principal     = "iot.amazonaws.com"
+}
+
+resource "aws_lambda_function" "test" {
+  filename         = "test-fixtures/lambda-preprovisioninghook.zip"
+  source_code_hash = filebase64sha256("test-fixtures/lambda-preprovisioninghook.zip")
+  function_name    = %[1]q
+  role             = aws_iam_role.test2.arn
+  handler          = "lambda-preprovisioninghook.handler"
+  runtime          = "nodejs20.x"
+}
+`, rName)
+}
+
 func testAccProvisioningTemplateConfig_updated(rName string) string {
 	return acctest.ConfigCompose(
-		testAccProvisioningTemplateBaseConfig(rName),
+		testAccProvisioningTemplateConfig_base(rName),
 		testAccProvisioningTemplateConfig_preProvisioningHook(rName),
 		fmt.Sprintf(`
 resource "aws_iot_provisioning_template" "test" {
@@ -427,42 +500,35 @@ resource "aws_iot_provisioning_template" "test" {
 `, rName))
 }
 
-func testAccProvisioningTemplateConfig_preProvisioningHook(rName string) string {
-	return fmt.Sprintf(`
-resource "aws_iam_role" "test2" {
-  name = "%[1]s-2"
+func testAccProvisioningTemplateConfig_jitp(rName string) string {
+	return acctest.ConfigCompose(testAccProvisioningTemplateConfig_base(rName), fmt.Sprintf(`
+resource "aws_iot_provisioning_template" "test" {
+  name                  = %[1]q
+  provisioning_role_arn = aws_iam_role.test.arn
+  type                  = "JITP"
 
-  assume_role_policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": "sts:AssumeRole",
-      "Principal": {
-        "Service": "lambda.amazonaws.com"
-      },
-      "Effect": "Allow",
-      "Sid": ""
+  template_body = jsonencode({
+    Parameters = {
+      SerialNumber = { Type = "String" }
     }
-  ]
-}
-EOF
-}
 
-resource "aws_lambda_permission" "test" {
-  statement_id  = "AllowExecutionFromIot"
-  action        = "lambda:InvokeFunction"
-  function_name = aws_lambda_function.test.arn
-  principal     = "iot.amazonaws.com"
-}
+    Resources = {
+      certificate = {
+        Properties = {
+          CertificateId = { Ref = "AWS::IoT::Certificate::Id" }
+          Status        = "Active"
+        }
+        Type = "AWS::IoT::Certificate"
+      }
 
-resource "aws_lambda_function" "test" {
-  filename         = "test-fixtures/lambda-preprovisioninghook.zip"
-  source_code_hash = filebase64sha256("test-fixtures/lambda-preprovisioninghook.zip")
-  function_name    = %[1]q
-  role             = aws_iam_role.test2.arn
-  handler          = "lambda-preprovisioninghook.handler"
-  runtime          = "nodejs20.x"
+      policy = {
+        Properties = {
+          PolicyName = aws_iot_policy.test.name
+        }
+        Type = "AWS::IoT::Policy"
+      }
+    }
+  })
 }
-`, rName)
+`, rName))
 }