Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS Systems Manager resources: Add support for resource tags #8426

Merged
merged 9 commits into from
May 1, 2019
Merged

AWS Systems Manager resources: Add support for resource tags #8426

merged 9 commits into from
May 1, 2019

Conversation

kmoe
Copy link
Member

@kmoe kmoe commented Apr 24, 2019

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" comments, they generate extra noise for pull request followers and do not help prioritize the request

Fixes #7673

Changes proposed in this pull request:

  • Support adding and updating tags wherever possible for SSM Activations, Parameters, Maintenance Windows, Patch Baselines, and Documents

Output from acceptance testing:

$  make testacc TEST=./aws TESTARGS='"-run=TestAccAWSSSM(Parameter|Document|MaintenanceWindow|Activation|PatchBaseline)"'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -parallel 20 "-run=TestAccAWSSSM(Parameter|Document|MaintenanceWindow|Activation|PatchBaseline)" -timeout 120m
=== RUN   TestAccAWSSSMActivation_basic
=== PAUSE TestAccAWSSSMActivation_basic
=== RUN   TestAccAWSSSMActivation_expirationDate
=== PAUSE TestAccAWSSSMActivation_expirationDate
=== RUN   TestAccAWSSSMDocument_basic
=== PAUSE TestAccAWSSSMDocument_basic
=== RUN   TestAccAWSSSMDocument_update
=== PAUSE TestAccAWSSSMDocument_update
=== RUN   TestAccAWSSSMDocument_permission_public
=== PAUSE TestAccAWSSSMDocument_permission_public
=== RUN   TestAccAWSSSMDocument_permission_private
=== PAUSE TestAccAWSSSMDocument_permission_private
=== RUN   TestAccAWSSSMDocument_permission_batching
=== PAUSE TestAccAWSSSMDocument_permission_batching
=== RUN   TestAccAWSSSMDocument_permission_change
=== PAUSE TestAccAWSSSMDocument_permission_change
=== RUN   TestAccAWSSSMDocument_params
=== PAUSE TestAccAWSSSMDocument_params
=== RUN   TestAccAWSSSMDocument_automation
=== PAUSE TestAccAWSSSMDocument_automation
=== RUN   TestAccAWSSSMDocument_session
=== PAUSE TestAccAWSSSMDocument_session
=== RUN   TestAccAWSSSMDocument_DocumentFormat_YAML
=== PAUSE TestAccAWSSSMDocument_DocumentFormat_YAML
=== RUN   TestAccAWSSSMDocument_Tags
=== PAUSE TestAccAWSSSMDocument_Tags
=== RUN   TestAccAWSSSMMaintenanceWindowTarget_basic
=== PAUSE TestAccAWSSSMMaintenanceWindowTarget_basic
=== RUN   TestAccAWSSSMMaintenanceWindowTarget_update
=== PAUSE TestAccAWSSSMMaintenanceWindowTarget_update
=== RUN   TestAccAWSSSMMaintenanceWindowTask_basic
=== PAUSE TestAccAWSSSMMaintenanceWindowTask_basic
=== RUN   TestAccAWSSSMMaintenanceWindowTask_updateForcesNewResource
=== PAUSE TestAccAWSSSMMaintenanceWindowTask_updateForcesNewResource
=== RUN   TestAccAWSSSMMaintenanceWindow_basic
=== PAUSE TestAccAWSSSMMaintenanceWindow_basic
=== RUN   TestAccAWSSSMMaintenanceWindow_tags
=== PAUSE TestAccAWSSSMMaintenanceWindow_tags
=== RUN   TestAccAWSSSMMaintenanceWindow_disappears
=== PAUSE TestAccAWSSSMMaintenanceWindow_disappears
=== RUN   TestAccAWSSSMMaintenanceWindow_multipleUpdates
=== PAUSE TestAccAWSSSMMaintenanceWindow_multipleUpdates
=== RUN   TestAccAWSSSMMaintenanceWindow_Cutoff
=== PAUSE TestAccAWSSSMMaintenanceWindow_Cutoff
=== RUN   TestAccAWSSSMMaintenanceWindow_Duration
=== PAUSE TestAccAWSSSMMaintenanceWindow_Duration
=== RUN   TestAccAWSSSMMaintenanceWindow_Enabled
=== PAUSE TestAccAWSSSMMaintenanceWindow_Enabled
=== RUN   TestAccAWSSSMMaintenanceWindow_EndDate
=== PAUSE TestAccAWSSSMMaintenanceWindow_EndDate
=== RUN   TestAccAWSSSMMaintenanceWindow_Schedule
=== PAUSE TestAccAWSSSMMaintenanceWindow_Schedule
=== RUN   TestAccAWSSSMMaintenanceWindow_ScheduleTimezone
=== PAUSE TestAccAWSSSMMaintenanceWindow_ScheduleTimezone
=== RUN   TestAccAWSSSMMaintenanceWindow_StartDate
=== PAUSE TestAccAWSSSMMaintenanceWindow_StartDate
=== RUN   TestAccAWSSSMParameter_importBasic
=== PAUSE TestAccAWSSSMParameter_importBasic
=== RUN   TestAccAWSSSMParameter_basic
=== PAUSE TestAccAWSSSMParameter_basic
=== RUN   TestAccAWSSSMParameter_disappears
=== PAUSE TestAccAWSSSMParameter_disappears
=== RUN   TestAccAWSSSMParameter_overwrite
=== PAUSE TestAccAWSSSMParameter_overwrite
=== RUN   TestAccAWSSSMParameter_updateTags
=== PAUSE TestAccAWSSSMParameter_updateTags
=== RUN   TestAccAWSSSMParameter_updateDescription
=== PAUSE TestAccAWSSSMParameter_updateDescription
=== RUN   TestAccAWSSSMParameter_changeNameForcesNew
=== PAUSE TestAccAWSSSMParameter_changeNameForcesNew
=== RUN   TestAccAWSSSMParameter_fullPath
=== PAUSE TestAccAWSSSMParameter_fullPath
=== RUN   TestAccAWSSSMParameter_secure
=== PAUSE TestAccAWSSSMParameter_secure
=== RUN   TestAccAWSSSMParameter_secure_with_key
=== PAUSE TestAccAWSSSMParameter_secure_with_key
=== RUN   TestAccAWSSSMParameter_secure_keyUpdate
=== PAUSE TestAccAWSSSMParameter_secure_keyUpdate
=== RUN   TestAccAWSSSMPatchBaseline_basic
=== PAUSE TestAccAWSSSMPatchBaseline_basic
=== RUN   TestAccAWSSSMPatchBaseline_disappears
=== PAUSE TestAccAWSSSMPatchBaseline_disappears
=== RUN   TestAccAWSSSMPatchBaseline_OperatingSystem
=== PAUSE TestAccAWSSSMPatchBaseline_OperatingSystem
=== CONT  TestAccAWSSSMActivation_basic
=== CONT  TestAccAWSSSMMaintenanceWindow_Duration
=== CONT  TestAccAWSSSMParameter_updateDescription
=== CONT  TestAccAWSSSMParameter_secure_keyUpdate
=== CONT  TestAccAWSSSMPatchBaseline_OperatingSystem
=== CONT  TestAccAWSSSMPatchBaseline_disappears
=== CONT  TestAccAWSSSMPatchBaseline_basic
=== CONT  TestAccAWSSSMDocument_DocumentFormat_YAML
=== CONT  TestAccAWSSSMMaintenanceWindow_Cutoff
=== CONT  TestAccAWSSSMMaintenanceWindow_multipleUpdates
=== CONT  TestAccAWSSSMMaintenanceWindow_disappears
=== CONT  TestAccAWSSSMMaintenanceWindow_tags
=== CONT  TestAccAWSSSMMaintenanceWindow_basic
=== CONT  TestAccAWSSSMMaintenanceWindowTask_updateForcesNewResource
=== CONT  TestAccAWSSSMParameter_secure
=== CONT  TestAccAWSSSMParameter_secure_with_key
=== CONT  TestAccAWSSSMDocument_permission_batching
=== CONT  TestAccAWSSSMDocument_session
=== CONT  TestAccAWSSSMDocument_automation
=== CONT  TestAccAWSSSMDocument_params
--- FAIL: TestAccAWSSSMDocument_automation (3.01s)
    testing.go:568: Step 0 error: config is invalid: 2 problems:
        
        - "roles": [DEPRECATED] Use `role` instead. Only a single role can be passed to an IAM Instance Profile
        - Missing required argument: The argument "owners" is required, but no definition was found.
=== CONT  TestAccAWSSSMDocument_permission_change
--- PASS: TestAccAWSSSMPatchBaseline_disappears (18.86s)
=== CONT  TestAccAWSSSMParameter_changeNameForcesNew
--- PASS: TestAccAWSSSMMaintenanceWindow_disappears (19.04s)
=== CONT  TestAccAWSSSMDocument_update
--- PASS: TestAccAWSSSMMaintenanceWindow_basic (31.23s)
=== CONT  TestAccAWSSSMDocument_permission_private
--- PASS: TestAccAWSSSMDocument_permission_batching (31.35s)
=== CONT  TestAccAWSSSMDocument_permission_public
--- PASS: TestAccAWSSSMActivation_basic (35.06s)
=== CONT  TestAccAWSSSMDocument_basic
--- PASS: TestAccAWSSSMDocument_session (36.16s)
=== CONT  TestAccAWSSSMParameter_fullPath
--- PASS: TestAccAWSSSMMaintenanceWindow_tags (46.18s)
=== CONT  TestAccAWSSSMMaintenanceWindowTarget_basic
--- PASS: TestAccAWSSSMMaintenanceWindow_Cutoff (46.60s)
=== CONT  TestAccAWSSSMMaintenanceWindowTarget_update
--- PASS: TestAccAWSSSMMaintenanceWindow_Duration (47.44s)
=== CONT  TestAccAWSSSMDocument_Tags
--- PASS: TestAccAWSSSMParameter_secure (47.98s)
=== CONT  TestAccAWSSSMParameter_importBasic
--- PASS: TestAccAWSSSMDocument_DocumentFormat_YAML (56.83s)
=== CONT  TestAccAWSSSMParameter_updateTags
--- PASS: TestAccAWSSSMDocument_permission_public (25.92s)
=== CONT  TestAccAWSSSMActivation_expirationDate
--- PASS: TestAccAWSSSMDocument_permission_private (26.08s)
=== CONT  TestAccAWSSSMParameter_overwrite
--- PASS: TestAccAWSSSMPatchBaseline_OperatingSystem (57.85s)
=== CONT  TestAccAWSSSMParameter_basic
--- PASS: TestAccAWSSSMMaintenanceWindow_multipleUpdates (57.87s)
=== CONT  TestAccAWSSSMParameter_disappears
--- PASS: TestAccAWSSSMPatchBaseline_basic (59.56s)
=== CONT  TestAccAWSSSMMaintenanceWindow_StartDate
--- PASS: TestAccAWSSSMDocument_basic (24.96s)
=== CONT  TestAccAWSSSMMaintenanceWindow_ScheduleTimezone
--- PASS: TestAccAWSSSMParameter_updateDescription (64.34s)
=== CONT  TestAccAWSSSMMaintenanceWindow_EndDate
--- PASS: TestAccAWSSSMParameter_secure_with_key (64.44s)
=== CONT  TestAccAWSSSMMaintenanceWindow_Enabled
--- PASS: TestAccAWSSSMDocument_update (47.28s)
=== CONT  TestAccAWSSSMMaintenanceWindowTask_basic
--- PASS: TestAccAWSSSMParameter_changeNameForcesNew (49.99s)
=== CONT  TestAccAWSSSMMaintenanceWindow_Schedule
--- PASS: TestAccAWSSSMDocument_permission_change (69.52s)
--- PASS: TestAccAWSSSMDocument_params (75.32s)
--- PASS: TestAccAWSSSMParameter_disappears (18.93s)
--- PASS: TestAccAWSSSMParameter_importBasic (32.66s)
--- PASS: TestAccAWSSSMMaintenanceWindowTarget_basic (35.66s)
--- PASS: TestAccAWSSSMParameter_basic (26.37s)
--- PASS: TestAccAWSSSMParameter_secure_keyUpdate (87.25s)
--- PASS: TestAccAWSSSMMaintenanceWindowTarget_update (41.25s)
--- PASS: TestAccAWSSSMActivation_expirationDate (33.59s)
--- PASS: TestAccAWSSSMParameter_updateTags (45.37s)
--- PASS: TestAccAWSSSMParameter_overwrite (44.99s)
--- PASS: TestAccAWSSSMMaintenanceWindow_Enabled (42.50s)
--- PASS: TestAccAWSSSMDocument_Tags (60.80s)
--- PASS: TestAccAWSSSMParameter_fullPath (73.48s)
--- PASS: TestAccAWSSSMMaintenanceWindow_Schedule (43.07s)
--- PASS: TestAccAWSSSMMaintenanceWindow_ScheduleTimezone (58.01s)
--- PASS: TestAccAWSSSMMaintenanceWindow_StartDate (60.76s)
--- PASS: TestAccAWSSSMMaintenanceWindow_EndDate (58.20s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_updateForcesNewResource (130.77s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_basic (117.63s)
FAIL
FAIL	github.com/terraform-providers/terraform-provider-aws/aws	184.000s
make: *** [GNUmakefile:20: testacc] Error 1

Note the one existing test fail, which will be fixed by #8324.

@ghost ghost added size/L Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. service/ses Issues and PRs that pertain to the ses service. service/ssm Issues and PRs that pertain to the ssm service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Apr 24, 2019
@kmoe kmoe requested review from bflad and a team April 24, 2019 16:35
radeksimko
radeksimko reviewed Apr 24, 2019
View reviewed changes
Copy link
Member

@radeksimko radeksimko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While ~200 LOC may not look like too much, AFAIK we generally speaking prefer many smaller PRs (typically 1 per resource where possible) over few bigger ones.

I have left you some more comments inline, I hope you find these useful. 😉

Overall this looks very good for a first PR!

@kmoe kmoe force-pushed the ssm-tags-on-create branch from a978cca to 781456a Compare April 25, 2019 13:41
@kmoe kmoe requested a review from radeksimko April 25, 2019 13:55
@kmoe
Copy link
Member Author

kmoe commented Apr 25, 2019

Thanks for the very helpful review @radeksimko. I've rebased incorporating your suggestions.

radeksimko
radeksimko approved these changes Apr 25, 2019
View reviewed changes
Copy link
Member

@radeksimko radeksimko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but another 👍 from Brian would be nice as I haven't properly worked on this repo for some time 😅

nywilken
nywilken reviewed Apr 29, 2019
View reviewed changes
Copy link
Contributor

@nywilken nywilken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good. Thank you for addressing this issue. I've left a few comments around acceptance testing and formatting but this is otherwise good to go. Please let me know if you need any help with the requested tests.

@kmoe kmoe force-pushed the ssm-tags-on-create branch from 781456a to 116426b Compare April 30, 2019 13:32
@kmoe kmoe requested a review from nywilken April 30, 2019 13:33
@kmoe
Copy link
Member Author

kmoe commented Apr 30, 2019

Thank you very much @nywilken. Review comments addressed mainly in rebased commits, with one new commit added for testing the tags ForceNew behaviour on SSM Activations.

@nywilken nywilken added this to the v2.9.0 milestone May 1, 2019
nywilken
nywilken approved these changes May 1, 2019
View reviewed changes
Copy link
Contributor

@nywilken nywilken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kmoe this is good to go 🎉

I made one change before merging which was to move the testAccCheckAWSSSMActivationRecreated definition after all of the acceptance test functions

@nywilken nywilken merged commit de34fb1 into hashicorp:master May 1, 2019
nywilken added a commit that referenced this pull request May 1, 2019
@nywilken
update CHANGELOG for #8426
f20ae99
@jonathanallen
Copy link

Getting HTTP 400 errors when running 2.9.0 with existing SSM resources:

2019-05-07T19:29:23.139Z [DEBUG] plugin.terraform-provider-aws_v2.9.0_x4: 2019/05/07 19:29:23 [DEBUG] [aws-sdk-go] DEBUG: Response ssm/ListTagsForResource Details:
2019-05-07T19:29:23.139Z [DEBUG] plugin.terraform-provider-aws_v2.9.0_x4: ---[ RESPONSE ]--------------------------------------
2019-05-07T19:29:23.139Z [DEBUG] plugin.terraform-provider-aws_v2.9.0_x4: HTTP/1.1 400 Bad Request
2019-05-07T19:29:23.139Z [DEBUG] plugin.terraform-provider-aws_v2.9.0_x4: Connection: close
2019-05-07T19:29:23.139Z [DEBUG] plugin.terraform-provider-aws_v2.9.0_x4: Content-Type: application/x-amz-json-1.1
2019-05-07T19:29:23.139Z [DEBUG] plugin.terraform-provider-aws_v2.9.0_x4: Date: Tue, 07 May 2019 19:29:22 GMT
2019-05-07T19:29:23.139Z [DEBUG] plugin.terraform-provider-aws_v2.9.0_x4: X-Amzn-Requestid: XXXXXXXXXXXXX
2019-05-07T19:29:23.139Z [DEBUG] plugin.terraform-provider-aws_v2.9.0_x4:
2019/05/07 19:29:23 [ERROR] root: eval: *terraform.EvalRefresh, err: aws_ssm_maintenance_window.rhel_prod_monday: error saving tags for SSM Maintenance Window (mw-088c0d8331e36b67e): Error retrieving tags for SSM resource: mw-088c0d8331e36b67e
2019/05/07 19:29:23 [ERROR] root: eval: *terraform.EvalSequence, err: aws_ssm_maintenance_window.rhel_prod_monday: error saving tags for SSM Maintenance Window (mw-088c0d8331e36b67e): Error retrieving tags for SSM resource: mw-088c0d8331e36b67e
2019-05-07T19:29:23.139Z [DEBUG] plugin.terraform-provider-aws_v2.9.0_x4:
2019-05-07T19:29:23.139Z [DEBUG] plugin.terraform-provider-aws_v2.9.0_x4: -----------------------------------------------------
2019-05-07T19:29:23.139Z [DEBUG] plugin.terraform-provider-aws_v2.9.0_x4: 2019/05/07 19:29:23 [DEBUG] [aws-sdk-go] {"__type":"UnrecognizedClientException","message":"The security token included in the request is invalid."}
2019-05-07T19:29:23.139Z [DEBUG] plugin.terraform-provider-aws_v2.9.0_x4: 2019/05/07 19:29:23 [DEBUG] [aws-sdk-go] DEBUG: Validate Response ssm/ListTagsForResource failed, not retrying, error UnrecognizedClientException: The security token included in the request is invalid.
2019/05/07 19:29:23 [TRACE] root: eval: *terraform.EvalSequence
2019/05/07 19:29:23 [TRACE] root: eval: *terraform.EvalGetProvider
2019/05/07 19:29:23 [TRACE] root: eval: *terraform.EvalReadState

AWS credential has full Administrator access, backing out to 2.8.0, no issue.

@kmoe
Copy link
Member Author

kmoe commented May 8, 2019

Thanks for the comment @jonathanallen. Would you mind submitting a bug report in this repo with some more details and your Terraform configuration?

In particular, it will be very useful to know whether your SSM Maintenance Window has tags defined.

@jonathanallen
Copy link

I was able to reproduce this outside of Terraform, I opened a support case with AWS and about 8 hours later the issue disappeared, still waiting for confirmation from AWS that they actually fixed something but this appears not to be an issue with this Terraform release. Thanks for your time.

This was referenced May 13, 2019
Closed
Closed
@ghost
Copy link

ghost commented Mar 30, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@radeksimko radeksimko radeksimko approved these changes

@nywilken nywilken nywilken approved these changes

@bflad bflad Awaiting requested review from bflad

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. service/ses Issues and PRs that pertain to the ses service. service/ssm Issues and PRs that pertain to the ssm service. size/L Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v2.9.0
Development

Successfully merging this pull request may close these issues.

AWS Systems Manager resources: Add support for resource tags
4 participants
@kmoe @jonathanallen @radeksimko @nywilken