Allow updates of assume role policy

go.mod

@@ -3,7 +3,7 @@ module github.com/Cox-Automotive/terraform-provider-alks
 go 1.18
 
 require (
-	github.com/Cox-Automotive/alks-go v0.0.0-20221026220646-c20da5c3cb3a
+	github.com/Cox-Automotive/alks-go v0.0.0-20230724175933-0e9cb0a59b55
 	github.com/aws/aws-sdk-go v1.42.18
 	github.com/hashicorp/awspolicyequivalence v1.6.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.21.0

go.sum

@@ -1,8 +1,8 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/Cox-Automotive/alks-go v0.0.0-20221026220646-c20da5c3cb3a h1:EJJqr3Dg89DRi7eqtD9OX0XOqabndVqK0r9cy8Y7aq0=
-github.com/Cox-Automotive/alks-go v0.0.0-20221026220646-c20da5c3cb3a/go.mod h1:jJNgXthl59Vt2tJHSC3WZ0vlopV9xqdclfQuLgwHjOw=
+github.com/Cox-Automotive/alks-go v0.0.0-20230724175933-0e9cb0a59b55 h1:aIZaqUtNC6gZISs1VMWo6/jhlOjJcdbkoEqQHagxfWU=
+github.com/Cox-Automotive/alks-go v0.0.0-20230724175933-0e9cb0a59b55/go.mod h1:jJNgXthl59Vt2tJHSC3WZ0vlopV9xqdclfQuLgwHjOw=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk=
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=

resource_alks_iamrole.go

@@ -274,12 +274,12 @@ func resourceAlksIamRoleUpdate(ctx context.Context, d *schema.ResourceData, meta
 		return diag.FromErr(err)
 	}
 
-	options := alks.CreateIamRoleOptions{
+	options := alks.UpdateIamRoleRequest{
 		RoleName: &foundRole.RoleName,
 	}
 
-	if d.HasChange("tags_all"){
-	
+	if d.HasChange("tags_all") {
+
 		existingTags := tagSliceToMap(foundRole.Tags)
 		externalTags := getExternalyManagedTags(existingTags, *providerStruct.ignoreTags)
 		internalTags := d.Get("tags_all").(map[string]interface{})

resource_alks_iamrole_test.go

@@ -9,6 +9,7 @@ import (
 	"github.com/Cox-Automotive/alks-go"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	awspolicy "github.com/hashicorp/awspolicyequivalence"
 )
 
 func TestAccAlksIamRole_Basic(t *testing.T) {
@@ -141,6 +142,59 @@ func TestAccAlksIamRole_DefaultTags_TrustPolicy(t *testing.T) {
 	})
 }
 
+func TestAccAlksIamRole_DefaultTags_TrustPolicyUpdate(t *testing.T) {
+	var resp alks.IamRoleResponse
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAlksIamRoleDestroy(&resp),
+		Steps: []resource.TestStep{
+			{
+				// create resource with tags
+				Config: testAccCheckAlksIamRoleUpdateWithTagsWithDefault_TrustPolicy,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"alks_iamrole.foo", "name", "bar430"),
+					resource.TestCheckResourceAttr(
+						"alks_iamrole.foo", "tags_all.defaultTagKey2", "defaultTagValue2"),
+					resource.TestCheckResourceAttr(
+						"alks_iamrole.foo", "tags.testKey1", "testValue1"),
+				),
+			},
+			{
+				// update resource with tags
+				Config: testAccCheckAlksIamRoleUpdateWithTagsWithDefault_TrustPolicyUpdate,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"alks_iamrole.foo", "name", "bar430"),
+					resource.TestCheckResourceAttr(
+						"alks_iamrole.foo", "tags.testKey4", "testValue4"),
+					resource.TestCheckResourceAttr(
+						"alks_iamrole.foo", "tags_all.defaultTagKey1", "defaultTagValue1"),
+					// Check the Assume Role Policy after the update
+					testCheckAssumeRolePolicy("assume_role_policy", expectedAssumeRolePolicyAfterUpdate),
+				),
+			},
+		},
+	})
+}
+
+func testCheckAssumeRolePolicy(attr, expected string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		actual := s.RootModule().Resources["alks_iamrole.foo"].Primary.Attributes[attr]
+		equivalent, err := awspolicy.PoliciesAreEquivalent(actual, expected)
+		if err != nil {
+			return fmt.Errorf("Unexpected error %s occured while comparing policies %s, and %s", err, expected, actual)
+		}
+		if !equivalent {
+			return fmt.Errorf("Expected %s to be %s, got %s", attr, expected, actual)
+		}
+		return nil
+
+	}
+}
+
 func TestAccAlksIamRole_DefaultTags_RoleType(t *testing.T) {
 	var resp alks.IamRoleResponse
 
@@ -768,6 +822,49 @@ const testAccCheckAlksIamRoleUpdateWithTagsWithDefault_TrustPolicy = `
 	}
 `
 
+const testAccCheckAlksIamRoleUpdateWithTagsWithDefault_TrustPolicyUpdate = `
+	provider "alks" {
+		default_tags {
+			tags = {
+				defaultTagKey1 = "defaultTagValue1"
+			}
+		}
+	}
+	resource "alks_iamrole" "foo" {
+		name = "bar430"
+		assume_role_policy       = jsonencode({
+			Version = "2012-10-17",
+			Statement = [
+			  {
+				Action    = "sts:AssumeRole",
+				Effect    = "Allow",
+				Principal = {
+				  Service = "lambda.amazonaws.com"
+				}
+			  }
+			]
+		  })
+		include_default_policies = false
+		tags = {
+			testKey1 = "testValue1"
+			testKey4 = "testValue4"
+		}
+	}
+`
+
+const expectedAssumeRolePolicyAfterUpdate = `{
+	"Version": "2012-10-17",
+	"Statement": [
+		{
+			"Action": "sts:AssumeRole",
+			"Effect": "Allow",
+			"Principal": {
+				"Service": "lambda.amazonaws.com"
+			}
+		}
+	]
+}`
+
 const testAccCheckAlksIamRoleUpdateWithTags = `
 resource "alks_iamrole" "foo" {
 	name = "bar430"

vendor/modules.txt

@@ -1,4 +1,4 @@
-# github.com/Cox-Automotive/alks-go v0.0.0-20221026220646-c20da5c3cb3a
+# github.com/Cox-Automotive/alks-go v0.0.0-20230724175933-0e9cb0a59b55
 ## explicit; go 1.16
 github.com/Cox-Automotive/alks-go
 # github.com/agext/levenshtein v1.2.2