glue: Replace 'PlanOnly' acceptance test steps with 'plancheck's.

Author: ewbankkit

internal/service/glue/exports_test.go

@@ -37,6 +37,7 @@ var (
 	FindPartitionByValues        = findPartitionByValues
 	FindPartitionIndexByName     = findPartitionIndexByName
 	FindRegistryByID             = findRegistryByID
+	FindResourcePolicy           = findResourcePolicy
 	FindSchemaByID               = findSchemaByID
 	FindTableByName              = findTableByName
 	FindTriggerByName            = findTriggerByName

internal/service/glue/resource_policy.go

@@ -11,13 +11,15 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/glue"
 	awstypes "github.com/aws/aws-sdk-go-v2/service/glue/types"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/enum"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
+	"github.com/hashicorp/terraform-provider-aws/internal/sdkv2"
+	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/internal/verify"
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
@@ -34,22 +36,12 @@ func resourceResourcePolicy() *schema.Resource {
 		DeleteWithoutTimeout: resourceResourcePolicyDelete,
 
 		Schema: map[string]*schema.Schema{
-			names.AttrPolicy: {
-				Type:                  schema.TypeString,
-				Required:              true,
-				ValidateFunc:          validation.StringIsJSON,
-				DiffSuppressFunc:      verify.SuppressEquivalentPolicyDiffs,
-				DiffSuppressOnRefresh: true,
-				StateFunc: func(v any) string {
-					json, _ := structure.NormalizeJsonString(v)
-					return json
-				},
-			},
 			"enable_hybrid": {
 				Type:             schema.TypeString,
 				Optional:         true,
 				ValidateDiagFunc: enum.Validate[awstypes.EnableHybridValues](),
 			},
+			names.AttrPolicy: sdkv2.IAMPolicyDocumentSchemaRequired(),
 		},
 	}
 }
@@ -60,25 +52,28 @@ func resourceResourcePolicyPut(condition awstypes.ExistCondition) func(context.C
 		conn := meta.(*conns.AWSClient).GlueClient(ctx)
 
 		policy, err := structure.NormalizeJsonString(d.Get(names.AttrPolicy).(string))
-
 		if err != nil {
-			return sdkdiag.AppendErrorf(diags, "policy is invalid JSON: %s", err)
+			return sdkdiag.AppendFromErr(diags, err)
 		}
 
-		input := &glue.PutResourcePolicyInput{
-			PolicyInJson:          aws.String(policy),
+		input := glue.PutResourcePolicyInput{
 			PolicyExistsCondition: condition,
+			PolicyInJson:          aws.String(policy),
 		}
 
 		if v, ok := d.GetOk("enable_hybrid"); ok {
 			input.EnableHybrid = awstypes.EnableHybridValues(v.(string))
 		}
 
-		_, err = conn.PutResourcePolicy(ctx, input)
+		_, err = conn.PutResourcePolicy(ctx, &input)
+
 		if err != nil {
-			return sdkdiag.AppendErrorf(diags, "putting policy request: %s", err)
+			return sdkdiag.AppendErrorf(diags, "putting Glue Resource Policy: %s", err)
+		}
+
+		if d.IsNewResource() {
+			d.SetId(meta.(*conns.AWSClient).Region(ctx))
 		}
-		d.SetId(meta.(*conns.AWSClient).Region(ctx))
 
 		return append(diags, resourceResourcePolicyRead(ctx, d, meta)...)
 	}
@@ -88,42 +83,64 @@ func resourceResourcePolicyRead(ctx context.Context, d *schema.ResourceData, met
 	var diags diag.Diagnostics
 	conn := meta.(*conns.AWSClient).GlueClient(ctx)
 
-	resourcePolicy, err := conn.GetResourcePolicy(ctx, &glue.GetResourcePolicyInput{})
-	if errs.IsA[*awstypes.EntityNotFoundException](err) {
-		log.Printf("[WARN] Glue Resource (%s) not found, removing from state", d.Id())
+	output, err := findResourcePolicy(ctx, conn)
+
+	if !d.IsNewResource() && tfresource.NotFound(err) {
+		log.Printf("[WARN] Glue Resource Policy (%s) not found, removing from state", d.Id())
 		d.SetId("")
 		return diags
 	}
+
 	if err != nil {
 		return sdkdiag.AppendErrorf(diags, "reading Glue Resource Policy (%s): %s", d.Id(), err)
 	}
 
-	if aws.ToString(resourcePolicy.PolicyInJson) == "" {
-		//Since the glue resource policy is global we expect it to be deleted when the policy is empty
-		d.SetId("")
-	} else {
-		policyToSet, err := verify.PolicyToSet(d.Get(names.AttrPolicy).(string), aws.ToString(resourcePolicy.PolicyInJson))
+	policyToSet, err := verify.PolicyToSet(d.Get(names.AttrPolicy).(string), aws.ToString(output.PolicyInJson))
+	if err != nil {
+		return sdkdiag.AppendFromErr(diags, err)
+	}
 
-		if err != nil {
-			return sdkdiag.AppendErrorf(diags, "reading Glue Resource Policy (%s): %s", d.Id(), err)
-		}
+	d.Set(names.AttrPolicy, policyToSet)
 
-		d.Set(names.AttrPolicy, policyToSet)
-	}
 	return diags
 }
 
 func resourceResourcePolicyDelete(ctx context.Context, d *schema.ResourceData, meta any) diag.Diagnostics {
 	var diags diag.Diagnostics
 	conn := meta.(*conns.AWSClient).GlueClient(ctx)
 
-	_, err := conn.DeleteResourcePolicy(ctx, &glue.DeleteResourcePolicyInput{})
+	input := glue.DeleteResourcePolicyInput{}
+	_, err := conn.DeleteResourcePolicy(ctx, &input)
+
+	if errs.IsA[*awstypes.EntityNotFoundException](err) {
+		return diags
+	}
+
 	if err != nil {
-		if errs.IsA[*awstypes.EntityNotFoundException](err) {
-			return diags
-		}
-		return sdkdiag.AppendErrorf(diags, "deleting policy request: %s", err)
+		return sdkdiag.AppendErrorf(diags, "deleting Glue Resource Policy (%s): %s", d.Id(), err)
 	}
 
 	return diags
 }
+
+func findResourcePolicy(ctx context.Context, conn *glue.Client) (*glue.GetResourcePolicyOutput, error) {
+	input := &glue.GetResourcePolicyInput{}
+	output, err := conn.GetResourcePolicy(ctx, input)
+
+	if errs.IsA[*awstypes.EntityNotFoundException](err) {
+		return nil, &retry.NotFoundError{
+			LastError:   err,
+			LastRequest: input,
+		}
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	if output == nil || aws.ToString(output.PolicyInJson) == "" {
+		return nil, tfresource.NewEmptyResultError(input)
+	}
+
+	return output, nil
+}

internal/service/glue/resource_policy_test.go

@@ -9,15 +9,14 @@ import (
 	"testing"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
-	"github.com/aws/aws-sdk-go-v2/service/glue"
-	awstypes "github.com/aws/aws-sdk-go-v2/service/glue/types"
 	awspolicy "github.com/hashicorp/awspolicyequivalence"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
-	"github.com/hashicorp/terraform-provider-aws/internal/errs"
 	tfglue "github.com/hashicorp/terraform-provider-aws/internal/service/glue"
+	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
@@ -149,36 +148,43 @@ func testAccResourcePolicy_ignoreEquivalent(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccResourcePolicy(ctx, resourceName, "glue:CreateTable"),
 				),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction(resourceName, plancheck.ResourceActionCreate),
+					},
+				},
 			},
 			{
-				Config:   testAccResourcePolicyConfig_equivalent2(),
-				PlanOnly: true,
+				Config: testAccResourcePolicyConfig_equivalent2(),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction(resourceName, plancheck.ResourceActionNoop),
+					},
+					PostApplyPostRefresh: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction(resourceName, plancheck.ResourceActionNoop),
+					},
+				},
 			},
 		},
 	})
 }
 
 func testAccResourcePolicy(ctx context.Context, n string, action string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
-		rs, ok := s.RootModule().Resources[n]
+		_, ok := s.RootModule().Resources[n]
 		if !ok {
 			return fmt.Errorf("Not found: %s", n)
 		}
 
-		if rs.Primary.ID == "" {
-			return fmt.Errorf("No policy id set")
-		}
-
 		conn := acctest.Provider.Meta().(*conns.AWSClient).GlueClient(ctx)
 
-		policy, err := conn.GetResourcePolicy(ctx, &glue.GetResourcePolicyInput{})
+		output, err := tfglue.FindResourcePolicy(ctx, conn)
+
 		if err != nil {
-			return fmt.Errorf("Get resource policy error: %v", err)
+			return err
 		}
 
-		actualPolicyText := aws.ToString(policy.PolicyInJson)
-
-		expectedPolicy := CreateTablePolicy(ctx, action)
+		actualPolicyText, expectedPolicy := aws.ToString(output.PolicyInJson), testAccNewResourcePolicy(ctx, action)
 		equivalent, err := awspolicy.PoliciesAreEquivalent(actualPolicyText, expectedPolicy)
 		if err != nil {
 			return fmt.Errorf("Error testing policy equivalence: %s", err)
@@ -196,35 +202,41 @@ func testAccCheckResourcePolicyDestroy(ctx context.Context) resource.TestCheckFu
 	return func(s *terraform.State) error {
 		conn := acctest.Provider.Meta().(*conns.AWSClient).GlueClient(ctx)
 
-		policy, err := conn.GetResourcePolicy(ctx, &glue.GetResourcePolicyInput{})
+		for _, rs := range s.RootModule().Resources {
+			if rs.Type != "aws_glue_resource_policy" {
+				continue
+			}
 
-		if err != nil {
-			if errs.IsAErrorMessageContains[*awstypes.EntityNotFoundException](err, "Policy not found") {
-				return nil
+			_, err := tfglue.FindResourcePolicy(ctx, conn)
+
+			if tfresource.NotFound(err) {
+				continue
 			}
-			return err
-		}
 
-		if *policy.PolicyInJson != "" {
-			return fmt.Errorf("Aws glue resource policy still exists: %s", *policy.PolicyInJson)
+			if err != nil {
+				return err
+			}
+
+			return fmt.Errorf("Glue Resource Policy %s still exists", rs.Primary.ID)
 		}
+
 		return nil
 	}
 }
 
-func CreateTablePolicy(ctx context.Context, action string) string {
+func testAccNewResourcePolicy(ctx context.Context, action string) string {
 	return fmt.Sprintf(`{
   "Version" : "2012-10-17",
   "Statement" : [
     {
       "Effect" : "Allow",
       "Action" : [
-        "%s"
+        %[1]q
       ],
       "Principal" : {
          "AWS": "*"
        },
-      "Resource" : "arn:%s:glue:%s:%s:*"
+      "Resource" : "arn:%[2]s:glue:%[3]s:%[4]s:*"
     }
   ]
 }`, action, acctest.Partition(), acctest.Region(), acctest.AccountID(ctx))