@@ -1034,6 +1034,59 @@ func TestAccIAMRole_Identity_ExistingResource_NoRefresh_WithChange(t *testing.T)
10341034 })
10351035}
10361036
1037+ func TestAccIAMRole_Identity_ExistingResource_NoRefresh_NoChange (t * testing.T ) {
1038+ ctx := acctest .Context (t )
1039+ var conf awstypes.Role
1040+ rName := sdkacctest .RandomWithPrefix (acctest .ResourcePrefix )
1041+ resourceName := "aws_iam_role.test"
1042+
1043+ resource .ParallelTest (t , resource.TestCase {
1044+ PreCheck : func () { acctest .PreCheck (ctx , t ) },
1045+ ErrorCheck : acctest .ErrorCheck (t , names .IAMServiceID ),
1046+ CheckDestroy : testAccCheckRoleDestroy (ctx ),
1047+ AdditionalCLIOptions : & resource.AdditionalCLIOptions {
1048+ Plan : resource.PlanOptions {
1049+ NoRefresh : true ,
1050+ },
1051+ },
1052+ Steps : []resource.TestStep {
1053+ {
1054+ ExternalProviders : map [string ]resource.ExternalProvider {
1055+ "aws" : {
1056+ Source : "hashicorp/aws" ,
1057+ VersionConstraint : "5.100.0" ,
1058+ },
1059+ },
1060+ Config : testAccRoleConfig_basic (rName ),
1061+ Check : resource .ComposeAggregateTestCheckFunc (
1062+ testAccCheckRoleExists (ctx , resourceName , & conf ),
1063+ ),
1064+ ConfigStateChecks : []statecheck.StateCheck {
1065+ tfstatecheck .ExpectNoIdentity (resourceName ),
1066+ },
1067+ },
1068+ {
1069+ ProtoV5ProviderFactories : acctest .ProtoV5ProviderFactories ,
1070+ Config : testAccRoleConfig_basic (rName ),
1071+ Check : resource .ComposeAggregateTestCheckFunc (
1072+ testAccCheckRoleExists (ctx , resourceName , & conf ),
1073+ ),
1074+ ConfigPlanChecks : resource.ConfigPlanChecks {
1075+ PreApply : []plancheck.PlanCheck {
1076+ plancheck .ExpectResourceAction (resourceName , plancheck .ResourceActionNoop ),
1077+ },
1078+ PostApplyPostRefresh : []plancheck.PlanCheck {
1079+ plancheck .ExpectResourceAction (resourceName , plancheck .ResourceActionNoop ),
1080+ },
1081+ },
1082+ ConfigStateChecks : []statecheck.StateCheck {
1083+ tfstatecheck .ExpectNoIdentity (resourceName ),
1084+ },
1085+ },
1086+ },
1087+ })
1088+ }
1089+
10371090func TestAccIAMRole_Identity_ExistingResource_NoRefresh_OnError (t * testing.T ) {
10381091 ctx := acctest .Context (t )
10391092 var conf awstypes.Role
@@ -1077,6 +1130,43 @@ func TestAccIAMRole_Identity_ExistingResource_NoRefresh_OnError(t *testing.T) {
10771130 })
10781131}
10791132
1133+ func TestAccIAMRole_Identity_ExistingResource_OnError (t * testing.T ) {
1134+ ctx := acctest .Context (t )
1135+ var conf awstypes.Role
1136+ rName := sdkacctest .RandomWithPrefix (acctest .ResourcePrefix )
1137+ resourceName := "aws_iam_role.test"
1138+
1139+ resource .ParallelTest (t , resource.TestCase {
1140+ PreCheck : func () { acctest .PreCheck (ctx , t ) },
1141+ ErrorCheck : acctest .ErrorCheck (t , names .IAMServiceID ),
1142+ CheckDestroy : testAccCheckRoleDestroy (ctx ),
1143+ Steps : []resource.TestStep {
1144+ {
1145+ ExternalProviders : map [string ]resource.ExternalProvider {
1146+ "aws" : {
1147+ Source : "hashicorp/aws" ,
1148+ VersionConstraint : "5.100.0" ,
1149+ },
1150+ },
1151+ Config : testAccRoleConfig_basic (rName ),
1152+ Check : resource .ComposeAggregateTestCheckFunc (
1153+ testAccCheckRoleExists (ctx , resourceName , & conf ),
1154+ ),
1155+ },
1156+ {
1157+ ProtoV5ProviderFactories : acctest .ProtoV5ProviderFactories ,
1158+ Config : testAccRoleConfig_invalidAssumeRolePolicy (rName ),
1159+ Check : resource .ComposeAggregateTestCheckFunc (
1160+ testAccCheckRoleExists (ctx , resourceName , & conf ),
1161+ ),
1162+ // On an update failure, the identity interceptor is not executed and
1163+ // the MalformedPolicyDocument error will be present.
1164+ ExpectError : regexache .MustCompile (`MalformedPolicyDocument` ),
1165+ },
1166+ },
1167+ })
1168+ }
1169+
10801170func testAccCheckRoleDestroy (ctx context.Context ) resource.TestCheckFunc {
10811171 return func (s * terraform.State ) error {
10821172 conn := acctest .Provider .Meta ().(* conns.AWSClient ).IAMClient (ctx )
0 commit comments