From 8ff01e147da993e941ce676678ad6562208cb870 Mon Sep 17 00:00:00 2001 From: Martin Baillie Date: Mon, 13 Nov 2023 21:25:37 +1100 Subject: [PATCH] Stop considering AWS initialized fields in diff Signed-off-by: Martin Baillie (cherry picked from commit 8296667bc654044c026f3ff29cfa54053da66079) --- pkg/clients/iam/role.go | 6 ++++-- pkg/clients/iam/role_test.go | 42 ++++++++++++++++++++++++++++++++---- 2 files changed, 42 insertions(+), 6 deletions(-) diff --git a/pkg/clients/iam/role.go b/pkg/clients/iam/role.go index ed061d1331..bcefc2e32f 100644 --- a/pkg/clients/iam/role.go +++ b/pkg/clients/iam/role.go @@ -79,7 +79,6 @@ func GenerateRoleObservation(role iamtypes.Role) v1beta1.RoleExternalStatus { // GenerateRole assigns the in RoleParamters to role. func GenerateRole(in v1beta1.RoleParameters, role *iamtypes.Role) error { - if in.AssumeRolePolicyDocument != "" { s, err := legacypolicy.CompactAndEscapeJSON(in.AssumeRolePolicyDocument) if err != nil { @@ -179,7 +178,10 @@ func IsRoleUpToDate(in v1beta1.RoleParameters, observed iamtypes.Role) (bool, st return false, "", err } - diff := cmp.Diff(desired, &observed, cmpopts.IgnoreInterfaces(struct{ resource.AttributeReferencer }{}), cmpopts.IgnoreFields(observed, "AssumeRolePolicyDocument"), cmpopts.IgnoreTypes(document.NoSerde{}), cmpopts.SortSlices(lessTag)) + diff := cmp.Diff(desired, &observed, + cmpopts.IgnoreInterfaces(struct{ resource.AttributeReferencer }{}), + cmpopts.IgnoreFields(observed, "AssumeRolePolicyDocument", "CreateDate", "PermissionsBoundary.PermissionsBoundaryType"), + cmpopts.IgnoreTypes(document.NoSerde{}), cmpopts.SortSlices(lessTag)) if diff == "" && policyUpToDate { return true, diff, nil } diff --git a/pkg/clients/iam/role_test.go b/pkg/clients/iam/role_test.go index 0e9e472406..8b118f5986 100644 --- a/pkg/clients/iam/role_test.go +++ b/pkg/clients/iam/role_test.go @@ -46,10 +46,12 @@ var ( } ] }` - roleID = "some Id" - roleName = "some name" - tagKey = "key" - tagValue = "value" + roleID = "some Id" + roleName = "some name" + tagKey = "key" + tagValue = "value" + permissionBoundary = "arn:aws:iam::111111111111:policy/permission-boundary" + createDate = time.Now() ) func roleParams(m ...func(*v1beta1.RoleParameters)) *v1beta1.RoleParameters { @@ -271,6 +273,38 @@ func TestIsRoleUpToDate(t *testing.T) { want: true, wantDiff: "", }, + "AWSInitializedFields": { + args: args{ + role: iamtypes.Role{ + AssumeRolePolicyDocument: escapedPolicyJSON(), + CreateDate: &createDate, + Description: &description, + MaxSessionDuration: pointer.ToIntAsInt32(1), + Path: pointer.ToOrNilIfZeroValue("/"), + PermissionsBoundary: &iamtypes.AttachedPermissionsBoundary{ + PermissionsBoundaryArn: &permissionBoundary, + PermissionsBoundaryType: "Policy", + }, + Tags: []iamtypes.Tag{{ + Key: pointer.ToOrNilIfZeroValue("key1"), + Value: pointer.ToOrNilIfZeroValue("value1"), + }}, + }, + p: v1beta1.RoleParameters{ + Description: &description, + AssumeRolePolicyDocument: assumeRolePolicyDocument, + MaxSessionDuration: pointer.ToIntAsInt32(1), + Path: pointer.ToOrNilIfZeroValue("/"), + PermissionsBoundary: &permissionBoundary, + Tags: []v1beta1.Tag{{ + Key: "key1", + Value: "value1", + }}, + }, + }, + want: true, + wantDiff: "", + }, "DifferentPolicy": { args: args{ role: iamtypes.Role{