r/aws_s3control_access_point_policy: Fix acceptance test 'AccessDenie…

…d' errors. Acceptance test output: % make testacc TESTARGS='-run=TestAccS3ControlAccessPointPolicy_' PKG=s3control ACCTEST_PARALLELISM=2 ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./internal/service/s3control/... -v -count 1 -parallel 2 -run=TestAccS3ControlAccessPointPolicy_ -timeout 180m === RUN TestAccS3ControlAccessPointPolicy_basic === PAUSE TestAccS3ControlAccessPointPolicy_basic === RUN TestAccS3ControlAccessPointPolicy_disappears === PAUSE TestAccS3ControlAccessPointPolicy_disappears === RUN TestAccS3ControlAccessPointPolicy_disappears_AccessPoint === PAUSE TestAccS3ControlAccessPointPolicy_disappears_AccessPoint === RUN TestAccS3ControlAccessPointPolicy_update === PAUSE TestAccS3ControlAccessPointPolicy_update === CONT TestAccS3ControlAccessPointPolicy_basic === CONT TestAccS3ControlAccessPointPolicy_disappears_AccessPoint --- PASS: TestAccS3ControlAccessPointPolicy_disappears_AccessPoint (29.06s) === CONT TestAccS3ControlAccessPointPolicy_update --- PASS: TestAccS3ControlAccessPointPolicy_basic (33.26s) === CONT TestAccS3ControlAccessPointPolicy_disappears --- PASS: TestAccS3ControlAccessPointPolicy_disappears (27.43s) --- PASS: TestAccS3ControlAccessPointPolicy_update (52.81s) PASS ok github.com/hashicorp/terraform-provider-aws/internal/service/s3control 87.133s
prezi · Aug 8, 2023 · 0d19580 · 0d19580
1 parent 40fed98
commit 0d19580
Showing 1 changed file with 16 additions and 29 deletions.
diff --git a/internal/service/s3control/access_point_policy_test.go b/internal/service/s3control/access_point_policy_test.go
@@ -34,7 +34,7 @@ func TestAccS3ControlAccessPointPolicy_basic(t *testing.T) {
 				Config: testAccAccessPointPolicyConfig_basic(rName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAccessPointPolicyExists(ctx, resourceName),
-					resource.TestCheckResourceAttr(resourceName, "has_public_access_policy", "true"),
+					resource.TestCheckResourceAttr(resourceName, "has_public_access_policy", "false"),
 					resource.TestMatchResourceAttr(resourceName, "policy", regexp.MustCompile(`s3:GetObjectTagging`)),
 				),
 			},
@@ -110,7 +110,7 @@ func TestAccS3ControlAccessPointPolicy_update(t *testing.T) {
 				Config: testAccAccessPointPolicyConfig_basic(rName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAccessPointPolicyExists(ctx, resourceName),
-					resource.TestCheckResourceAttr(resourceName, "has_public_access_policy", "true"),
+					resource.TestCheckResourceAttr(resourceName, "has_public_access_policy", "false"),
 					resource.TestMatchResourceAttr(resourceName, "policy", regexp.MustCompile(`s3:GetObjectTagging`)),
 				),
 			},
@@ -124,7 +124,7 @@ func TestAccS3ControlAccessPointPolicy_update(t *testing.T) {
 				Config: testAccAccessPointPolicyConfig_updated(rName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAccessPointPolicyExists(ctx, resourceName),
-					resource.TestCheckResourceAttr(resourceName, "has_public_access_policy", "true"),
+					resource.TestCheckResourceAttr(resourceName, "has_public_access_policy", "false"),
 					resource.TestMatchResourceAttr(resourceName, "policy", regexp.MustCompile(`s3:GetObjectLegalHold`)),
 				),
 			},
@@ -200,8 +200,11 @@ func testAccCheckAccessPointPolicyExists(ctx context.Context, n string) resource
 	}
 }
 
-func testAccAccessPointPolicyConfig_basic(rName string) string {
+func testAccAccessPointPolicyConfig_base(rName string) string {
 	return fmt.Sprintf(`
+data "aws_caller_identity" "current" {}
+data "aws_partition" "current" {}
+
 resource "aws_s3_bucket" "test" {
   bucket = %[1]q
 }
@@ -221,7 +224,11 @@ resource "aws_s3_access_point" "test" {
     ignore_changes = [policy]
   }
 }
+`, rName)
+}
 
+func testAccAccessPointPolicyConfig_basic(rName string) string {
+	return acctest.ConfigCompose(testAccAccessPointPolicyConfig_base(rName), `
 resource "aws_s3control_access_point_policy" "test" {
   access_point_arn = aws_s3_access_point.test.arn
 
@@ -231,37 +238,17 @@ resource "aws_s3control_access_point_policy" "test" {
       Effect = "Allow"
       Action = "s3:GetObjectTagging"
       Principal = {
-        AWS = "*"
+        AWS = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"
       }
       Resource = "${aws_s3_access_point.test.arn}/object/*"
     }]
   })
 }
-`, rName)
+`)
 }
 
 func testAccAccessPointPolicyConfig_updated(rName string) string {
-	return fmt.Sprintf(`
-resource "aws_s3_bucket" "test" {
-  bucket = %[1]q
-}
-
-resource "aws_s3_access_point" "test" {
-  bucket = aws_s3_bucket.test.id
-  name   = %[1]q
-
-  public_access_block_configuration {
-    block_public_acls       = true
-    block_public_policy     = false
-    ignore_public_acls      = true
-    restrict_public_buckets = false
-  }
-
-  lifecycle {
-    ignore_changes = [policy]
-  }
-}
-
+	return acctest.ConfigCompose(testAccAccessPointPolicyConfig_base(rName), `
 resource "aws_s3control_access_point_policy" "test" {
   access_point_arn = aws_s3_access_point.test.arn
 
@@ -274,11 +261,11 @@ resource "aws_s3control_access_point_policy" "test" {
         "s3:GetObjectRetention",
       ]
       Principal = {
-        AWS = "*"
+        AWS = "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"
       }
       Resource = "${aws_s3_access_point.test.arn}/object/prefix/*"
     }]
   })
 }
-`, rName)
+`)
 }