r/role_policy_attachments_exclusive: Fix 'Value Conversion Error' on …

[MS99-9]

Description

Error raised here: https://github.com/hashicorp/terraform-plugin-framework/blob/c9bbe5e02cfc78b6efe82a227a55c26dc2a1daa9/internal/reflect/into.go#L130-L149. As Allowing Unhandled Nulls was set to false here: https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/iam/role_policy_attachments_exclusive.go#L71

Please find attached a screenshot for the new error message after building the development provider and running it locally.

Relations

Closes #39786

References

Output from Acceptance Testing

% make testacc PKG=iam TESTS=TestAccIAMRolePolicyAttachmentsExclusive_
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.2 test ./internal/service/iam/... -v -count 1 -parallel 20 -run='TestAccIAMRolePolicyAttachmentsExclusive_'  -timeout 360m
2024/11/10 17:28:20 Initializing Terraform AWS Provider...
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_basic
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_basic
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_disappears_Role
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_disappears_Role
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_disappears_Policy
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_disappears_Policy
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_multiple
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_multiple
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_empty
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_empty
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_outOfBandRemoval
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_outOfBandRemoval
=== RUN   TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition
=== PAUSE TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_basic
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_empty
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_disappears_Policy
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_multiple
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_disappears_Role
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition
=== CONT  TestAccIAMRolePolicyAttachmentsExclusive_outOfBandRemoval
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_empty (116.08s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_disappears_Role (116.62s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_disappears_Policy (122.91s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_basic (123.43s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_outOfBandAddition (159.84s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_outOfBandRemoval (160.92s)
--- PASS: TestAccIAMRolePolicyAttachmentsExclusive_multiple (172.18s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/iam        173.497s
...

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[jar-b]

Thanks for your contribution, @MS99-9 ! 👍

I modified the change slightly to use a custom set validator which checks for the presence of null values. I also applied this validator to the other _exclusive IAM resources (role, group, and user variants of both customer managed and inline policies). The resulting error still looks similar to the screenshot in the PR body:

│ Error: Null Set Value
│
│   with aws_iam_role_policy_attachments_exclusive.test,
│   on main.tf line 27, in resource "aws_iam_role_policy_attachments_exclusive" "test":
│   27:   policy_arns = [
│   28:     aws_iam_policy.test.arn,
│   29:     null, # test should trigger a plan time validation failure
│   30:   ]
│
│ This attribute contains a null value.

Appreciate you picking this up!

[MS99-9]

This is my first contribution so your feedback is really appreciated @jar-b, I also learned from the commits you added to make the validator more dynamic so we can re-use it for other resources. I will take this into consideration for my next contributions. Thanks

[github-actions[bot]]

This functionality has been released in v5.76.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!