diff --git a/ibm/service/iampolicy/data_source_ibm_iam_access_group_policy.go b/ibm/service/iampolicy/data_source_ibm_iam_access_group_policy.go index 45926a17806..3dca2b380d0 100644 --- a/ibm/service/iampolicy/data_source_ibm_iam_access_group_policy.go +++ b/ibm/service/iampolicy/data_source_ibm_iam_access_group_policy.go @@ -29,6 +29,12 @@ func DataSourceIBMIAMAccessGroupPolicy() *schema.Resource { Type: schema.TypeString, Optional: true, }, + "transaction_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Set transactionID for debug", + }, "policies": { Type: schema.TypeList, Computed: true, @@ -149,8 +155,13 @@ func dataSourceIBMIAMAccessGroupPolicyRead(d *schema.ResourceData, meta interfac listPoliciesOptions.Sort = core.StringPtr(v.(string)) } + if transactionID, ok := d.GetOk("transaction_id"); ok { + listPoliciesOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + policyList, resp, err := iamPolicyManagementClient.ListPolicies(listPoliciesOptions) - if err != nil { + + if err != nil || resp == nil { return fmt.Errorf("Error listing access group policies: %s, %s", err, resp) } @@ -174,6 +185,11 @@ func dataSourceIBMIAMAccessGroupPolicyRead(d *schema.ResourceData, meta interfac accessGroupPolicies = append(accessGroupPolicies, p) } d.SetId(accessGroupId) + + if len(resp.Headers["Transaction-Id"]) > 0 && resp.Headers["Transaction-Id"][0] != "" { + d.Set("transaction_id", resp.Headers["Transaction-Id"][0]) + } + d.Set("policies", accessGroupPolicies) return nil diff --git a/ibm/service/iampolicy/data_source_ibm_iam_authorization_policies.go b/ibm/service/iampolicy/data_source_ibm_iam_authorization_policies.go index 4d61086bdec..86220c737e5 100644 --- a/ibm/service/iampolicy/data_source_ibm_iam_authorization_policies.go +++ b/ibm/service/iampolicy/data_source_ibm_iam_authorization_policies.go @@ -31,6 +31,12 @@ func DataSourceIBMIAMAuthorizationPolicies() *schema.Resource { Type: schema.TypeString, Optional: true, }, + "transaction_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Set transactionID for debug", + }, "policies": { Type: schema.TypeList, Computed: true, @@ -146,9 +152,13 @@ func dataSourceIBMIAMAuthorizationPoliciesRead(d *schema.ResourceData, meta inte listPoliciesOptions.Sort = core.StringPtr(v.(string)) } + if transactionID, ok := d.GetOk("transaction_id"); ok { + listPoliciesOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + policyList, resp, err := iamPolicyManagementClient.ListPolicies(listPoliciesOptions) - if err != nil { + if err != nil || resp == nil { return fmt.Errorf("[ERROR] Error listing authorization policies: %s, %s", err, resp) } @@ -184,6 +194,11 @@ func dataSourceIBMIAMAuthorizationPoliciesRead(d *schema.ResourceData, meta inte d.SetId(time.Now().UTC().String()) d.Set("account_id", accountID) + + if len(resp.Headers["Transaction-Id"]) > 0 && resp.Headers["Transaction-Id"][0] != "" { + d.Set("transaction_id", resp.Headers["Transaction-Id"][0]) + } + d.Set("policies", authorizationPolicies) return nil diff --git a/ibm/service/iampolicy/data_source_ibm_iam_service_policy.go b/ibm/service/iampolicy/data_source_ibm_iam_service_policy.go index 97a65951b76..67510754af4 100644 --- a/ibm/service/iampolicy/data_source_ibm_iam_service_policy.go +++ b/ibm/service/iampolicy/data_source_ibm_iam_service_policy.go @@ -38,6 +38,12 @@ func DataSourceIBMIAMServicePolicy() *schema.Resource { Type: schema.TypeString, Optional: true, }, + "transaction_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Set transactionID for debug", + }, "policies": { Type: schema.TypeList, Computed: true, @@ -147,7 +153,7 @@ func dataSourceIBMIAMServicePolicyRead(d *schema.ResourceData, meta interface{}) ID: &serviceIDUUID, } serviceID, resp, err := iamClient.GetServiceID(&getServiceIDOptions) - if err != nil { + if err != nil || resp == nil { return fmt.Errorf("[ERROR] Error] Error Getting Service Id %s %s", err, resp) } iamID = *serviceID.IamID @@ -176,13 +182,17 @@ func dataSourceIBMIAMServicePolicyRead(d *schema.ResourceData, meta interface{}) listPoliciesOptions.Sort = core.StringPtr(v.(string)) } + if transactionID, ok := d.GetOk("transaction_id"); ok { + listPoliciesOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + policyList, resp, err := iamPolicyManagementClient.ListPolicies(listPoliciesOptions) if err != nil { return fmt.Errorf("Error listing service policies: %s, %s", err, resp) } - policies := policyList.Policies + policies := policyList.Policies servicePolicies := make([]map[string]interface{}, 0, len(policies)) for _, policy := range policies { roles := make([]string, len(policy.Roles)) @@ -215,6 +225,9 @@ func dataSourceIBMIAMServicePolicyRead(d *schema.ResourceData, meta interface{}) iamID := v.(string) d.SetId(iamID) } + if len(resp.Headers["Transaction-Id"]) > 0 && resp.Headers["Transaction-Id"][0] != "" { + d.Set("transaction_id", resp.Headers["Transaction-Id"][0]) + } d.Set("policies", servicePolicies) return nil } diff --git a/ibm/service/iampolicy/data_source_ibm_iam_trusted_profile_policy.go b/ibm/service/iampolicy/data_source_ibm_iam_trusted_profile_policy.go index 168de74ecc3..816e8d6eb7c 100644 --- a/ibm/service/iampolicy/data_source_ibm_iam_trusted_profile_policy.go +++ b/ibm/service/iampolicy/data_source_ibm_iam_trusted_profile_policy.go @@ -38,6 +38,12 @@ func DataSourceIBMIAMTrustedProfilePolicy() *schema.Resource { Type: schema.TypeString, Optional: true, }, + "transaction_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Set transactionID for debug", + }, "policies": { Type: schema.TypeList, Computed: true, @@ -176,8 +182,13 @@ func dataSourceIBMIAMTrustedProfilePolicyRead(d *schema.ResourceData, meta inter listPoliciesOptions.Sort = core.StringPtr(v.(string)) } + if transactionID, ok := d.GetOk("transaction_id"); ok { + listPoliciesOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + policyList, resp, err := iamPolicyManagementClient.ListPolicies(listPoliciesOptions) - if err != nil { + + if err != nil || resp == nil { return fmt.Errorf("Error listing trusted profile policies: %s, %s", err, resp) } @@ -214,6 +225,9 @@ func dataSourceIBMIAMTrustedProfilePolicyRead(d *schema.ResourceData, meta inter iamID := v.(string) d.SetId(iamID) } + if len(resp.Headers["Transaction-Id"]) > 0 && resp.Headers["Transaction-Id"][0] != "" { + d.Set("transaction_id", resp.Headers["Transaction-Id"][0]) + } d.Set("policies", profilePolicies) return nil } diff --git a/ibm/service/iampolicy/data_source_ibm_iam_user_policy.go b/ibm/service/iampolicy/data_source_ibm_iam_user_policy.go index 8ddb06a372e..0288605f241 100644 --- a/ibm/service/iampolicy/data_source_ibm_iam_user_policy.go +++ b/ibm/service/iampolicy/data_source_ibm_iam_user_policy.go @@ -29,6 +29,12 @@ func DataSourceIBMIAMUserPolicy() *schema.Resource { Type: schema.TypeString, Optional: true, }, + "transaction_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Set transactionID for debug", + }, "policies": { Type: schema.TypeList, Computed: true, @@ -154,13 +160,17 @@ func dataSourceIBMIAMUserPolicyRead(d *schema.ResourceData, meta interface{}) er listPoliciesOptions.Sort = core.StringPtr(v.(string)) } + if transactionID, ok := d.GetOk("transaction_id"); ok { + listPoliciesOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + policyList, resp, err := iamPolicyManagementClient.ListPolicies(listPoliciesOptions) - if err != nil { + if err != nil || resp == nil { return fmt.Errorf("Error listing user policies: %s, %s", err, resp) } - policies := policyList.Policies + policies := policyList.Policies userPolicies := make([]map[string]interface{}, 0, len(policies)) for _, policy := range policies { roles := make([]string, len(policy.Roles)) @@ -179,6 +189,9 @@ func dataSourceIBMIAMUserPolicyRead(d *schema.ResourceData, meta interface{}) er } userPolicies = append(userPolicies, p) } + if len(resp.Headers["Transaction-Id"]) > 0 && resp.Headers["Transaction-Id"][0] != "" { + d.Set("transaction_id", resp.Headers["Transaction-Id"][0]) + } d.SetId(userEmail) d.Set("policies", userPolicies) diff --git a/ibm/service/iampolicy/resource_ibm_iam_access_group_policy.go b/ibm/service/iampolicy/resource_ibm_iam_access_group_policy.go index 3b4981b6100..db4e3058101 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_access_group_policy.go +++ b/ibm/service/iampolicy/resource_ibm_iam_access_group_policy.go @@ -181,6 +181,13 @@ func ResourceIBMIAMAccessGroupPolicy() *schema.Resource { Description: "Description of the Policy", }, + "transaction_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Set transactionID for debug", + }, + "version": { Type: schema.TypeString, Computed: true, @@ -240,6 +247,10 @@ func resourceIBMIAMAccessGroupPolicyCreate(d *schema.ResourceData, meta interfac createPolicyOptions.Description = &des } + if transactionID, ok := d.GetOk("transaction_id"); ok { + createPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + accessGroupPolicy, res, err := iamPolicyManagementClient.CreatePolicy(createPolicyOptions) if err != nil || accessGroupPolicy == nil { return fmt.Errorf("[ERROR] Error creating access group policy: %s\n%s", err, res) @@ -249,6 +260,10 @@ func resourceIBMIAMAccessGroupPolicyCreate(d *schema.ResourceData, meta interfac PolicyID: accessGroupPolicy.ID, } + if transactionID, ok := d.GetOk("transaction_id"); ok { + getPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + err = resource.Retry(5*time.Minute, func() *resource.RetryError { var err error policy, res, err := iamPolicyManagementClient.GetPolicy(getPolicyOptions) @@ -290,6 +305,11 @@ func resourceIBMIAMAccessGroupPolicyRead(d *schema.ResourceData, meta interface{ getPolicyOptions := &iampolicymanagementv1.GetPolicyOptions{ PolicyID: &accessGroupPolicyId, } + + if transactionID, ok := d.GetOk("transaction_id"); ok { + getPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + accessGroupPolicy := &iampolicymanagementv1.Policy{} res := &core.DetailedResponse{} err = resource.Retry(5*time.Minute, func() *resource.RetryError { @@ -307,7 +327,7 @@ func resourceIBMIAMAccessGroupPolicyRead(d *schema.ResourceData, meta interface{ if conns.IsResourceTimeoutError(err) { accessGroupPolicy, res, err = iamPolicyManagementClient.GetPolicy(getPolicyOptions) } - if err != nil || accessGroupPolicy == nil { + if err != nil || accessGroupPolicy == nil || res == nil { return fmt.Errorf("[ERROR] Error retrieving access group policy: %s\n%s", err, res) } @@ -348,6 +368,10 @@ func resourceIBMIAMAccessGroupPolicyRead(d *schema.ResourceData, meta interface{ d.Set("description", *accessGroupPolicy.Description) } + if len(res.Headers["Transaction-Id"]) > 0 && res.Headers["Transaction-Id"][0] != "" { + d.Set("transaction_id", res.Headers["Transaction-Id"][0]) + } + return nil } @@ -409,6 +433,10 @@ func resourceIBMIAMAccessGroupPolicyUpdate(d *schema.ResourceData, meta interfac updatePolicyOptions.Description = &des } + if transactionID, ok := d.GetOk("transaction_id"); ok { + updatePolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + _, res, err := iamPolicyManagementClient.UpdatePolicy(updatePolicyOptions) if err != nil { return fmt.Errorf("[ERROR] Error updating access group policy: %s\n%s", err, res) @@ -435,6 +463,10 @@ func resourceIBMIAMAccessGroupPolicyDelete(d *schema.ResourceData, meta interfac accessGroupPolicyId, ) + if transactionID, ok := d.GetOk("transaction_id"); ok { + deletePolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + res, err := iamPolicyManagementClient.DeletePolicy(deletePolicyOptions) if err != nil { return fmt.Errorf("[ERROR] Error deleting access group policy: %s\n%s", err, res) diff --git a/ibm/service/iampolicy/resource_ibm_iam_access_group_policy_test.go b/ibm/service/iampolicy/resource_ibm_iam_access_group_policy_test.go index 66b62d317aa..87cb1393287 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_access_group_policy_test.go +++ b/ibm/service/iampolicy/resource_ibm_iam_access_group_policy_test.go @@ -186,7 +186,7 @@ func TestAccIBMIAMAccessGroupPolicy_import(t *testing.T) { ResourceName: resourceName, ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"resources", "resource_attributes"}, + ImportStateVerifyIgnore: []string{"resources", "resource_attributes", "transaction_id"}, }, }, }) @@ -319,7 +319,7 @@ func TestAccIBMIAMAccessGroupPolicy_With_Resource_Tags(t *testing.T) { Providers: acc.TestAccProviders, CheckDestroy: testAccCheckIBMIAMAccessGroupPolicyDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: testAccCheckIBMIAMAccessGroupPolicyResourceTags(name), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckIBMIAMAccessGroupPolicyExists("ibm_iam_access_group_policy.policy", conf), @@ -328,7 +328,7 @@ func TestAccIBMIAMAccessGroupPolicy_With_Resource_Tags(t *testing.T) { resource.TestCheckResourceAttr("ibm_iam_access_group_policy.policy", "roles.#", "1"), ), }, - resource.TestStep{ + { Config: testAccCheckIBMIAMAccessGroupPolicyUpdateResourceTags(name), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("ibm_iam_access_group.accgrp", "name", name), @@ -340,6 +340,37 @@ func TestAccIBMIAMAccessGroupPolicy_With_Resource_Tags(t *testing.T) { }) } +func TestAccIBMIAMAccessGroupPolicy_With_Transaction_Id(t *testing.T) { + var conf iampolicymanagementv1.Policy + name := fmt.Sprintf("terraform_%d", acctest.RandIntRange(10, 100)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMIAMAccessGroupPolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMIAMAccessGroupPolicyTransactionId(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMIAMAccessGroupPolicyExists("ibm_iam_access_group_policy.policy", conf), + resource.TestCheckResourceAttr("ibm_iam_access_group.accgrp", "name", name), + resource.TestCheckResourceAttr("ibm_iam_access_group_policy.policy", "resource_attributes.#", "2"), + resource.TestCheckResourceAttr("ibm_iam_access_group_policy.policy", "transaction_id", "terrformAccessGroupPolicy"), + ), + }, + { + Config: testAccCheckIBMIAMAccessGroupPolicyTransactionIdUpdate(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMIAMAccessGroupPolicyExists("ibm_iam_access_group_policy.policy", conf), + resource.TestCheckResourceAttr("ibm_iam_access_group.accgrp", "name", name), + resource.TestCheckResourceAttr("ibm_iam_access_group_policy.policy", "resource_attributes.#", "2"), + resource.TestCheckResourceAttr("ibm_iam_access_group_policy.policy", "transaction_id", "terrformAccessGroupPolicyUpdate"), + ), + }, + }, + }) +} + func testAccCheckIBMIAMAccessGroupPolicyDestroy(s *terraform.State) error { iamPolicyManagementClient, err := acc.TestAccProvider.Meta().(conns.ClientSession).IAMPolicyManagementV1API() if err != nil { @@ -700,7 +731,7 @@ func testAccCheckIBMIAMAccessGroupPolicyServiceSpecificRoles(name string) string resource "ibm_iam_access_group_policy" "policy" { access_group_id = ibm_iam_access_group.accgrp.id - roles = ["Satellite Link Source and Endpoint Controller"] + roles = ["Satellite Link Administrator"] resource_attributes { name = "resource" value = "test*" @@ -713,6 +744,29 @@ func testAccCheckIBMIAMAccessGroupPolicyServiceSpecificRoles(name string) string `, name) } +func testAccCheckIBMIAMAccessGroupPolicyTransactionId(name string) string { + return fmt.Sprintf(` + resource "ibm_iam_access_group" "accgrp" { + name = "%s" + } + + resource "ibm_iam_access_group_policy" "policy" { + access_group_id = ibm_iam_access_group.accgrp.id + roles = ["Viewer"] + transaction_id = "terrformAccessGroupPolicy" + resource_attributes { + name = "resource" + value = "test*" + operator = "stringMatch" + } + resource_attributes { + name = "serviceName" + value = "messagehub" + } + } + `, name) +} + func testAccCheckIBMIAMAccessGroupPolicyResourceTags(name string) string { return fmt.Sprintf(` @@ -734,11 +788,9 @@ func testAccCheckIBMIAMAccessGroupPolicyResourceTags(name string) string { func testAccCheckIBMIAMAccessGroupPolicyUpdateResourceTags(name string) string { return fmt.Sprintf(` - resource "ibm_iam_access_group" "accgrp" { name = "%s" } - resource "ibm_iam_access_group_policy" "policy" { access_group_id = ibm_iam_access_group.accgrp.id roles = ["Viewer"] @@ -747,7 +799,6 @@ func testAccCheckIBMIAMAccessGroupPolicyUpdateResourceTags(name string) string { name = "one" value = "terrformupdate" } - resource_tags { name = "two" value = "terrformupdate" @@ -755,3 +806,25 @@ func testAccCheckIBMIAMAccessGroupPolicyUpdateResourceTags(name string) string { } `, name) } + +func testAccCheckIBMIAMAccessGroupPolicyTransactionIdUpdate(name string) string { + return fmt.Sprintf(` + resource "ibm_iam_access_group" "accgrp" { + name = "%s" + } + + resource "ibm_iam_access_group_policy" "policy" { + access_group_id = ibm_iam_access_group.accgrp.id + roles = ["Viewer"] + transaction_id = "terrformAccessGroupPolicyUpdate" + resource_attributes { + name = "resource" + value = "test*" + } + resource_attributes { + name = "serviceName" + value = "messagehub" + } + } + `, name) +} diff --git a/ibm/service/iampolicy/resource_ibm_iam_authorization_policy.go b/ibm/service/iampolicy/resource_ibm_iam_authorization_policy.go index 31eef8b95a2..dfa724fb45b 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_authorization_policy.go +++ b/ibm/service/iampolicy/resource_ibm_iam_authorization_policy.go @@ -175,6 +175,13 @@ func ResourceIBMIAMAuthorizationPolicy() *schema.Resource { Optional: true, Description: "Description of the Policy", }, + + "transaction_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Set transactionID for debug", + }, }, } } @@ -347,6 +354,10 @@ func resourceIBMIAMAuthorizationPolicyCreate(d *schema.ResourceData, meta interf createPolicyOptions.Description = &des } + if transactionID, ok := d.GetOk("transaction_id"); ok { + createPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + authPolicy, resp, err := iampapClient.CreatePolicy(createPolicyOptions) if err != nil { return fmt.Errorf("[ERROR] Error creating authorization policy: %s %s", err, resp) @@ -368,8 +379,12 @@ func resourceIBMIAMAuthorizationPolicyRead(d *schema.ResourceData, meta interfac PolicyID: core.StringPtr(d.Id()), } + if transactionID, ok := d.GetOk("transaction_id"); ok { + getPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + authorizationPolicy, resp, err := iampapClient.GetPolicy(getPolicyOptions) - if err != nil { + if err != nil || resp == nil { return fmt.Errorf("[ERROR] Error retrieving authorizationPolicy: %s %s", err, resp) } roles := make([]string, len(authorizationPolicy.Roles)) @@ -379,6 +394,9 @@ func resourceIBMIAMAuthorizationPolicyRead(d *schema.ResourceData, meta interfac if authorizationPolicy.Description != nil { d.Set("description", *authorizationPolicy.Description) } + if len(resp.Headers["Transaction-Id"]) > 0 && resp.Headers["Transaction-Id"][0] != "" { + d.Set("transaction_id", resp.Headers["Transaction-Id"][0]) + } d.Set("roles", roles) source := authorizationPolicy.Subjects[0] target := authorizationPolicy.Resources[0] @@ -415,6 +433,11 @@ func resourceIBMIAMAuthorizationPolicyDelete(d *schema.ResourceData, meta interf deletePolicyOptions := &iampolicymanagementv1.DeletePolicyOptions{ PolicyID: core.StringPtr(authorizationPolicyID), } + + if transactionID, ok := d.GetOk("transaction_id"); ok { + deletePolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + resp, err := iampapClient.DeletePolicy(deletePolicyOptions) if err != nil { log.Printf( diff --git a/ibm/service/iampolicy/resource_ibm_iam_authorization_policy_test.go b/ibm/service/iampolicy/resource_ibm_iam_authorization_policy_test.go index 9af5ccb270b..9887afdb794 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_authorization_policy_test.go +++ b/ibm/service/iampolicy/resource_ibm_iam_authorization_policy_test.go @@ -56,9 +56,10 @@ func TestAccIBMIAMAuthorizationPolicy_Resource_Instance(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"transaction_id"}, }, }, }) @@ -153,6 +154,27 @@ func TestAccIBMIAMAuthorizationPolicy_ResourceAttributes(t *testing.T) { }) } +func TestAccIBMIAMAuthorizationPolicy_With_Transaction_id(t *testing.T) { + var conf iampolicymanagementv1.Policy + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMIAMAuthorizationPolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMIAMAuthorizationPolicyTransactionId(), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMIAMAuthorizationPolicyExists("ibm_iam_authorization_policy.policy", conf), + resource.TestCheckResourceAttr("ibm_iam_authorization_policy.policy", "source_service_name", "databases-for-redis"), + resource.TestCheckResourceAttr("ibm_iam_authorization_policy.policy", "target_service_name", "kms"), + resource.TestCheckResourceAttr("ibm_iam_authorization_policy.policy", "transaction_id", "terrformAuthorizationPolicy"), + ), + }, + }, + }) +} + func testAccCheckIBMIAMAuthorizationPolicyDestroy(s *terraform.State) error { iamPolicyManagementClient, err := acc.TestAccProvider.Meta().(conns.ClientSession).IAMPolicyManagementV1API() if err != nil { @@ -306,10 +328,8 @@ func testAccCheckIBMIAMAuthorizationPolicyResourceAttributes(sServiceInstance, t plan = "tiered-pricing" location = "us-south" } - resource "ibm_iam_authorization_policy" "policy" { roles = ["Reader"] - subject_attributes { name = "accountId" value = "%s" @@ -322,7 +342,6 @@ func testAccCheckIBMIAMAuthorizationPolicyResourceAttributes(sServiceInstance, t name = "serviceName" value = "cloud-object-storage" } - resource_attributes { name = "serviceName" value = "kms" @@ -338,3 +357,14 @@ func testAccCheckIBMIAMAuthorizationPolicyResourceAttributes(sServiceInstance, t } `, sServiceInstance, tServiceInstance, sAccountID, tAccountID) } + +func testAccCheckIBMIAMAuthorizationPolicyTransactionId() string { + return ` + resource "ibm_iam_authorization_policy" "policy" { + source_service_name = "databases-for-redis" + target_service_name = "kms" + roles = ["Reader", "Authorization Delegator"] + transaction_id = "terrformAuthorizationPolicy" + } + ` +} diff --git a/ibm/service/iampolicy/resource_ibm_iam_service_policy.go b/ibm/service/iampolicy/resource_ibm_iam_service_policy.go index 6c842ee3e41..d3c8df4afa8 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_service_policy.go +++ b/ibm/service/iampolicy/resource_ibm_iam_service_policy.go @@ -189,6 +189,13 @@ func ResourceIBMIAMServicePolicy() *schema.Resource { Optional: true, Description: "Description of the Policy", }, + + "transaction_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Set transactionID for debug", + }, }, } } @@ -263,6 +270,10 @@ func resourceIBMIAMServicePolicyCreate(d *schema.ResourceData, meta interface{}) createPolicyOptions.Description = &des } + if transactionID, ok := d.GetOk("transaction_id"); ok { + createPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + servicePolicy, res, err := iamPolicyManagementClient.CreatePolicy(createPolicyOptions) if err != nil { return fmt.Errorf("[ERROR] Error creating servicePolicy: %s %s", err, res) @@ -272,6 +283,10 @@ func resourceIBMIAMServicePolicyCreate(d *schema.ResourceData, meta interface{}) *servicePolicy.ID, ) + if transactionID, ok := d.GetOk("transaction_id"); ok { + getPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + err = resource.Retry(5*time.Minute, func() *resource.RetryError { var err error policy, res, err := iamPolicyManagementClient.GetPolicy(getPolicyOptions) @@ -327,6 +342,11 @@ func resourceIBMIAMServicePolicyRead(d *schema.ResourceData, meta interface{}) e getPolicyOptions := iamPolicyManagementClient.NewGetPolicyOptions( servicePolicyID, ) + + if transactionID, ok := d.GetOk("transaction_id"); ok { + getPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + err = resource.Retry(5*time.Minute, func() *resource.RetryError { var err error servicePolicy, res, err = iamPolicyManagementClient.GetPolicy(getPolicyOptions) @@ -343,7 +363,7 @@ func resourceIBMIAMServicePolicyRead(d *schema.ResourceData, meta interface{}) e if conns.IsResourceTimeoutError(err) { servicePolicy, res, err = iamPolicyManagementClient.GetPolicy(getPolicyOptions) } - if err != nil || servicePolicy == nil { + if err != nil || servicePolicy == nil || res == nil { return fmt.Errorf("[ERROR] Error retrieving servicePolicy: %s %s", err, res) } if strings.HasPrefix(serviceIDUUID, "iam-") { @@ -381,6 +401,10 @@ func resourceIBMIAMServicePolicyRead(d *schema.ResourceData, meta interface{}) e d.Set("description", *servicePolicy.Description) } + if len(res.Headers["Transaction-Id"]) > 0 && res.Headers["Transaction-Id"][0] != "" { + d.Set("transaction_id", res.Headers["Transaction-Id"][0]) + } + return nil } @@ -405,6 +429,11 @@ func resourceIBMIAMServicePolicyUpdate(d *schema.ResourceData, meta interface{}) getServiceIDOptions := iamidentityv1.GetServiceIDOptions{ ID: &serviceIDUUID, } + + if transactionID, ok := d.GetOk("transaction_id"); ok { + getServiceIDOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + serviceID, resp, err := iamClient.GetServiceID(&getServiceIDOptions) if err != nil { return fmt.Errorf("[ERROR] Error] Error Getting Service Id %s %s", err, resp) @@ -452,6 +481,11 @@ func resourceIBMIAMServicePolicyUpdate(d *schema.ResourceData, meta interface{}) getPolicyOptions := iamPolicyManagementClient.NewGetPolicyOptions( servicePolicyID, ) + + if transactionID, ok := d.GetOk("transaction_id"); ok { + getPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + policy, response, err := iamPolicyManagementClient.GetPolicy(getPolicyOptions) if err != nil || policy == nil { if response != nil && response.StatusCode == 404 { @@ -475,6 +509,9 @@ func resourceIBMIAMServicePolicyUpdate(d *schema.ResourceData, meta interface{}) updatePolicyOptions.Description = &des } + if transactionID, ok := d.GetOk("transaction_id"); ok { + updatePolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } _, _, err = iamPolicyManagementClient.UpdatePolicy(updatePolicyOptions) if err != nil { return fmt.Errorf("[ERROR] Error updating service policy: %s", err) @@ -502,6 +539,10 @@ func resourceIBMIAMServicePolicyDelete(d *schema.ResourceData, meta interface{}) servicePolicyID, ) + if transactionID, ok := d.GetOk("transaction_id"); ok { + deletePolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + _, err = iamPolicyManagementClient.DeletePolicy(deletePolicyOptions) if err != nil { return fmt.Errorf("[ERROR] Error deleting service policy: %s", err) diff --git a/ibm/service/iampolicy/resource_ibm_iam_service_policy_test.go b/ibm/service/iampolicy/resource_ibm_iam_service_policy_test.go index 62eec21ac41..8a6b64c9476 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_service_policy_test.go +++ b/ibm/service/iampolicy/resource_ibm_iam_service_policy_test.go @@ -189,7 +189,7 @@ func TestAccIBMIAMServicePolicy_import(t *testing.T) { ResourceName: resourceName, ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"resources", "resource_attributes"}, + ImportStateVerifyIgnore: []string{"resources", "resource_attributes", "transaction_id"}, }, }, }) @@ -253,7 +253,7 @@ func TestAccIBMIAMServicePolicy_With_Resource_Attributes(t *testing.T) { { Config: testAccCheckIBMIAMServicePolicyResourceAttributes(name), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckIBMIAMAccessGroupPolicyExists("ibm_iam_service_policy.policy", conf), + testAccCheckIBMIAMServicePolicyExists("ibm_iam_service_policy.policy", conf), resource.TestCheckResourceAttr("ibm_iam_service_id.serviceID", "name", name), resource.TestCheckResourceAttr("ibm_iam_service_policy.policy", "resource_attributes.#", "2"), ), @@ -261,7 +261,7 @@ func TestAccIBMIAMServicePolicy_With_Resource_Attributes(t *testing.T) { { Config: testAccCheckIBMIAMServicePolicyResourceAttributesUpdate(name), Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckIBMIAMAccessGroupPolicyExists("ibm_iam_service_policy.policy", conf), + testAccCheckIBMIAMServicePolicyExists("ibm_iam_service_policy.policy", conf), resource.TestCheckResourceAttr("ibm_iam_service_id.serviceID", "name", name), resource.TestCheckResourceAttr("ibm_iam_service_policy.policy", "resource_attributes.#", "2"), ), @@ -302,6 +302,36 @@ func TestAccIBMIAMServicePolicy_With_Resource_Tags(t *testing.T) { }) } +func TestAccIBMIAMServicePolicy_With_Transaction_Id(t *testing.T) { + var conf iampolicymanagementv1.Policy + name := fmt.Sprintf("terraform_%d", acctest.RandIntRange(10, 100)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMIAMServicePolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMIAMServicePolicyResourceTransactionId(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMIAMServicePolicyExists("ibm_iam_service_policy.policy", conf), + resource.TestCheckResourceAttr("ibm_iam_service_id.serviceID", "name", name), + resource.TestCheckResourceAttr("ibm_iam_service_policy.policy", "resource_attributes.#", "2"), + resource.TestCheckResourceAttr("ibm_iam_service_policy.policy", "transaction_id", "terrformServicePolicy")), + }, + { + Config: testAccCheckIBMIAMServicePolicyResourceTransactionIdUpdate(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMIAMServicePolicyExists("ibm_iam_service_policy.policy", conf), + resource.TestCheckResourceAttr("ibm_iam_service_id.serviceID", "name", name), + resource.TestCheckResourceAttr("ibm_iam_service_policy.policy", "resource_attributes.#", "2"), + resource.TestCheckResourceAttr("ibm_iam_service_policy.policy", "transaction_id", "terrformServicePolicyUpdate"), + ), + }, + }, + }) +} + func testAccCheckIBMIAMServicePolicyDestroy(s *terraform.State) error { rsContClient, err := acc.TestAccProvider.Meta().(conns.ClientSession).IAMPolicyManagementV1API() if err != nil { @@ -636,7 +666,6 @@ func testAccCheckIBMIAMServicePolicyResourceAttributesUpdate(name string) string func testAccCheckIBMIAMServicePolicyResourceTags(name string) string { return fmt.Sprintf(` - resource "ibm_iam_service_id" "serviceID" { name = "%s" } @@ -649,16 +678,13 @@ func testAccCheckIBMIAMServicePolicyResourceTags(name string) string { name = "one" value = "Terraform" } - description = "IAM Service Policy Creation for test scenario" } - `, name) } func testAccCheckIBMIAMServicePolicyUpdateResourceTags(name string) string { return fmt.Sprintf(` - resource "ibm_iam_service_id" "serviceID" { name = "%s" } @@ -677,6 +703,50 @@ func testAccCheckIBMIAMServicePolicyUpdateResourceTags(name string) string { } description = "IAM Service Policy Update for test scenario" } + `, name) +} +func testAccCheckIBMIAMServicePolicyResourceTransactionId(name string) string { + return fmt.Sprintf(` + resource "ibm_iam_service_id" "serviceID" { + name = "%s" + } + + resource "ibm_iam_service_policy" "policy" { + iam_service_id = ibm_iam_service_id.serviceID.id + roles = ["Viewer"] + transaction_id = "terrformServicePolicy" + resource_attributes { + name = "resource" + value = "test*" + operator = "stringMatch" + } + resource_attributes { + name = "serviceName" + value = "messagehub" + } + } + `, name) +} + +func testAccCheckIBMIAMServicePolicyResourceTransactionIdUpdate(name string) string { + return fmt.Sprintf(` + resource "ibm_iam_service_id" "serviceID" { + name = "%s" + } + + resource "ibm_iam_service_policy" "policy" { + iam_service_id = ibm_iam_service_id.serviceID.id + roles = ["Viewer"] + transaction_id = "terrformServicePolicyUpdate" + resource_attributes { + name = "resource" + value = "test*" + } + resource_attributes { + name = "serviceName" + value = "messagehub" + } + } `, name) } diff --git a/ibm/service/iampolicy/resource_ibm_iam_trusted_profile_policy.go b/ibm/service/iampolicy/resource_ibm_iam_trusted_profile_policy.go index 2a3d27b4a79..6d7206c7fdd 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_trusted_profile_policy.go +++ b/ibm/service/iampolicy/resource_ibm_iam_trusted_profile_policy.go @@ -189,6 +189,13 @@ func ResourceIBMIAMTrustedProfilePolicy() *schema.Resource { Optional: true, Description: "Description of the Policy", }, + + "transaction_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Set transactionID for debug", + }, }, } } @@ -263,6 +270,10 @@ func resourceIBMIAMTrustedProfilePolicyCreate(d *schema.ResourceData, meta inter createPolicyOptions.Description = &des } + if transactionID, ok := d.GetOk("transaction_id"); ok { + createPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + trustedProfilePolicy, res, err := iamPolicyManagementClient.CreatePolicy(createPolicyOptions) if err != nil { return fmt.Errorf("[ERROR] Error creating trustedProfilePolicy: %s %s", err, res) @@ -272,6 +283,10 @@ func resourceIBMIAMTrustedProfilePolicyCreate(d *schema.ResourceData, meta inter *trustedProfilePolicy.ID, ) + if transactionID, ok := d.GetOk("transaction_id"); ok { + getPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + err = resource.Retry(5*time.Minute, func() *resource.RetryError { var err error policy, res, err := iamPolicyManagementClient.GetPolicy(getPolicyOptions) @@ -327,6 +342,10 @@ func resourceIBMIAMTrustedProfilePolicyRead(d *schema.ResourceData, meta interfa getPolicyOptions := iamPolicyManagementClient.NewGetPolicyOptions( trustedProfilePolicyID, ) + if transactionID, ok := d.GetOk("transaction_id"); ok { + getPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + err = resource.Retry(5*time.Minute, func() *resource.RetryError { var err error trustedProfilePolicy, res, err = iamPolicyManagementClient.GetPolicy(getPolicyOptions) @@ -343,7 +362,7 @@ func resourceIBMIAMTrustedProfilePolicyRead(d *schema.ResourceData, meta interfa if conns.IsResourceTimeoutError(err) { trustedProfilePolicy, res, err = iamPolicyManagementClient.GetPolicy(getPolicyOptions) } - if err != nil || trustedProfilePolicy == nil { + if err != nil || trustedProfilePolicy == nil || res == nil { return fmt.Errorf("[ERROR] Error retrieving trusted profile policy: %s %s", err, res) } if strings.HasPrefix(profileIDUUID, "iam-") { @@ -380,6 +399,9 @@ func resourceIBMIAMTrustedProfilePolicyRead(d *schema.ResourceData, meta interfa if trustedProfilePolicy.Description != nil { d.Set("description", *trustedProfilePolicy.Description) } + if len(res.Headers["Transaction-Id"]) > 0 && res.Headers["Transaction-Id"][0] != "" { + d.Set("transaction_id", res.Headers["Transaction-Id"][0]) + } return nil } @@ -452,6 +474,11 @@ func resourceIBMIAMTrustedProfilePolicyUpdate(d *schema.ResourceData, meta inter getPolicyOptions := iamPolicyManagementClient.NewGetPolicyOptions( trustedProfilePolicyID, ) + + if transactionID, ok := d.GetOk("transaction_id"); ok { + getPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + policy, response, err := iamPolicyManagementClient.GetPolicy(getPolicyOptions) if err != nil || policy == nil { if response != nil && response.StatusCode == 404 { @@ -475,6 +502,10 @@ func resourceIBMIAMTrustedProfilePolicyUpdate(d *schema.ResourceData, meta inter updatePolicyOptions.Description = &des } + if transactionID, ok := d.GetOk("transaction_id"); ok { + updatePolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + _, resp, err := iamPolicyManagementClient.UpdatePolicy(updatePolicyOptions) if err != nil { return fmt.Errorf("[ERROR] Error updating trusted profile policy: %s: %s", err, resp) @@ -502,6 +533,10 @@ func resourceIBMIAMTrustedProfilePolicyDelete(d *schema.ResourceData, meta inter trustedProfilePolicyID, ) + if transactionID, ok := d.GetOk("transaction_id"); ok { + deletePolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + resp, err := iamPolicyManagementClient.DeletePolicy(deletePolicyOptions) if err != nil { return fmt.Errorf("[ERROR] Error deleting trusted profile policy: %s %s", err, resp) diff --git a/ibm/service/iampolicy/resource_ibm_iam_trusted_profile_policy_test.go b/ibm/service/iampolicy/resource_ibm_iam_trusted_profile_policy_test.go index 7e7a7e0d440..360d9f321af 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_trusted_profile_policy_test.go +++ b/ibm/service/iampolicy/resource_ibm_iam_trusted_profile_policy_test.go @@ -189,7 +189,7 @@ func TestAccIBMIAMTrustedProfilePolicy_import(t *testing.T) { ResourceName: resourceName, ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"resources", "resource_attributes"}, + ImportStateVerifyIgnore: []string{"resources", "resource_attributes", "transaction_id"}, }, }, }) @@ -300,6 +300,29 @@ func TestAccIBMIAMTrustedProfilePolicy_With_Resource_Tags(t *testing.T) { }) } +func TestAccIBMIAMTrustedProfilePolicy_With_Transaction_Id(t *testing.T) { + var conf iampolicymanagementv1.Policy + name := fmt.Sprintf("terraform_%d", acctest.RandIntRange(10, 100)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMIAMTrustedProfilePolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMIAMTrustedProfilePolicyTransactionId(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMIAMTrustedProfilePolicyExists("ibm_iam_trusted_profile_policy.policy", conf), + resource.TestCheckResourceAttr("ibm_iam_trusted_profile.profileID", "name", name), + resource.TestCheckResourceAttr("ibm_iam_trusted_profile_policy.policy", "resources.0.service", "cloudantnosqldb"), + resource.TestCheckResourceAttr("ibm_iam_trusted_profile_policy.policy", "roles.#", "1"), + resource.TestCheckResourceAttr("ibm_iam_trusted_profile_policy.policy", "transaction_id", "terrformTrustedPolicy"), + ), + }, + }, + }) +} + func testAccCheckIBMIAMTrustedProfilePolicyDestroy(s *terraform.State) error { rsContClient, err := acc.TestAccProvider.Meta().(conns.ClientSession).IAMPolicyManagementV1API() if err != nil { @@ -634,7 +657,6 @@ func testAccCheckIBMIAMTrustedProfilePolicyResourceAttributesUpdate(name string) func testAccCheckIBMIAMTrustedProfilePolicyResourceTags(name string) string { return fmt.Sprintf(` - resource "ibm_iam_trusted_profile" "profileID" { name = "%s" } @@ -647,13 +669,29 @@ func testAccCheckIBMIAMTrustedProfilePolicyResourceTags(name string) string { value = "Terraform" } } + `, name) +} +func testAccCheckIBMIAMTrustedProfilePolicyTransactionId(name string) string { + return fmt.Sprintf(` + resource "ibm_iam_trusted_profile" "profileID" { + name = "%s" + } + + resource "ibm_iam_trusted_profile_policy" "policy" { + profile_id = ibm_iam_trusted_profile.profileID.id + roles = ["Viewer"] + transaction_id = "terrformTrustedPolicy" + + resources { + service = "cloudantnosqldb" + } + } `, name) } func testAccCheckIBMIAMTrustedProfilePolicyUpdateResourceTags(name string) string { return fmt.Sprintf(` - resource "ibm_iam_trusted_profile" "profileID" { name = "%s" } @@ -670,6 +708,5 @@ func testAccCheckIBMIAMTrustedProfilePolicyUpdateResourceTags(name string) strin value = "TerraformUpdate" } } - `, name) } diff --git a/ibm/service/iampolicy/resource_ibm_iam_user_policy.go b/ibm/service/iampolicy/resource_ibm_iam_user_policy.go index 325c9827ddd..6173c08106e 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_user_policy.go +++ b/ibm/service/iampolicy/resource_ibm_iam_user_policy.go @@ -179,6 +179,13 @@ func ResourceIBMIAMUserPolicy() *schema.Resource { Optional: true, Description: "Description of the Policy", }, + + "transaction_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Set transactionID for debug", + }, }, } } @@ -242,8 +249,11 @@ func resourceIBMIAMUserPolicyCreate(d *schema.ResourceData, meta interface{}) er createPolicyOptions.Description = &des } - userPolicy, resp, err := iamPolicyManagementClient.CreatePolicy(createPolicyOptions) + if transactionID, ok := d.GetOk("transaction_id"); ok { + createPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + userPolicy, resp, err := iamPolicyManagementClient.CreatePolicy(createPolicyOptions) if err != nil { return fmt.Errorf("Error creating user policies: %s, %s", err, resp) } @@ -252,6 +262,10 @@ func resourceIBMIAMUserPolicyCreate(d *schema.ResourceData, meta interface{}) er PolicyID: userPolicy.ID, } + if transactionID, ok := d.GetOk("transaction_id"); ok { + getPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + err = resource.Retry(5*time.Minute, func() *resource.RetryError { var err error policy, res, err := iamPolicyManagementClient.GetPolicy(getPolicyOptions) @@ -291,13 +305,14 @@ func resourceIBMIAMUserPolicyRead(d *schema.ResourceData, meta interface{}) erro userEmail := parts[0] userPolicyID := parts[1] - if err != nil { - return err - } - getPolicyOptions := &iampolicymanagementv1.GetPolicyOptions{ PolicyID: core.StringPtr(userPolicyID), } + + if transactionID, ok := d.GetOk("transaction_id"); ok { + getPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + userPolicy := &iampolicymanagementv1.Policy{} res := &core.DetailedResponse{} err = resource.Retry(5*time.Minute, func() *resource.RetryError { @@ -316,7 +331,7 @@ func resourceIBMIAMUserPolicyRead(d *schema.ResourceData, meta interface{}) erro if conns.IsResourceTimeoutError(err) { userPolicy, res, err = iamPolicyManagementClient.GetPolicy(getPolicyOptions) } - if err != nil || userPolicy == nil { + if err != nil || userPolicy == nil || res == nil { return fmt.Errorf("[ERROR] Error retrieving userPolicy: %s %s", err, res) } d.Set("ibm_id", userEmail) @@ -348,6 +363,10 @@ func resourceIBMIAMUserPolicyRead(d *schema.ResourceData, meta interface{}) erro if userPolicy.Description != nil { d.Set("description", *userPolicy.Description) } + if len(res.Headers["Transaction-Id"]) > 0 && res.Headers["Transaction-Id"][0] != "" { + d.Set("transaction_id", res.Headers["Transaction-Id"][0]) + } + return nil } @@ -403,6 +422,11 @@ func resourceIBMIAMUserPolicyUpdate(d *schema.ResourceData, meta interface{}) er getPolicyOptions := &iampolicymanagementv1.GetPolicyOptions{ PolicyID: &userPolicyID, } + + if transactionID, ok := d.GetOk("transaction_id"); ok { + getPolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + policy, response, err := iamPolicyManagementClient.GetPolicy(getPolicyOptions) if err != nil || policy == nil { if response != nil && response.StatusCode == 404 { @@ -426,6 +450,10 @@ func resourceIBMIAMUserPolicyUpdate(d *schema.ResourceData, meta interface{}) er updatePolicyOptions.Description = &des } + if transactionID, ok := d.GetOk("transaction_id"); ok { + updatePolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + _, resp, err := iamPolicyManagementClient.UpdatePolicy(updatePolicyOptions) if err != nil { return fmt.Errorf("[ERROR] Error updating user policy: %s, %s", err, resp) @@ -450,6 +478,11 @@ func resourceIBMIAMUserPolicyDelete(d *schema.ResourceData, meta interface{}) er deletePolicyOptions := iamPolicyManagementClient.NewDeletePolicyOptions( userPolicyID, ) + + if transactionID, ok := d.GetOk("transaction_id"); ok { + deletePolicyOptions.SetHeaders(map[string]string{"Transaction-Id": transactionID.(string)}) + } + _, err = iamPolicyManagementClient.DeletePolicy(deletePolicyOptions) if err != nil { return err diff --git a/ibm/service/iampolicy/resource_ibm_iam_user_policy_test.go b/ibm/service/iampolicy/resource_ibm_iam_user_policy_test.go index 59c56565e2f..bb193f3f7fb 100644 --- a/ibm/service/iampolicy/resource_ibm_iam_user_policy_test.go +++ b/ibm/service/iampolicy/resource_ibm_iam_user_policy_test.go @@ -175,7 +175,7 @@ func TestAccIBMIAMUserPolicy_import(t *testing.T) { ResourceName: resourceName, ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"resources", "resource_attributes"}, + ImportStateVerifyIgnore: []string{"resources", "resource_attributes", "transaction_id"}, }, }, }) @@ -291,7 +291,7 @@ func TestAccIBMIAMUserPolicy_With_Resource_Tags(t *testing.T) { Providers: acc.TestAccProviders, CheckDestroy: testAccCheckIBMIAMUserPolicyDestroy, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: testAccCheckIBMIAMUserPolicyResourceTags(), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckIBMIAMUserPolicyExists("ibm_iam_user_policy.policy", conf), @@ -300,7 +300,7 @@ func TestAccIBMIAMUserPolicy_With_Resource_Tags(t *testing.T) { resource.TestCheckResourceAttr("ibm_iam_user_policy.policy", "description", "IAM User Policy Creation for test scenario"), ), }, - resource.TestStep{ + { Config: testAccCheckIBMIAMUserPolicyResourceTagsUpdate(), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("ibm_iam_user_policy.policy", "resource_tags.#", "2"), @@ -313,6 +313,25 @@ func TestAccIBMIAMUserPolicy_With_Resource_Tags(t *testing.T) { } +func TestAccIBMIAMUserPolicy_With_Transaction_Id(t *testing.T) { + var conf iampolicymanagementv1.Policy + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMIAMServicePolicyDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMIAMUserPolicyTransactionId(), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMIAMAccessGroupPolicyExists("ibm_iam_user_policy.policy", conf), + resource.TestCheckResourceAttr("ibm_iam_user_policy.policy", "transaction_id", "terrformUserPolicy"), + ), + }, + }, + }) +} + func testAccCheckIBMIAMUserPolicyDestroy(s *terraform.State) error { rsContClient, err := acc.TestAccProvider.Meta().(conns.ClientSession).IAMPolicyManagementV1API() if err != nil { @@ -671,3 +690,18 @@ func testAccCheckIBMIAMUserPolicyResourceTagsUpdate() string { } `, acc.IAMUser) } + +func testAccCheckIBMIAMUserPolicyTransactionId() string { + return fmt.Sprintf(` + + resource "ibm_iam_user_policy" "policy" { + ibm_id = "%s" + roles = ["Viewer"] + transaction_id = "terrformUserPolicy" + resources { + service = "cloudantnosqldb" + } + } + + `, acc.IAMUser) +} diff --git a/website/docs/d/iam_access_group_policy.html.markdown b/website/docs/d/iam_access_group_policy.html.markdown index 09fa177c1fb..c68b20a2a0a 100644 --- a/website/docs/d/iam_access_group_policy.html.markdown +++ b/website/docs/d/iam_access_group_policy.html.markdown @@ -28,6 +28,7 @@ resource "ibm_iam_access_group_policy" "policy" { data "ibm_iam_access_group_policy" "policy" { access_group_id = ibm_iam_access_group_policy.policy.access_group_id + transaction_id = "terrformAccessGroupPolicy" } ``` @@ -37,7 +38,8 @@ data "ibm_iam_access_group_policy" "policy" { Review the argument references that you can specify for your data source. - `access_group_id` - (Required, Forces new resource, String) The ID of the access group. -- `sort`- (Optional, String) The single field sort query for policies. Allowed values are `id`, `type`, `href`, `created_at`, `created_by_id`, `last_modified_at`,`last_modified_by_id`, `state` +- `sort`- (Optional, String) The single field sort query for policies. Allowed values are `id`, `type`, `href`, `created_at`, `created_by_id`, `last_modified_at`,`last_modified_by_id`, `state`. +- `transaction_id`- (Optional, String) The TransactionID can be passed to your request for the tracking calls. ## Attribute reference diff --git a/website/docs/d/iam_authorization_policy.html.markdown b/website/docs/d/iam_authorization_policy.html.markdown index 660534f1432..68840df95de 100644 --- a/website/docs/d/iam_authorization_policy.html.markdown +++ b/website/docs/d/iam_authorization_policy.html.markdown @@ -23,6 +23,7 @@ data "ibm_iam_authorization_policies" "testacc_ds_authorization_policy" { Review the argument references that you can specify for your data source. - `account_id` - (Optional, String) An alpha-numeric value identifying the account ID. +- `transaction_id`- (Optional, String) The TransactionID can be passed to your request for the tracking calls. ## Attribute reference diff --git a/website/docs/d/iam_service_policy.html.markdown b/website/docs/d/iam_service_policy.html.markdown index 358c37fa18d..d36317f9c52 100644 --- a/website/docs/d/iam_service_policy.html.markdown +++ b/website/docs/d/iam_service_policy.html.markdown @@ -26,6 +26,7 @@ resource "ibm_iam_service_policy" "policy" { data "ibm_iam_service_policy" "testacc_ds_service_policy" { iam_service_id = ibm_iam_service_policy.policy.iam_service_id + transaction_id = "terrformServicePolicy" } ``` @@ -37,6 +38,7 @@ Review the argument references that you can specify for your data source. - `iam_service_id` - (Required, String) The UUID of the service ID. - `iam_id` - (Optional, String) IAM ID of the service ID. One of the `iam_service_id` or `iam_id` is required argument. You can use to get cross account service ID policy. - `sort`- Optional - (String) The single field sort query for policies. +- `transaction_id`- (Optional, String) The TransactionID can be passed to your request for the tracking calls. ## Attribute reference diff --git a/website/docs/d/iam_trusted_profile_policy.html.markdown b/website/docs/d/iam_trusted_profile_policy.html.markdown index 051154e9df2..413edae33e4 100644 --- a/website/docs/d/iam_trusted_profile_policy.html.markdown +++ b/website/docs/d/iam_trusted_profile_policy.html.markdown @@ -26,6 +26,7 @@ resource "ibm_iam_trusted_profile_policy" "policy" { data "ibm_iam_trusted_profile_policy" "policy" { profile_id = ibm_iam_trusted_profile_policy.policy.profile_id + transaction_id = "terrformTrustedPolicy" } ``` @@ -37,6 +38,7 @@ Review the argument references that you can specify for your data source. - `profile_id` - (Required, String) The UUID of the trusted profile. Either `profile_id` or `iam_id` is required. - `iam_id` - (Optional, String) IAM ID of the trusted profile. Either `profile_id` or `iam_id` is required. - `sort`- Optional - (String) The single field sort query for policies. +- `transaction_id`- (Optional, String) The TransactionID can be passed to your request for the tracking calls. ## Attribute reference diff --git a/website/docs/d/iam_user_policy.html.markdown b/website/docs/d/iam_user_policy.html.markdown index a226b52c979..faaaabde128 100644 --- a/website/docs/d/iam_user_policy.html.markdown +++ b/website/docs/d/iam_user_policy.html.markdown @@ -25,6 +25,7 @@ resource "ibm_iam_user_policy" "policy" { data "ibm_iam_user_policy" "testacc_ds_user_policy" { ibm_id = ibm_iam_user_policy.policy.ibm_id + transaction_id = "terrformUserPolicy" } ``` @@ -35,6 +36,7 @@ Review the argument references that you can specify for your data source. - `ibm_id` - (Required, String) The IBM ID or email address of the user. - `sort`- (Optional, String) The single field sort query for policies. +- `transaction_id`- (Optional, String) The TransactionID can be passed to your request for the tracking calls. ## Attribute reference diff --git a/website/docs/r/iam_access_group_policy.html.markdown b/website/docs/r/iam_access_group_policy.html.markdown index 40b3a348fbe..40da051884e 100644 --- a/website/docs/r/iam_access_group_policy.html.markdown +++ b/website/docs/r/iam_access_group_policy.html.markdown @@ -24,11 +24,11 @@ resource "ibm_iam_access_group" "accgrp" { resource "ibm_iam_access_group_policy" "policy" { access_group_id = ibm_iam_access_group.accgrp.id roles = ["Viewer"] - resource_tags { name = "env" value = "dev" } + transaction_id = "terraformUserPolicy" } ``` @@ -249,6 +249,8 @@ Review the argument references that you can specify for your resource. - `value` - (Required, String) The value of an access management tag. - `operator` - (Optional, String) Operator of an attribute. The default value is `stringEquals`. +- `transaction_id`- (Optional, String) The TransactionID can be passed to your request for tracking the calls. + ## Attribute reference In addition to all argument reference list, you can access the following attribute reference after your resource is created. diff --git a/website/docs/r/iam_authorization_policy.html.markdown b/website/docs/r/iam_authorization_policy.html.markdown index 26a9f9d1139..ee31099d689 100644 --- a/website/docs/r/iam_authorization_policy.html.markdown +++ b/website/docs/r/iam_authorization_policy.html.markdown @@ -21,6 +21,7 @@ resource "ibm_iam_authorization_policy" "policy" { target_service_name = "kms" roles = ["Reader"] description = "Authorization Policy" + transaction_id = "terraformAuthorizationPolicy" } ``` @@ -139,6 +140,7 @@ Review the argument references that you can specify for your resource. - `description` (Optional, String) The description of the Authorization Policy. - `roles` - (Required, list) The comma separated list of roles. For more information, about supported service specific roles, see [IAM roles and actions](https://cloud.ibm.com/docs/account?topic=account-iam-service-roles-actions) + - `source_service_account` - (Optional, Forces new resource, string) The account GUID of source service.**Note** Conflicts with `subject_attributes`. - `source_service_name` - (Required, Forces new resource, string) The source service name.**Note** Conflicts with `subject_attributes`. - `target_service_name` - (Required, Forces new resource, string) The target service name.**Note** Conflicts with `resource_attributes`. @@ -161,7 +163,6 @@ Review the argument references that you can specify for your resource. - `name` - (Required, String) The name of an attribute. Supported values are `serviceName` , `serviceInstance` , `region` , `resource` , `resourceType` , `resourceGroupId` `accountId`. - `value` - (Required, String) The value of an attribute. - `operator` - (Optional, String) Operator of an attribute. The default value is `stringEquals`. - ## Attribute reference In addition to all argument reference list, you can access the following attribute reference after your resource is created. diff --git a/website/docs/r/iam_service_policy.html.markdown b/website/docs/r/iam_service_policy.html.markdown index 882aefeaef2..7b4dd179e79 100644 --- a/website/docs/r/iam_service_policy.html.markdown +++ b/website/docs/r/iam_service_policy.html.markdown @@ -29,6 +29,8 @@ resource "ibm_iam_service_policy" "policy" { name = "env" value = "dev" } + + transaction_id = "terraformServicePolicy" } ``` @@ -247,6 +249,8 @@ Review the argument references that you can specify for your resource. - `name` - (Required, String) The key of an access management tag. - `value` - (Required, String) The value of an access management tag. - `operator` - (Optional, String) Operator of an attribute. The default value is `stringEquals`. + +- `transaction_id`- (Optional, String) The TransactionID can be passed to your request for tracking the calls. ## Attribute reference In addition to all argument reference list, you can access the following attribute reference after your resource is created. diff --git a/website/docs/r/iam_trusted_profile_policy.html.markdown b/website/docs/r/iam_trusted_profile_policy.html.markdown index 011c50ec6df..b20aa41127c 100644 --- a/website/docs/r/iam_trusted_profile_policy.html.markdown +++ b/website/docs/r/iam_trusted_profile_policy.html.markdown @@ -29,6 +29,7 @@ resource "ibm_iam_trusted_profile_policy" "policy" { name = "env" value = "dev" } + transaction_id = "terraformTrustedPolicy" } ``` @@ -241,6 +242,8 @@ Review the argument references that you can specify for your resource. - `value` - (Required, String) The value of an access management tag. - `operator` - (Optional, String) Operator of an attribute. The default value is `stringEquals`. +- `transaction_id`- (Optional, String) The TransactionID can be passed to your request for tracking the calls. + ## Attribute reference In addition to all argument reference list, you can access the following attribute reference after your resource is created. diff --git a/website/docs/r/iam_user_policy.html.markdown b/website/docs/r/iam_user_policy.html.markdown index 64ad828d34c..073bc92b277 100644 --- a/website/docs/r/iam_user_policy.html.markdown +++ b/website/docs/r/iam_user_policy.html.markdown @@ -191,6 +191,7 @@ Review the argument references that you can specify for your resource. - `value` - (Required, String) The value of an access management tag. - `operator` - (Optional, String) Operator of an attribute. The default value is `stringEquals`. +- `transaction_id`- (Optional, String) The TransactionID can be passed to your request for tracking the calls. ## Attribute reference In addition to all argument reference list, you can access the following attribute reference after your resource is created.