r/aws_vpc_endpoint_connection_service_allowed_principal: convert to aws sdk v2

jar-b · jar-b · commit aac92c3eee50 · 2024-05-16T13:53:37.000-04:00
```console
% make testacc PKG=ec2 TESTS="TestAccVPCEndpointServiceAllowedPrincipal_"
==&gt; Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.2 test ./internal/service/ec2/... -v -count 1 -parallel 20 -run='TestAccVPCEndpointServiceAllowedPrincipal_'  -timeout 360m

--- PASS: TestAccVPCEndpointServiceAllowedPrincipal_basic (211.30s)
--- PASS: TestAccVPCEndpointServiceAllowedPrincipal_multiple (220.94s)
--- PASS: TestAccVPCEndpointServiceAllowedPrincipal_tags (231.80s)
--- PASS: TestAccVPCEndpointServiceAllowedPrincipal_migrateID (236.87s)
--- PASS: TestAccVPCEndpointServiceAllowedPrincipal_migrateAndTag (247.32s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/ec2        252.532s
```
diff --git a/internal/service/ec2/exports_test.go b/internal/service/ec2/exports_test.go
@@ -52,8 +52,9 @@ var (
 	FindVPCEndpointConnectionNotificationByIDV2            = findVPCEndpointConnectionNotificationByIDV2
 	FindVPCEndpointRouteTableAssociationExistsV2           = findVPCEndpointRouteTableAssociationExistsV2
 	FindVPCEndpointSecurityGroupAssociationExistsV2        = findVPCEndpointSecurityGroupAssociationExistsV2
-	FindVPCEndpointSubnetAssociationExistsV2               = findVPCEndpointSubnetAssociationExistsV2
 	FindVPCEndpointServiceConfigurationByIDV2              = findVPCEndpointServiceConfigurationByIDV2
+	FindVPCEndpointServicePermissionV2                     = findVPCEndpointServicePermissionV2
+	FindVPCEndpointSubnetAssociationExistsV2               = findVPCEndpointSubnetAssociationExistsV2
 	FindVPNGatewayRoutePropagationExistsV2                 = findVPNGatewayRoutePropagationExistsV2
 	FlattenNetworkInterfacePrivateIPAddresses              = flattenNetworkInterfacePrivateIPAddresses
 	IPAMServicePrincipal                                   = ipamServicePrincipal
diff --git a/internal/service/ec2/findv2.go b/internal/service/ec2/findv2.go
@@ -12,6 +12,7 @@ import (
 	awstypes "github.com/aws/aws-sdk-go-v2/service/ec2/types"
 	"github.com/hashicorp/aws-sdk-go-base/v2/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
+	tfslices "github.com/hashicorp/terraform-provider-aws/internal/slices"
 	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/internal/types"
 	"github.com/hashicorp/terraform-provider-aws/names"
@@ -970,3 +971,24 @@ func findVPCEndpointConnectionNotificationByIDV2(ctx context.Context, conn *ec2.
 
 	return output, nil
 }
+
+func findVPCEndpointServicePermissionV2(ctx context.Context, conn *ec2.Client, serviceID, principalARN string) (*awstypes.AllowedPrincipal, error) {
+	// Applying a server-side filter on "principal" can lead to errors like
+	// "An error occurred (InvalidFilter) when calling the DescribeVpcEndpointServicePermissions operation: The filter value arn:aws:iam::123456789012:role/developer contains unsupported characters".
+	// Apply the filter client-side.
+	input := &ec2.DescribeVpcEndpointServicePermissionsInput{
+		ServiceId: aws.String(serviceID),
+	}
+
+	allowedPrincipals, err := findVPCEndpointServicePermissionsV2(ctx, conn, input)
+
+	if err != nil {
+		return nil, err
+	}
+
+	allowedPrincipals = tfslices.Filter(allowedPrincipals, func(v awstypes.AllowedPrincipal) bool {
+		return aws.ToString(v.Principal) == principalARN
+	})
+
+	return tfresource.AssertSingleValueResult(allowedPrincipals)
+}
diff --git a/internal/service/ec2/vpc_endpoint_service_allowed_principal.go b/internal/service/ec2/vpc_endpoint_service_allowed_principal.go
@@ -7,9 +7,9 @@ import (
 	"context"
 	"log"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/service/ec2"
-	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	"github.com/hashicorp/aws-sdk-go-base/v2/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
@@ -41,13 +41,13 @@ func ResourceVPCEndpointServiceAllowedPrincipal() *schema.Resource {
 
 func resourceVPCEndpointServiceAllowedPrincipalCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
-	conn := meta.(*conns.AWSClient).EC2Conn(ctx)
+	conn := meta.(*conns.AWSClient).EC2Client(ctx)
 
 	serviceID := d.Get("vpc_endpoint_service_id").(string)
 	principalARN := d.Get("principal_arn").(string)
 
-	output, err := conn.ModifyVpcEndpointServicePermissionsWithContext(ctx, &ec2.ModifyVpcEndpointServicePermissionsInput{
-		AddAllowedPrincipals: aws.StringSlice([]string{principalARN}),
+	output, err := conn.ModifyVpcEndpointServicePermissions(ctx, &ec2.ModifyVpcEndpointServicePermissionsInput{
+		AddAllowedPrincipals: []string{principalARN},
 		ServiceId:            aws.String(serviceID),
 	})
 
@@ -56,8 +56,8 @@ func resourceVPCEndpointServiceAllowedPrincipalCreate(ctx context.Context, d *sc
 	}
 
 	for _, v := range output.AddedPrincipals {
-		if aws.StringValue(v.Principal) == principalARN {
-			d.SetId(aws.StringValue(v.ServicePermissionId))
+		if aws.ToString(v.Principal) == principalARN {
+			d.SetId(aws.ToString(v.ServicePermissionId))
 		}
 	}
 
@@ -66,12 +66,12 @@ func resourceVPCEndpointServiceAllowedPrincipalCreate(ctx context.Context, d *sc
 
 func resourceVPCEndpointServiceAllowedPrincipalRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
-	conn := meta.(*conns.AWSClient).EC2Conn(ctx)
+	conn := meta.(*conns.AWSClient).EC2Client(ctx)
 
 	serviceID := d.Get("vpc_endpoint_service_id").(string)
 	principalARN := d.Get("principal_arn").(string)
 
-	output, err := FindVPCEndpointServicePermission(ctx, conn, serviceID, principalARN)
+	output, err := findVPCEndpointServicePermissionV2(ctx, conn, serviceID, principalARN)
 
 	if !d.IsNewResource() && tfresource.NotFound(err) {
 		log.Printf("[WARN] EC2 VPC Endpoint Service Allowed Principal %s not found, removing from state", d.Id())
@@ -83,20 +83,20 @@ func resourceVPCEndpointServiceAllowedPrincipalRead(ctx context.Context, d *sche
 		return sdkdiag.AppendErrorf(diags, "reading EC2 VPC Endpoint Service (%s) Allowed Principal (%s): %s", serviceID, principalARN, err)
 	}
 
-	d.SetId(aws.StringValue(output.ServicePermissionId))
+	d.SetId(aws.ToString(output.ServicePermissionId))
 
 	return diags
 }
 
 func resourceVPCEndpointServiceAllowedPrincipalDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
-	conn := meta.(*conns.AWSClient).EC2Conn(ctx)
+	conn := meta.(*conns.AWSClient).EC2Client(ctx)
 
 	serviceID := d.Get("vpc_endpoint_service_id").(string)
 	principalARN := d.Get("principal_arn").(string)
 
-	_, err := conn.ModifyVpcEndpointServicePermissionsWithContext(ctx, &ec2.ModifyVpcEndpointServicePermissionsInput{
-		RemoveAllowedPrincipals: aws.StringSlice([]string{principalARN}),
+	_, err := conn.ModifyVpcEndpointServicePermissions(ctx, &ec2.ModifyVpcEndpointServicePermissionsInput{
+		RemoveAllowedPrincipals: []string{principalARN},
 		ServiceId:               aws.String(serviceID),
 	})
 
diff --git a/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go b/internal/service/ec2/vpc_endpoint_service_allowed_principal_test.go
@@ -123,7 +123,10 @@ func TestAccVPCEndpointServiceAllowedPrincipal_migrateID(t *testing.T) {
 			{
 				ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 				Config:                   testAccVPCEndpointServiceAllowedPrincipalConfig_basic(rName),
-				PlanOnly:                 true,
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckVPCEndpointServiceAllowedPrincipalExists(ctx, resourceName),
+					resource.TestMatchResourceAttr(resourceName, names.AttrID, regexache.MustCompile(`^vpce-svc-perm-\w{17}$`)),
+				),
 			},
 		},
 	})
@@ -171,14 +174,14 @@ func TestAccVPCEndpointServiceAllowedPrincipal_migrateAndTag(t *testing.T) {
 
 func testAccCheckVPCEndpointServiceAllowedPrincipalDestroy(ctx context.Context) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
-		conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn(ctx)
+		conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Client(ctx)
 
 		for _, rs := range s.RootModule().Resources {
 			if rs.Type != "aws_vpc_endpoint_service_allowed_principal" {
 				continue
 			}
 
-			_, err := tfec2.FindVPCEndpointServicePermission(ctx, conn, rs.Primary.Attributes["vpc_endpoint_service_id"], rs.Primary.Attributes["principal_arn"])
+			_, err := tfec2.FindVPCEndpointServicePermissionV2(ctx, conn, rs.Primary.Attributes["vpc_endpoint_service_id"], rs.Primary.Attributes["principal_arn"])
 
 			if tfresource.NotFound(err) {
 				continue
@@ -206,9 +209,9 @@ func testAccCheckVPCEndpointServiceAllowedPrincipalExists(ctx context.Context, n
 			return fmt.Errorf("No EC2 VPC Endpoint Service Allowed Principal ID is set")
 		}
 
-		conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn(ctx)
+		conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Client(ctx)
 
-		_, err := tfec2.FindVPCEndpointServicePermission(ctx, conn, rs.Primary.Attributes["vpc_endpoint_service_id"], rs.Primary.Attributes["principal_arn"])
+		_, err := tfec2.FindVPCEndpointServicePermissionV2(ctx, conn, rs.Primary.Attributes["vpc_endpoint_service_id"], rs.Primary.Attributes["principal_arn"])
 
 		return err
 	}
