From 2979116f3adaab82f9fc602b70e61bb912767a18 Mon Sep 17 00:00:00 2001 From: Shooks Date: Sat, 3 Aug 2024 13:42:43 +0800 Subject: [PATCH 1/6] feat: update PolicyEnabled flag based on policy_document content --- .changelog/38609.txt | 3 +++ internal/service/ec2/verifiedaccess_endpoint.go | 7 +++++-- internal/service/ec2/verifiedaccess_endpoint_test.go | 10 ++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 .changelog/38609.txt diff --git a/.changelog/38609.txt b/.changelog/38609.txt new file mode 100644 index 000000000000..2bb11e362d7d --- /dev/null +++ b/.changelog/38609.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_verifiedaccess_endpoint: Add setting of PolicyEnabled flag to `false` if `policy_document` is empty +``` \ No newline at end of file diff --git a/internal/service/ec2/verifiedaccess_endpoint.go b/internal/service/ec2/verifiedaccess_endpoint.go index 2804fe77e2d7..a307ac2417bb 100644 --- a/internal/service/ec2/verifiedaccess_endpoint.go +++ b/internal/service/ec2/verifiedaccess_endpoint.go @@ -330,11 +330,14 @@ func resourceVerifiedAccessEndpointUpdate(ctx context.Context, d *schema.Resourc } if d.HasChange("policy_document") { + policyDocument := d.Get("policy_document").(string) input := &ec2.ModifyVerifiedAccessEndpointPolicyInput{ - PolicyDocument: aws.String(d.Get("policy_document").(string)), - PolicyEnabled: aws.Bool(true), + PolicyEnabled: aws.Bool(policyDocument != ""), VerifiedAccessEndpointId: aws.String(d.Id()), } + if policyDocument != "" { + input.PolicyDocument = aws.String(policyDocument) + } _, err := conn.ModifyVerifiedAccessEndpointPolicy(ctx, input) diff --git a/internal/service/ec2/verifiedaccess_endpoint_test.go b/internal/service/ec2/verifiedaccess_endpoint_test.go index 8f10d939043b..09f3df183103 100644 --- a/internal/service/ec2/verifiedaccess_endpoint_test.go +++ b/internal/service/ec2/verifiedaccess_endpoint_test.go @@ -242,6 +242,12 @@ func testAccVerifiedAccessEndpoint_policyDocument(t *testing.T, semaphore tfsync resource.TestCheckResourceAttr(resourceName, "policy_document", policyDoc), ), }, + { + Config: testAccVerifiedAccessEndpointConfig_policyDelete(rName, acctest.TLSPEMEscapeNewlines(key), acctest.TLSPEMEscapeNewlines(certificate)), + Check: resource.ComposeTestCheckFunc( + testAccCheckVerifiedAccessEndpointExists(ctx, resourceName, &v), + ), + }, }, }) } @@ -541,3 +547,7 @@ resource "aws_verifiedaccess_endpoint" "test" { } `, rName, key, certificate, policyDocument)) } + +func testAccVerifiedAccessEndpointConfig_policyDelete(rName, key, certificate string) string { + return acctest.ConfigCompose(testAccVerifiedAccessEndpointConfig_policyBase(rName, key, certificate)) +} From 1c704018f6c2a5f64e3af2f732bd5cee8f24fc72 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 26 Aug 2024 15:08:52 -0400 Subject: [PATCH 2/6] r/aws_elasticbeanstalk_environment: Simplify reading of settings. --- .../configuration_template.go | 4 +- .../service/elasticbeanstalk/environment.go | 173 +++++++++--------- 2 files changed, 87 insertions(+), 90 deletions(-) diff --git a/internal/service/elasticbeanstalk/configuration_template.go b/internal/service/elasticbeanstalk/configuration_template.go index e9e4c4061013..7b6dbca809b7 100644 --- a/internal/service/elasticbeanstalk/configuration_template.go +++ b/internal/service/elasticbeanstalk/configuration_template.go @@ -85,7 +85,7 @@ func resourceConfigurationTemplateCreate(ctx context.Context, d *schema.Resource } if v, ok := d.GetOk("setting"); ok && v.(*schema.Set).Len() > 0 { - input.OptionSettings = expandConfigurationOptionSettings(v.(*schema.Set)) + input.OptionSettings = expandConfigurationOptionSettings(v.(*schema.Set).List()) } if attr, ok := d.GetOk("solution_stack_name"); ok { @@ -148,7 +148,7 @@ func resourceConfigurationTemplateUpdate(ctx context.Context, d *schema.Resource if d.HasChange("setting") { o, n := d.GetChange("setting") os, ns := o.(*schema.Set), n.(*schema.Set) - add, del := expandConfigurationOptionSettings(ns.Difference(os)), expandConfigurationOptionSettings(os.Difference(ns)) + add, del := expandConfigurationOptionSettings(ns.Difference(os).List()), expandConfigurationOptionSettings(os.Difference(ns).List()) // Additions and removals of options are done in a single API call, so we // can't do our normal "remove these" and then later "add these", re-adding diff --git a/internal/service/elasticbeanstalk/environment.go b/internal/service/elasticbeanstalk/environment.go index 4ed7545ac5cd..0c45f61c37a1 100644 --- a/internal/service/elasticbeanstalk/environment.go +++ b/internal/service/elasticbeanstalk/environment.go @@ -230,7 +230,6 @@ func resourceEnvironmentCreate(ctx context.Context, d *schema.ResourceData, meta input := &elasticbeanstalk.CreateEnvironmentInput{ ApplicationName: aws.String(d.Get("application").(string)), EnvironmentName: aws.String(name), - OptionSettings: expandConfigurationOptionSettings(d.Get("setting").(*schema.Set)), Tags: getTagsIn(ctx), } @@ -242,6 +241,10 @@ func resourceEnvironmentCreate(ctx context.Context, d *schema.ResourceData, meta input.PlatformArn = aws.String(v.(string)) } + if v, ok := d.GetOk("setting"); ok && v.(*schema.Set).Len() > 0 { + input.OptionSettings = expandConfigurationOptionSettings(v.(*schema.Set).List()) + } + if v := d.Get("solution_stack_name"); v.(string) != "" { input.SolutionStackName = aws.String(v.(string)) } @@ -387,54 +390,32 @@ func resourceEnvironmentRead(ctx context.Context, d *schema.ResourceData, meta i } d.Set("version_label", env.VersionLabel) - allSettings := &schema.Set{F: optionSettingValueHash} - for _, optionSetting := range configurationSettings.OptionSettings { - m := map[string]interface{}{} - - if optionSetting.Namespace != nil { - m[names.AttrNamespace] = aws.ToString(optionSetting.Namespace) - } + var configuredSettings []interface{} + if v, ok := d.GetOk("setting"); ok && v.(*schema.Set).Len() > 0 { + configuredSettings = v.(*schema.Set).List() + } + apiSettings := flattenConfigurationOptionSettings(ctx, meta, configurationSettings.OptionSettings) + var settings []interface{} - if optionSetting.OptionName != nil { - m[names.AttrName] = aws.ToString(optionSetting.OptionName) - } + for _, apiSetting := range apiSettings { + tfMap := apiSetting.(map[string]interface{}) + isMatch := func(v interface{}) bool { + m := v.(map[string]interface{}) - if aws.ToString(optionSetting.Namespace) == "aws:autoscaling:scheduledaction" && optionSetting.ResourceName != nil { - m["resource"] = aws.ToString(optionSetting.ResourceName) + return m[names.AttrNamespace].(string) == tfMap[names.AttrNamespace].(string) && + m[names.AttrName].(string) == tfMap[names.AttrName].(string) && + m["resource"].(string) == tfMap["resource"].(string) } - - if value := aws.ToString(optionSetting.Value); value != "" { - switch aws.ToString(optionSetting.OptionName) { - case "SecurityGroups": - m[names.AttrValue] = dropGeneratedSecurityGroup(ctx, meta.(*conns.AWSClient).EC2Client(ctx), value) - case "Subnets", "ELBSubnets": - m[names.AttrValue] = sortValues(value) - default: - m[names.AttrValue] = value - } + if slices.ContainsFunc(configuredSettings, isMatch) { + settings = append(settings, apiSetting) } - - allSettings.Add(m) } - settings := d.Get("setting").(*schema.Set) - - // perform the set operation with only name/namespace as keys, excluding value - // this is so we override things in the settings resource data key with updated values - // from the api. we skip values we didn't know about before because there are so many - // defaults set by the eb api that we would delete many useful defaults. - // - // there is likely a better way to do this - allSettingsKeySet := schema.NewSet(optionSettingKeyHash, allSettings.List()) - settingsKeySet := schema.NewSet(optionSettingKeyHash, settings.List()) - updatedSettingsKeySet := allSettingsKeySet.Intersection(settingsKeySet) - - updatedSettings := schema.NewSet(optionSettingValueHash, updatedSettingsKeySet.List()) - if err := d.Set("all_settings", allSettings.List()); err != nil { + if err := d.Set("all_settings", apiSettings); err != nil { return sdkdiag.AppendErrorf(diags, "setting all_settings: %s", err) } - if err := d.Set("setting", updatedSettings.List()); err != nil { + if err := d.Set("setting", settings); err != nil { return sdkdiag.AppendErrorf(diags, "setting setting: %s", err) } @@ -482,18 +463,8 @@ func resourceEnvironmentUpdate(ctx context.Context, d *schema.ResourceData, meta if d.HasChange("setting") { o, n := d.GetChange("setting") - if o == nil { - o = &schema.Set{F: optionSettingValueHash} - } - if n == nil { - n = &schema.Set{F: optionSettingValueHash} - } - - os := o.(*schema.Set) - ns := n.(*schema.Set) - - rm := expandConfigurationOptionSettings(os.Difference(ns)) - add := expandConfigurationOptionSettings(ns.Difference(os)) + os, ns := o.(*schema.Set), n.(*schema.Set) + add, del := expandConfigurationOptionSettings(ns.Difference(os).List()), expandConfigurationOptionSettings(os.Difference(ns).List()) // Additions and removals of options are done in a single API call, so we // can't do our normal "remove these" and then later "add these", re-adding @@ -505,7 +476,7 @@ func resourceEnvironmentUpdate(ctx context.Context, d *schema.ResourceData, meta // found in `rm` but not in `add` var remove []awstypes.ConfigurationOptionSetting if len(add) > 0 { - for _, r := range rm { + for _, r := range del { var update = false for _, a := range add { // ResourceNames are optional. Some defaults come with it, some do @@ -519,9 +490,7 @@ func resourceEnvironmentUpdate(ctx context.Context, d *schema.ResourceData, meta continue } } - if aws.ToString(r.Namespace) == aws.ToString(a.Namespace) && - aws.ToString(r.OptionName) == aws.ToString(a.OptionName) { - log.Printf("[DEBUG] Updating Beanstalk setting (%s::%s) \"%s\" => \"%s\"", *a.Namespace, *a.OptionName, *r.Value, *a.Value) + if aws.ToString(r.Namespace) == aws.ToString(a.Namespace) && aws.ToString(r.OptionName) == aws.ToString(a.OptionName) { update = true break } @@ -532,13 +501,13 @@ func resourceEnvironmentUpdate(ctx context.Context, d *schema.ResourceData, meta } } } else { - remove = rm + remove = del } - for _, elem := range remove { + for _, v := range remove { input.OptionsToRemove = append(input.OptionsToRemove, awstypes.OptionSpecification{ - Namespace: elem.Namespace, - OptionName: elem.OptionName, + Namespace: v.Namespace, + OptionName: v.OptionName, }) } @@ -805,50 +774,78 @@ func optionSettingValueHash(v interface{}) int { return create.StringHashcode(hk) } -func optionSettingKeyHash(v interface{}) int { - rd := v.(map[string]interface{}) - namespace := rd[names.AttrNamespace].(string) - optionName := rd[names.AttrName].(string) - var resourceName string - if v, ok := rd["resource"].(string); ok { - resourceName = v - } - hk := fmt.Sprintf("%s:%s%s", namespace, optionName, resourceName) - log.Printf("[DEBUG] Elastic Beanstalk optionSettingKeyHash(%#v): %s: hk=%s,hc=%d", v, optionName, hk, create.StringHashcode(hk)) - return create.StringHashcode(hk) -} - func sortValues(v string) string { values := strings.Split(v, ",") sort.Strings(values) return strings.Join(values, ",") } -func expandConfigurationOptionSettings(tfSet *schema.Set) []awstypes.ConfigurationOptionSetting { +func expandConfigurationOptionSettings(tfList []interface{}) []awstypes.ConfigurationOptionSetting { apiObjects := []awstypes.ConfigurationOptionSetting{} - if tfSet != nil { - for _, tfMapRaw := range tfSet.List() { - tfMap := tfMapRaw.(map[string]interface{}) - apiObject := awstypes.ConfigurationOptionSetting{ - Namespace: aws.String(tfMap[names.AttrNamespace].(string)), - OptionName: aws.String(tfMap[names.AttrName].(string)), - Value: aws.String(tfMap[names.AttrValue].(string)), - } + if tfList == nil { + return apiObjects + } - if aws.ToString(apiObject.Namespace) == "aws:autoscaling:scheduledaction" { - if v, ok := tfMap["resource"].(string); ok && v != "" { - apiObject.ResourceName = aws.String(v) - } - } + for _, tfMapRaw := range tfList { + tfMap := tfMapRaw.(map[string]interface{}) + apiObject := awstypes.ConfigurationOptionSetting{ + Namespace: aws.String(tfMap[names.AttrNamespace].(string)), + OptionName: aws.String(tfMap[names.AttrName].(string)), + Value: aws.String(tfMap[names.AttrValue].(string)), + } - apiObjects = append(apiObjects, apiObject) + if aws.ToString(apiObject.Namespace) == "aws:autoscaling:scheduledaction" { + if v, ok := tfMap["resource"].(string); ok && v != "" { + apiObject.ResourceName = aws.String(v) + } } + + apiObjects = append(apiObjects, apiObject) } return apiObjects } +func flattenConfigurationOptionSettings(ctx context.Context, meta interface{}, apiObjects []awstypes.ConfigurationOptionSetting) []interface{} { + var tfList []interface{} + + for _, apiObject := range apiObjects { + tfMap := map[string]interface{}{} + + if apiObject.Namespace != nil { + tfMap[names.AttrNamespace] = aws.ToString(apiObject.Namespace) + } + + if apiObject.OptionName != nil { + tfMap[names.AttrName] = aws.ToString(apiObject.OptionName) + } + + if aws.ToString(apiObject.Namespace) == "aws:autoscaling:scheduledaction" && apiObject.ResourceName != nil { + tfMap["resource"] = aws.ToString(apiObject.ResourceName) + } else { + tfMap["resource"] = "" + } + + if value := aws.ToString(apiObject.Value); value != "" { + switch aws.ToString(apiObject.OptionName) { + case "SecurityGroups": + tfMap[names.AttrValue] = dropGeneratedSecurityGroup(ctx, meta.(*conns.AWSClient).EC2Client(ctx), value) + case "Subnets", "ELBSubnets": + values := strings.Split(value, ",") + sort.Strings(values) + tfMap[names.AttrValue] = strings.Join(values, ",") + default: + tfMap[names.AttrValue] = value + } + } + + tfList = append(tfList, tfMap) + } + + return tfList +} + func dropGeneratedSecurityGroup(ctx context.Context, conn *ec2.Client, settingValue string) string { input := &ec2.DescribeSecurityGroupsInput{ GroupIds: strings.Split(settingValue, ","), From 284788be7a441cca449c3359ebaff9d87286d201 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 27 Aug 2024 09:31:05 -0400 Subject: [PATCH 3/6] elasticbeanstalk: Simplify 'hashSettingsValue'. --- .../configuration_template.go | 2 +- .../service/elasticbeanstalk/environment.go | 41 ++++++++++--------- 2 files changed, 23 insertions(+), 20 deletions(-) diff --git a/internal/service/elasticbeanstalk/configuration_template.go b/internal/service/elasticbeanstalk/configuration_template.go index 7b6dbca809b7..5ff5c92445a4 100644 --- a/internal/service/elasticbeanstalk/configuration_template.go +++ b/internal/service/elasticbeanstalk/configuration_template.go @@ -54,7 +54,7 @@ func resourceConfigurationTemplate() *schema.Resource { Optional: true, Computed: true, Elem: settingSchema(), - Set: optionSettingValueHash, + Set: hashSettingsValue, }, "solution_stack_name": { Type: schema.TypeString, diff --git a/internal/service/elasticbeanstalk/environment.go b/internal/service/elasticbeanstalk/environment.go index 0c45f61c37a1..8a1199ad67a0 100644 --- a/internal/service/elasticbeanstalk/environment.go +++ b/internal/service/elasticbeanstalk/environment.go @@ -5,6 +5,7 @@ package elasticbeanstalk import ( // nosemgrep:ci.semgrep.aws.multiple-service-imports "context" + "encoding/json" "errors" "fmt" "log" @@ -106,7 +107,7 @@ func resourceEnvironment() *schema.Resource { Type: schema.TypeSet, Computed: true, Elem: settingSchema(), - Set: optionSettingValueHash, + Set: hashSettingsValue, }, "application": { Type: schema.TypeString, @@ -179,7 +180,7 @@ func resourceEnvironment() *schema.Resource { Type: schema.TypeSet, Optional: true, Elem: settingSchema(), - Set: optionSettingValueHash, + Set: hashSettingsValue, }, "solution_stack_name": { Type: schema.TypeString, @@ -757,27 +758,29 @@ func waitEnvironmentDeleted(ctx context.Context, conn *elasticbeanstalk.Client, return nil, err } -// we use the following two functions to allow us to split out defaults -// as they become overridden from within the template -func optionSettingValueHash(v interface{}) int { - rd := v.(map[string]interface{}) - namespace := rd[names.AttrNamespace].(string) - optionName := rd[names.AttrName].(string) +func hashSettingsValue(v interface{}) int { + tfMap := v.(map[string]interface{}) + var str strings.Builder + + str.WriteString(tfMap[names.AttrNamespace].(string)) + str.WriteRune(':') + str.WriteString(tfMap[names.AttrName].(string)) var resourceName string - if v, ok := rd["resource"].(string); ok { + if v, ok := tfMap["resource"].(string); ok { resourceName = v } - value, _ := rd[names.AttrValue].(string) - value, _ = structure.NormalizeJsonString(value) - hk := fmt.Sprintf("%s:%s%s=%s", namespace, optionName, resourceName, sortValues(value)) - log.Printf("[DEBUG] Elastic Beanstalk optionSettingValueHash(%#v): %s: hk=%s,hc=%d", v, optionName, hk, create.StringHashcode(hk)) - return create.StringHashcode(hk) -} + str.WriteString(resourceName) + str.WriteRune('=') + if value := tfMap[names.AttrValue].(string); json.Valid([]byte(value)) { + value, _ = structure.NormalizeJsonString(value) + str.WriteString(value) + } else { + values := strings.Split(value, ",") + sort.Strings(values) + str.WriteString(strings.Join(values, ",")) + } -func sortValues(v string) string { - values := strings.Split(v, ",") - sort.Strings(values) - return strings.Join(values, ",") + return create.StringHashcode(str.String()) } func expandConfigurationOptionSettings(tfList []interface{}) []awstypes.ConfigurationOptionSetting { From 27fcdc90eaf33e1fa4bf405c533588e4f754443d Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 28 Aug 2024 10:39:42 -0400 Subject: [PATCH 4/6] Correct CHANGELOG entry file name. --- .changelog/{38609.txt => 38675.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .changelog/{38609.txt => 38675.txt} (100%) diff --git a/.changelog/38609.txt b/.changelog/38675.txt similarity index 100% rename from .changelog/38609.txt rename to .changelog/38675.txt From 38c603e4933f5693d7536a79c08a10010ad36299 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 28 Aug 2024 10:40:59 -0400 Subject: [PATCH 5/6] Tweak CHANGELOG entry. --- .changelog/38675.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changelog/38675.txt b/.changelog/38675.txt index 2bb11e362d7d..ac6400f3a783 100644 --- a/.changelog/38675.txt +++ b/.changelog/38675.txt @@ -1,3 +1,3 @@ ```release-note:enhancement -resource/aws_verifiedaccess_endpoint: Add setting of PolicyEnabled flag to `false` if `policy_document` is empty +resource/aws_verifiedaccess_endpoint: Set PolicyEnabled flag to `false` on update if `policy_document` is empty ``` \ No newline at end of file From c8d2ce9cb9b6a31d3a61791dbdb92ccfadd95189 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 28 Aug 2024 10:44:36 -0400 Subject: [PATCH 6/6] Cosmetics. --- internal/service/ec2/verifiedaccess_endpoint.go | 13 ++++++------- .../service/ec2/verifiedaccess_endpoint_test.go | 6 +----- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/internal/service/ec2/verifiedaccess_endpoint.go b/internal/service/ec2/verifiedaccess_endpoint.go index a307ac2417bb..a4ea8c02282f 100644 --- a/internal/service/ec2/verifiedaccess_endpoint.go +++ b/internal/service/ec2/verifiedaccess_endpoint.go @@ -187,7 +187,6 @@ func resourceVerifiedAccessEndpoint() *schema.Resource { func resourceVerifiedAccessEndpointCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Client(ctx) input := &ec2.CreateVerifiedAccessEndpointInput{ @@ -242,7 +241,6 @@ func resourceVerifiedAccessEndpointCreate(ctx context.Context, d *schema.Resourc func resourceVerifiedAccessEndpointRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Client(ctx) ep, err := findVerifiedAccessEndpointByID(ctx, conn, d.Id()) @@ -330,13 +328,15 @@ func resourceVerifiedAccessEndpointUpdate(ctx context.Context, d *schema.Resourc } if d.HasChange("policy_document") { - policyDocument := d.Get("policy_document").(string) input := &ec2.ModifyVerifiedAccessEndpointPolicyInput{ - PolicyEnabled: aws.Bool(policyDocument != ""), VerifiedAccessEndpointId: aws.String(d.Id()), } - if policyDocument != "" { - input.PolicyDocument = aws.String(policyDocument) + + if v := d.Get("policy_document").(string); v != "" { + input.PolicyEnabled = aws.Bool(true) + input.PolicyDocument = aws.String(v) + } else { + input.PolicyEnabled = aws.Bool(false) } _, err := conn.ModifyVerifiedAccessEndpointPolicy(ctx, input) @@ -351,7 +351,6 @@ func resourceVerifiedAccessEndpointUpdate(ctx context.Context, d *schema.Resourc func resourceVerifiedAccessEndpointDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Client(ctx) log.Printf("[INFO] Deleting Verified Access Endpoint: %s", d.Id()) diff --git a/internal/service/ec2/verifiedaccess_endpoint_test.go b/internal/service/ec2/verifiedaccess_endpoint_test.go index 09f3df183103..0945d260f634 100644 --- a/internal/service/ec2/verifiedaccess_endpoint_test.go +++ b/internal/service/ec2/verifiedaccess_endpoint_test.go @@ -243,7 +243,7 @@ func testAccVerifiedAccessEndpoint_policyDocument(t *testing.T, semaphore tfsync ), }, { - Config: testAccVerifiedAccessEndpointConfig_policyDelete(rName, acctest.TLSPEMEscapeNewlines(key), acctest.TLSPEMEscapeNewlines(certificate)), + Config: testAccVerifiedAccessEndpointConfig_policyBase(rName, acctest.TLSPEMEscapeNewlines(key), acctest.TLSPEMEscapeNewlines(certificate)), Check: resource.ComposeTestCheckFunc( testAccCheckVerifiedAccessEndpointExists(ctx, resourceName, &v), ), @@ -547,7 +547,3 @@ resource "aws_verifiedaccess_endpoint" "test" { } `, rName, key, certificate, policyDocument)) } - -func testAccVerifiedAccessEndpointConfig_policyDelete(rName, key, certificate string) string { - return acctest.ConfigCompose(testAccVerifiedAccessEndpointConfig_policyBase(rName, key, certificate)) -}