Fix polaris_aws_cnp_permissions id (#208)

The data source's id was accidentally calculated for the complete set
of role keys and not just the specified role key.

docs/guides/changelog.md

@@ -4,6 +4,10 @@ page_title: "Changelog"
 
 # Changelog
 
+## v0.10.0-beta.9
+* Fix a bug in the `polaris_aws_cnp_permissions` data source where the data source's id was accidentally calculated for
+  the complete set of role keys and not just the specified role key.
+
 ## v0.10.0-beta.8
 * Add the `permissions` field to the `polaris_aws_cnp_account_attachments` resource. The `permissions` field should be
   used with the `id` field of the `polaris_aws_cnp_permissions` data source to trigger an update of the resource

docs/resources/aws_cnp_account_attachments.md

@@ -38,8 +38,9 @@ resource "polaris_aws_cnp_account_attachments" "attachments" {
   dynamic "role" {
     for_each = aws_iam_role.role
     content {
-      key = role.key
-      arn = role.value["arn"]
+      key         = role.key
+      arn         = role.value["arn"]
+      permissions = data.polaris_aws_cnp_permissions.permissions[role.key].id
     }
   }
 }

examples/resources/polaris_aws_cnp_account_attachments/resource.tf

@@ -16,8 +16,9 @@ resource "polaris_aws_cnp_account_attachments" "attachments" {
   dynamic "role" {
     for_each = aws_iam_role.role
     content {
-      key = role.key
-      arn = role.value["arn"]
+      key         = role.key
+      arn         = role.value["arn"]
+      permissions = data.polaris_aws_cnp_permissions.permissions[role.key].id
     }
   }
 }

internal/provider/data_source_aws_cnp_permissions.go

@@ -171,6 +171,10 @@ func awsPermissionsRead(ctx context.Context, d *schema.ResourceData, m interface
 		return diag.FromErr(err)
 	}
 
+	// The hash is created from customer managed policies and managed policies
+	// matching the role key.
+	hash := sha256.New()
+
 	var customerPoliciesAttr []map[string]string
 	for _, policy := range customerPolicies {
 		if roleKey == policy.Artifact {
@@ -179,6 +183,10 @@ func awsPermissionsRead(ctx context.Context, d *schema.ResourceData, m interface
 				keyName:    policy.Name,
 				keyPolicy:  policy.Policy,
 			})
+			hash.Write([]byte(policy.Artifact))
+			hash.Write([]byte(policy.Feature.Name))
+			hash.Write([]byte(policy.Name))
+			hash.Write([]byte(policy.Policy))
 		}
 	}
 	if err := d.Set(keyCustomerManagedPolicies, customerPoliciesAttr); err != nil {
@@ -189,23 +197,14 @@ func awsPermissionsRead(ctx context.Context, d *schema.ResourceData, m interface
 	for _, policy := range managedPolicies {
 		if roleKey == policy.Artifact {
 			managedPoliciesAttr = append(managedPoliciesAttr, policy.Name)
+			hash.Write([]byte(policy.Artifact))
+			hash.Write([]byte(policy.Name))
 		}
 	}
 	if err := d.Set(keyManagedPolicies, managedPoliciesAttr); err != nil {
 		return diag.FromErr(err)
 	}
 
-	hash := sha256.New()
-	for _, policy := range customerPolicies {
-		hash.Write([]byte(policy.Artifact))
-		hash.Write([]byte(policy.Feature.Name))
-		hash.Write([]byte(policy.Name))
-		hash.Write([]byte(policy.Policy))
-	}
-	for _, policy := range managedPolicies {
-		hash.Write([]byte(policy.Artifact))
-		hash.Write([]byte(policy.Name))
-	}
 	d.SetId(fmt.Sprintf("%x", hash.Sum(nil)))
 
 	return nil

templates/guides/changelog.md.tmpl

@@ -4,6 +4,10 @@ page_title: "Changelog"
 
 # Changelog
 
+## v0.10.0-beta.9
+* Fix a bug in the `polaris_aws_cnp_permissions` data source where the data source's id was accidentally calculated for
+  the complete set of role keys and not just the specified role key.
+
 ## v0.10.0-beta.8
 * Add the `permissions` field to the `polaris_aws_cnp_account_attachments` resource. The `permissions` field should be
   used with the `id` field of the `polaris_aws_cnp_permissions` data source to trigger an update of the resource