aws: Allow import of OID connect provider + allow disappearance

builtin/providers/aws/resource_aws_iam_openid_connect_provider.go

@@ -16,6 +16,10 @@ func resourceAwsIamOpenIDConnectProvider() *schema.Resource {
 		Read:   resourceAwsIamOpenIDConnectProviderRead,
 		Update: resourceAwsIamOpenIDConnectProviderUpdate,
 		Delete: resourceAwsIamOpenIDConnectProviderDelete,
+		Exists: resourceAwsIamOpenIDConnectProviderExists,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
 
 		Schema: map[string]*schema.Schema{
 			"arn": &schema.Schema{
@@ -77,8 +81,8 @@ func resourceAwsIamOpenIDConnectProviderRead(d *schema.ResourceData, meta interf
 
 	d.Set("arn", d.Id())
 	d.Set("url", out.Url)
-	d.Set("client_id_list", out.ClientIDList)
+	d.Set("client_id_list", flattenStringList(out.ClientIDList))
-	d.Set("thumbprint_list", out.ThumbprintList)
+	d.Set("thumbprint_list", flattenStringList(out.ThumbprintList))
 
 	return nil
 }
@@ -110,7 +114,7 @@ func resourceAwsIamOpenIDConnectProviderDelete(d *schema.ResourceData, meta inte
 	_, err := iamconn.DeleteOpenIDConnectProvider(input)
 
 	if err != nil {
-		if err, ok := err.(awserr.Error); ok && err.Code() == "NotFound" {
+		if err, ok := err.(awserr.Error); ok && err.Code() == "NoSuchEntity" {
 			return nil
 		}
 		return fmt.Errorf("Error deleting platform application %s", err)
@@ -118,3 +122,20 @@ func resourceAwsIamOpenIDConnectProviderDelete(d *schema.ResourceData, meta inte
 
 	return nil
 }
+
+func resourceAwsIamOpenIDConnectProviderExists(d *schema.ResourceData, meta interface{}) (bool, error) {
+	iamconn := meta.(*AWSClient).iamconn
+
+	input := &iam.GetOpenIDConnectProviderInput{
+		OpenIDConnectProviderArn: aws.String(d.Id()),
+	}
+	_, err := iamconn.GetOpenIDConnectProvider(input)
+	if err != nil {
+		if err, ok := err.(awserr.Error); ok && err.Code() == "NoSuchEntity" {
+			return false, nil
+		}
+		return true, err
+	}
+
+	return true, nil
+}

builtin/providers/aws/resource_aws_iam_openid_connect_provider_test.go

@@ -49,6 +49,48 @@ func TestAccAWSIAMOpenIDConnectProvider_basic(t *testing.T) {
 	})
 }
 
+func TestAccAWSIAMOpenIDConnectProvider_importBasic(t *testing.T) {
+	resourceName := "aws_iam_openid_connect_provider.goog"
+	rString := acctest.RandString(5)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIAMOpenIDConnectProviderDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccIAMOpenIDConnectProviderConfig_modified(rString),
+			},
+
+			resource.TestStep{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccAWSIAMOpenIDConnectProvider_disappears(t *testing.T) {
+	rString := acctest.RandString(5)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckIAMOpenIDConnectProviderDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccIAMOpenIDConnectProviderConfig(rString),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIAMOpenIDConnectProvider("aws_iam_openid_connect_provider.goog"),
+					testAccCheckIAMOpenIDConnectProviderDisappears("aws_iam_openid_connect_provider.goog"),
+				),
+				ExpectNonEmptyPlan: true,
+			},
+		},
+	})
+}
+
 func testAccCheckIAMOpenIDConnectProviderDestroy(s *terraform.State) error {
 	iamconn := testAccProvider.Meta().(*AWSClient).iamconn
 
@@ -77,6 +119,25 @@ func testAccCheckIAMOpenIDConnectProviderDestroy(s *terraform.State) error {
 	return nil
 }
 
+func testAccCheckIAMOpenIDConnectProviderDisappears(id string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[id]
+		if !ok {
+			return fmt.Errorf("Not Found: %s", id)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		iamconn := testAccProvider.Meta().(*AWSClient).iamconn
+		_, err := iamconn.DeleteOpenIDConnectProvider(&iam.DeleteOpenIDConnectProviderInput{
+			OpenIDConnectProviderArn: aws.String(rs.Primary.ID),
+		})
+		return err
+	}
+}
+
 func testAccCheckIAMOpenIDConnectProvider(id string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[id]

website/source/docs/providers/aws/r/iam_openid_connect_provider.html.markdown

@@ -35,3 +35,11 @@ The following arguments are supported:
 The following attributes are exported:
 
 * `arn` - The ARN assigned by AWS for this provider.
+
+## Import
+
+IAM OpenID Connect Providers can be imported using the `arn`, e.g.
+
+```
+$ terraform import aws_iam_openid_connect_provider.default arn:aws:iam::123456789012:oidc-provider/accounts.google.com
+```

website/source/layouts/aws.erb

@@ -745,6 +745,10 @@
                             <a href="/docs/providers/aws/r/iam_instance_profile.html">aws_iam_instance_profile</a>
                         </li>
 
+                        <li<%= sidebar_current("docs-aws-resource-iam-openid-connect-provider") %>>
+                            <a href="/docs/providers/aws/r/iam_openid_connect_provider.html">aws_iam_openid_connect_provider</a>
+                        </li>
+
                         <li<%= sidebar_current("docs-aws-resource-iam-policy") %>>
                             <a href="/docs/providers/aws/r/iam_policy.html">aws_iam_policy</a>
                         </li>