From 32227dfaefb74c47aa95bbe3bb6ee6b9004b342a Mon Sep 17 00:00:00 2001 From: Matt Dainty Date: Tue, 1 Mar 2022 21:36:31 +0000 Subject: [PATCH] Add aws_ec2_serial_console_access Based on the aws_ebs_encryption_by_default resource & data source. Fixes #18503 --- internal/provider/provider.go | 2 + internal/service/ec2/serial_console_access.go | 90 ++++++++++++++++++ .../ec2/serial_console_access_data_source.go | 35 +++++++ .../serial_console_access_data_source_test.go | 62 ++++++++++++ .../service/ec2/serial_console_access_test.go | 94 +++++++++++++++++++ .../d/ec2_serial_console_access.html.markdown | 24 +++++ .../r/ec2_serial_console_access.html.markdown | 39 ++++++++ 7 files changed, 346 insertions(+) create mode 100644 internal/service/ec2/serial_console_access.go create mode 100644 internal/service/ec2/serial_console_access_data_source.go create mode 100644 internal/service/ec2/serial_console_access_data_source_test.go create mode 100644 internal/service/ec2/serial_console_access_test.go create mode 100644 website/docs/d/ec2_serial_console_access.html.markdown create mode 100644 website/docs/r/ec2_serial_console_access.html.markdown diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 5ee720b6649..9ed193f3e56 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -528,6 +528,7 @@ func Provider() *schema.Provider { "aws_ec2_local_gateway": ec2.DataSourceLocalGateway(), "aws_ec2_local_gateways": ec2.DataSourceLocalGateways(), "aws_ec2_managed_prefix_list": ec2.DataSourceManagedPrefixList(), + "aws_ec2_serial_console_access": ec2.DataSourceSerialConsoleAccess(), "aws_ec2_spot_price": ec2.DataSourceSpotPrice(), "aws_ec2_transit_gateway": ec2.DataSourceTransitGateway(), "aws_ec2_transit_gateway_dx_gateway_attachment": ec2.DataSourceTransitGatewayDxGatewayAttachment(), @@ -1195,6 +1196,7 @@ func Provider() *schema.Provider { "aws_ec2_local_gateway_route_table_vpc_association": ec2.ResourceLocalGatewayRouteTableVPCAssociation(), "aws_ec2_managed_prefix_list": ec2.ResourceManagedPrefixList(), "aws_ec2_managed_prefix_list_entry": ec2.ResourceManagedPrefixListEntry(), + "aws_ec2_serial_console_access": ec2.ResourceSerialConsoleAccess(), "aws_ec2_subnet_cidr_reservation": ec2.ResourceSubnetCIDRReservation(), "aws_ec2_tag": ec2.ResourceTag(), "aws_ec2_traffic_mirror_filter": ec2.ResourceTrafficMirrorFilter(), diff --git a/internal/service/ec2/serial_console_access.go b/internal/service/ec2/serial_console_access.go new file mode 100644 index 00000000000..267124f11c6 --- /dev/null +++ b/internal/service/ec2/serial_console_access.go @@ -0,0 +1,90 @@ +package ec2 + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/service/ec2" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-provider-aws/internal/conns" +) + +func ResourceSerialConsoleAccess() *schema.Resource { + return &schema.Resource{ + Create: resourceSerialConsoleAccessCreate, + Read: resourceSerialConsoleAccessRead, + Update: resourceSerialConsoleAccessUpdate, + Delete: resourceSerialConsoleAccessDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Optional: true, + Default: true, + }, + }, + } +} + +func resourceSerialConsoleAccessCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*conns.AWSClient).EC2Conn + + enabled := d.Get("enabled").(bool) + if err := setSerialConsoleAccess(conn, enabled); err != nil { + return fmt.Errorf("error creating serial console access (%t): %s", enabled, err) + } + + //lintignore:R015 // Allow legacy unstable ID usage in managed resource + d.SetId(resource.UniqueId()) + + return resourceSerialConsoleAccessRead(d, meta) +} + +func resourceSerialConsoleAccessRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*conns.AWSClient).EC2Conn + + resp, err := conn.GetSerialConsoleAccessStatus(&ec2.GetSerialConsoleAccessStatusInput{}) + if err != nil { + return fmt.Errorf("error reading serial console access: %s", err) + } + + d.Set("enabled", resp.SerialConsoleAccessEnabled) + + return nil +} + +func resourceSerialConsoleAccessUpdate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*conns.AWSClient).EC2Conn + + enabled := d.Get("enabled").(bool) + if err := setSerialConsoleAccess(conn, enabled); err != nil { + return fmt.Errorf("error updating serial console access (%t): %s", enabled, err) + } + + return resourceSerialConsoleAccessRead(d, meta) +} + +func resourceSerialConsoleAccessDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*conns.AWSClient).EC2Conn + + // Removing the resource disables default encryption. + if err := setSerialConsoleAccess(conn, false); err != nil { + return fmt.Errorf("error disabling serial console access: %s", err) + } + + return nil +} + +func setSerialConsoleAccess(conn *ec2.EC2, enabled bool) error { + var err error + + if enabled { + _, err = conn.EnableSerialConsoleAccess(&ec2.EnableSerialConsoleAccessInput{}) + } else { + _, err = conn.DisableSerialConsoleAccess(&ec2.DisableSerialConsoleAccessInput{}) + } + + return err +} diff --git a/internal/service/ec2/serial_console_access_data_source.go b/internal/service/ec2/serial_console_access_data_source.go new file mode 100644 index 00000000000..e011ac5442b --- /dev/null +++ b/internal/service/ec2/serial_console_access_data_source.go @@ -0,0 +1,35 @@ +package ec2 + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/service/ec2" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-provider-aws/internal/conns" +) + +func DataSourceSerialConsoleAccess() *schema.Resource { + return &schema.Resource{ + Read: dataSourceSerialConsoleAccessRead, + + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Computed: true, + }, + }, + } +} +func dataSourceSerialConsoleAccessRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*conns.AWSClient).EC2Conn + + res, err := conn.GetSerialConsoleAccessStatus(&ec2.GetSerialConsoleAccessStatusInput{}) + if err != nil { + return fmt.Errorf("Error reading serial console access toggle: %w", err) + } + + d.SetId(meta.(*conns.AWSClient).Region) + d.Set("enabled", res.SerialConsoleAccessEnabled) + + return nil +} diff --git a/internal/service/ec2/serial_console_access_data_source_test.go b/internal/service/ec2/serial_console_access_data_source_test.go new file mode 100644 index 00000000000..fb4c8cff83e --- /dev/null +++ b/internal/service/ec2/serial_console_access_data_source_test.go @@ -0,0 +1,62 @@ +package ec2_test + +import ( + "fmt" + "strconv" + "testing" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ec2" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + "github.com/hashicorp/terraform-provider-aws/internal/acctest" + "github.com/hashicorp/terraform-provider-aws/internal/conns" +) + +func TestAccEC2SerialConsoleAccessDataSource_basic(t *testing.T) { + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, ec2.EndpointsID), + Providers: acctest.Providers, + Steps: []resource.TestStep{ + { + Config: testAccSerialConsoleAccessDataSourceConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckSerialConsoleAccessDataSource("data.aws_ec2_serial_console_access.current"), + ), + }, + }, + }) +} + +func testAccCheckSerialConsoleAccessDataSource(n string) resource.TestCheckFunc { + return func(s *terraform.State) error { + conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn + + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No ID is set") + } + + actual, err := conn.GetSerialConsoleAccessStatus(&ec2.GetSerialConsoleAccessStatusInput{}) + if err != nil { + return fmt.Errorf("Error reading serial console access toggle: %q", err) + } + + attr, _ := strconv.ParseBool(rs.Primary.Attributes["enabled"]) + + if attr != aws.BoolValue(actual.SerialConsoleAccessEnabled) { + return fmt.Errorf("Serial console access is not in expected state (%t)", aws.BoolValue(actual.SerialConsoleAccessEnabled)) + } + + return nil + } +} + +const testAccSerialConsoleAccessDataSourceConfig = ` +data "aws_ec2_serial_console_access" "current" {} +` diff --git a/internal/service/ec2/serial_console_access_test.go b/internal/service/ec2/serial_console_access_test.go new file mode 100644 index 00000000000..ad2baac95eb --- /dev/null +++ b/internal/service/ec2/serial_console_access_test.go @@ -0,0 +1,94 @@ +package ec2_test + +import ( + "fmt" + "testing" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ec2" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + "github.com/hashicorp/terraform-provider-aws/internal/acctest" + "github.com/hashicorp/terraform-provider-aws/internal/conns" +) + +func TestAccEC2SerialConsoleAccess_basic(t *testing.T) { + resourceName := "aws_ec2_serial_console_access.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, ec2.EndpointsID), + Providers: acctest.Providers, + CheckDestroy: testAccCheckSerialConsoleAccessDestroy, + Steps: []resource.TestStep{ + { + Config: testAccSerialConsoleAccessConfig(false), + Check: resource.ComposeTestCheckFunc( + testAccCheckSerialConsoleAccess(resourceName, false), + resource.TestCheckResourceAttr(resourceName, "enabled", "false"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccSerialConsoleAccessConfig(true), + Check: resource.ComposeTestCheckFunc( + testAccCheckSerialConsoleAccess(resourceName, true), + resource.TestCheckResourceAttr(resourceName, "enabled", "true"), + ), + }, + }, + }) +} + +func testAccCheckSerialConsoleAccessDestroy(s *terraform.State) error { + conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn + + response, err := conn.GetSerialConsoleAccessStatus(&ec2.GetSerialConsoleAccessStatusInput{}) + if err != nil { + return err + } + + if aws.BoolValue(response.SerialConsoleAccessEnabled) != false { + return fmt.Errorf("Serial console access not disabled on resource removal") + } + + return nil +} + +func testAccCheckSerialConsoleAccess(n string, enabled bool) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No ID is set") + } + + conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn + + response, err := conn.GetSerialConsoleAccessStatus(&ec2.GetSerialConsoleAccessStatusInput{}) + if err != nil { + return err + } + + if aws.BoolValue(response.SerialConsoleAccessEnabled) != enabled { + return fmt.Errorf("Serial console access is not in expected state (%t)", enabled) + } + + return nil + } +} + +func testAccSerialConsoleAccessConfig(enabled bool) string { + return fmt.Sprintf(` +resource "aws_ec2_serial_console_access" "test" { + enabled = %[1]t +} +`, enabled) +} diff --git a/website/docs/d/ec2_serial_console_access.html.markdown b/website/docs/d/ec2_serial_console_access.html.markdown new file mode 100644 index 00000000000..f4d35ddd5c5 --- /dev/null +++ b/website/docs/d/ec2_serial_console_access.html.markdown @@ -0,0 +1,24 @@ +--- +subcategory: "EC2" +layout: "aws" +page_title: "AWS: aws_ec2_serial_console_access" +description: |- + Checks whether serial console access is enabled for your AWS account in the current AWS region. +--- + +# Data Source: aws_ec2_serial_console_access + +Provides a way to check whether serial console access is enabled for your AWS account in the current AWS region. + +## Example Usage + +```terraform +data "aws_ec2_serial_console_access" "current" {} +``` + +## Attributes Reference + +The following attributes are exported: + +* `enabled` - Whether or not serial console access is enabled. Returns as `true` or `false`. +* `id` - Region of serial console access. diff --git a/website/docs/r/ec2_serial_console_access.html.markdown b/website/docs/r/ec2_serial_console_access.html.markdown new file mode 100644 index 00000000000..430247a8d98 --- /dev/null +++ b/website/docs/r/ec2_serial_console_access.html.markdown @@ -0,0 +1,39 @@ +--- +subcategory: "EC2" +layout: "aws" +page_title: "AWS: aws_ec2_serial_console_access" +description: |- + Manages whether serial console access is enabled for your AWS account in the current AWS region. +--- + +# Resource: aws_ec2_serial_console_access + +Provides a resource to manage whether serial console access is enabled for your AWS account in the current AWS region. + +~> **NOTE:** Removing this Terraform resource disables serial console access. + +## Example Usage + +```terraform +resource "aws_ec2_serial_console_access" "example" { + enabled = true +} +``` + +## Argument Reference + +The following arguments are supported: + +* `enabled` - (Optional) Whether or not serial console access is enabled. Valid values are `true` or `false`. Defaults to `true`. + +## Attributes Reference + +No additional attributes are exported. + +## Import + +Serial console access state can be imported, e.g., + +``` +$ terraform import aws_ec2_serial_console_access.example default +```