Skip to content

Commit

Permalink
feat: dlm: Add support for target_region parameter in cross_region_co…
Browse files Browse the repository at this point in the history
…py_rule

`target_region` should only be used for dlm policies of
`policy_type=IMAGE_MANAGEMENT`. Creating `IMAGE_MANAGEMENT` policies
using `target` raises a validation error from the AWS API.

Previously the argument was marked as deprecated from the AWS docs, but
after contacting the AWS support, the documentation was updated to
specify that `TargetRegion` should be used only for `IMAGE_MANAGEMENT`
policies, while `Target` only for `EBS_SNAPSHOT_MANAGEMENT` policies.

See the relevant docs: https://docs.aws.amazon.com/dlm/latest/APIReference/API_CrossRegionCopyRule.html

Relevant issues:

- https://discuss.hashicorp.com/t/fail-to-create-a-cross-region-copy-rule-for-dlp/46076
- hashicorp#24226

This fixes hashicorp#24226
  • Loading branch information
crisbal committed Oct 6, 2023
1 parent 794a098 commit eb249a0
Show file tree
Hide file tree
Showing 4 changed files with 92 additions and 2 deletions.
3 changes: 3 additions & 0 deletions .changelog/33796.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
resource/aws_dlm_lifecycle_policy: Add `target_region` argument in `cross_region_copy_rule`, to be used for `IMAGE_MANAGEMENT` policies.
```
11 changes: 10 additions & 1 deletion internal/service/dlm/lifecycle_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -335,7 +335,12 @@ func ResourceLifecyclePolicy() *schema.Resource {
},
"target": {
Type: schema.TypeString,
Required: true,
Optional: true,
ValidateFunc: validation.StringMatch(regexache.MustCompile(`^[\w:\-\/\*]+$`), ""),
},
"target_region": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringMatch(regexache.MustCompile(`^[\w:\-\/\*]+$`), ""),
},
},
Expand Down Expand Up @@ -944,6 +949,9 @@ func expandCrossRegionCopyRules(l []interface{}) []*dlm.CrossRegionCopyRule {
if v, ok := m["target"].(string); ok && v != "" {
rule.Target = aws.String(v)
}
if v, ok := m["target_region"].(string); ok && v != "" {
rule.TargetRegion = aws.String(v)
}

rules = append(rules, rule)
}
Expand All @@ -970,6 +978,7 @@ func flattenCrossRegionCopyRules(rules []*dlm.CrossRegionCopyRule) []interface{}
"encrypted": aws.BoolValue(rule.Encrypted),
"retain_rule": flattenCrossRegionCopyRuleRetainRule(rule.RetainRule),
"target": aws.StringValue(rule.Target),
"target_region": aws.StringValue(rule.TargetRegion),
}

result = append(result, m)
Expand Down
77 changes: 77 additions & 0 deletions internal/service/dlm/lifecycle_policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -454,6 +454,42 @@ func TestAccDLMLifecyclePolicy_crossRegionCopyRule(t *testing.T) {
})
}

func TestAccDLMLifecyclePolicy_crossRegionCopyRuleImageManagement(t *testing.T) {
ctx := acctest.Context(t)
rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
resourceName := "aws_dlm_lifecycle_policy.test"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() {
acctest.PreCheck(ctx, t)
acctest.PreCheckMultipleRegion(t, 2)
testAccPreCheck(ctx, t)
},
ErrorCheck: acctest.ErrorCheck(t, dlm.EndpointsID),
ProtoV5ProviderFactories: acctest.ProtoV5FactoriesAlternate(ctx, t),
CheckDestroy: testAccCheckLifecyclePolicyDestroy(ctx),
Steps: []resource.TestStep{
{
Config: testAccLifecyclePolicyConfig_crossRegionCopyRuleImageManagement(rName),
Check: resource.ComposeTestCheckFunc(
checkLifecyclePolicyExists(ctx, resourceName),
resource.TestCheckResourceAttr(resourceName, "policy_details.0.policy_type", "IMAGE_MANAGEMENT"),
resource.TestCheckResourceAttr(resourceName, "policy_details.0.schedule.0.cross_region_copy_rule.#", "1"),
resource.TestCheckResourceAttr(resourceName, "policy_details.0.schedule.0.cross_region_copy_rule.0.encrypted", "false"),
resource.TestCheckResourceAttr(resourceName, "policy_details.0.schedule.0.cross_region_copy_rule.0.retain_rule.0.interval", "15"),
resource.TestCheckResourceAttr(resourceName, "policy_details.0.schedule.0.cross_region_copy_rule.0.retain_rule.0.interval_unit", "DAYS"),
resource.TestCheckResourceAttr(resourceName, "policy_details.0.schedule.0.cross_region_copy_rule.0.target_region", acctest.AlternateRegion()),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccDLMLifecyclePolicy_tags(t *testing.T) {
ctx := acctest.Context(t)
rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
Expand Down Expand Up @@ -1077,6 +1113,47 @@ resource "aws_dlm_lifecycle_policy" "test" {
`, rName, acctest.AlternateRegion()))
}

func testAccLifecyclePolicyConfig_crossRegionCopyRuleImageManagement(rName string) string {
return acctest.ConfigCompose(
lifecyclePolicyBaseConfig(rName),
fmt.Sprintf(`
resource "aws_dlm_lifecycle_policy" "test" {
description = %[1]q
execution_role_arn = aws_iam_role.test.arn
policy_details {
policy_type = "IMAGE_MANAGEMENT"
resource_types = ["INSTANCE"]
schedule {
name = %[1]q
create_rule {
interval = 12
}
retain_rule {
count = 10
}
cross_region_copy_rule {
target_region = %[2]q
encrypted = false
retain_rule {
interval = 15
interval_unit = "DAYS"
}
}
}
target_tags = {
Name = %[1]q
}
}
}
`, rName, acctest.AlternateRegion()))
}

func testAccLifecyclePolicyConfig_updateCrossRegionCopyRule(rName string) string {
return acctest.ConfigCompose(
acctest.ConfigMultipleRegionProvider(2),
Expand Down
3 changes: 2 additions & 1 deletion website/docs/r/dlm_lifecycle_policy.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -324,7 +324,8 @@ This resource supports the following arguments:
* `deprecate_rule` - (Optional) The AMI deprecation rule for cross-Region AMI copies created by the rule. See the [`deprecate_rule`](#cross-region-copy-rule-deprecate-rule-arguments) block.
* `encrypted` - (Required) To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Copies of encrypted snapshots are encrypted, even if this parameter is false or if encryption by default is not enabled.
* `retain_rule` - (Required) The retention rule that indicates how long snapshot copies are to be retained in the destination Region. See the [`retain_rule`](#cross-region-copy-rule-retain-rule-arguments) block. Max of 1 per schedule.
* `target` - (Required) The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.
* `target` - Use only for DLM policies of `policy_type=EBS_SNAPSHOT_MANAGEMENT`. The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.
* `target_region` - Use only for DLM policies of `policy_type=IMAGE_MANAGEMENT`. The target Region or the Amazon Resource Name (ARN) of the target Outpost for the snapshot copies.

#### Cross Region Copy Rule Deprecate Rule arguments

Expand Down

0 comments on commit eb249a0

Please sign in to comment.