Merge pull request #34709 from trevorrea/main

r/aws_transfer_server: Add support for TransferSecurityPolicy-FIPS-2023-05
hashicorp · Dec 5, 2023 · 3f5e368 · 3f5e368
2 parents b8a9876 + 2a11b86
commit 3f5e368
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 1 deletion.
diff --git a/.changelog/34709.txt b/.changelog/34709.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_transfer_server: Add support for `TransferSecurityPolicy-FIPS-2023-05` `security_policy_name` value
+```
diff --git a/internal/service/transfer/enum.go b/internal/service/transfer/enum.go
@@ -7,6 +7,7 @@ const (
  SecurityPolicyName2018_11 = "TransferSecurityPolicy-2018-11"
  SecurityPolicyName2020_06 = "TransferSecurityPolicy-2020-06"
  SecurityPolicyNameFIPS_2020_06 = "TransferSecurityPolicy-FIPS-2020-06"
+ SecurityPolicyNameFIPS_2023_05 = "TransferSecurityPolicy-FIPS-2023-05"
  SecurityPolicyName2022_03 = "TransferSecurityPolicy-2022-03"
  SecurityPolicyName2023_05 = "TransferSecurityPolicy-2023-05"
 )
@@ -16,6 +17,7 @@ func SecurityPolicyName_Values() []string {
  SecurityPolicyName2018_11,
  SecurityPolicyName2020_06,
  SecurityPolicyNameFIPS_2020_06,
+ SecurityPolicyNameFIPS_2023_05,
  SecurityPolicyName2022_03,
  SecurityPolicyName2023_05,
  }

diff --git a/internal/service/transfer/server_test.go b/internal/service/transfer/server_test.go
@@ -260,6 +260,35 @@ func testAccServer_securityPolicy(t *testing.T) {
  })
 }
 
+func testAccServer_securityPolicyFIPS(t *testing.T) {
+ ctx := acctest.Context(t)
+ var conf transfer.DescribedServer
+ resourceName := "aws_transfer_server.test"
+ rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) },
+ ErrorCheck: acctest.ErrorCheck(t, transfer.EndpointsID),
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+ CheckDestroy: testAccCheckServerDestroy(ctx),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccServerConfig_securityPolicy(rName, "TransferSecurityPolicy-FIPS-2023-05"),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckServerExists(ctx, resourceName, &conf),
+ resource.TestCheckResourceAttr(resourceName, "security_policy_name", "TransferSecurityPolicy-FIPS-2023-05"),
+ ),
+ },
+ {
+ ResourceName: resourceName,
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"force_destroy"},
+ },
+ },
+ })
+}
+
 func testAccServer_vpc(t *testing.T) {
  ctx := acctest.Context(t)
  var conf transfer.DescribedServer

diff --git a/internal/service/transfer/transfer_test.go b/internal/service/transfer/transfer_test.go
@@ -42,6 +42,7 @@ func TestAccTransfer_serial(t *testing.T) {
  "Protocols": testAccServer_protocols,
  "ProtocolDetails": testAccServer_protocolDetails,
  "SecurityPolicy": testAccServer_securityPolicy,
+ "SecurityPolicyFIPS": testAccServer_securityPolicyFIPS,
  "StructuredLogDestinations": testAccServer_structuredLogDestinations,
  "UpdateEndpointTypePublicToVPC": testAccServer_updateEndpointType_publicToVPC,
  "UpdateEndpointTypePublicToVPCAddressAllocationIDs": testAccServer_updateEndpointType_publicToVPC_addressAllocationIDs,

diff --git a/website/docs/r/transfer_server.html.markdown b/website/docs/r/transfer_server.html.markdown
@@ -145,7 +145,7 @@ This resource supports the following arguments:
 * `post_authentication_login_banner`- (Optional) Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
 * `pre_authentication_login_banner`- (Optional) Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
 * `protocol_details`- (Optional) The protocol settings that are configured for your server.
-* `security_policy_name` - (Optional) Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, `TransferSecurityPolicy-FIPS-2020-06`, `TransferSecurityPolicy-2022-03` and `TransferSecurityPolicy-2023-05`. Default value is: `TransferSecurityPolicy-2018-11`.
+* `security_policy_name` - (Optional) Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, `TransferSecurityPolicy-FIPS-2020-06`, `TransferSecurityPolicy-FIPS-2023-05`, `TransferSecurityPolicy-2022-03` and `TransferSecurityPolicy-2023-05`. Default value is: `TransferSecurityPolicy-2018-11`.
 * `structured_log_destinations` - (Optional) A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 * `workflow_details` - (Optional) Specifies the workflow details. See Workflow Details below.