Merge pull request #6797 from ilya-v-trofimov/feature/glue-crawler-se…

…c-config r/aws_glue_crawler: add a security_configuration argument
hashicorp · Dec 12, 2018 · 7cf5e30 · 7cf5e30
2 parents 7e57ba8 + 312a2f8
commit 7cf5e30
Show file tree

Hide file tree

Showing 3 changed files with 82 additions and 0 deletions.
diff --git a/aws/resource_aws_glue_crawler.go b/aws/resource_aws_glue_crawler.go
@@ -165,6 +165,10 @@ func resourceAwsGlueCrawler() *schema.Resource {
 				},
 				ValidateFunc: validation.ValidateJsonString,
 			},
+			"security_configuration": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 		},
 	}
 }
@@ -240,6 +244,10 @@ func createCrawlerInput(crawlerName string, d *schema.ResourceData) (*glue.Creat
 		crawlerInput.Configuration = aws.String(configuration)
 	}
 
+	if securityConfiguration, ok := d.GetOk("security_configuration"); ok {
+		crawlerInput.CrawlerSecurityConfiguration = aws.String(securityConfiguration.(string))
+	}
+
 	return crawlerInput, nil
 }
 
@@ -412,6 +420,7 @@ func resourceAwsGlueCrawlerRead(d *schema.ResourceData, meta interface{}) error
 	d.Set("role", crawlerOutput.Crawler.Role)
 	d.Set("configuration", crawlerOutput.Crawler.Configuration)
 	d.Set("description", crawlerOutput.Crawler.Description)
+	d.Set("security_configuration", crawlerOutput.Crawler.CrawlerSecurityConfiguration)
 	d.Set("schedule", "")
 	if crawlerOutput.Crawler.Schedule != nil {
 		d.Set("schedule", crawlerOutput.Crawler.Schedule.ScheduleExpression)

diff --git a/aws/resource_aws_glue_crawler_test.go b/aws/resource_aws_glue_crawler_test.go
@@ -764,6 +764,39 @@ func TestAccAWSGlueCrawler_TablePrefix(t *testing.T) {
 	})
 }
 
+func TestAccAWSGlueCrawler_SecurityConfiguration(t *testing.T) {
+	var crawler glue.Crawler
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "aws_glue_crawler.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSGlueCrawlerDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccGlueCrawlerConfig_SecurityConfiguration(rName, "security_configuration1"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSGlueCrawlerExists(resourceName, &crawler),
+					resource.TestCheckResourceAttr(resourceName, "security_configuration", "security_configuration1"),
+				),
+			},
+			{
+				Config: testAccGlueCrawlerConfig_SecurityConfiguration(rName, "security_configuration2"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSGlueCrawlerExists(resourceName, &crawler),
+					resource.TestCheckResourceAttr(resourceName, "security_configuration", "security_configuration2"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccCheckAWSGlueCrawlerExists(resourceName string, crawler *glue.Crawler) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[resourceName]
@@ -1353,3 +1386,42 @@ resource "aws_glue_crawler" "test" {
 }
 `, rName, rName, tablePrefix)
 }
+
+func testAccGlueCrawlerConfig_SecurityConfiguration(rName, securityConfiguration string) string {
+	return testAccGlueCrawlerConfig_Base(rName) + fmt.Sprintf(`
+resource "aws_glue_catalog_database" "test" {
+  name = %q
+}
+
+resource "aws_glue_security_configuration" "test" {
+  name = %q
+
+  encryption_configuration {
+    cloudwatch_encryption {
+      cloudwatch_encryption_mode = "DISABLED"
+    }
+
+    job_bookmarks_encryption {
+      job_bookmarks_encryption_mode = "DISABLED"
+    }
+
+    s3_encryption {
+      s3_encryption_mode = "DISABLED"
+    }
+  }
+}
+
+resource "aws_glue_crawler" "test" {
+  depends_on = ["aws_iam_role_policy_attachment.test-AWSGlueServiceRole"]
+
+  database_name          = "${aws_glue_catalog_database.test.name}"
+  name                   = %q
+  role                   = "${aws_iam_role.test.name}"
+  security_configuration = "${aws_glue_security_configuration.test.name}"
+
+  s3_target {
+    path = "s3://bucket-name"
+  }
+}
+`, rName, securityConfiguration, rName)
+}
diff --git a/website/docs/r/glue_crawler.html.markdown b/website/docs/r/glue_crawler.html.markdown
@@ -73,6 +73,7 @@ The following arguments are supported:
 * `schedule` (Optional) A cron expression used to specify the schedule. For more information, see [Time-Based Schedules for Jobs and Crawlers](https://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html). For example, to run something every day at 12:15 UTC, you would specify: `cron(15 12 * * ? *)`.
 * `schema_change_policy` (Optional) Policy for the crawler's update and deletion behavior.
 * `table_prefix` (Optional) The table prefix used for catalog tables that are created.
+* `security_configuration` (Optional) The name of Security Configuration to be used by the crawler
 
 ### dynamodb_target Argument Reference