Merge pull request #23691 from brunomiranda-hotmart/f-aws_dms_endpoin…

…t-mongo-secret feat(mongodb): add secrets_manager_arn
hashicorp · Jun 2, 2022 · 91a168b · 91a168b
2 parents 7bc9573 + 076d7cb
commit 91a168b
Show file tree

Hide file tree

Showing 4 changed files with 344 additions and 98 deletions.
diff --git a/.changelog/23691.txt b/.changelog/23691.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the `aurora-postgresql` and `mongodb` engines
+```
diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go
@@ -640,6 +640,25 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error {
 				DatabaseName: aws.String(d.Get("database_name").(string)),
 			}
 
+			// Set connection info in top-level namespace as well
+			expandTopLevelConnectionInfo(d, input)
+		}
+	case engineNameAuroraPostgresql, engineNamePostgres:
+		if _, ok := d.GetOk("secrets_manager_arn"); ok {
+			input.PostgreSQLSettings = &dms.PostgreSQLSettings{
+				SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)),
+				SecretsManagerSecretId:      aws.String(d.Get("secrets_manager_arn").(string)),
+				DatabaseName:                aws.String(d.Get("database_name").(string)),
+			}
+		} else {
+			input.PostgreSQLSettings = &dms.PostgreSQLSettings{
+				Username:     aws.String(d.Get("username").(string)),
+				Password:     aws.String(d.Get("password").(string)),
+				ServerName:   aws.String(d.Get("server_name").(string)),
+				Port:         aws.Int64(int64(d.Get("port").(int))),
+				DatabaseName: aws.String(d.Get("database_name").(string)),
+			}
+
 			// Set connection info in top-level namespace as well
 			expandTopLevelConnectionInfo(d, input)
 		}
@@ -659,52 +678,40 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error {
 	case engineNameKinesis:
 		input.KinesisSettings = expandKinesisSettings(d.Get("kinesis_settings").([]interface{})[0].(map[string]interface{}))
 	case engineNameMongodb:
-		input.MongoDbSettings = &dms.MongoDbSettings{
-			Username:     aws.String(d.Get("username").(string)),
-			Password:     aws.String(d.Get("password").(string)),
-			ServerName:   aws.String(d.Get("server_name").(string)),
-			Port:         aws.Int64(int64(d.Get("port").(int))),
-			DatabaseName: aws.String(d.Get("database_name").(string)),
-			KmsKeyId:     aws.String(d.Get("kms_key_arn").(string)),
-
-			AuthType:          aws.String(d.Get("mongodb_settings.0.auth_type").(string)),
-			AuthMechanism:     aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)),
-			NestingLevel:      aws.String(d.Get("mongodb_settings.0.nesting_level").(string)),
-			ExtractDocId:      aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)),
-			DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)),
-			AuthSource:        aws.String(d.Get("mongodb_settings.0.auth_source").(string)),
-		}
+		var settings = &dms.MongoDbSettings{}
 
-		// Set connection info in top-level namespace as well
-		expandTopLevelConnectionInfo(d, input)
-	case engineNameOracle:
 		if _, ok := d.GetOk("secrets_manager_arn"); ok {
-			input.OracleSettings = &dms.OracleSettings{
-				SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)),
-				SecretsManagerSecretId:      aws.String(d.Get("secrets_manager_arn").(string)),
-				DatabaseName:                aws.String(d.Get("database_name").(string)),
-			}
+			settings.SecretsManagerAccessRoleArn = aws.String(d.Get("secrets_manager_access_role_arn").(string))
+			settings.SecretsManagerSecretId = aws.String(d.Get("secrets_manager_arn").(string))
 		} else {
-			input.OracleSettings = &dms.OracleSettings{
-				Username:     aws.String(d.Get("username").(string)),
-				Password:     aws.String(d.Get("password").(string)),
-				ServerName:   aws.String(d.Get("server_name").(string)),
-				Port:         aws.Int64(int64(d.Get("port").(int))),
-				DatabaseName: aws.String(d.Get("database_name").(string)),
-			}
+			settings.Username = aws.String(d.Get("username").(string))
+			settings.Password = aws.String(d.Get("password").(string))
+			settings.ServerName = aws.String(d.Get("server_name").(string))
+			settings.Port = aws.Int64(int64(d.Get("port").(int)))
 
 			// Set connection info in top-level namespace as well
 			expandTopLevelConnectionInfo(d, input)
 		}
-	case engineNamePostgres:
+
+		settings.DatabaseName = aws.String(d.Get("database_name").(string))
+		settings.KmsKeyId = aws.String(d.Get("kms_key_arn").(string))
+		settings.AuthType = aws.String(d.Get("mongodb_settings.0.auth_type").(string))
+		settings.AuthMechanism = aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string))
+		settings.NestingLevel = aws.String(d.Get("mongodb_settings.0.nesting_level").(string))
+		settings.ExtractDocId = aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string))
+		settings.DocsToInvestigate = aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string))
+		settings.AuthSource = aws.String(d.Get("mongodb_settings.0.auth_source").(string))
+
+		input.MongoDbSettings = settings
+	case engineNameOracle:
 		if _, ok := d.GetOk("secrets_manager_arn"); ok {
-			input.PostgreSQLSettings = &dms.PostgreSQLSettings{
+			input.OracleSettings = &dms.OracleSettings{
 				SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)),
 				SecretsManagerSecretId:      aws.String(d.Get("secrets_manager_arn").(string)),
 				DatabaseName:                aws.String(d.Get("database_name").(string)),
 			}
 		} else {
-			input.PostgreSQLSettings = &dms.PostgreSQLSettings{
+			input.OracleSettings = &dms.OracleSettings{
 				Username:     aws.String(d.Get("username").(string)),
 				Password:     aws.String(d.Get("password").(string)),
 				ServerName:   aws.String(d.Get("server_name").(string)),
@@ -871,6 +878,30 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error {
 					}
 					input.EngineName = aws.String(engineName)
 
+					// Update connection info in top-level namespace as well
+					expandTopLevelConnectionInfoModify(d, input)
+				}
+			}
+		case engineNameAuroraPostgresql, engineNamePostgres:
+			if d.HasChanges(
+				"username", "password", "server_name", "port", "database_name", "secrets_manager_access_role_arn",
+				"secrets_manager_arn") {
+				if _, ok := d.GetOk("secrets_manager_arn"); ok {
+					input.PostgreSQLSettings = &dms.PostgreSQLSettings{
+						DatabaseName:                aws.String(d.Get("database_name").(string)),
+						SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)),
+						SecretsManagerSecretId:      aws.String(d.Get("secrets_manager_arn").(string)),
+					}
+				} else {
+					input.PostgreSQLSettings = &dms.PostgreSQLSettings{
+						Username:     aws.String(d.Get("username").(string)),
+						Password:     aws.String(d.Get("password").(string)),
+						ServerName:   aws.String(d.Get("server_name").(string)),
+						Port:         aws.Int64(int64(d.Get("port").(int))),
+						DatabaseName: aws.String(d.Get("database_name").(string)),
+					}
+					input.EngineName = aws.String(engineName) // Must be included (should be 'postgres')
+
 					// Update connection info in top-level namespace as well
 					expandTopLevelConnectionInfoModify(d, input)
 				}
@@ -909,70 +940,63 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error {
 			if d.HasChanges(
 				"username", "password", "server_name", "port", "database_name", "mongodb_settings.0.auth_type",
 				"mongodb_settings.0.auth_mechanism", "mongodb_settings.0.nesting_level", "mongodb_settings.0.extract_doc_id",
-				"mongodb_settings.0.docs_to_investigate", "mongodb_settings.0.auth_source") {
-				input.MongoDbSettings = &dms.MongoDbSettings{
-					Username:     aws.String(d.Get("username").(string)),
-					Password:     aws.String(d.Get("password").(string)),
-					ServerName:   aws.String(d.Get("server_name").(string)),
-					Port:         aws.Int64(int64(d.Get("port").(int))),
-					DatabaseName: aws.String(d.Get("database_name").(string)),
-					KmsKeyId:     aws.String(d.Get("kms_key_arn").(string)),
-
-					AuthType:          aws.String(d.Get("mongodb_settings.0.auth_type").(string)),
-					AuthMechanism:     aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)),
-					NestingLevel:      aws.String(d.Get("mongodb_settings.0.nesting_level").(string)),
-					ExtractDocId:      aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)),
-					DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)),
-					AuthSource:        aws.String(d.Get("mongodb_settings.0.auth_source").(string)),
-				}
-				input.EngineName = aws.String(engineName)
-
-				// Update connection info in top-level namespace as well
-				expandTopLevelConnectionInfoModify(d, input)
-			}
-		case engineNameOracle:
-			if d.HasChanges(
-				"username", "password", "server_name", "port", "database_name", "secrets_manager_access_role_arn",
+				"mongodb_settings.0.docs_to_investigate", "mongodb_settings.0.auth_source", "secrets_manager_access_role_arn",
 				"secrets_manager_arn") {
 				if _, ok := d.GetOk("secrets_manager_arn"); ok {
-					input.OracleSettings = &dms.OracleSettings{
-						DatabaseName:                aws.String(d.Get("database_name").(string)),
+					input.MongoDbSettings = &dms.MongoDbSettings{
 						SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)),
 						SecretsManagerSecretId:      aws.String(d.Get("secrets_manager_arn").(string)),
+						DatabaseName:                aws.String(d.Get("database_name").(string)),
+						KmsKeyId:                    aws.String(d.Get("kms_key_arn").(string)),
+
+						AuthType:          aws.String(d.Get("mongodb_settings.0.auth_type").(string)),
+						AuthMechanism:     aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)),
+						NestingLevel:      aws.String(d.Get("mongodb_settings.0.nesting_level").(string)),
+						ExtractDocId:      aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)),
+						DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)),
+						AuthSource:        aws.String(d.Get("mongodb_settings.0.auth_source").(string)),
 					}
 				} else {
-					input.OracleSettings = &dms.OracleSettings{
+					input.MongoDbSettings = &dms.MongoDbSettings{
 						Username:     aws.String(d.Get("username").(string)),
 						Password:     aws.String(d.Get("password").(string)),
 						ServerName:   aws.String(d.Get("server_name").(string)),
 						Port:         aws.Int64(int64(d.Get("port").(int))),
 						DatabaseName: aws.String(d.Get("database_name").(string)),
+						KmsKeyId:     aws.String(d.Get("kms_key_arn").(string)),
+
+						AuthType:          aws.String(d.Get("mongodb_settings.0.auth_type").(string)),
+						AuthMechanism:     aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)),
+						NestingLevel:      aws.String(d.Get("mongodb_settings.0.nesting_level").(string)),
+						ExtractDocId:      aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)),
+						DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)),
+						AuthSource:        aws.String(d.Get("mongodb_settings.0.auth_source").(string)),
 					}
-					input.EngineName = aws.String(engineName) // Must be included (should be 'oracle')
+					input.EngineName = aws.String(engineName)
 
 					// Update connection info in top-level namespace as well
 					expandTopLevelConnectionInfoModify(d, input)
 				}
 			}
-		case engineNamePostgres:
+		case engineNameOracle:
 			if d.HasChanges(
 				"username", "password", "server_name", "port", "database_name", "secrets_manager_access_role_arn",
 				"secrets_manager_arn") {
 				if _, ok := d.GetOk("secrets_manager_arn"); ok {
-					input.PostgreSQLSettings = &dms.PostgreSQLSettings{
+					input.OracleSettings = &dms.OracleSettings{
 						DatabaseName:                aws.String(d.Get("database_name").(string)),
 						SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)),
 						SecretsManagerSecretId:      aws.String(d.Get("secrets_manager_arn").(string)),
 					}
 				} else {
-					input.PostgreSQLSettings = &dms.PostgreSQLSettings{
+					input.OracleSettings = &dms.OracleSettings{
 						Username:     aws.String(d.Get("username").(string)),
 						Password:     aws.String(d.Get("password").(string)),
 						ServerName:   aws.String(d.Get("server_name").(string)),
 						Port:         aws.Int64(int64(d.Get("port").(int))),
 						DatabaseName: aws.String(d.Get("database_name").(string)),
 					}
-					input.EngineName = aws.String(engineName) // Must be included (should be 'postgres')
+					input.EngineName = aws.String(engineName) // Must be included (should be 'oracle')
 
 					// Update connection info in top-level namespace as well
 					expandTopLevelConnectionInfoModify(d, input)
@@ -1146,6 +1170,17 @@ func resourceEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoint) er
 		} else {
 			flattenTopLevelConnectionInfo(d, endpoint)
 		}
+	case engineNameAuroraPostgresql, engineNamePostgres:
+		if endpoint.PostgreSQLSettings != nil {
+			d.Set("username", endpoint.PostgreSQLSettings.Username)
+			d.Set("server_name", endpoint.PostgreSQLSettings.ServerName)
+			d.Set("port", endpoint.PostgreSQLSettings.Port)
+			d.Set("database_name", endpoint.PostgreSQLSettings.DatabaseName)
+			d.Set("secrets_manager_access_role_arn", endpoint.PostgreSQLSettings.SecretsManagerAccessRoleArn)
+			d.Set("secrets_manager_arn", endpoint.PostgreSQLSettings.SecretsManagerSecretId)
+		} else {
+			flattenTopLevelConnectionInfo(d, endpoint)
+		}
 	case engineNameDynamoDB:
 		if endpoint.DynamoDbSettings != nil {
 			d.Set("service_access_role", endpoint.DynamoDbSettings.ServiceAccessRoleArn)
@@ -1178,6 +1213,8 @@ func resourceEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoint) er
 			d.Set("server_name", endpoint.MongoDbSettings.ServerName)
 			d.Set("port", endpoint.MongoDbSettings.Port)
 			d.Set("database_name", endpoint.MongoDbSettings.DatabaseName)
+			d.Set("secrets_manager_access_role_arn", endpoint.MongoDbSettings.SecretsManagerAccessRoleArn)
+			d.Set("secrets_manager_arn", endpoint.MongoDbSettings.SecretsManagerSecretId)
 		} else {
 			flattenTopLevelConnectionInfo(d, endpoint)
 		}
@@ -1195,17 +1232,6 @@ func resourceEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoint) er
 		} else {
 			flattenTopLevelConnectionInfo(d, endpoint)
 		}
-	case engineNamePostgres:
-		if endpoint.PostgreSQLSettings != nil {
-			d.Set("username", endpoint.PostgreSQLSettings.Username)
-			d.Set("server_name", endpoint.PostgreSQLSettings.ServerName)
-			d.Set("port", endpoint.PostgreSQLSettings.Port)
-			d.Set("database_name", endpoint.PostgreSQLSettings.DatabaseName)
-			d.Set("secrets_manager_access_role_arn", endpoint.PostgreSQLSettings.SecretsManagerAccessRoleArn)
-			d.Set("secrets_manager_arn", endpoint.PostgreSQLSettings.SecretsManagerSecretId)
-		} else {
-			flattenTopLevelConnectionInfo(d, endpoint)
-		}
 	case engineNameRedshift:
 		if endpoint.RedshiftSettings != nil {
 			d.Set("username", endpoint.RedshiftSettings.Username)