diff --git a/.changelog/23691.txt b/.changelog/23691.txt new file mode 100644 index 00000000000..b274bcc580f --- /dev/null +++ b/.changelog/23691.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the `aurora-postgresql` and `mongodb` engines +``` \ No newline at end of file diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index a89438881e5..3c76cacc177 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -640,6 +640,25 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error { DatabaseName: aws.String(d.Get("database_name").(string)), } + // Set connection info in top-level namespace as well + expandTopLevelConnectionInfo(d, input) + } + case engineNameAuroraPostgresql, engineNamePostgres: + if _, ok := d.GetOk("secrets_manager_arn"); ok { + input.PostgreSQLSettings = &dms.PostgreSQLSettings{ + SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), + SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), + DatabaseName: aws.String(d.Get("database_name").(string)), + } + } else { + input.PostgreSQLSettings = &dms.PostgreSQLSettings{ + Username: aws.String(d.Get("username").(string)), + Password: aws.String(d.Get("password").(string)), + ServerName: aws.String(d.Get("server_name").(string)), + Port: aws.Int64(int64(d.Get("port").(int))), + DatabaseName: aws.String(d.Get("database_name").(string)), + } + // Set connection info in top-level namespace as well expandTopLevelConnectionInfo(d, input) } @@ -659,52 +678,40 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error { case engineNameKinesis: input.KinesisSettings = expandKinesisSettings(d.Get("kinesis_settings").([]interface{})[0].(map[string]interface{})) case engineNameMongodb: - input.MongoDbSettings = &dms.MongoDbSettings{ - Username: aws.String(d.Get("username").(string)), - Password: aws.String(d.Get("password").(string)), - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), - - AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), - AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), - NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), - ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), - DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), - AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), - } + var settings = &dms.MongoDbSettings{} - // Set connection info in top-level namespace as well - expandTopLevelConnectionInfo(d, input) - case engineNameOracle: if _, ok := d.GetOk("secrets_manager_arn"); ok { - input.OracleSettings = &dms.OracleSettings{ - SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), - SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), - DatabaseName: aws.String(d.Get("database_name").(string)), - } + settings.SecretsManagerAccessRoleArn = aws.String(d.Get("secrets_manager_access_role_arn").(string)) + settings.SecretsManagerSecretId = aws.String(d.Get("secrets_manager_arn").(string)) } else { - input.OracleSettings = &dms.OracleSettings{ - Username: aws.String(d.Get("username").(string)), - Password: aws.String(d.Get("password").(string)), - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - } + settings.Username = aws.String(d.Get("username").(string)) + settings.Password = aws.String(d.Get("password").(string)) + settings.ServerName = aws.String(d.Get("server_name").(string)) + settings.Port = aws.Int64(int64(d.Get("port").(int))) // Set connection info in top-level namespace as well expandTopLevelConnectionInfo(d, input) } - case engineNamePostgres: + + settings.DatabaseName = aws.String(d.Get("database_name").(string)) + settings.KmsKeyId = aws.String(d.Get("kms_key_arn").(string)) + settings.AuthType = aws.String(d.Get("mongodb_settings.0.auth_type").(string)) + settings.AuthMechanism = aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)) + settings.NestingLevel = aws.String(d.Get("mongodb_settings.0.nesting_level").(string)) + settings.ExtractDocId = aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)) + settings.DocsToInvestigate = aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)) + settings.AuthSource = aws.String(d.Get("mongodb_settings.0.auth_source").(string)) + + input.MongoDbSettings = settings + case engineNameOracle: if _, ok := d.GetOk("secrets_manager_arn"); ok { - input.PostgreSQLSettings = &dms.PostgreSQLSettings{ + input.OracleSettings = &dms.OracleSettings{ SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), DatabaseName: aws.String(d.Get("database_name").(string)), } } else { - input.PostgreSQLSettings = &dms.PostgreSQLSettings{ + input.OracleSettings = &dms.OracleSettings{ Username: aws.String(d.Get("username").(string)), Password: aws.String(d.Get("password").(string)), ServerName: aws.String(d.Get("server_name").(string)), @@ -871,6 +878,30 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { } input.EngineName = aws.String(engineName) + // Update connection info in top-level namespace as well + expandTopLevelConnectionInfoModify(d, input) + } + } + case engineNameAuroraPostgresql, engineNamePostgres: + if d.HasChanges( + "username", "password", "server_name", "port", "database_name", "secrets_manager_access_role_arn", + "secrets_manager_arn") { + if _, ok := d.GetOk("secrets_manager_arn"); ok { + input.PostgreSQLSettings = &dms.PostgreSQLSettings{ + DatabaseName: aws.String(d.Get("database_name").(string)), + SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), + SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), + } + } else { + input.PostgreSQLSettings = &dms.PostgreSQLSettings{ + Username: aws.String(d.Get("username").(string)), + Password: aws.String(d.Get("password").(string)), + ServerName: aws.String(d.Get("server_name").(string)), + Port: aws.Int64(int64(d.Get("port").(int))), + DatabaseName: aws.String(d.Get("database_name").(string)), + } + input.EngineName = aws.String(engineName) // Must be included (should be 'postgres') + // Update connection info in top-level namespace as well expandTopLevelConnectionInfoModify(d, input) } @@ -909,70 +940,63 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { if d.HasChanges( "username", "password", "server_name", "port", "database_name", "mongodb_settings.0.auth_type", "mongodb_settings.0.auth_mechanism", "mongodb_settings.0.nesting_level", "mongodb_settings.0.extract_doc_id", - "mongodb_settings.0.docs_to_investigate", "mongodb_settings.0.auth_source") { - input.MongoDbSettings = &dms.MongoDbSettings{ - Username: aws.String(d.Get("username").(string)), - Password: aws.String(d.Get("password").(string)), - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), - - AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), - AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), - NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), - ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), - DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), - AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), - } - input.EngineName = aws.String(engineName) - - // Update connection info in top-level namespace as well - expandTopLevelConnectionInfoModify(d, input) - } - case engineNameOracle: - if d.HasChanges( - "username", "password", "server_name", "port", "database_name", "secrets_manager_access_role_arn", + "mongodb_settings.0.docs_to_investigate", "mongodb_settings.0.auth_source", "secrets_manager_access_role_arn", "secrets_manager_arn") { if _, ok := d.GetOk("secrets_manager_arn"); ok { - input.OracleSettings = &dms.OracleSettings{ - DatabaseName: aws.String(d.Get("database_name").(string)), + input.MongoDbSettings = &dms.MongoDbSettings{ SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), + DatabaseName: aws.String(d.Get("database_name").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + + AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), + AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), + NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), + ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), + DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), + AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), } } else { - input.OracleSettings = &dms.OracleSettings{ + input.MongoDbSettings = &dms.MongoDbSettings{ Username: aws.String(d.Get("username").(string)), Password: aws.String(d.Get("password").(string)), ServerName: aws.String(d.Get("server_name").(string)), Port: aws.Int64(int64(d.Get("port").(int))), DatabaseName: aws.String(d.Get("database_name").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + + AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), + AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), + NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), + ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), + DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), + AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), } - input.EngineName = aws.String(engineName) // Must be included (should be 'oracle') + input.EngineName = aws.String(engineName) // Update connection info in top-level namespace as well expandTopLevelConnectionInfoModify(d, input) } } - case engineNamePostgres: + case engineNameOracle: if d.HasChanges( "username", "password", "server_name", "port", "database_name", "secrets_manager_access_role_arn", "secrets_manager_arn") { if _, ok := d.GetOk("secrets_manager_arn"); ok { - input.PostgreSQLSettings = &dms.PostgreSQLSettings{ + input.OracleSettings = &dms.OracleSettings{ DatabaseName: aws.String(d.Get("database_name").(string)), SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), } } else { - input.PostgreSQLSettings = &dms.PostgreSQLSettings{ + input.OracleSettings = &dms.OracleSettings{ Username: aws.String(d.Get("username").(string)), Password: aws.String(d.Get("password").(string)), ServerName: aws.String(d.Get("server_name").(string)), Port: aws.Int64(int64(d.Get("port").(int))), DatabaseName: aws.String(d.Get("database_name").(string)), } - input.EngineName = aws.String(engineName) // Must be included (should be 'postgres') + input.EngineName = aws.String(engineName) // Must be included (should be 'oracle') // Update connection info in top-level namespace as well expandTopLevelConnectionInfoModify(d, input) @@ -1146,6 +1170,17 @@ func resourceEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoint) er } else { flattenTopLevelConnectionInfo(d, endpoint) } + case engineNameAuroraPostgresql, engineNamePostgres: + if endpoint.PostgreSQLSettings != nil { + d.Set("username", endpoint.PostgreSQLSettings.Username) + d.Set("server_name", endpoint.PostgreSQLSettings.ServerName) + d.Set("port", endpoint.PostgreSQLSettings.Port) + d.Set("database_name", endpoint.PostgreSQLSettings.DatabaseName) + d.Set("secrets_manager_access_role_arn", endpoint.PostgreSQLSettings.SecretsManagerAccessRoleArn) + d.Set("secrets_manager_arn", endpoint.PostgreSQLSettings.SecretsManagerSecretId) + } else { + flattenTopLevelConnectionInfo(d, endpoint) + } case engineNameDynamoDB: if endpoint.DynamoDbSettings != nil { d.Set("service_access_role", endpoint.DynamoDbSettings.ServiceAccessRoleArn) @@ -1178,6 +1213,8 @@ func resourceEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoint) er d.Set("server_name", endpoint.MongoDbSettings.ServerName) d.Set("port", endpoint.MongoDbSettings.Port) d.Set("database_name", endpoint.MongoDbSettings.DatabaseName) + d.Set("secrets_manager_access_role_arn", endpoint.MongoDbSettings.SecretsManagerAccessRoleArn) + d.Set("secrets_manager_arn", endpoint.MongoDbSettings.SecretsManagerSecretId) } else { flattenTopLevelConnectionInfo(d, endpoint) } @@ -1195,17 +1232,6 @@ func resourceEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoint) er } else { flattenTopLevelConnectionInfo(d, endpoint) } - case engineNamePostgres: - if endpoint.PostgreSQLSettings != nil { - d.Set("username", endpoint.PostgreSQLSettings.Username) - d.Set("server_name", endpoint.PostgreSQLSettings.ServerName) - d.Set("port", endpoint.PostgreSQLSettings.Port) - d.Set("database_name", endpoint.PostgreSQLSettings.DatabaseName) - d.Set("secrets_manager_access_role_arn", endpoint.PostgreSQLSettings.SecretsManagerAccessRoleArn) - d.Set("secrets_manager_arn", endpoint.PostgreSQLSettings.SecretsManagerSecretId) - } else { - flattenTopLevelConnectionInfo(d, endpoint) - } case engineNameRedshift: if endpoint.RedshiftSettings != nil { d.Set("username", endpoint.RedshiftSettings.Username) diff --git a/internal/service/dms/endpoint_test.go b/internal/service/dms/endpoint_test.go index 0aec9d3e539..6a7c2668d57 100644 --- a/internal/service/dms/endpoint_test.go +++ b/internal/service/dms/endpoint_test.go @@ -148,6 +148,99 @@ func TestAccDMSEndpoint_Aurora_update(t *testing.T) { }) } +func TestAccDMSEndpoint_AuroraPostgreSQL_basic(t *testing.T) { + resourceName := "aws_dms_endpoint.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), + ProviderFactories: acctest.ProviderFactories, + CheckDestroy: testAccCheckEndpointDestroy, + Steps: []resource.TestStep{ + { + Config: testAccEndpointConfig_auroraPostgreSQL(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"password"}, + }, + }, + }) +} + +func TestAccDMSEndpoint_AuroraPostgreSQL_secretID(t *testing.T) { + resourceName := "aws_dms_endpoint.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), + ProviderFactories: acctest.ProviderFactories, + CheckDestroy: testAccCheckEndpointDestroy, + Steps: []resource.TestStep{ + { + Config: testAccEndpointConfig_auroraPostgreSQLSecretID(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccDMSEndpoint_AuroraPostgreSQL_update(t *testing.T) { + resourceName := "aws_dms_endpoint.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), + ProviderFactories: acctest.ProviderFactories, + CheckDestroy: testAccCheckEndpointDestroy, + Steps: []resource.TestStep{ + { + Config: testAccEndpointConfig_auroraPostgreSQL(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), + ), + }, + { + Config: testAccEndpointConfig_auroraPostgreSQLUpdate(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "server_name", "tftest-new-server_name"), + resource.TestCheckResourceAttr(resourceName, "port", "27018"), + resource.TestCheckResourceAttr(resourceName, "username", "tftest-new-username"), + resource.TestCheckResourceAttr(resourceName, "password", "tftest-new-password"), + resource.TestCheckResourceAttr(resourceName, "database_name", "tftest-new-database_name"), + resource.TestCheckResourceAttr(resourceName, "ssl_mode", "require"), + resource.TestMatchResourceAttr(resourceName, "extra_connection_attributes", regexp.MustCompile(`key=value;`)), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"password"}, + }, + }, + }) +} + func TestAccDMSEndpoint_S3_basic(t *testing.T) { resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -553,6 +646,33 @@ func TestAccDMSEndpoint_MongoDB_basic(t *testing.T) { }) } +func TestAccDMSEndpoint_MongoDB_secretID(t *testing.T) { + resourceName := "aws_dms_endpoint.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), + ProviderFactories: acctest.ProviderFactories, + CheckDestroy: testAccCheckEndpointDestroy, + Steps: []resource.TestStep{ + { + Config: testAccEndpointConfig_mongoDBSecretID(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"password"}, + }, + }, + }) +} + // TestAccDMSEndpoint_MongoDB_update validates engine-specific // configured fields and extra_connection_attributes now set in the resource // per https://github.com/hashicorp/terraform-provider-aws/issues/8009 @@ -1503,6 +1623,74 @@ resource "aws_dms_endpoint" "test" { `, rName) } +func testAccEndpointConfig_auroraPostgreSQL(rName string) string { + return fmt.Sprintf(` +resource "aws_dms_endpoint" "test" { + endpoint_id = %[1]q + endpoint_type = "source" + engine_name = "aurora-postgresql" + server_name = "tftest" + port = 27017 + username = "tftest" + password = "tftest" + database_name = "tftest" + ssl_mode = "none" + extra_connection_attributes = "" + + tags = { + Name = %[1]q + Update = "to-update" + Remove = "to-remove" + } +} +`, rName) +} + +func testAccEndpointConfig_auroraPostgreSQLSecretID(rName string) string { + return acctest.ConfigCompose(testAccEndpointConfig_secretBase(rName), fmt.Sprintf(` +resource "aws_dms_endpoint" "test" { + endpoint_id = %[1]q + endpoint_type = "source" + engine_name = "aurora-postgresql" + secrets_manager_access_role_arn = aws_iam_role.test.arn + secrets_manager_arn = aws_secretsmanager_secret.test.id + + database_name = "tftest" + ssl_mode = "none" + extra_connection_attributes = "" + + tags = { + Name = "tf-test-dms-endpoint-%[1]s" + Update = "to-update" + Remove = "to-remove" + } +} +`, rName)) +} + +func testAccEndpointConfig_auroraPostgreSQLUpdate(rName string) string { + return fmt.Sprintf(` +resource "aws_dms_endpoint" "test" { + endpoint_id = %[1]q + endpoint_type = "source" + engine_name = "aurora-postgresql" + server_name = "tftest-new-server_name" + port = 27018 + username = "tftest-new-username" + password = "tftest-new-password" + database_name = "tftest-new-database_name" + ssl_mode = "require" + extra_connection_attributes = "key=value;" + + tags = { + Name = %[1]q + Update = "updated" + Add = "added" + } +} +`, rName) +} + func testAccEndpointConfig_dynamoDB(rName string) string { return fmt.Sprintf(` data "aws_partition" "current" {} @@ -2181,6 +2369,34 @@ resource "aws_dms_endpoint" "test" { `, rName) } +func testAccEndpointConfig_mongoDBSecretID(rName string) string { + return acctest.ConfigCompose(testAccEndpointConfig_secretBase(rName), fmt.Sprintf(` +resource "aws_dms_endpoint" "test" { + endpoint_id = %[1]q + endpoint_type = "source" + engine_name = "mongodb" + database_name = "tftest" + secrets_manager_access_role_arn = aws_iam_role.test.arn + secrets_manager_arn = aws_secretsmanager_secret.test.id + + tags = { + Name = %[1]q + Update = "to-update" + Remove = "to-remove" + } + + mongodb_settings { + auth_type = "password" + auth_mechanism = "default" + nesting_level = "none" + extract_doc_id = "false" + docs_to_investigate = "1000" + auth_source = "admin" + } +} +`, rName)) +} + func testAccEndpointConfig_mongoDBUpdate(rName string) string { return fmt.Sprintf(` data "aws_kms_alias" "dms" { @@ -2435,6 +2651,28 @@ resource "aws_dms_endpoint" "test" { `, rName) } +func testAccEndpointConfig_postgreSQLSecretID(rName string) string { + return acctest.ConfigCompose(testAccEndpointConfig_secretBase(rName), fmt.Sprintf(` +resource "aws_dms_endpoint" "test" { + endpoint_id = %[1]q + endpoint_type = "source" + engine_name = "postgres" + secrets_manager_access_role_arn = aws_iam_role.test.arn + secrets_manager_arn = aws_secretsmanager_secret.test.id + + database_name = "tftest" + ssl_mode = "none" + extra_connection_attributes = "" + + tags = { + Name = "tf-test-dms-endpoint-%[1]s" + Update = "to-update" + Remove = "to-remove" + } +} +`, rName)) +} + func testAccEndpointConfig_postgreSQLUpdate(rName string) string { return fmt.Sprintf(` resource "aws_dms_endpoint" "test" { @@ -2457,27 +2695,6 @@ resource "aws_dms_endpoint" "test" { } `, rName) } -func testAccEndpointConfig_postgreSQLSecretID(rName string) string { - return acctest.ConfigCompose(testAccEndpointConfig_secretBase(rName), fmt.Sprintf(` -resource "aws_dms_endpoint" "test" { - endpoint_id = %[1]q - endpoint_type = "source" - engine_name = "postgres" - secrets_manager_access_role_arn = aws_iam_role.test.arn - secrets_manager_arn = aws_secretsmanager_secret.test.id - - database_name = "tftest" - ssl_mode = "none" - extra_connection_attributes = "" - - tags = { - Name = "tf-test-dms-endpoint-%[1]s" - Update = "to-update" - Remove = "to-remove" - } -} -`, rName)) -} func testAccEndpointConfig_SQLServer(rName string) string { return fmt.Sprintf(` diff --git a/website/docs/r/dms_endpoint.html.markdown b/website/docs/r/dms_endpoint.html.markdown index 224515c0a9b..030822cbc95 100644 --- a/website/docs/r/dms_endpoint.html.markdown +++ b/website/docs/r/dms_endpoint.html.markdown @@ -60,7 +60,7 @@ The following arguments are optional: * `port` - (Optional) Port used by the endpoint database. * `s3_settings` - (Optional) Configuration block for S3 settings. See below. * `secrets_manager_access_role_arn` - (Optional) ARN of the IAM role that specifies AWS DMS as the trusted entity and has the required permissions to access the value in SecretsManagerSecret. -* `secrets_manager_arn` - (Optional) Full ARN, partial ARN, or friendly name of the SecretsManagerSecret that contains the endpoint connection details. Supported only for `engine_name` as `aurora`, `mariadb`, `mysql`, `oracle`, `postgres`, `redshift` or `sqlserver`. +* `secrets_manager_arn` - (Optional) Full ARN, partial ARN, or friendly name of the SecretsManagerSecret that contains the endpoint connection details. Supported only for `engine_name` as `aurora`, `aurora-postgresql`, `mariadb`, `mongodb`, `mysql`, `oracle`, `postgres`, `redshift` or `sqlserver`. * `server_name` - (Optional) Host name of the server. * `service_access_role` - (Optional) ARN used by the service access IAM role for dynamodb endpoints. * `ssl_mode` - (Optional, Default: none) SSL mode to use for the connection. Valid values are `none`, `require`, `verify-ca`, `verify-full`