From 366e53b65346e58a4d42abffb342cb1e1e9d9860 Mon Sep 17 00:00:00 2001 From: brunomiranda-hotmart Date: Tue, 15 Mar 2022 09:56:08 -0300 Subject: [PATCH 01/10] feat(mongodb): add secrets_manager_arn --- internal/service/dms/endpoint.go | 123 ++++++++++++++++++++----------- 1 file changed, 80 insertions(+), 43 deletions(-) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index 3341452fbde..382ab662197 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -636,28 +636,47 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error { case engineNameKinesis: request.KinesisSettings = expandKinesisSettings(d.Get("kinesis_settings").([]interface{})[0].(map[string]interface{})) case engineNameMongodb: - request.MongoDbSettings = &dms.MongoDbSettings{ - Username: aws.String(d.Get("username").(string)), - Password: aws.String(d.Get("password").(string)), - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), - - AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), - AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), - NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), - ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), - DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), - AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), - } + if _, ok := d.GetOk("secrets_manager_arn"); ok { + request.MongoDbSettings = &dms.MongoDbSettings{ + SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), + SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), - // Set connection info in top-level namespace as well - request.Username = aws.String(d.Get("username").(string)) - request.Password = aws.String(d.Get("password").(string)) - request.ServerName = aws.String(d.Get("server_name").(string)) - request.Port = aws.Int64(int64(d.Get("port").(int))) - request.DatabaseName = aws.String(d.Get("database_name").(string)) + ServerName: aws.String(d.Get("server_name").(string)), + Port: aws.Int64(int64(d.Get("port").(int))), + DatabaseName: aws.String(d.Get("database_name").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + + AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), + AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), + NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), + ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), + DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), + AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), + } + } else { + request.MongoDbSettings = &dms.MongoDbSettings{ + Username: aws.String(d.Get("username").(string)), + Password: aws.String(d.Get("password").(string)), + ServerName: aws.String(d.Get("server_name").(string)), + Port: aws.Int64(int64(d.Get("port").(int))), + DatabaseName: aws.String(d.Get("database_name").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + + AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), + AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), + NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), + ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), + DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), + AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), + } + + // Set connection info in top-level namespace as well + request.Username = aws.String(d.Get("username").(string)) + request.Password = aws.String(d.Get("password").(string)) + request.ServerName = aws.String(d.Get("server_name").(string)) + request.Port = aws.Int64(int64(d.Get("port").(int))) + request.DatabaseName = aws.String(d.Get("database_name").(string)) + } case engineNameOracle: if _, ok := d.GetOk("secrets_manager_arn"); ok { request.OracleSettings = &dms.OracleSettings{ @@ -878,30 +897,48 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { if d.HasChanges( "username", "password", "server_name", "port", "database_name", "mongodb_settings.0.auth_type", "mongodb_settings.0.auth_mechanism", "mongodb_settings.0.nesting_level", "mongodb_settings.0.extract_doc_id", - "mongodb_settings.0.docs_to_investigate", "mongodb_settings.0.auth_source") { - request.MongoDbSettings = &dms.MongoDbSettings{ - Username: aws.String(d.Get("username").(string)), - Password: aws.String(d.Get("password").(string)), - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + "mongodb_settings.0.docs_to_investigate", "mongodb_settings.0.auth_source", "secrets_manager_arn", "secrets_manager_access_role_arn") { + if _, ok := d.GetOk("secrets_manager_arn"); ok { + request.MongoDbSettings = &dms.MongoDbSettings{ + SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), + SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), - AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), - AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), - NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), - ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), - DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), - AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), - } - request.EngineName = aws.String(engineName) + ServerName: aws.String(d.Get("server_name").(string)), + Port: aws.Int64(int64(d.Get("port").(int))), + DatabaseName: aws.String(d.Get("database_name").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + + AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), + AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), + NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), + ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), + DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), + AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), + } + } else { + request.MongoDbSettings = &dms.MongoDbSettings{ + Username: aws.String(d.Get("username").(string)), + Password: aws.String(d.Get("password").(string)), + ServerName: aws.String(d.Get("server_name").(string)), + Port: aws.Int64(int64(d.Get("port").(int))), + DatabaseName: aws.String(d.Get("database_name").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + + AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), + AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), + NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), + ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), + DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), + AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), + } - // Update connection info in top-level namespace as well - request.Username = aws.String(d.Get("username").(string)) - request.Password = aws.String(d.Get("password").(string)) - request.ServerName = aws.String(d.Get("server_name").(string)) - request.Port = aws.Int64(int64(d.Get("port").(int))) - request.DatabaseName = aws.String(d.Get("database_name").(string)) + // Set connection info in top-level namespace as well + request.Username = aws.String(d.Get("username").(string)) + request.Password = aws.String(d.Get("password").(string)) + request.ServerName = aws.String(d.Get("server_name").(string)) + request.Port = aws.Int64(int64(d.Get("port").(int))) + request.DatabaseName = aws.String(d.Get("database_name").(string)) + } hasChanges = true } From 2228ff1fdf447d4cb4f4b4925733c6ba082c5f1b Mon Sep 17 00:00:00 2001 From: brunomiranda-hotmart Date: Tue, 15 Mar 2022 14:10:57 -0300 Subject: [PATCH 02/10] rollback miss updated comment --- internal/service/dms/endpoint.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index 382ab662197..3c05a448181 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -932,7 +932,7 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), } - // Set connection info in top-level namespace as well + // Update connection info in top-level namespace as well request.Username = aws.String(d.Get("username").(string)) request.Password = aws.String(d.Get("password").(string)) request.ServerName = aws.String(d.Get("server_name").(string)) From 51d2d35bde2fed6303f8cff4279e13c64251150b Mon Sep 17 00:00:00 2001 From: brunomiranda-hotmart Date: Tue, 15 Mar 2022 14:13:13 -0300 Subject: [PATCH 03/10] Add miss removed request --- internal/service/dms/endpoint.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index 3c05a448181..f359c12140e 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -931,6 +931,7 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), } + request.EngineName = aws.String(engineName) // Update connection info in top-level namespace as well request.Username = aws.String(d.Get("username").(string)) From 206de0a0d30815703333d7479c907b5596050192 Mon Sep 17 00:00:00 2001 From: brunomiranda-hotmart Date: Wed, 16 Mar 2022 15:07:55 -0300 Subject: [PATCH 04/10] Add mongo secrets_manager_arn acceptance tests --- internal/service/dms/endpoint.go | 12 +- internal/service/dms/endpoint_test.go | 199 ++++++++++++++++++++++++++ 2 files changed, 203 insertions(+), 8 deletions(-) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index f359c12140e..3ae4a669942 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -640,11 +640,9 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error { request.MongoDbSettings = &dms.MongoDbSettings{ SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), + DatabaseName: aws.String(d.Get("database_name").(string)), - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), @@ -902,11 +900,9 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { request.MongoDbSettings = &dms.MongoDbSettings{ SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), + DatabaseName: aws.String(d.Get("database_name").(string)), - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), diff --git a/internal/service/dms/endpoint_test.go b/internal/service/dms/endpoint_test.go index 3ea896e4cc3..b8639ec7967 100644 --- a/internal/service/dms/endpoint_test.go +++ b/internal/service/dms/endpoint_test.go @@ -508,6 +508,47 @@ func TestAccDMSEndpoint_MongoDB_update(t *testing.T) { }) } +func TestAccDMSEndpoint_MongoDB_secretID(t *testing.T) { + resourceName := "aws_dms_endpoint.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), + Providers: acctest.Providers, + CheckDestroy: testAccCheckEndpointDestroy, + Steps: []resource.TestStep{ + { + Config: testAccEndpointConfig_mongoDBSecretID(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), + ), + }, + { + Config: testAccEndpointConfig_mongoDBSecretIDUpdate(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "database_name", "tftest-new-database_name"), + resource.TestCheckResourceAttrSet(resourceName, "secrets_manager_access_role_arn"), + resource.TestCheckResourceAttrSet(resourceName, "secrets_manager_arn"), + resource.TestCheckResourceAttr(resourceName, "mongodb_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "mongodb_settings.0.auth_mechanism", "default"), + resource.TestCheckResourceAttr(resourceName, "mongodb_settings.0.nesting_level", "none"), + resource.TestCheckResourceAttr(resourceName, "mongodb_settings.0.extract_doc_id", "false"), + resource.TestCheckResourceAttr(resourceName, "mongodb_settings.0.docs_to_investigate", "1000"), + ), + }, + // { + // ResourceName: resourceName, + // ImportState: true, + // ImportStateVerify: true, + // ImportStateVerifyIgnore: []string{"password"}, + // }, + }, + }) +} + func TestAccDMSEndpoint_Oracle_basic(t *testing.T) { resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -1613,6 +1654,164 @@ resource "aws_dms_endpoint" "test" { `, rName) } +func testAccEndpointConfig_mongoDBSecretID(rName string) string { + return fmt.Sprintf(` +data "aws_kms_alias" "dms" { + name = "alias/aws/dms" +} + +data "aws_region" "current" {} +data "aws_partition" "current" {} + +resource "aws_secretsmanager_secret" "test" { + name = %[1]q + recovery_window_in_days = 0 +} + +resource "aws_iam_role" "test" { + name = %[1]q + assume_role_policy = < Date: Thu, 2 Jun 2022 10:06:13 -0400 Subject: [PATCH 05/10] Revert "Add mongo secrets_manager_arn acceptance tests" This reverts commit 206de0a0d30815703333d7479c907b5596050192. --- internal/service/dms/endpoint.go | 12 +- internal/service/dms/endpoint_test.go | 199 -------------------------- 2 files changed, 8 insertions(+), 203 deletions(-) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index 3ae4a669942..f359c12140e 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -640,9 +640,11 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error { request.MongoDbSettings = &dms.MongoDbSettings{ SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + ServerName: aws.String(d.Get("server_name").(string)), + Port: aws.Int64(int64(d.Get("port").(int))), + DatabaseName: aws.String(d.Get("database_name").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), @@ -900,9 +902,11 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { request.MongoDbSettings = &dms.MongoDbSettings{ SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + ServerName: aws.String(d.Get("server_name").(string)), + Port: aws.Int64(int64(d.Get("port").(int))), + DatabaseName: aws.String(d.Get("database_name").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), diff --git a/internal/service/dms/endpoint_test.go b/internal/service/dms/endpoint_test.go index b8639ec7967..3ea896e4cc3 100644 --- a/internal/service/dms/endpoint_test.go +++ b/internal/service/dms/endpoint_test.go @@ -508,47 +508,6 @@ func TestAccDMSEndpoint_MongoDB_update(t *testing.T) { }) } -func TestAccDMSEndpoint_MongoDB_secretID(t *testing.T) { - resourceName := "aws_dms_endpoint.test" - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) - - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acctest.PreCheck(t) }, - ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), - Providers: acctest.Providers, - CheckDestroy: testAccCheckEndpointDestroy, - Steps: []resource.TestStep{ - { - Config: testAccEndpointConfig_mongoDBSecretID(rName), - Check: resource.ComposeTestCheckFunc( - testAccCheckEndpointExists(resourceName), - resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), - ), - }, - { - Config: testAccEndpointConfig_mongoDBSecretIDUpdate(rName), - Check: resource.ComposeTestCheckFunc( - testAccCheckEndpointExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "database_name", "tftest-new-database_name"), - resource.TestCheckResourceAttrSet(resourceName, "secrets_manager_access_role_arn"), - resource.TestCheckResourceAttrSet(resourceName, "secrets_manager_arn"), - resource.TestCheckResourceAttr(resourceName, "mongodb_settings.#", "1"), - resource.TestCheckResourceAttr(resourceName, "mongodb_settings.0.auth_mechanism", "default"), - resource.TestCheckResourceAttr(resourceName, "mongodb_settings.0.nesting_level", "none"), - resource.TestCheckResourceAttr(resourceName, "mongodb_settings.0.extract_doc_id", "false"), - resource.TestCheckResourceAttr(resourceName, "mongodb_settings.0.docs_to_investigate", "1000"), - ), - }, - // { - // ResourceName: resourceName, - // ImportState: true, - // ImportStateVerify: true, - // ImportStateVerifyIgnore: []string{"password"}, - // }, - }, - }) -} - func TestAccDMSEndpoint_Oracle_basic(t *testing.T) { resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -1654,164 +1613,6 @@ resource "aws_dms_endpoint" "test" { `, rName) } -func testAccEndpointConfig_mongoDBSecretID(rName string) string { - return fmt.Sprintf(` -data "aws_kms_alias" "dms" { - name = "alias/aws/dms" -} - -data "aws_region" "current" {} -data "aws_partition" "current" {} - -resource "aws_secretsmanager_secret" "test" { - name = %[1]q - recovery_window_in_days = 0 -} - -resource "aws_iam_role" "test" { - name = %[1]q - assume_role_policy = < Date: Thu, 2 Jun 2022 10:06:23 -0400 Subject: [PATCH 06/10] Revert "Add miss removed request" This reverts commit 51d2d35bde2fed6303f8cff4279e13c64251150b. --- internal/service/dms/endpoint.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index f359c12140e..3c05a448181 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -931,7 +931,6 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), } - request.EngineName = aws.String(engineName) // Update connection info in top-level namespace as well request.Username = aws.String(d.Get("username").(string)) From b729d210b32d5adeaf9056bee31315d80c0c0fc6 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 2 Jun 2022 10:06:29 -0400 Subject: [PATCH 07/10] Revert "rollback miss updated comment" This reverts commit 2228ff1fdf447d4cb4f4b4925733c6ba082c5f1b. --- internal/service/dms/endpoint.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index 3c05a448181..382ab662197 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -932,7 +932,7 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), } - // Update connection info in top-level namespace as well + // Set connection info in top-level namespace as well request.Username = aws.String(d.Get("username").(string)) request.Password = aws.String(d.Get("password").(string)) request.ServerName = aws.String(d.Get("server_name").(string)) From 687b93da26352b47c877f2168a8c430f8562634a Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 2 Jun 2022 10:06:34 -0400 Subject: [PATCH 08/10] Revert "feat(mongodb): add secrets_manager_arn" This reverts commit 366e53b65346e58a4d42abffb342cb1e1e9d9860. --- internal/service/dms/endpoint.go | 123 +++++++++++-------------------- 1 file changed, 43 insertions(+), 80 deletions(-) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index 382ab662197..3341452fbde 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -636,47 +636,28 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error { case engineNameKinesis: request.KinesisSettings = expandKinesisSettings(d.Get("kinesis_settings").([]interface{})[0].(map[string]interface{})) case engineNameMongodb: - if _, ok := d.GetOk("secrets_manager_arn"); ok { - request.MongoDbSettings = &dms.MongoDbSettings{ - SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), - SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), - - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), - - AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), - AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), - NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), - ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), - DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), - AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), - } - } else { - request.MongoDbSettings = &dms.MongoDbSettings{ - Username: aws.String(d.Get("username").(string)), - Password: aws.String(d.Get("password").(string)), - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), - - AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), - AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), - NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), - ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), - DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), - AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), - } - - // Set connection info in top-level namespace as well - request.Username = aws.String(d.Get("username").(string)) - request.Password = aws.String(d.Get("password").(string)) - request.ServerName = aws.String(d.Get("server_name").(string)) - request.Port = aws.Int64(int64(d.Get("port").(int))) - request.DatabaseName = aws.String(d.Get("database_name").(string)) + request.MongoDbSettings = &dms.MongoDbSettings{ + Username: aws.String(d.Get("username").(string)), + Password: aws.String(d.Get("password").(string)), + ServerName: aws.String(d.Get("server_name").(string)), + Port: aws.Int64(int64(d.Get("port").(int))), + DatabaseName: aws.String(d.Get("database_name").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + + AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), + AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), + NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), + ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), + DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), + AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), } + + // Set connection info in top-level namespace as well + request.Username = aws.String(d.Get("username").(string)) + request.Password = aws.String(d.Get("password").(string)) + request.ServerName = aws.String(d.Get("server_name").(string)) + request.Port = aws.Int64(int64(d.Get("port").(int))) + request.DatabaseName = aws.String(d.Get("database_name").(string)) case engineNameOracle: if _, ok := d.GetOk("secrets_manager_arn"); ok { request.OracleSettings = &dms.OracleSettings{ @@ -897,48 +878,30 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { if d.HasChanges( "username", "password", "server_name", "port", "database_name", "mongodb_settings.0.auth_type", "mongodb_settings.0.auth_mechanism", "mongodb_settings.0.nesting_level", "mongodb_settings.0.extract_doc_id", - "mongodb_settings.0.docs_to_investigate", "mongodb_settings.0.auth_source", "secrets_manager_arn", "secrets_manager_access_role_arn") { - if _, ok := d.GetOk("secrets_manager_arn"); ok { - request.MongoDbSettings = &dms.MongoDbSettings{ - SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), - SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), - - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), - - AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), - AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), - NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), - ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), - DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), - AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), - } - } else { - request.MongoDbSettings = &dms.MongoDbSettings{ - Username: aws.String(d.Get("username").(string)), - Password: aws.String(d.Get("password").(string)), - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), - - AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), - AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), - NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), - ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), - DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), - AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), - } + "mongodb_settings.0.docs_to_investigate", "mongodb_settings.0.auth_source") { + request.MongoDbSettings = &dms.MongoDbSettings{ + Username: aws.String(d.Get("username").(string)), + Password: aws.String(d.Get("password").(string)), + ServerName: aws.String(d.Get("server_name").(string)), + Port: aws.Int64(int64(d.Get("port").(int))), + DatabaseName: aws.String(d.Get("database_name").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), - // Set connection info in top-level namespace as well - request.Username = aws.String(d.Get("username").(string)) - request.Password = aws.String(d.Get("password").(string)) - request.ServerName = aws.String(d.Get("server_name").(string)) - request.Port = aws.Int64(int64(d.Get("port").(int))) - request.DatabaseName = aws.String(d.Get("database_name").(string)) + AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), + AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), + NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), + ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), + DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), + AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), } + request.EngineName = aws.String(engineName) + + // Update connection info in top-level namespace as well + request.Username = aws.String(d.Get("username").(string)) + request.Password = aws.String(d.Get("password").(string)) + request.ServerName = aws.String(d.Get("server_name").(string)) + request.Port = aws.Int64(int64(d.Get("port").(int))) + request.DatabaseName = aws.String(d.Get("database_name").(string)) hasChanges = true } From 1557e3b166b84a99284d99af58777a1df3e7d311 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 2 Jun 2022 10:41:20 -0400 Subject: [PATCH 09/10] r/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the 'mongodb' engine. Acceptance test output: % make testacc TESTARGS='-run=TestAccDMSEndpoint_MongoDB_' PKG=dms ACCTEST_PARALLELISM=2 ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./internal/service/dms/... -v -count 1 -parallel 2 -run=TestAccDMSEndpoint_MongoDB_ -timeout 180m === RUN TestAccDMSEndpoint_MongoDB_basic === PAUSE TestAccDMSEndpoint_MongoDB_basic === RUN TestAccDMSEndpoint_MongoDB_secretID === PAUSE TestAccDMSEndpoint_MongoDB_secretID === RUN TestAccDMSEndpoint_MongoDB_update === PAUSE TestAccDMSEndpoint_MongoDB_update === CONT TestAccDMSEndpoint_MongoDB_basic === CONT TestAccDMSEndpoint_MongoDB_update --- PASS: TestAccDMSEndpoint_MongoDB_basic (26.39s) === CONT TestAccDMSEndpoint_MongoDB_secretID --- PASS: TestAccDMSEndpoint_MongoDB_secretID (22.29s) --- PASS: TestAccDMSEndpoint_MongoDB_update (50.33s) PASS ok github.com/hashicorp/terraform-provider-aws/internal/service/dms 54.271s --- .changelog/23691.txt | 3 + internal/service/dms/endpoint.go | 96 ++++++++++++++--------- internal/service/dms/endpoint_test.go | 55 +++++++++++++ website/docs/r/dms_endpoint.html.markdown | 2 +- 4 files changed, 120 insertions(+), 36 deletions(-) create mode 100644 .changelog/23691.txt diff --git a/.changelog/23691.txt b/.changelog/23691.txt new file mode 100644 index 00000000000..c8d1d2dcefc --- /dev/null +++ b/.changelog/23691.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the `mongodb` engine +``` \ No newline at end of file diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index a89438881e5..e8310255301 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -659,24 +659,31 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error { case engineNameKinesis: input.KinesisSettings = expandKinesisSettings(d.Get("kinesis_settings").([]interface{})[0].(map[string]interface{})) case engineNameMongodb: - input.MongoDbSettings = &dms.MongoDbSettings{ - Username: aws.String(d.Get("username").(string)), - Password: aws.String(d.Get("password").(string)), - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), - - AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), - AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), - NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), - ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), - DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), - AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), + var settings = &dms.MongoDbSettings{} + + if _, ok := d.GetOk("secrets_manager_arn"); ok { + settings.SecretsManagerAccessRoleArn = aws.String(d.Get("secrets_manager_access_role_arn").(string)) + settings.SecretsManagerSecretId = aws.String(d.Get("secrets_manager_arn").(string)) + } else { + settings.Username = aws.String(d.Get("username").(string)) + settings.Password = aws.String(d.Get("password").(string)) + settings.ServerName = aws.String(d.Get("server_name").(string)) + settings.Port = aws.Int64(int64(d.Get("port").(int))) + + // Set connection info in top-level namespace as well + expandTopLevelConnectionInfo(d, input) } - // Set connection info in top-level namespace as well - expandTopLevelConnectionInfo(d, input) + settings.DatabaseName = aws.String(d.Get("database_name").(string)) + settings.KmsKeyId = aws.String(d.Get("kms_key_arn").(string)) + settings.AuthType = aws.String(d.Get("mongodb_settings.0.auth_type").(string)) + settings.AuthMechanism = aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)) + settings.NestingLevel = aws.String(d.Get("mongodb_settings.0.nesting_level").(string)) + settings.ExtractDocId = aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)) + settings.DocsToInvestigate = aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)) + settings.AuthSource = aws.String(d.Get("mongodb_settings.0.auth_source").(string)) + + input.MongoDbSettings = settings case engineNameOracle: if _, ok := d.GetOk("secrets_manager_arn"); ok { input.OracleSettings = &dms.OracleSettings{ @@ -909,26 +916,43 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { if d.HasChanges( "username", "password", "server_name", "port", "database_name", "mongodb_settings.0.auth_type", "mongodb_settings.0.auth_mechanism", "mongodb_settings.0.nesting_level", "mongodb_settings.0.extract_doc_id", - "mongodb_settings.0.docs_to_investigate", "mongodb_settings.0.auth_source") { - input.MongoDbSettings = &dms.MongoDbSettings{ - Username: aws.String(d.Get("username").(string)), - Password: aws.String(d.Get("password").(string)), - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), - - AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), - AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), - NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), - ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), - DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), - AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), - } - input.EngineName = aws.String(engineName) + "mongodb_settings.0.docs_to_investigate", "mongodb_settings.0.auth_source", "secrets_manager_access_role_arn", + "secrets_manager_arn") { + if _, ok := d.GetOk("secrets_manager_arn"); ok { + input.MongoDbSettings = &dms.MongoDbSettings{ + SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), + SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), + DatabaseName: aws.String(d.Get("database_name").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + + AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), + AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), + NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), + ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), + DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), + AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), + } + } else { + input.MongoDbSettings = &dms.MongoDbSettings{ + Username: aws.String(d.Get("username").(string)), + Password: aws.String(d.Get("password").(string)), + ServerName: aws.String(d.Get("server_name").(string)), + Port: aws.Int64(int64(d.Get("port").(int))), + DatabaseName: aws.String(d.Get("database_name").(string)), + KmsKeyId: aws.String(d.Get("kms_key_arn").(string)), + + AuthType: aws.String(d.Get("mongodb_settings.0.auth_type").(string)), + AuthMechanism: aws.String(d.Get("mongodb_settings.0.auth_mechanism").(string)), + NestingLevel: aws.String(d.Get("mongodb_settings.0.nesting_level").(string)), + ExtractDocId: aws.String(d.Get("mongodb_settings.0.extract_doc_id").(string)), + DocsToInvestigate: aws.String(d.Get("mongodb_settings.0.docs_to_investigate").(string)), + AuthSource: aws.String(d.Get("mongodb_settings.0.auth_source").(string)), + } + input.EngineName = aws.String(engineName) - // Update connection info in top-level namespace as well - expandTopLevelConnectionInfoModify(d, input) + // Update connection info in top-level namespace as well + expandTopLevelConnectionInfoModify(d, input) + } } case engineNameOracle: if d.HasChanges( @@ -1178,6 +1202,8 @@ func resourceEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoint) er d.Set("server_name", endpoint.MongoDbSettings.ServerName) d.Set("port", endpoint.MongoDbSettings.Port) d.Set("database_name", endpoint.MongoDbSettings.DatabaseName) + d.Set("secrets_manager_access_role_arn", endpoint.MongoDbSettings.SecretsManagerAccessRoleArn) + d.Set("secrets_manager_arn", endpoint.MongoDbSettings.SecretsManagerSecretId) } else { flattenTopLevelConnectionInfo(d, endpoint) } diff --git a/internal/service/dms/endpoint_test.go b/internal/service/dms/endpoint_test.go index 0aec9d3e539..5fe51b10bbf 100644 --- a/internal/service/dms/endpoint_test.go +++ b/internal/service/dms/endpoint_test.go @@ -553,6 +553,33 @@ func TestAccDMSEndpoint_MongoDB_basic(t *testing.T) { }) } +func TestAccDMSEndpoint_MongoDB_secretID(t *testing.T) { + resourceName := "aws_dms_endpoint.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), + ProviderFactories: acctest.ProviderFactories, + CheckDestroy: testAccCheckEndpointDestroy, + Steps: []resource.TestStep{ + { + Config: testAccEndpointConfig_mongoDBSecretID(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"password"}, + }, + }, + }) +} + // TestAccDMSEndpoint_MongoDB_update validates engine-specific // configured fields and extra_connection_attributes now set in the resource // per https://github.com/hashicorp/terraform-provider-aws/issues/8009 @@ -2181,6 +2208,34 @@ resource "aws_dms_endpoint" "test" { `, rName) } +func testAccEndpointConfig_mongoDBSecretID(rName string) string { + return acctest.ConfigCompose(testAccEndpointConfig_secretBase(rName), fmt.Sprintf(` +resource "aws_dms_endpoint" "test" { + endpoint_id = %[1]q + endpoint_type = "source" + engine_name = "mongodb" + database_name = "tftest" + secrets_manager_access_role_arn = aws_iam_role.test.arn + secrets_manager_arn = aws_secretsmanager_secret.test.id + + tags = { + Name = %[1]q + Update = "to-update" + Remove = "to-remove" + } + + mongodb_settings { + auth_type = "password" + auth_mechanism = "default" + nesting_level = "none" + extract_doc_id = "false" + docs_to_investigate = "1000" + auth_source = "admin" + } +} +`, rName)) +} + func testAccEndpointConfig_mongoDBUpdate(rName string) string { return fmt.Sprintf(` data "aws_kms_alias" "dms" { diff --git a/website/docs/r/dms_endpoint.html.markdown b/website/docs/r/dms_endpoint.html.markdown index 224515c0a9b..2b185ff7044 100644 --- a/website/docs/r/dms_endpoint.html.markdown +++ b/website/docs/r/dms_endpoint.html.markdown @@ -60,7 +60,7 @@ The following arguments are optional: * `port` - (Optional) Port used by the endpoint database. * `s3_settings` - (Optional) Configuration block for S3 settings. See below. * `secrets_manager_access_role_arn` - (Optional) ARN of the IAM role that specifies AWS DMS as the trusted entity and has the required permissions to access the value in SecretsManagerSecret. -* `secrets_manager_arn` - (Optional) Full ARN, partial ARN, or friendly name of the SecretsManagerSecret that contains the endpoint connection details. Supported only for `engine_name` as `aurora`, `mariadb`, `mysql`, `oracle`, `postgres`, `redshift` or `sqlserver`. +* `secrets_manager_arn` - (Optional) Full ARN, partial ARN, or friendly name of the SecretsManagerSecret that contains the endpoint connection details. Supported only for `engine_name` as `aurora`, `mariadb`, `mongodb`, `mysql`, `oracle`, `postgres`, `redshift` or `sqlserver`. * `server_name` - (Optional) Host name of the server. * `service_access_role` - (Optional) ARN used by the service access IAM role for dynamodb endpoints. * `ssl_mode` - (Optional, Default: none) SSL mode to use for the connection. Valid values are `none`, `require`, `verify-ca`, `verify-full` From 076d7cb5bb4df116af022a20d5d554a7d6f78f94 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 2 Jun 2022 10:58:58 -0400 Subject: [PATCH 10/10] r/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the 'aurora-postgresql' engine. Acceptance test output: % make testacc TESTARGS='-run=TestAccDMSEndpoint_AuroraPostgreSQL_' PKG=dms ACCTEST_PARALLELISM=2 ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./internal/service/dms/... -v -count 1 -parallel 2 -run=TestAccDMSEndpoint_AuroraPostgreSQL_ -timeout 180m === RUN TestAccDMSEndpoint_AuroraPostgreSQL_basic === PAUSE TestAccDMSEndpoint_AuroraPostgreSQL_basic === RUN TestAccDMSEndpoint_AuroraPostgreSQL_secretID === PAUSE TestAccDMSEndpoint_AuroraPostgreSQL_secretID === RUN TestAccDMSEndpoint_AuroraPostgreSQL_update === PAUSE TestAccDMSEndpoint_AuroraPostgreSQL_update === CONT TestAccDMSEndpoint_AuroraPostgreSQL_basic === CONT TestAccDMSEndpoint_AuroraPostgreSQL_update --- PASS: TestAccDMSEndpoint_AuroraPostgreSQL_basic (34.30s) === CONT TestAccDMSEndpoint_AuroraPostgreSQL_secretID --- PASS: TestAccDMSEndpoint_AuroraPostgreSQL_update (39.57s) --- PASS: TestAccDMSEndpoint_AuroraPostgreSQL_secretID (27.26s) PASS ok github.com/hashicorp/terraform-provider-aws/internal/service/dms 65.485s --- .changelog/23691.txt | 2 +- internal/service/dms/endpoint.go | 108 ++++++------ internal/service/dms/endpoint_test.go | 204 +++++++++++++++++++--- website/docs/r/dms_endpoint.html.markdown | 2 +- 4 files changed, 239 insertions(+), 77 deletions(-) diff --git a/.changelog/23691.txt b/.changelog/23691.txt index c8d1d2dcefc..b274bcc580f 100644 --- a/.changelog/23691.txt +++ b/.changelog/23691.txt @@ -1,3 +1,3 @@ ```release-note:enhancement -resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the `mongodb` engine +resource/aws_dms_endpoint: Add ability to use AWS Secrets Manager with the `aurora-postgresql` and `mongodb` engines ``` \ No newline at end of file diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index e8310255301..3c76cacc177 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -640,6 +640,25 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error { DatabaseName: aws.String(d.Get("database_name").(string)), } + // Set connection info in top-level namespace as well + expandTopLevelConnectionInfo(d, input) + } + case engineNameAuroraPostgresql, engineNamePostgres: + if _, ok := d.GetOk("secrets_manager_arn"); ok { + input.PostgreSQLSettings = &dms.PostgreSQLSettings{ + SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), + SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), + DatabaseName: aws.String(d.Get("database_name").(string)), + } + } else { + input.PostgreSQLSettings = &dms.PostgreSQLSettings{ + Username: aws.String(d.Get("username").(string)), + Password: aws.String(d.Get("password").(string)), + ServerName: aws.String(d.Get("server_name").(string)), + Port: aws.Int64(int64(d.Get("port").(int))), + DatabaseName: aws.String(d.Get("database_name").(string)), + } + // Set connection info in top-level namespace as well expandTopLevelConnectionInfo(d, input) } @@ -700,25 +719,6 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error { DatabaseName: aws.String(d.Get("database_name").(string)), } - // Set connection info in top-level namespace as well - expandTopLevelConnectionInfo(d, input) - } - case engineNamePostgres: - if _, ok := d.GetOk("secrets_manager_arn"); ok { - input.PostgreSQLSettings = &dms.PostgreSQLSettings{ - SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), - SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), - DatabaseName: aws.String(d.Get("database_name").(string)), - } - } else { - input.PostgreSQLSettings = &dms.PostgreSQLSettings{ - Username: aws.String(d.Get("username").(string)), - Password: aws.String(d.Get("password").(string)), - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - } - // Set connection info in top-level namespace as well expandTopLevelConnectionInfo(d, input) } @@ -878,6 +878,30 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { } input.EngineName = aws.String(engineName) + // Update connection info in top-level namespace as well + expandTopLevelConnectionInfoModify(d, input) + } + } + case engineNameAuroraPostgresql, engineNamePostgres: + if d.HasChanges( + "username", "password", "server_name", "port", "database_name", "secrets_manager_access_role_arn", + "secrets_manager_arn") { + if _, ok := d.GetOk("secrets_manager_arn"); ok { + input.PostgreSQLSettings = &dms.PostgreSQLSettings{ + DatabaseName: aws.String(d.Get("database_name").(string)), + SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), + SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), + } + } else { + input.PostgreSQLSettings = &dms.PostgreSQLSettings{ + Username: aws.String(d.Get("username").(string)), + Password: aws.String(d.Get("password").(string)), + ServerName: aws.String(d.Get("server_name").(string)), + Port: aws.Int64(int64(d.Get("port").(int))), + DatabaseName: aws.String(d.Get("database_name").(string)), + } + input.EngineName = aws.String(engineName) // Must be included (should be 'postgres') + // Update connection info in top-level namespace as well expandTopLevelConnectionInfoModify(d, input) } @@ -974,30 +998,6 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { } input.EngineName = aws.String(engineName) // Must be included (should be 'oracle') - // Update connection info in top-level namespace as well - expandTopLevelConnectionInfoModify(d, input) - } - } - case engineNamePostgres: - if d.HasChanges( - "username", "password", "server_name", "port", "database_name", "secrets_manager_access_role_arn", - "secrets_manager_arn") { - if _, ok := d.GetOk("secrets_manager_arn"); ok { - input.PostgreSQLSettings = &dms.PostgreSQLSettings{ - DatabaseName: aws.String(d.Get("database_name").(string)), - SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)), - SecretsManagerSecretId: aws.String(d.Get("secrets_manager_arn").(string)), - } - } else { - input.PostgreSQLSettings = &dms.PostgreSQLSettings{ - Username: aws.String(d.Get("username").(string)), - Password: aws.String(d.Get("password").(string)), - ServerName: aws.String(d.Get("server_name").(string)), - Port: aws.Int64(int64(d.Get("port").(int))), - DatabaseName: aws.String(d.Get("database_name").(string)), - } - input.EngineName = aws.String(engineName) // Must be included (should be 'postgres') - // Update connection info in top-level namespace as well expandTopLevelConnectionInfoModify(d, input) } @@ -1170,6 +1170,17 @@ func resourceEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoint) er } else { flattenTopLevelConnectionInfo(d, endpoint) } + case engineNameAuroraPostgresql, engineNamePostgres: + if endpoint.PostgreSQLSettings != nil { + d.Set("username", endpoint.PostgreSQLSettings.Username) + d.Set("server_name", endpoint.PostgreSQLSettings.ServerName) + d.Set("port", endpoint.PostgreSQLSettings.Port) + d.Set("database_name", endpoint.PostgreSQLSettings.DatabaseName) + d.Set("secrets_manager_access_role_arn", endpoint.PostgreSQLSettings.SecretsManagerAccessRoleArn) + d.Set("secrets_manager_arn", endpoint.PostgreSQLSettings.SecretsManagerSecretId) + } else { + flattenTopLevelConnectionInfo(d, endpoint) + } case engineNameDynamoDB: if endpoint.DynamoDbSettings != nil { d.Set("service_access_role", endpoint.DynamoDbSettings.ServiceAccessRoleArn) @@ -1221,17 +1232,6 @@ func resourceEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoint) er } else { flattenTopLevelConnectionInfo(d, endpoint) } - case engineNamePostgres: - if endpoint.PostgreSQLSettings != nil { - d.Set("username", endpoint.PostgreSQLSettings.Username) - d.Set("server_name", endpoint.PostgreSQLSettings.ServerName) - d.Set("port", endpoint.PostgreSQLSettings.Port) - d.Set("database_name", endpoint.PostgreSQLSettings.DatabaseName) - d.Set("secrets_manager_access_role_arn", endpoint.PostgreSQLSettings.SecretsManagerAccessRoleArn) - d.Set("secrets_manager_arn", endpoint.PostgreSQLSettings.SecretsManagerSecretId) - } else { - flattenTopLevelConnectionInfo(d, endpoint) - } case engineNameRedshift: if endpoint.RedshiftSettings != nil { d.Set("username", endpoint.RedshiftSettings.Username) diff --git a/internal/service/dms/endpoint_test.go b/internal/service/dms/endpoint_test.go index 5fe51b10bbf..6a7c2668d57 100644 --- a/internal/service/dms/endpoint_test.go +++ b/internal/service/dms/endpoint_test.go @@ -148,6 +148,99 @@ func TestAccDMSEndpoint_Aurora_update(t *testing.T) { }) } +func TestAccDMSEndpoint_AuroraPostgreSQL_basic(t *testing.T) { + resourceName := "aws_dms_endpoint.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), + ProviderFactories: acctest.ProviderFactories, + CheckDestroy: testAccCheckEndpointDestroy, + Steps: []resource.TestStep{ + { + Config: testAccEndpointConfig_auroraPostgreSQL(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"password"}, + }, + }, + }) +} + +func TestAccDMSEndpoint_AuroraPostgreSQL_secretID(t *testing.T) { + resourceName := "aws_dms_endpoint.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), + ProviderFactories: acctest.ProviderFactories, + CheckDestroy: testAccCheckEndpointDestroy, + Steps: []resource.TestStep{ + { + Config: testAccEndpointConfig_auroraPostgreSQLSecretID(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccDMSEndpoint_AuroraPostgreSQL_update(t *testing.T) { + resourceName := "aws_dms_endpoint.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), + ProviderFactories: acctest.ProviderFactories, + CheckDestroy: testAccCheckEndpointDestroy, + Steps: []resource.TestStep{ + { + Config: testAccEndpointConfig_auroraPostgreSQL(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), + ), + }, + { + Config: testAccEndpointConfig_auroraPostgreSQLUpdate(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "server_name", "tftest-new-server_name"), + resource.TestCheckResourceAttr(resourceName, "port", "27018"), + resource.TestCheckResourceAttr(resourceName, "username", "tftest-new-username"), + resource.TestCheckResourceAttr(resourceName, "password", "tftest-new-password"), + resource.TestCheckResourceAttr(resourceName, "database_name", "tftest-new-database_name"), + resource.TestCheckResourceAttr(resourceName, "ssl_mode", "require"), + resource.TestMatchResourceAttr(resourceName, "extra_connection_attributes", regexp.MustCompile(`key=value;`)), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"password"}, + }, + }, + }) +} + func TestAccDMSEndpoint_S3_basic(t *testing.T) { resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -1530,6 +1623,74 @@ resource "aws_dms_endpoint" "test" { `, rName) } +func testAccEndpointConfig_auroraPostgreSQL(rName string) string { + return fmt.Sprintf(` +resource "aws_dms_endpoint" "test" { + endpoint_id = %[1]q + endpoint_type = "source" + engine_name = "aurora-postgresql" + server_name = "tftest" + port = 27017 + username = "tftest" + password = "tftest" + database_name = "tftest" + ssl_mode = "none" + extra_connection_attributes = "" + + tags = { + Name = %[1]q + Update = "to-update" + Remove = "to-remove" + } +} +`, rName) +} + +func testAccEndpointConfig_auroraPostgreSQLSecretID(rName string) string { + return acctest.ConfigCompose(testAccEndpointConfig_secretBase(rName), fmt.Sprintf(` +resource "aws_dms_endpoint" "test" { + endpoint_id = %[1]q + endpoint_type = "source" + engine_name = "aurora-postgresql" + secrets_manager_access_role_arn = aws_iam_role.test.arn + secrets_manager_arn = aws_secretsmanager_secret.test.id + + database_name = "tftest" + ssl_mode = "none" + extra_connection_attributes = "" + + tags = { + Name = "tf-test-dms-endpoint-%[1]s" + Update = "to-update" + Remove = "to-remove" + } +} +`, rName)) +} + +func testAccEndpointConfig_auroraPostgreSQLUpdate(rName string) string { + return fmt.Sprintf(` +resource "aws_dms_endpoint" "test" { + endpoint_id = %[1]q + endpoint_type = "source" + engine_name = "aurora-postgresql" + server_name = "tftest-new-server_name" + port = 27018 + username = "tftest-new-username" + password = "tftest-new-password" + database_name = "tftest-new-database_name" + ssl_mode = "require" + extra_connection_attributes = "key=value;" + + tags = { + Name = %[1]q + Update = "updated" + Add = "added" + } +} +`, rName) +} + func testAccEndpointConfig_dynamoDB(rName string) string { return fmt.Sprintf(` data "aws_partition" "current" {} @@ -2490,6 +2651,28 @@ resource "aws_dms_endpoint" "test" { `, rName) } +func testAccEndpointConfig_postgreSQLSecretID(rName string) string { + return acctest.ConfigCompose(testAccEndpointConfig_secretBase(rName), fmt.Sprintf(` +resource "aws_dms_endpoint" "test" { + endpoint_id = %[1]q + endpoint_type = "source" + engine_name = "postgres" + secrets_manager_access_role_arn = aws_iam_role.test.arn + secrets_manager_arn = aws_secretsmanager_secret.test.id + + database_name = "tftest" + ssl_mode = "none" + extra_connection_attributes = "" + + tags = { + Name = "tf-test-dms-endpoint-%[1]s" + Update = "to-update" + Remove = "to-remove" + } +} +`, rName)) +} + func testAccEndpointConfig_postgreSQLUpdate(rName string) string { return fmt.Sprintf(` resource "aws_dms_endpoint" "test" { @@ -2512,27 +2695,6 @@ resource "aws_dms_endpoint" "test" { } `, rName) } -func testAccEndpointConfig_postgreSQLSecretID(rName string) string { - return acctest.ConfigCompose(testAccEndpointConfig_secretBase(rName), fmt.Sprintf(` -resource "aws_dms_endpoint" "test" { - endpoint_id = %[1]q - endpoint_type = "source" - engine_name = "postgres" - secrets_manager_access_role_arn = aws_iam_role.test.arn - secrets_manager_arn = aws_secretsmanager_secret.test.id - - database_name = "tftest" - ssl_mode = "none" - extra_connection_attributes = "" - - tags = { - Name = "tf-test-dms-endpoint-%[1]s" - Update = "to-update" - Remove = "to-remove" - } -} -`, rName)) -} func testAccEndpointConfig_SQLServer(rName string) string { return fmt.Sprintf(` diff --git a/website/docs/r/dms_endpoint.html.markdown b/website/docs/r/dms_endpoint.html.markdown index 2b185ff7044..030822cbc95 100644 --- a/website/docs/r/dms_endpoint.html.markdown +++ b/website/docs/r/dms_endpoint.html.markdown @@ -60,7 +60,7 @@ The following arguments are optional: * `port` - (Optional) Port used by the endpoint database. * `s3_settings` - (Optional) Configuration block for S3 settings. See below. * `secrets_manager_access_role_arn` - (Optional) ARN of the IAM role that specifies AWS DMS as the trusted entity and has the required permissions to access the value in SecretsManagerSecret. -* `secrets_manager_arn` - (Optional) Full ARN, partial ARN, or friendly name of the SecretsManagerSecret that contains the endpoint connection details. Supported only for `engine_name` as `aurora`, `mariadb`, `mongodb`, `mysql`, `oracle`, `postgres`, `redshift` or `sqlserver`. +* `secrets_manager_arn` - (Optional) Full ARN, partial ARN, or friendly name of the SecretsManagerSecret that contains the endpoint connection details. Supported only for `engine_name` as `aurora`, `aurora-postgresql`, `mariadb`, `mongodb`, `mysql`, `oracle`, `postgres`, `redshift` or `sqlserver`. * `server_name` - (Optional) Host name of the server. * `service_access_role` - (Optional) ARN used by the service access IAM role for dynamodb endpoints. * `ssl_mode` - (Optional, Default: none) SSL mode to use for the connection. Valid values are `none`, `require`, `verify-ca`, `verify-full`