Merge pull request #40514 from hashicorp/b-elasticache-replication-gr…

…oup-nullable-bool resource/aws_elasticache_replication_group: Make `at_rest_encryption_enabled` nullable Bool
hashicorp · Dec 13, 2024 · c023bbd · c023bbd
2 parents 62ea9b7 + 0562890
commit c023bbd
Show file tree

Hide file tree

Showing 4 changed files with 245 additions and 63 deletions.
diff --git a/.changelog/40514.txt b/.changelog/40514.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_elasticache_replication_group: Prevent perpetual diff which triggers resource replacement on `at_rest_encryption_enabled` when `engine` is `valkey`.
+```
diff --git a/internal/service/elasticache/replication_group.go b/internal/service/elasticache/replication_group.go
@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"log"
 	"slices"
+	"strconv"
 	"strings"
 	"time"
 
@@ -67,10 +68,11 @@ func resourceReplicationGroup() *schema.Resource {
 				Computed: true,
 			},
 			"at_rest_encryption_enabled": {
-				Type:     schema.TypeBool,
-				Optional: true,
-				ForceNew: true,
-				Computed: true,
+				Type:         nullable.TypeNullableBool,
+				Optional:     true,
+				ForceNew:     true,
+				Computed:     true,
+				ValidateFunc: nullable.ValidateTypeStringNullableBool,
 			},
 			"auth_token": {
 				Type:          schema.TypeString,
@@ -434,8 +436,10 @@ func resourceReplicationGroupCreate(ctx context.Context, d *schema.ResourceData,
 		Tags:               getTagsIn(ctx),
 	}
 
-	if _, ok := d.GetOk("at_rest_encryption_enabled"); ok {
-		input.AtRestEncryptionEnabled = aws.Bool(d.Get("at_rest_encryption_enabled").(bool))
+	if v, ok := d.GetOk("at_rest_encryption_enabled"); ok {
+		if v, null, _ := nullable.Bool(v.(string)).ValueBool(); !null {
+			input.AtRestEncryptionEnabled = aws.Bool(v)
+		}
 	}
 
 	if v, ok := d.GetOk("auth_token"); ok {
@@ -764,7 +768,7 @@ func resourceReplicationGroupRead(ctx context.Context, d *schema.ResourceData, m
 			return sdkdiag.AppendErrorf(diags, "reading ElastiCache Replication Group (%s): reading Cache Cluster (%s): %s", d.Id(), aws.ToString(cacheCluster.CacheClusterId), err)
 		}
 
-		d.Set("at_rest_encryption_enabled", c.AtRestEncryptionEnabled)
+		d.Set("at_rest_encryption_enabled", strconv.FormatBool(aws.ToBool(c.AtRestEncryptionEnabled)))
 		// `aws_elasticache_cluster` resource doesn't define `security_group_names`, but `aws_elasticache_replication_group` does.
 		// The value for that comes from []CacheSecurityGroupMembership which is part of CacheCluster object in AWS API.
 		// We need to set it here, as it is not set in setFromCacheCluster, and we cannot add it to that function