Skip to content

Commit

Permalink
Merge pull request #35500 from Ziziann/f-aws_db_instance-add-self-man…
Browse files Browse the repository at this point in the history
…aged-domain

feat: add self managed active directory settings to aws_db_instance
  • Loading branch information
ewbankkit authored Feb 6, 2024
2 parents 36d2a70 + 3831720 commit e49b3e1
Show file tree
Hide file tree
Showing 4 changed files with 416 additions and 7 deletions.
3 changes: 3 additions & 0 deletions .changelog/35500.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
resource/aws_db_instance: Add `domain_auth_secret_arn`, `domain_dns_ips`, `domain_fqdn`, and `domain_ou` arguments to support [self-managed Active Directory](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServer_SelfManagedActiveDirectory.html)
```
106 changes: 101 additions & 5 deletions internal/service/rds/instance.go
Original file line number Diff line number Diff line change
Expand Up @@ -222,12 +222,42 @@ func ResourceInstance() *schema.Resource {
Optional: true,
},
"domain": {
Type: schema.TypeString,
Type: schema.TypeString,
Optional: true,
ConflictsWith: []string{"domain_fqdn", "domain_ou", "domain_auth_secret_arn", "domain_dns_ips"},
},
"domain_auth_secret_arn": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: verify.ValidARN,
ConflictsWith: []string{"domain", "domain_iam_role_name"},
},
"domain_dns_ips": {
Type: schema.TypeSet,
Optional: true,
MinItems: 2,
MaxItems: 2,
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validation.IsIPAddress,
},
ConflictsWith: []string{"domain", "domain_iam_role_name"},
},
"domain_fqdn": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ConflictsWith: []string{"domain", "domain_iam_role_name"},
},
"domain_iam_role_name": {
Type: schema.TypeString,
Optional: true,
Type: schema.TypeString,
Optional: true,
ConflictsWith: []string{"domain_fqdn", "domain_ou", "domain_auth_secret_arn", "domain_dns_ips"},
},
"domain_ou": {
Type: schema.TypeString,
Optional: true,
ConflictsWith: []string{"domain", "domain_iam_role_name"},
},
"enabled_cloudwatch_logs_exports": {
Type: schema.TypeSet,
Expand Down Expand Up @@ -1085,10 +1115,26 @@ func resourceInstanceCreate(ctx context.Context, d *schema.ResourceData, meta in
input.Domain = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_auth_secret_arn"); ok {
input.DomainAuthSecretArn = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_dns_ips"); ok && v.(*schema.Set).Len() > 0 {
input.DomainDnsIps = flex.ExpandStringSet(v.(*schema.Set))
}

if v, ok := d.GetOk("domain_fqdn"); ok {
input.DomainFqdn = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_iam_role_name"); ok {
input.DomainIAMRoleName = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_ou"); ok {
input.DomainOu = aws.String(v.(string))
}

if v, ok := d.GetOk("enabled_cloudwatch_logs_exports"); ok && v.(*schema.Set).Len() > 0 {
input.EnableCloudwatchLogsExports = flex.ExpandStringSet(v.(*schema.Set))
}
Expand Down Expand Up @@ -1314,6 +1360,22 @@ func resourceInstanceCreate(ctx context.Context, d *schema.ResourceData, meta in
input.DomainIAMRoleName = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_fqdn"); ok {
input.DomainFqdn = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_ou"); ok {
input.DomainOu = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_auth_secret_arn"); ok {
input.DomainAuthSecretArn = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_dns_ips"); ok && v.(*schema.Set).Len() > 0 {
input.DomainDnsIps = flex.ExpandStringSet(v.(*schema.Set))
}

if v, ok := d.GetOk("enabled_cloudwatch_logs_exports"); ok && v.(*schema.Set).Len() > 0 {
input.EnableCloudwatchLogsExports = flex.ExpandStringSet(v.(*schema.Set))
}
Expand Down Expand Up @@ -1473,10 +1535,26 @@ func resourceInstanceCreate(ctx context.Context, d *schema.ResourceData, meta in
input.Domain = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_auth_secret_arn"); ok {
input.DomainAuthSecretArn = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_dns_ips"); ok && v.(*schema.Set).Len() > 0 {
input.DomainDnsIps = flex.ExpandStringSet(v.(*schema.Set))
}

if v, ok := d.GetOk("domain_fqdn"); ok {
input.DomainFqdn = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_iam_role_name"); ok {
input.DomainIAMRoleName = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_ou"); ok {
input.DomainOu = aws.String(v.(string))
}

if v, ok := d.GetOk("enabled_cloudwatch_logs_exports"); ok && v.(*schema.Set).Len() > 0 {
input.EnableCloudwatchLogsExports = flex.ExpandStringSet(v.(*schema.Set))
}
Expand Down Expand Up @@ -1694,11 +1772,20 @@ func resourceInstanceRead(ctx context.Context, d *schema.ResourceData, meta inte
}
d.Set("deletion_protection", v.DeletionProtection)
if len(v.DomainMemberships) > 0 && v.DomainMemberships[0] != nil {
d.Set("domain", v.DomainMemberships[0].Domain)
d.Set("domain_iam_role_name", v.DomainMemberships[0].IAMRoleName)
v := v.DomainMemberships[0]
d.Set("domain", v.Domain)
d.Set("domain_auth_secret_arn", v.AuthSecretArn)
d.Set("domain_dns_ips", aws.StringValueSlice(v.DnsIps))
d.Set("domain_fqdn", v.FQDN)
d.Set("domain_iam_role_name", v.IAMRoleName)
d.Set("domain_ou", v.OU)
} else {
d.Set("domain", nil)
d.Set("domain_auth_secret_arn", nil)
d.Set("domain_dns_ips", nil)
d.Set("domain_fqdn", nil)
d.Set("domain_iam_role_name", nil)
d.Set("domain_ou", nil)
}
d.Set("enabled_cloudwatch_logs_exports", aws.StringValueSlice(v.EnabledCloudwatchLogsExports))
d.Set("engine", v.Engine)
Expand Down Expand Up @@ -2074,10 +2161,19 @@ func dbInstancePopulateModify(input *rds_sdkv2.ModifyDBInstanceInput, d *schema.
// Always set this. Fixes TestAccRDSInstance_BlueGreenDeployment_updateWithDeletionProtection
input.DeletionProtection = aws.Bool(d.Get("deletion_protection").(bool))

// "InvalidParameterCombination: Specify the parameters for either AWS Managed Active Directory or self-managed Active Directory".
if d.HasChanges("domain", "domain_iam_role_name") {
needsModify = true
input.Domain = aws.String(d.Get("domain").(string))
input.DomainIAMRoleName = aws.String(d.Get("domain_iam_role_name").(string))
} else if d.HasChanges("domain_auth_secret_arn", "domain_dns_ips", "domain_fqdn", "domain_ou") {
needsModify = true
input.DomainAuthSecretArn = aws.String(d.Get("domain_auth_secret_arn").(string))
if v, ok := d.GetOk("domain_dns_ips"); ok && v.(*schema.Set).Len() > 0 {
input.DomainDnsIps = flex.ExpandStringValueSet(v.(*schema.Set))
}
input.DomainFqdn = aws.String(d.Get("domain_fqdn").(string))
input.DomainOu = aws.String(d.Get("domain_ou").(string))
}

if d.HasChange("enabled_cloudwatch_logs_exports") {
Expand Down
Loading

0 comments on commit e49b3e1

Please sign in to comment.