lakeformation: Add new aws_lakeformation_resource_lf_tags resource

[YakDriver]

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #19640
Closes #20996
Relates #19523
Relates #19648

Output from acceptance testing:

% make testacc TESTS="TestAccLakeFormation_serial/ResourceLFTags" PKG=lakeformation
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/lakeformation/... -v -count 1 -parallel 20 -run='TestAccLakeFormation_serial/ResourceLFTags'  -timeout 180m
--- PASS: TestAccLakeFormation_serial (283.81s)
    --- PASS: TestAccLakeFormation_serial/ResourceLFTags (283.81s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/tableWithColumns (66.94s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/basic (33.07s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/database (59.78s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/databaseMultiple (61.75s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/table (62.27s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/lakeformation	285.088s

[YakDriver]

@sbrandtb @danielcmessias @stevenayers @maiarareinaldo @simonB2020 Do you have any feedback on this PR?

[danielcmessias]

Looks great, few small comments/questions

[danielcmessias]

minor but this is inferred by default, in which case probably not needed in these examples as you'd likely only be setting for multi-catalog / cross-account access setups?

[YakDriver]

Fixed!

[danielcmessias]

what happens if you assign the same key twice but with diferent values, e.g.

lf_tag {
  key   = "left"
  value = "luffield"
}

lf_tag {
  key   = "left"
  value = "aintree"
}

Does the LF api catch this and error, or will it silently pick one?

[YakDriver]

It catches the error:

Error: creating AWS Lake Formation Resource LF Tags ({
          LFTags: [{
              TagKey: "tf-acc-test-1974583174579168682-2",
              TagValues: ["vale"]
            },{
              TagKey: "tf-acc-test-1974583174579168682",
              TagValues: ["luffield"]
            },{
              TagKey: "tf-acc-test-1974583174579168682",
              TagValues: ["woodcote"]
            }],
          Resource: {
            TableWithColumns: {
              ColumnNames: ["event","timestamp"],
              DatabaseName: "tf-acc-test-1974583174579168682",
              Name: "tf-acc-test-1974583174579168682"
            }
          }
        }): InvalidInputException: Provided list of tags contains duplicate tag key

[danielcmessias]

should we be looking to update the terraform state for all/any of the successful lf_tag applies before exiting with error if there are any failures?

[ewbankkit]

We could return a diag.Warning for each LFTag that fails and only an overall diag.Error if failures.Len() == len(input. LFTags)?

[YakDriver]

The trouble is that we don't update state in Create (except a tiny bit). I'm not sure how helpful it would be in that these are very fast operations and on the next successful Read, the state will be fixed. I think we need to stick with the framework and let Read handle state updates unless there's some really compelling reason. This is all ForceNew, so it's going to Delete and Create again in order to do any creating. That may cause problems but updating state in Create won't fix that.

[YakDriver]

I don't know where else we're doing something like this so it might be a first. Stack of failure warning, as requested. In my testing, I haven't seen exactly what a failure is. For example, if you send duplicates of a key, you get an error back on the whole AddLFTagsToResource operation so this logic is never reached. Hopefully it won't confuse people.

[ewbankkit]

% make testacc TESTS="TestAccLakeFormation_serial/ResourceLFTags" PKG=lakeformation
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/lakeformation/... -v -count 1 -parallel 20 -run='TestAccLakeFormation_serial/ResourceLFTags'  -timeout 180m
=== RUN   TestAccLakeFormation_serial
=== RUN   TestAccLakeFormation_serial/ResourceLFTags
=== RUN   TestAccLakeFormation_serial/ResourceLFTags/basic
=== RUN   TestAccLakeFormation_serial/ResourceLFTags/database
=== RUN   TestAccLakeFormation_serial/ResourceLFTags/databaseMultiple
=== RUN   TestAccLakeFormation_serial/ResourceLFTags/table
=== RUN   TestAccLakeFormation_serial/ResourceLFTags/tableWithColumns
--- PASS: TestAccLakeFormation_serial (155.17s)
    --- PASS: TestAccLakeFormation_serial/ResourceLFTags (155.17s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/basic (20.17s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/database (30.77s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/databaseMultiple (33.93s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/table (34.12s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/tableWithColumns (36.18s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/lakeformation	159.543s

[YakDriver]

Looks great, few small comments/questions

Thank you for taking a look!

[stevenayers]

@YakDriver this looks fantastic, thanks for closing the loop here.

[ewbankkit]

LGTM 🚀.

% make testacc TESTS="TestAccLakeFormation_serial/ResourceLFTags" PKG=lakeformation
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/lakeformation/... -v -count 1 -parallel 20 -run='TestAccLakeFormation_serial/ResourceLFTags'  -timeout 180m
=== RUN   TestAccLakeFormation_serial
=== RUN   TestAccLakeFormation_serial/ResourceLFTags
=== RUN   TestAccLakeFormation_serial/ResourceLFTags/tableWithColumns
=== RUN   TestAccLakeFormation_serial/ResourceLFTags/basic
=== RUN   TestAccLakeFormation_serial/ResourceLFTags/database
=== RUN   TestAccLakeFormation_serial/ResourceLFTags/databaseMultiple
=== RUN   TestAccLakeFormation_serial/ResourceLFTags/table
--- PASS: TestAccLakeFormation_serial (161.23s)
    --- PASS: TestAccLakeFormation_serial/ResourceLFTags (161.23s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/tableWithColumns (37.66s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/basic (17.18s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/database (35.28s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/databaseMultiple (33.85s)
        --- PASS: TestAccLakeFormation_serial/ResourceLFTags/table (37.26s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/lakeformation	166.215s

[github-actions]

This functionality has been released in v4.21.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.