From 47d7f89938ac6dabf5fbf3684b8072d11feaa42f Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Mon, 17 Feb 2020 13:49:19 +0200 Subject: [PATCH 1/8] add kms support for iscsi volume --- ..._aws_storagegateway_cached_iscsi_volume.go | 23 +++++ ...storagegateway_cached_iscsi_volume_test.go | 99 +++++++++++++++++++ ...egateway_cached_iscsi_volume.html.markdown | 2 + 3 files changed, 124 insertions(+) diff --git a/aws/resource_aws_storagegateway_cached_iscsi_volume.go b/aws/resource_aws_storagegateway_cached_iscsi_volume.go index c35ed2901f9..843c1184b22 100644 --- a/aws/resource_aws_storagegateway_cached_iscsi_volume.go +++ b/aws/resource_aws_storagegateway_cached_iscsi_volume.go @@ -87,6 +87,15 @@ func resourceAwsStorageGatewayCachedIscsiVolume() *schema.Resource { ForceNew: true, }, "tags": tagsSchema(), + "kms_encrypted": { + Type: schema.TypeBool, + Optional: true, + }, + "kms_key": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validateArn, + }, }, } } @@ -111,6 +120,14 @@ func resourceAwsStorageGatewayCachedIscsiVolumeCreate(d *schema.ResourceData, me input.SourceVolumeARN = aws.String(v.(string)) } + if v, ok := d.GetOk("kms_key"); ok { + input.KMSKey = aws.String(v.(string)) + } + + if v, ok := d.GetOk("kms_encrypted"); ok { + input.KMSEncrypted = aws.Bool(v.(bool)) + } + log.Printf("[DEBUG] Creating Storage Gateway cached iSCSI volume: %s", input) output, err := conn.CreateCachediSCSIVolume(input) if err != nil { @@ -169,6 +186,12 @@ func resourceAwsStorageGatewayCachedIscsiVolumeRead(d *schema.ResourceData, meta d.Set("volume_arn", arn) d.Set("volume_id", aws.StringValue(volume.VolumeId)) d.Set("volume_size_in_bytes", int(aws.Int64Value(volume.VolumeSizeInBytes))) + d.Set("kms_key", volume.KMSKey) + if volume.KMSKey != nil { + d.Set("kms_encrypted", true) + } else { + d.Set("kms_encrypted", false) + } tags, err := keyvaluetags.StoragegatewayListTags(conn, arn) if err != nil { diff --git a/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go b/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go index 224b5a23a78..8b07db86614 100644 --- a/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go +++ b/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go @@ -94,6 +94,35 @@ func TestAccAWSStorageGatewayCachedIscsiVolume_basic(t *testing.T) { resource.TestMatchResourceAttr(resourceName, "volume_id", regexp.MustCompile(`^vol-.+$`)), testAccMatchResourceAttrRegionalARN(resourceName, "volume_arn", "storagegateway", regexp.MustCompile(`gateway/sgw-.+/volume/vol-.`)), resource.TestCheckResourceAttr(resourceName, "volume_size_in_bytes", "5368709120"), + resource.TestCheckResourceAttr(resourceName, "kms_encrypted", "false"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccAWSStorageGatewayCachedIscsiVolume_kms(t *testing.T) { + var cachedIscsiVolume storagegateway.CachediSCSIVolume + rName := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_storagegateway_cached_iscsi_volume.test" + keyResourceName := "aws_kms_key.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSStorageGatewayCachedIscsiVolumeDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSStorageGatewayCachedIscsiVolumeConfigKMSEncrypted(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSStorageGatewayCachedIscsiVolumeExists(resourceName, &cachedIscsiVolume), + resource.TestCheckResourceAttr(resourceName, "kms_encrypted", "true"), + resource.TestCheckResourceAttrPair(resourceName, "kms_key", keyResourceName, "arn"), ), }, { @@ -347,6 +376,76 @@ resource "aws_storagegateway_cached_iscsi_volume" "test" { `, rName)) } +func testAccAWSStorageGatewayCachedIscsiVolumeConfigKMSEncrypted(rName string) string { + return testAccAWSStorageGatewayGatewayConfig_GatewayType_Cached(rName) + fmt.Sprintf(` +resource "aws_ebs_volume" "test" { + availability_zone = "${aws_instance.test.availability_zone}" + size = 10 + type = "gp2" + + tags = { + Name = %[1]q + } +} + +resource "aws_volume_attachment" "test" { + device_name = "/dev/xvdc" + force_detach = true + instance_id = "${aws_instance.test.id}" + volume_id = "${aws_ebs_volume.test.id}" +} + +data "aws_storagegateway_local_disk" "test" { + disk_path = "${aws_volume_attachment.test.device_name}" + gateway_arn = "${aws_storagegateway_gateway.test.arn}" +} + +resource "aws_storagegateway_cache" "test" { + # ACCEPTANCE TESTING WORKAROUND: + # Data sources are not refreshed before plan after apply in TestStep + # Step 0 error: After applying this step, the plan was not empty: + # disk_id: "0b68f77a-709b-4c79-ad9d-d7728014b291" => "/dev/xvdc" (forces new resource) + # We expect this data source value to change due to how Storage Gateway works. + lifecycle { + ignore_changes = ["disk_id"] + } + + disk_id = "${data.aws_storagegateway_local_disk.test.id}" + gateway_arn = "${aws_storagegateway_gateway.test.arn}" +} + + resource "aws_kms_key" "test" { + description = "Terraform acc test %[1]s" + policy = < Date: Mon, 17 Feb 2020 18:44:27 +0200 Subject: [PATCH 2/8] add force new --- aws/resource_aws_storagegateway_cached_iscsi_volume.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/aws/resource_aws_storagegateway_cached_iscsi_volume.go b/aws/resource_aws_storagegateway_cached_iscsi_volume.go index 843c1184b22..419586f5c43 100644 --- a/aws/resource_aws_storagegateway_cached_iscsi_volume.go +++ b/aws/resource_aws_storagegateway_cached_iscsi_volume.go @@ -90,10 +90,12 @@ func resourceAwsStorageGatewayCachedIscsiVolume() *schema.Resource { "kms_encrypted": { Type: schema.TypeBool, Optional: true, + ForceNew: true, }, "kms_key": { Type: schema.TypeString, Optional: true, + ForceNew: true, ValidateFunc: validateArn, }, }, From 561506d8a4c0449470c8d35a403673b25dff1f76 Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Tue, 18 Feb 2020 15:15:55 +0200 Subject: [PATCH 3/8] add disappearing test case --- ..._aws_storagegateway_cached_iscsi_volume.go | 2 +- ...storagegateway_cached_iscsi_volume_test.go | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/aws/resource_aws_storagegateway_cached_iscsi_volume.go b/aws/resource_aws_storagegateway_cached_iscsi_volume.go index 419586f5c43..4026e8d31e6 100644 --- a/aws/resource_aws_storagegateway_cached_iscsi_volume.go +++ b/aws/resource_aws_storagegateway_cached_iscsi_volume.go @@ -166,7 +166,7 @@ func resourceAwsStorageGatewayCachedIscsiVolumeRead(d *schema.ResourceData, meta output, err := conn.DescribeCachediSCSIVolumes(input) if err != nil { - if isAWSErr(err, storagegateway.ErrorCodeVolumeNotFound, "") { + if isAWSErr(err, storagegateway.ErrorCodeVolumeNotFound, "") || isAWSErr(err, storagegateway.ErrCodeInvalidGatewayRequestException, "The specified volume was not found") { log.Printf("[WARN] Storage Gateway cached iSCSI volume %q not found, removing from state", d.Id()) d.SetId("") return nil diff --git a/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go b/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go index 8b07db86614..8607ded260c 100644 --- a/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go +++ b/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go @@ -256,6 +256,28 @@ func TestAccAWSStorageGatewayCachedIscsiVolume_SourceVolumeArn(t *testing.T) { }) } +func TestAccAWSStorageGatewayCachedIscsiVolume_disappears(t *testing.T) { + var storedIscsiVolume storagegateway.CachediSCSIVolume + rName := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_storagegateway_cached_iscsi_volume.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSStorageGatewayCachedIscsiVolumeDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSStorageGatewayCachedIscsiVolumeConfig_Basic(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSStorageGatewayCachedIscsiVolumeExists(resourceName, &storedIscsiVolume), + testAccCheckAWSStorageGatewayCachedIscsiVolumeDisappears(&storedIscsiVolume), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + func testAccCheckAWSStorageGatewayCachedIscsiVolumeExists(resourceName string, cachedIscsiVolume *storagegateway.CachediSCSIVolume) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[resourceName] @@ -285,6 +307,20 @@ func testAccCheckAWSStorageGatewayCachedIscsiVolumeExists(resourceName string, c } } +func testAccCheckAWSStorageGatewayCachedIscsiVolumeDisappears(storedIscsiVolume *storagegateway.CachediSCSIVolume) resource.TestCheckFunc { + return func(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).storagegatewayconn + + input := &storagegateway.DeleteVolumeInput{ + VolumeARN: storedIscsiVolume.VolumeARN, + } + + _, err := conn.DeleteVolume(input) + + return err + } +} + func testAccCheckAWSStorageGatewayCachedIscsiVolumeDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).storagegatewayconn From 88a38ec0681209caf18b68a11f25c12246c12643 Mon Sep 17 00:00:00 2001 From: Ilia Lazebnik Date: Thu, 20 Aug 2020 23:26:15 +0300 Subject: [PATCH 4/8] Update website/docs/r/storagegateway_cached_iscsi_volume.html.markdown Co-authored-by: Brian Flad --- website/docs/r/storagegateway_cached_iscsi_volume.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/storagegateway_cached_iscsi_volume.html.markdown b/website/docs/r/storagegateway_cached_iscsi_volume.html.markdown index ed81dc8366e..50bb06d68b7 100644 --- a/website/docs/r/storagegateway_cached_iscsi_volume.html.markdown +++ b/website/docs/r/storagegateway_cached_iscsi_volume.html.markdown @@ -63,7 +63,7 @@ The following arguments are supported: * `volume_size_in_bytes` - (Required) The size of the volume in bytes. * `snapshot_id` - (Optional) The snapshot ID of the snapshot to restore as the new cached volume. e.g. `snap-1122aabb`. * `source_volume_arn` - (Optional) The ARN for an existing volume. Specifying this ARN makes the new volume into an exact copy of the specified existing volume's latest recovery point. The `volume_size_in_bytes` value for this new volume must be equal to or larger than the size of the existing volume, in bytes. -* `kms_encrypted` - (Optional) `true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3. Optional. +* `kms_encrypted` - (Optional) Set to `true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3. * `kms_key` - (Optional) The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server side encryption. This value can only be set when `kms_encrypted` is `true`. * `tags` - (Optional) Key-value map of resource tags From b75fb89872fa849927d00407f3e4fa2db6dba6a8 Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Fri, 21 Aug 2020 12:57:36 +0300 Subject: [PATCH 5/8] required with for `kms_key` --- website/docs/r/storagegateway_cached_iscsi_volume.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/storagegateway_cached_iscsi_volume.html.markdown b/website/docs/r/storagegateway_cached_iscsi_volume.html.markdown index 50bb06d68b7..8c7f925525a 100644 --- a/website/docs/r/storagegateway_cached_iscsi_volume.html.markdown +++ b/website/docs/r/storagegateway_cached_iscsi_volume.html.markdown @@ -64,7 +64,7 @@ The following arguments are supported: * `snapshot_id` - (Optional) The snapshot ID of the snapshot to restore as the new cached volume. e.g. `snap-1122aabb`. * `source_volume_arn` - (Optional) The ARN for an existing volume. Specifying this ARN makes the new volume into an exact copy of the specified existing volume's latest recovery point. The `volume_size_in_bytes` value for this new volume must be equal to or larger than the size of the existing volume, in bytes. * `kms_encrypted` - (Optional) Set to `true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3. -* `kms_key` - (Optional) The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server side encryption. This value can only be set when `kms_encrypted` is `true`. +* `kms_key` - (Optional) The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server side encryption. Is required when `kms_encrypted` is set. * `tags` - (Optional) Key-value map of resource tags ## Attribute Reference From 6c0573e65fd1543dbf4ccda853b4b584ea34d534 Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Fri, 21 Aug 2020 17:26:05 +0300 Subject: [PATCH 6/8] tf 12 syntax + disappears --- ...storagegateway_cached_iscsi_volume_test.go | 36 ++++++------------- 1 file changed, 11 insertions(+), 25 deletions(-) diff --git a/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go b/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go index 8607ded260c..17b746de23e 100644 --- a/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go +++ b/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go @@ -270,7 +270,7 @@ func TestAccAWSStorageGatewayCachedIscsiVolume_disappears(t *testing.T) { Config: testAccAWSStorageGatewayCachedIscsiVolumeConfig_Basic(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSStorageGatewayCachedIscsiVolumeExists(resourceName, &storedIscsiVolume), - testAccCheckAWSStorageGatewayCachedIscsiVolumeDisappears(&storedIscsiVolume), + testAccCheckResourceDisappears(testAccProvider, resourceAwsStorageGatewayCachedIscsiVolume(), resourceName), ), ExpectNonEmptyPlan: true, }, @@ -307,20 +307,6 @@ func testAccCheckAWSStorageGatewayCachedIscsiVolumeExists(resourceName string, c } } -func testAccCheckAWSStorageGatewayCachedIscsiVolumeDisappears(storedIscsiVolume *storagegateway.CachediSCSIVolume) resource.TestCheckFunc { - return func(s *terraform.State) error { - conn := testAccProvider.Meta().(*AWSClient).storagegatewayconn - - input := &storagegateway.DeleteVolumeInput{ - VolumeARN: storedIscsiVolume.VolumeARN, - } - - _, err := conn.DeleteVolume(input) - - return err - } -} - func testAccCheckAWSStorageGatewayCachedIscsiVolumeDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).storagegatewayconn @@ -415,7 +401,7 @@ resource "aws_storagegateway_cached_iscsi_volume" "test" { func testAccAWSStorageGatewayCachedIscsiVolumeConfigKMSEncrypted(rName string) string { return testAccAWSStorageGatewayGatewayConfig_GatewayType_Cached(rName) + fmt.Sprintf(` resource "aws_ebs_volume" "test" { - availability_zone = "${aws_instance.test.availability_zone}" + availability_zone = aws_instance.test.availability_zone size = 10 type = "gp2" @@ -427,13 +413,13 @@ resource "aws_ebs_volume" "test" { resource "aws_volume_attachment" "test" { device_name = "/dev/xvdc" force_detach = true - instance_id = "${aws_instance.test.id}" - volume_id = "${aws_ebs_volume.test.id}" + instance_id = aws_instance.test.id + volume_id = aws_ebs_volume.test.id } data "aws_storagegateway_local_disk" "test" { - disk_path = "${aws_volume_attachment.test.device_name}" - gateway_arn = "${aws_storagegateway_gateway.test.arn}" + disk_path = aws_volume_attachment.test.device_name + gateway_arn = aws_storagegateway_gateway.test.arn } resource "aws_storagegateway_cache" "test" { @@ -446,8 +432,8 @@ resource "aws_storagegateway_cache" "test" { ignore_changes = ["disk_id"] } - disk_id = "${data.aws_storagegateway_local_disk.test.id}" - gateway_arn = "${aws_storagegateway_gateway.test.arn}" + disk_id = data.aws_storagegateway_local_disk.test.id + gateway_arn = aws_storagegateway_gateway.test.arn } resource "aws_kms_key" "test" { @@ -472,12 +458,12 @@ resource "aws_storagegateway_cache" "test" { } resource "aws_storagegateway_cached_iscsi_volume" "test" { - gateway_arn = "${aws_storagegateway_cache.test.gateway_arn}" - network_interface_id = "${aws_instance.test.private_ip}" + gateway_arn = aws_storagegateway_cache.test.gateway_arn + network_interface_id = aws_instance.test.private_ip target_name = %[1]q volume_size_in_bytes = 5368709120 kms_encrypted = true - kms_key = "${aws_kms_key.test.arn}" + kms_key = aws_kms_key.test.arn } `, rName) } From f062d42475d6b83785dab1b89d04881dc32ae797 Mon Sep 17 00:00:00 2001 From: DrFaust92 Date: Fri, 21 Aug 2020 17:38:54 +0300 Subject: [PATCH 7/8] refactor kms config --- ...storagegateway_cached_iscsi_volume_test.go | 40 +------------------ 1 file changed, 2 insertions(+), 38 deletions(-) diff --git a/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go b/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go index 17b746de23e..af29572a1e4 100644 --- a/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go +++ b/aws/resource_aws_storagegateway_cached_iscsi_volume_test.go @@ -399,43 +399,7 @@ resource "aws_storagegateway_cached_iscsi_volume" "test" { } func testAccAWSStorageGatewayCachedIscsiVolumeConfigKMSEncrypted(rName string) string { - return testAccAWSStorageGatewayGatewayConfig_GatewayType_Cached(rName) + fmt.Sprintf(` -resource "aws_ebs_volume" "test" { - availability_zone = aws_instance.test.availability_zone - size = 10 - type = "gp2" - - tags = { - Name = %[1]q - } -} - -resource "aws_volume_attachment" "test" { - device_name = "/dev/xvdc" - force_detach = true - instance_id = aws_instance.test.id - volume_id = aws_ebs_volume.test.id -} - -data "aws_storagegateway_local_disk" "test" { - disk_path = aws_volume_attachment.test.device_name - gateway_arn = aws_storagegateway_gateway.test.arn -} - -resource "aws_storagegateway_cache" "test" { - # ACCEPTANCE TESTING WORKAROUND: - # Data sources are not refreshed before plan after apply in TestStep - # Step 0 error: After applying this step, the plan was not empty: - # disk_id: "0b68f77a-709b-4c79-ad9d-d7728014b291" => "/dev/xvdc" (forces new resource) - # We expect this data source value to change due to how Storage Gateway works. - lifecycle { - ignore_changes = ["disk_id"] - } - - disk_id = data.aws_storagegateway_local_disk.test.id - gateway_arn = aws_storagegateway_gateway.test.arn -} - + return testAccAWSStorageGatewayCachedIscsiVolumeConfigBase(rName) + fmt.Sprintf(` resource "aws_kms_key" "test" { description = "Terraform acc test %[1]s" policy = < Date: Fri, 21 Aug 2020 17:46:30 +0300 Subject: [PATCH 8/8] refactor kms config --- aws/resource_aws_storagegateway_cached_iscsi_volume.go | 1 + 1 file changed, 1 insertion(+) diff --git a/aws/resource_aws_storagegateway_cached_iscsi_volume.go b/aws/resource_aws_storagegateway_cached_iscsi_volume.go index 4026e8d31e6..c56811ea6d5 100644 --- a/aws/resource_aws_storagegateway_cached_iscsi_volume.go +++ b/aws/resource_aws_storagegateway_cached_iscsi_volume.go @@ -97,6 +97,7 @@ func resourceAwsStorageGatewayCachedIscsiVolume() *schema.Resource { Optional: true, ForceNew: true, ValidateFunc: validateArn, + RequiredWith: []string{"kms_encrypted"}, }, }, }