diff --git a/.changelog/17262.txt b/.changelog/17262.txt new file mode 100644 index 00000000000..a1453e12534 --- /dev/null +++ b/.changelog/17262.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_codeartifact_domain: Make `encryption_key` optional +``` diff --git a/aws/resource_aws_codeartifact_domain.go b/aws/resource_aws_codeartifact_domain.go index 612d46edde6..7d789b0dbbd 100644 --- a/aws/resource_aws_codeartifact_domain.go +++ b/aws/resource_aws_codeartifact_domain.go @@ -35,7 +35,8 @@ func resourceAwsCodeArtifactDomain() *schema.Resource { }, "encryption_key": { Type: schema.TypeString, - Required: true, + Optional: true, + Computed: true, ForceNew: true, ValidateFunc: validateArn, }, @@ -65,9 +66,12 @@ func resourceAwsCodeArtifactDomainCreate(d *schema.ResourceData, meta interface{ log.Print("[DEBUG] Creating CodeArtifact Domain") params := &codeartifact.CreateDomainInput{ - Domain: aws.String(d.Get("domain").(string)), - EncryptionKey: aws.String(d.Get("encryption_key").(string)), - Tags: keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().CodeartifactTags(), + Domain: aws.String(d.Get("domain").(string)), + Tags: keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().CodeartifactTags(), + } + + if v, ok := d.GetOk("encryption_key"); ok { + params.EncryptionKey = aws.String(v.(string)) } domain, err := conn.CreateDomain(params) diff --git a/aws/resource_aws_codeartifact_domain_test.go b/aws/resource_aws_codeartifact_domain_test.go index b7817c0d098..2ef97e4a645 100644 --- a/aws/resource_aws_codeartifact_domain_test.go +++ b/aws/resource_aws_codeartifact_domain_test.go @@ -3,6 +3,7 @@ package aws import ( "fmt" "log" + "regexp" "testing" "github.com/aws/aws-sdk-go/aws" @@ -98,6 +99,37 @@ func TestAccAWSCodeArtifactDomain_basic(t *testing.T) { }) } +func TestAccAWSCodeArtifactDomain_defaultencryptionkey(t *testing.T) { + rName := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_codeartifact_domain.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPartitionHasServicePreCheck("codeartifact", t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSCodeArtifactDomainDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSCodeArtifactDomainDefaultEncryptionKeyConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSCodeArtifactDomainExists(resourceName), + testAccCheckResourceAttrRegionalARN(resourceName, "arn", "codeartifact", fmt.Sprintf("domain/%s", rName)), + testAccMatchResourceAttrRegionalARN(resourceName, "encryption_key", "kms", regexp.MustCompile(`key/.+`)), + resource.TestCheckResourceAttr(resourceName, "domain", rName), + resource.TestCheckResourceAttr(resourceName, "asset_size_bytes", "0"), + resource.TestCheckResourceAttr(resourceName, "repository_count", "0"), + resource.TestCheckResourceAttrSet(resourceName, "created_time"), + testAccCheckResourceAttrAccountID(resourceName, "owner"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func TestAccAWSCodeArtifactDomain_tags(t *testing.T) { rName := acctest.RandomWithPrefix("tf-acc-test") resourceName := "aws_codeartifact_domain.test" @@ -150,7 +182,7 @@ func TestAccAWSCodeArtifactDomain_disappears(t *testing.T) { CheckDestroy: testAccCheckAWSCodeArtifactDomainDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSCodeArtifactDomainBasicConfig(rName), + Config: testAccAWSCodeArtifactDomainDefaultEncryptionKeyConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSCodeArtifactDomainExists(resourceName), testAccCheckResourceDisappears(testAccProvider, resourceAwsCodeArtifactDomain(), resourceName), @@ -238,14 +270,8 @@ resource "aws_codeartifact_domain" "test" { func testAccAWSCodeArtifactDomainConfigTags1(rName, tagKey1, tagValue1 string) string { return fmt.Sprintf(` -resource "aws_kms_key" "test" { - description = %[1]q - deletion_window_in_days = 7 -} - resource "aws_codeartifact_domain" "test" { - domain = %[1]q - encryption_key = aws_kms_key.test.arn + domain = %[1]q tags = { %[2]q = %[3]q @@ -256,14 +282,8 @@ resource "aws_codeartifact_domain" "test" { func testAccAWSCodeArtifactDomainConfigTags2(rName, tagKey1, tagValue1, tagKey2, tagValue2 string) string { return fmt.Sprintf(` -resource "aws_kms_key" "test" { - description = %[1]q - deletion_window_in_days = 7 -} - resource "aws_codeartifact_domain" "test" { - domain = %[1]q - encryption_key = aws_kms_key.test.arn + domain = %[1]q tags = { %[2]q = %[3]q @@ -272,3 +292,11 @@ resource "aws_codeartifact_domain" "test" { } `, rName, tagKey1, tagValue1, tagKey2, tagValue2) } + +func testAccAWSCodeArtifactDomainDefaultEncryptionKeyConfig(rName string) string { + return fmt.Sprintf(` +resource "aws_codeartifact_domain" "test" { + domain = %[1]q +} +`, rName) +} diff --git a/website/docs/r/codeartifact_domain.html.markdown b/website/docs/r/codeartifact_domain.html.markdown index 83274cec4ba..e8832269a9e 100644 --- a/website/docs/r/codeartifact_domain.html.markdown +++ b/website/docs/r/codeartifact_domain.html.markdown @@ -13,13 +13,8 @@ Provides a CodeArtifact Domain Resource. ## Example Usage ```hcl -resource "aws_kms_key" "example" { - description = "domain key" -} - resource "aws_codeartifact_domain" "example" { - domain = "example" - encryption_key = aws_kms_key.example.arn + domain = "example" } ``` @@ -28,7 +23,7 @@ resource "aws_codeartifact_domain" "example" { The following arguments are supported: * `domain` - (Required) The name of the domain to create. All domain names in an AWS Region that are in the same AWS account must be unique. The domain name is used as the prefix in DNS hostnames. Do not use sensitive information in a domain name because it is publicly discoverable. -* `encryption_key` - (Required) The encryption key for the domain. This is used to encrypt content stored in a domain. The KMS Key Amazon Resource Name (ARN). +* `encryption_key` - (Optional) The encryption key for the domain. This is used to encrypt content stored in a domain. The KMS Key Amazon Resource Name (ARN). The default aws/codeartifact AWS KMS master key is used if this element is absent. * `tags` - (Optional) Key-value map of resource tags. ## Attributes Reference