diff --git a/.changelog/20302.txt b/.changelog/20302.txt new file mode 100644 index 00000000000..52109340ebb --- /dev/null +++ b/.changelog/20302.txt @@ -0,0 +1,7 @@ +```release-note:enhancement +resource/aws_qldb_ledger: Add `permissions_mode` support +``` + +```release-note:enhancement +data-source/aws_qldb_ledger: Add `permissions_mode` attribute +``` \ No newline at end of file diff --git a/aws/data_source_aws_qldb_ledger.go b/aws/data_source_aws_qldb_ledger.go index 1dbe9e834be..d1385d3f39f 100644 --- a/aws/data_source_aws_qldb_ledger.go +++ b/aws/data_source_aws_qldb_ledger.go @@ -29,6 +29,11 @@ func dataSourceAwsQLDBLedger() *schema.Resource { ), }, + "permissions_mode": { + Type: schema.TypeString, + Computed: true, + }, + "deletion_protection": { Type: schema.TypeBool, Computed: true, @@ -56,6 +61,7 @@ func dataSourceAwsQLDBLedgerRead(d *schema.ResourceData, meta interface{}) error d.SetId(aws.StringValue(resp.Name)) d.Set("arn", resp.Arn) d.Set("deletion_protection", resp.DeletionProtection) + d.Set("permissions_mode", resp.PermissionsMode) return nil } diff --git a/aws/data_source_aws_qldb_ledger_test.go b/aws/data_source_aws_qldb_ledger_test.go index 8abfa6173bc..75de8ab622d 100644 --- a/aws/data_source_aws_qldb_ledger_test.go +++ b/aws/data_source_aws_qldb_ledger_test.go @@ -23,6 +23,7 @@ func TestAccDataSourceAwsQLDBLedger_basic(t *testing.T) { resource.TestCheckResourceAttrPair("data.aws_qldb_ledger.by_name", "arn", "aws_qldb_ledger.tf_test", "arn"), resource.TestCheckResourceAttrPair("data.aws_qldb_ledger.by_name", "deletion_protection", "aws_qldb_ledger.tf_test", "deletion_protection"), resource.TestCheckResourceAttrPair("data.aws_qldb_ledger.by_name", "name", "aws_qldb_ledger.tf_test", "name"), + resource.TestCheckResourceAttrPair("data.aws_qldb_ledger.by_name", "permissions_mode", "aws_qldb_ledger.tf_test", "permissions_mode"), ), }, }, @@ -33,16 +34,19 @@ func testAccDataSourceAwsQLDBLedgerConfig(rName string) string { return fmt.Sprintf(` resource "aws_qldb_ledger" "tf_wrong1" { name = "%[1]s1" + permissions_mode = "STANDARD" deletion_protection = false } resource "aws_qldb_ledger" "tf_test" { name = "%[1]s2" + permissions_mode = "STANDARD" deletion_protection = false } resource "aws_qldb_ledger" "tf_wrong2" { name = "%[1]s3" + permissions_mode = "STANDARD" deletion_protection = false } diff --git a/aws/resource_aws_qldb_ledger.go b/aws/resource_aws_qldb_ledger.go index bbb9109f4a8..c2e362c08fe 100644 --- a/aws/resource_aws_qldb_ledger.go +++ b/aws/resource_aws_qldb_ledger.go @@ -41,6 +41,12 @@ func resourceAwsQLDBLedger() *schema.Resource { ), }, + "permissions_mode": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice(qldb.PermissionsMode_Values(), false), + }, + "deletion_protection": { Type: schema.TypeBool, Optional: true, @@ -73,10 +79,9 @@ func resourceAwsQLDBLedgerCreate(d *schema.ResourceData, meta interface{}) error } // Create the QLDB Ledger - // The qldb.PermissionsModeAllowAll is currently hardcoded because AWS doesn't support changing the mode. createOpts := &qldb.CreateLedgerInput{ Name: aws.String(d.Get("name").(string)), - PermissionsMode: aws.String(qldb.PermissionsModeAllowAll), + PermissionsMode: aws.String(d.Get("permissions_mode").(string)), DeletionProtection: aws.Bool(d.Get("deletion_protection").(bool)), Tags: tags.IgnoreAws().QldbTags(), } @@ -136,6 +141,10 @@ func resourceAwsQLDBLedgerRead(d *schema.ResourceData, meta interface{}) error { return fmt.Errorf("error setting name: %s", err) } + if err := d.Set("permissions_mode", qldbLedger.PermissionsMode); err != nil { + return fmt.Errorf("error setting permissions mode: %s", err) + } + if err := d.Set("deletion_protection", qldbLedger.DeletionProtection); err != nil { return fmt.Errorf("error setting deletion protection: %s", err) } @@ -169,6 +178,16 @@ func resourceAwsQLDBLedgerRead(d *schema.ResourceData, meta interface{}) error { func resourceAwsQLDBLedgerUpdate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).qldbconn + if d.HasChange("permissions_mode") { + updateOpts := &qldb.UpdateLedgerPermissionsModeInput{ + Name: aws.String(d.Id()), + PermissionsMode: aws.String(d.Get("permissions_mode").(string)), + } + if _, err := conn.UpdateLedgerPermissionsMode(updateOpts); err != nil { + return fmt.Errorf("error updating permissions mode: %s", err) + } + } + if d.HasChange("deletion_protection") { val := d.Get("deletion_protection").(bool) modifyOpts := &qldb.UpdateLedgerInput{ diff --git a/aws/resource_aws_qldb_ledger_test.go b/aws/resource_aws_qldb_ledger_test.go index c931f4f344c..855107c7c2d 100644 --- a/aws/resource_aws_qldb_ledger_test.go +++ b/aws/resource_aws_qldb_ledger_test.go @@ -74,11 +74,50 @@ func TestAccAWSQLDBLedger_basic(t *testing.T) { CheckDestroy: testAccCheckAWSQLDBLedgerDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSQLDBLedgerConfig(rInt), + Config: testAccAWSQLDBLedgerConfig_basic(rInt), Check: resource.ComposeTestCheckFunc( testAccCheckAWSQLDBLedgerExists(resourceName, &qldbCluster), testAccMatchResourceAttrRegionalARN(resourceName, "arn", "qldb", regexp.MustCompile(`ledger/.+`)), resource.TestMatchResourceAttr(resourceName, "name", regexp.MustCompile("test-ledger-[0-9]+")), + resource.TestCheckResourceAttr(resourceName, "permissions_mode", "ALLOW_ALL"), + resource.TestCheckResourceAttr(resourceName, "deletion_protection", "false"), + resource.TestCheckResourceAttr(resourceName, "tags.%", "0"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccAWSQLDBLedger_update(t *testing.T) { + var qldbCluster qldb.DescribeLedgerOutput + rInt := acctest.RandInt() + resourceName := "aws_qldb_ledger.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPartitionHasServicePreCheck(qldb.EndpointsID, t) }, + ErrorCheck: testAccErrorCheck(t, qldb.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSQLDBLedgerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSQLDBLedgerConfig_basic(rInt), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSQLDBLedgerExists(resourceName, &qldbCluster), + resource.TestCheckResourceAttr(resourceName, "permissions_mode", "ALLOW_ALL"), + ), + }, + { + Config: testAccAWSQLDBLedgerConfig_update(rInt), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSQLDBLedgerExists(resourceName, &qldbCluster), + testAccMatchResourceAttrRegionalARN(resourceName, "arn", "qldb", regexp.MustCompile(`ledger/.+`)), + resource.TestMatchResourceAttr(resourceName, "name", regexp.MustCompile("test-ledger-[0-9]+")), + resource.TestCheckResourceAttr(resourceName, "permissions_mode", "STANDARD"), resource.TestCheckResourceAttr(resourceName, "deletion_protection", "false"), resource.TestCheckResourceAttr(resourceName, "tags.%", "0"), ), @@ -159,10 +198,21 @@ func testAccCheckAWSQLDBLedgerExists(n string, v *qldb.DescribeLedgerOutput) res } } -func testAccAWSQLDBLedgerConfig(n int) string { +func testAccAWSQLDBLedgerConfig_basic(n int) string { + return fmt.Sprintf(` +resource "aws_qldb_ledger" "test" { + name = "test-ledger-%d" + permissions_mode = "ALLOW_ALL" + deletion_protection = false +} +`, n) +} + +func testAccAWSQLDBLedgerConfig_update(n int) string { return fmt.Sprintf(` resource "aws_qldb_ledger" "test" { name = "test-ledger-%d" + permissions_mode = "STANDARD" deletion_protection = false } `, n) @@ -217,6 +267,7 @@ func testAccAWSQLDBLedgerConfigTags1(rName, tagKey1, tagValue1 string) string { return fmt.Sprintf(` resource "aws_qldb_ledger" "test" { name = %[1]q + permissions_mode = "ALLOW_ALL" deletion_protection = false tags = { @@ -230,6 +281,7 @@ func testAccAWSQLDBLedgerConfigTags2(rName, tagKey1, tagValue1, tagKey2, tagValu return fmt.Sprintf(` resource "aws_qldb_ledger" "test" { name = %[1]q + permissions_mode = "ALLOW_ALL" deletion_protection = false tags = { diff --git a/website/docs/d/qldb_ledger.html.markdown b/website/docs/d/qldb_ledger.html.markdown index 804abe17c9f..e61072d9da2 100644 --- a/website/docs/d/qldb_ledger.html.markdown +++ b/website/docs/d/qldb_ledger.html.markdown @@ -24,5 +24,5 @@ data "aws_qldb_ledger" "example" { ## Attributes Reference -* `arn` - Amazon Resource Name (ARN) of the ledger. -* `deletion_protection` - Deletion protection on the QLDB Ledger instance. Set to `true` by default. +See the [QLDB Ledger Resource](/docs/providers/aws/r/qldb_ledger.html) for details on the +returned attributes - they are identical. diff --git a/website/docs/r/qldb_ledger.html.markdown b/website/docs/r/qldb_ledger.html.markdown index 7010282bfe3..2f41946d13c 100644 --- a/website/docs/r/qldb_ledger.html.markdown +++ b/website/docs/r/qldb_ledger.html.markdown @@ -16,7 +16,8 @@ Provides an AWS Quantum Ledger Database (QLDB) resource ```terraform resource "aws_qldb_ledger" "sample-ledger" { - name = "sample-ledger" + name = "sample-ledger" + permissions_mode = "STANDARD" } ``` @@ -25,6 +26,7 @@ resource "aws_qldb_ledger" "sample-ledger" { The following arguments are supported: * `name` - (Optional) The friendly name for the QLDB Ledger instance. By default generated by Terraform. +* `permissions_mode` - (Required) The permissions mode for the QLDB ledger instance. Specify either `ALLOW_ALL` or `STANDARD`. * `deletion_protection` - (Optional) The deletion protection for the QLDB Ledger instance. By default it is `true`. To delete this resource via Terraform, this value must be configured to `false` and applied first before attempting deletion. * `tags` - (Optional) Key-value map of resource tags. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.