Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for permissions_mode to aws_qldb_ledger #20302

Merged
merged 3 commits into from
Jul 27, 2021
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions aws/data_source_aws_qldb_ledger.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,12 @@ func dataSourceAwsQLDBLedger() *schema.Resource {
),
},

"permissions_mode": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice(qldb.PermissionsMode_Values(), false),
},

"deletion_protection": {
Type: schema.TypeBool,
Computed: true,
Expand Down Expand Up @@ -56,6 +62,7 @@ func dataSourceAwsQLDBLedgerRead(d *schema.ResourceData, meta interface{}) error
d.SetId(aws.StringValue(resp.Name))
d.Set("arn", resp.Arn)
d.Set("deletion_protection", resp.DeletionProtection)
d.Set("permissions_mode", resp.PermissionsMode)

return nil
}
4 changes: 4 additions & 0 deletions aws/data_source_aws_qldb_ledger_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ func TestAccDataSourceAwsQLDBLedger_basic(t *testing.T) {
resource.TestCheckResourceAttrPair("data.aws_qldb_ledger.by_name", "arn", "aws_qldb_ledger.tf_test", "arn"),
resource.TestCheckResourceAttrPair("data.aws_qldb_ledger.by_name", "deletion_protection", "aws_qldb_ledger.tf_test", "deletion_protection"),
resource.TestCheckResourceAttrPair("data.aws_qldb_ledger.by_name", "name", "aws_qldb_ledger.tf_test", "name"),
resource.TestCheckResourceAttrPair("data.aws_qldb_ledger.by_name", "permissions_mode", "aws_qldb_ledger.tf_test", "permissions_mode"),
),
},
},
Expand All @@ -33,16 +34,19 @@ func testAccDataSourceAwsQLDBLedgerConfig(rName string) string {
return fmt.Sprintf(`
resource "aws_qldb_ledger" "tf_wrong1" {
name = "%[1]s1"
permissions_mode = "STANDARD"
deletion_protection = false
}

resource "aws_qldb_ledger" "tf_test" {
name = "%[1]s2"
permissions_mode = "STANDARD"
deletion_protection = false
}

resource "aws_qldb_ledger" "tf_wrong2" {
name = "%[1]s3"
permissions_mode = "STANDARD"
deletion_protection = false
}

Expand Down
23 changes: 21 additions & 2 deletions aws/resource_aws_qldb_ledger.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,12 @@ func resourceAwsQLDBLedger() *schema.Resource {
),
},

"permissions_mode": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice(qldb.PermissionsMode_Values(), false),
},

"deletion_protection": {
Type: schema.TypeBool,
Optional: true,
Expand Down Expand Up @@ -73,10 +79,9 @@ func resourceAwsQLDBLedgerCreate(d *schema.ResourceData, meta interface{}) error
}

// Create the QLDB Ledger
// The qldb.PermissionsModeAllowAll is currently hardcoded because AWS doesn't support changing the mode.
createOpts := &qldb.CreateLedgerInput{
Name: aws.String(d.Get("name").(string)),
PermissionsMode: aws.String(qldb.PermissionsModeAllowAll),
PermissionsMode: aws.String(d.Get("permissions_mode").(string)),
DeletionProtection: aws.Bool(d.Get("deletion_protection").(bool)),
Tags: tags.IgnoreAws().QldbTags(),
}
Expand Down Expand Up @@ -136,6 +141,10 @@ func resourceAwsQLDBLedgerRead(d *schema.ResourceData, meta interface{}) error {
return fmt.Errorf("error setting name: %s", err)
}

if err := d.Set("permissions_mode", qldbLedger.PermissionsMode); err != nil {
return fmt.Errorf("error setting permissions mode: %s", err)
}

if err := d.Set("deletion_protection", qldbLedger.DeletionProtection); err != nil {
return fmt.Errorf("error setting deletion protection: %s", err)
}
Expand Down Expand Up @@ -169,6 +178,16 @@ func resourceAwsQLDBLedgerRead(d *schema.ResourceData, meta interface{}) error {
func resourceAwsQLDBLedgerUpdate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).qldbconn

if d.HasChange("permissions_mode") {
updateOpts := &qldb.UpdateLedgerPermissionsModeInput{
Name: aws.String(d.Id()),
PermissionsMode: aws.String(d.Get("permissions_mode").(string)),
}
if _, err := conn.UpdateLedgerPermissionsMode(updateOpts); err != nil {
return fmt.Errorf("error updating permissions mode: %s", err)
}
}

if d.HasChange("deletion_protection") {
val := d.Get("deletion_protection").(bool)
modifyOpts := &qldb.UpdateLedgerInput{
Expand Down
56 changes: 54 additions & 2 deletions aws/resource_aws_qldb_ledger_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,11 +74,50 @@ func TestAccAWSQLDBLedger_basic(t *testing.T) {
CheckDestroy: testAccCheckAWSQLDBLedgerDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSQLDBLedgerConfig(rInt),
Config: testAccAWSQLDBLedgerConfig_basic(rInt),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSQLDBLedgerExists(resourceName, &qldbCluster),
testAccMatchResourceAttrRegionalARN(resourceName, "arn", "qldb", regexp.MustCompile(`ledger/.+`)),
resource.TestMatchResourceAttr(resourceName, "name", regexp.MustCompile("test-ledger-[0-9]+")),
resource.TestCheckResourceAttr(resourceName, "permissions_mode", "ALLOW_ALL"),
resource.TestCheckResourceAttr(resourceName, "deletion_protection", "false"),
resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccAWSQLDBLedger_update(t *testing.T) {
var qldbCluster qldb.DescribeLedgerOutput
rInt := acctest.RandInt()
resourceName := "aws_qldb_ledger.test"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t); testAccPartitionHasServicePreCheck(qldb.EndpointsID, t) },
ErrorCheck: testAccErrorCheck(t, qldb.EndpointsID),
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSQLDBLedgerDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSQLDBLedgerConfig_basic(rInt),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSQLDBLedgerExists(resourceName, &qldbCluster),
resource.TestCheckResourceAttr(resourceName, "permissions_mode", "ALLOW_ALL"),
),
},
{
Config: testAccAWSQLDBLedgerConfig_update(rInt),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSQLDBLedgerExists(resourceName, &qldbCluster),
testAccMatchResourceAttrRegionalARN(resourceName, "arn", "qldb", regexp.MustCompile(`ledger/.+`)),
resource.TestMatchResourceAttr(resourceName, "name", regexp.MustCompile("test-ledger-[0-9]+")),
resource.TestCheckResourceAttr(resourceName, "permissions_mode", "STANDARD"),
resource.TestCheckResourceAttr(resourceName, "deletion_protection", "false"),
resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
),
Expand Down Expand Up @@ -159,10 +198,21 @@ func testAccCheckAWSQLDBLedgerExists(n string, v *qldb.DescribeLedgerOutput) res
}
}

func testAccAWSQLDBLedgerConfig(n int) string {
func testAccAWSQLDBLedgerConfig_basic(n int) string {
return fmt.Sprintf(`
resource "aws_qldb_ledger" "test" {
name = "test-ledger-%d"
permissions_mode = "ALLOW_ALL"
deletion_protection = false
}
`, n)
}

func testAccAWSQLDBLedgerConfig_update(n int) string {
return fmt.Sprintf(`
resource "aws_qldb_ledger" "test" {
name = "test-ledger-%d"
permissions_mode = "STANDARD"
deletion_protection = false
}
`, n)
Expand Down Expand Up @@ -217,6 +267,7 @@ func testAccAWSQLDBLedgerConfigTags1(rName, tagKey1, tagValue1 string) string {
return fmt.Sprintf(`
resource "aws_qldb_ledger" "test" {
name = %[1]q
permissions_mode = "ALLOW_ALL"
deletion_protection = false

tags = {
Expand All @@ -230,6 +281,7 @@ func testAccAWSQLDBLedgerConfigTags2(rName, tagKey1, tagValue1, tagKey2, tagValu
return fmt.Sprintf(`
resource "aws_qldb_ledger" "test" {
name = %[1]q
permissions_mode = "ALLOW_ALL"
deletion_protection = false

tags = {
Expand Down
4 changes: 2 additions & 2 deletions website/docs/d/qldb_ledger.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -24,5 +24,5 @@ data "aws_qldb_ledger" "example" {

## Attributes Reference

* `arn` - Amazon Resource Name (ARN) of the ledger.
* `deletion_protection` - Deletion protection on the QLDB Ledger instance. Set to `true` by default.
See the [QLDB Ledger Resource](/docs/providers/aws/r/qldb_ledger.html) for details on the
returned attributes - they are identical.
4 changes: 3 additions & 1 deletion website/docs/r/qldb_ledger.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@ Provides an AWS Quantum Ledger Database (QLDB) resource

```terraform
resource "aws_qldb_ledger" "sample-ledger" {
name = "sample-ledger"
name = "sample-ledger"
permissions_mode = "STANDARD"
}
```

Expand All @@ -25,6 +26,7 @@ resource "aws_qldb_ledger" "sample-ledger" {
The following arguments are supported:

* `name` - (Optional) The friendly name for the QLDB Ledger instance. By default generated by Terraform.
* `permissions_mode` - (Required) The permissions mode for the QLDB ledger instance. Specify either `ALLOW_ALL` or `STANDARD`.
* `deletion_protection` - (Optional) The deletion protection for the QLDB Ledger instance. By default it is `true`. To delete this resource via Terraform, this value must be configured to `false` and applied first before attempting deletion.
* `tags` - (Optional) Key-value map of resource tags. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.

Expand Down