diff --git a/.changelog/32454.txt b/.changelog/32454.txt new file mode 100644 index 00000000000..094ccc8c54a --- /dev/null +++ b/.changelog/32454.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_mq_broker: default `replication_user` to `false` +``` diff --git a/internal/service/mq/broker.go b/internal/service/mq/broker.go index 9c194c665fb..22b9a9bcd30 100644 --- a/internal/service/mq/broker.go +++ b/internal/service/mq/broker.go @@ -329,6 +329,11 @@ func ResourceBroker() *schema.Resource { Sensitive: true, ValidateFunc: ValidBrokerPassword, }, + "replication_user": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, "username": { Type: schema.TypeString, Required: true, @@ -806,11 +811,12 @@ func DiffBrokerUsers(bId string, oldUsers, newUsers []interface{}) ( if !reflect.DeepEqual(existingUserMap, newUserMap) { ur = append(ur, &mq.UpdateUserRequest{ - BrokerId: aws.String(bId), - ConsoleAccess: aws.Bool(newUserMap["console_access"].(bool)), - Groups: flex.ExpandStringList(ng), - Password: aws.String(newUserMap["password"].(string)), - Username: aws.String(username), + BrokerId: aws.String(bId), + ConsoleAccess: aws.Bool(newUserMap["console_access"].(bool)), + Groups: flex.ExpandStringList(ng), + ReplicationUser: aws.Bool(newUserMap["replication_user"].(bool)), + Password: aws.String(newUserMap["password"].(string)), + Username: aws.String(username), }) } @@ -818,10 +824,11 @@ func DiffBrokerUsers(bId string, oldUsers, newUsers []interface{}) ( delete(existingUsers, username) } else { cur := &mq.CreateUserRequest{ - BrokerId: aws.String(bId), - ConsoleAccess: aws.Bool(newUserMap["console_access"].(bool)), - Password: aws.String(newUserMap["password"].(string)), - Username: aws.String(username), + BrokerId: aws.String(bId), + ConsoleAccess: aws.Bool(newUserMap["console_access"].(bool)), + Password: aws.String(newUserMap["password"].(string)), + ReplicationUser: aws.Bool(newUserMap["replication_user"].(bool)), + Username: aws.String(username), } if len(ng) > 0 { cur.Groups = flex.ExpandStringList(ng) @@ -907,6 +914,9 @@ func expandUsers(cfg []interface{}) []*mq.User { if v, ok := u["console_access"]; ok { user.ConsoleAccess = aws.Bool(v.(bool)) } + if v, ok := u["replication_user"]; ok { + user.ReplicationUser = aws.Bool(v.(bool)) + } if v, ok := u["groups"]; ok { user.Groups = flex.ExpandStringSet(v.(*schema.Set)) } @@ -933,9 +943,10 @@ func expandUsersForBroker(ctx context.Context, conn *mq.MQ, brokerId string, inp } user := &mq.User{ - ConsoleAccess: uOut.ConsoleAccess, - Groups: uOut.Groups, - Username: uOut.Username, + ConsoleAccess: uOut.ConsoleAccess, + Groups: uOut.Groups, + ReplicationUser: uOut.ReplicationUser, + Username: uOut.Username, } rawUsers = append(rawUsers, user) @@ -968,6 +979,9 @@ func flattenUsers(users []*mq.User, cfgUsers []interface{}) *schema.Set { if u.ConsoleAccess != nil { m["console_access"] = aws.BoolValue(u.ConsoleAccess) } + if u.ReplicationUser != nil { + m["replication_user"] = aws.BoolValue(u.ReplicationUser) + } if len(u.Groups) > 0 { m["groups"] = flex.FlattenStringSet(u.Groups) } diff --git a/internal/service/mq/broker_test.go b/internal/service/mq/broker_test.go index d93b0fb0eec..baa026a5375 100644 --- a/internal/service/mq/broker_test.go +++ b/internal/service/mq/broker_test.go @@ -120,19 +120,21 @@ func TestDiffUsers(t *testing.T) { OldUsers: []interface{}{}, NewUsers: []interface{}{ map[string]interface{}{ - "console_access": false, - "username": "second", - "password": "TestTest2222", - "groups": schema.NewSet(schema.HashString, []interface{}{"admin"}), + "console_access": false, + "username": "second", + "password": "TestTest2222", + "groups": schema.NewSet(schema.HashString, []interface{}{"admin"}), + "replication_user": false, }, }, Creations: []*mq.CreateUserRequest{ { - BrokerId: aws.String("test"), - ConsoleAccess: aws.Bool(false), - Username: aws.String("second"), - Password: aws.String("TestTest2222"), - Groups: aws.StringSlice([]string{"admin"}), + BrokerId: aws.String("test"), + ConsoleAccess: aws.Bool(false), + Username: aws.String("second"), + Password: aws.String("TestTest2222"), + Groups: aws.StringSlice([]string{"admin"}), + ReplicationUser: aws.Bool(false), }, }, Deletions: []*mq.DeleteUserInput{}, @@ -141,24 +143,27 @@ func TestDiffUsers(t *testing.T) { { OldUsers: []interface{}{ map[string]interface{}{ - "console_access": true, - "username": "first", - "password": "TestTest1111", + "console_access": true, + "username": "first", + "password": "TestTest1111", + "replication_user": false, }, }, NewUsers: []interface{}{ map[string]interface{}{ - "console_access": false, - "username": "second", - "password": "TestTest2222", + "console_access": false, + "username": "second", + "password": "TestTest2222", + "replication_user": false, }, }, Creations: []*mq.CreateUserRequest{ { - BrokerId: aws.String("test"), - ConsoleAccess: aws.Bool(false), - Username: aws.String("second"), - Password: aws.String("TestTest2222"), + BrokerId: aws.String("test"), + ConsoleAccess: aws.Bool(false), + Username: aws.String("second"), + Password: aws.String("TestTest2222"), + ReplicationUser: aws.Bool(false), }, }, Deletions: []*mq.DeleteUserInput{ @@ -169,22 +174,25 @@ func TestDiffUsers(t *testing.T) { { OldUsers: []interface{}{ map[string]interface{}{ - "console_access": true, - "username": "first", - "password": "TestTest1111updated", + "console_access": true, + "username": "first", + "password": "TestTest1111updated", + "replication_user": false, }, map[string]interface{}{ - "console_access": false, - "username": "second", - "password": "TestTest2222", + "console_access": false, + "username": "second", + "password": "TestTest2222", + "replication_user": false, }, }, NewUsers: []interface{}{ map[string]interface{}{ - "console_access": false, - "username": "second", - "password": "TestTest2222", - "groups": schema.NewSet(schema.HashString, []interface{}{"admin"}), + "console_access": false, + "username": "second", + "password": "TestTest2222", + "groups": schema.NewSet(schema.HashString, []interface{}{"admin"}), + "replication_user": false, }, }, Creations: []*mq.CreateUserRequest{}, @@ -193,11 +201,12 @@ func TestDiffUsers(t *testing.T) { }, Updates: []*mq.UpdateUserRequest{ { - BrokerId: aws.String("test"), - ConsoleAccess: aws.Bool(false), - Username: aws.String("second"), - Password: aws.String("TestTest2222"), - Groups: aws.StringSlice([]string{"admin"}), + BrokerId: aws.String("test"), + ConsoleAccess: aws.Bool(false), + Username: aws.String("second"), + Password: aws.String("TestTest2222"), + Groups: aws.StringSlice([]string{"admin"}), + ReplicationUser: aws.Bool(false), }, }, }, diff --git a/website/docs/r/mq_broker.html.markdown b/website/docs/r/mq_broker.html.markdown index 970fdf40522..afb6fa2448a 100644 --- a/website/docs/r/mq_broker.html.markdown +++ b/website/docs/r/mq_broker.html.markdown @@ -146,6 +146,7 @@ The following arguments are required: * `console_access` - (Optional) Whether to enable access to the [ActiveMQ Web Console](http://activemq.apache.org/web-console.html) for the user. Applies to `engine_type` of `ActiveMQ` only. * `groups` - (Optional) List of groups (20 maximum) to which the ActiveMQ user belongs. Applies to `engine_type` of `ActiveMQ` only. * `password` - (Required) Password of the user. It must be 12 to 250 characters long, at least 4 unique characters, and must not contain commas. +* `replication_user` - (Optional) Whether to set set replication user. Defaults to `false`. * `username` - (Required) Username of the user. ~> **NOTE:** AWS currently does not support updating RabbitMQ users. Updates to users can only be in the RabbitMQ UI.