hashicorp · johnsonaj · Jul 11, 2023 · Jul 11, 2023 · Jul 11, 2023 · Jul 11, 2023
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_mq_broker: default `replication_user` to `false`
+```
@@ -329,6 +329,11 @@ func ResourceBroker() *schema.Resource {
  Sensitive: true,
  ValidateFunc: ValidBrokerPassword,
  },
+ "replication_user": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Default: false,
+ },
  "username": {
  Type: schema.TypeString,
  Required: true,
@@ -806,22 +811,24 @@ func DiffBrokerUsers(bId string, oldUsers, newUsers []interface{}) (
 
  if !reflect.DeepEqual(existingUserMap, newUserMap) {
  ur = append(ur, &mq.UpdateUserRequest{
- BrokerId: aws.String(bId),
- ConsoleAccess: aws.Bool(newUserMap["console_access"].(bool)),
- Groups: flex.ExpandStringList(ng),
- Password: aws.String(newUserMap["password"].(string)),
- Username: aws.String(username),
+ BrokerId: aws.String(bId),
+ ConsoleAccess: aws.Bool(newUserMap["console_access"].(bool)),
+ Groups: flex.ExpandStringList(ng),
+ ReplicationUser: aws.Bool(newUserMap["replication_user"].(bool)),
+ Password: aws.String(newUserMap["password"].(string)),
+ Username: aws.String(username),
  })
  }
 
  // Delete after processing, so we know what's left for deletion
  delete(existingUsers, username)
  } else {
  cur := &mq.CreateUserRequest{
- BrokerId: aws.String(bId),
- ConsoleAccess: aws.Bool(newUserMap["console_access"].(bool)),
- Password: aws.String(newUserMap["password"].(string)),
- Username: aws.String(username),
+ BrokerId: aws.String(bId),
+ ConsoleAccess: aws.Bool(newUserMap["console_access"].(bool)),
+ Password: aws.String(newUserMap["password"].(string)),
+ ReplicationUser: aws.Bool(newUserMap["replication_user"].(bool)),
+ Username: aws.String(username),
  }
  if len(ng) > 0 {
  cur.Groups = flex.ExpandStringList(ng)
@@ -907,6 +914,9 @@ func expandUsers(cfg []interface{}) []*mq.User {
  if v, ok := u["console_access"]; ok {
  user.ConsoleAccess = aws.Bool(v.(bool))
  }
+ if v, ok := u["replication_user"]; ok {
+ user.ReplicationUser = aws.Bool(v.(bool))
+ }
  if v, ok := u["groups"]; ok {
  user.Groups = flex.ExpandStringSet(v.(*schema.Set))
  }
@@ -933,9 +943,10 @@ func expandUsersForBroker(ctx context.Context, conn *mq.MQ, brokerId string, inp
  }
 
  user := &mq.User{
- ConsoleAccess: uOut.ConsoleAccess,
- Groups: uOut.Groups,
- Username: uOut.Username,
+ ConsoleAccess: uOut.ConsoleAccess,
+ Groups: uOut.Groups,
+ ReplicationUser: uOut.ReplicationUser,
+ Username: uOut.Username,
  }
 
  rawUsers = append(rawUsers, user)
@@ -968,6 +979,9 @@ func flattenUsers(users []*mq.User, cfgUsers []interface{}) *schema.Set {
  if u.ConsoleAccess != nil {
  m["console_access"] = aws.BoolValue(u.ConsoleAccess)
  }
+ if u.ReplicationUser != nil {
+ m["replication_user"] = aws.BoolValue(u.ReplicationUser)
+ }
  if len(u.Groups) > 0 {
  m["groups"] = flex.FlattenStringSet(u.Groups)
  }

@@ -120,19 +120,21 @@ func TestDiffUsers(t *testing.T) {
  OldUsers: []interface{}{},
  NewUsers: []interface{}{
  map[string]interface{}{
- "console_access": false,
- "username": "second",
- "password": "TestTest2222",
- "groups": schema.NewSet(schema.HashString, []interface{}{"admin"}),
+ "console_access": false,
+ "username": "second",
+ "password": "TestTest2222",
+ "groups": schema.NewSet(schema.HashString, []interface{}{"admin"}),
+ "replication_user": false,
  },
  },
  Creations: []*mq.CreateUserRequest{
  {
- BrokerId: aws.String("test"),
- ConsoleAccess: aws.Bool(false),
- Username: aws.String("second"),
- Password: aws.String("TestTest2222"),
- Groups: aws.StringSlice([]string{"admin"}),
+ BrokerId: aws.String("test"),
+ ConsoleAccess: aws.Bool(false),
+ Username: aws.String("second"),
+ Password: aws.String("TestTest2222"),
+ Groups: aws.StringSlice([]string{"admin"}),
+ ReplicationUser: aws.Bool(false),
  },
  },
  Deletions: []*mq.DeleteUserInput{},
@@ -141,24 +143,27 @@ func TestDiffUsers(t *testing.T) {
  {
  OldUsers: []interface{}{
  map[string]interface{}{
- "console_access": true,
- "username": "first",
- "password": "TestTest1111",
+ "console_access": true,
+ "username": "first",
+ "password": "TestTest1111",
+ "replication_user": false,
  },
  },
  NewUsers: []interface{}{
  map[string]interface{}{
- "console_access": false,
- "username": "second",
- "password": "TestTest2222",
+ "console_access": false,
+ "username": "second",
+ "password": "TestTest2222",
+ "replication_user": false,
  },
  },
  Creations: []*mq.CreateUserRequest{
  {
- BrokerId: aws.String("test"),
- ConsoleAccess: aws.Bool(false),
- Username: aws.String("second"),
- Password: aws.String("TestTest2222"),
+ BrokerId: aws.String("test"),
+ ConsoleAccess: aws.Bool(false),
+ Username: aws.String("second"),
+ Password: aws.String("TestTest2222"),
+ ReplicationUser: aws.Bool(false),
  },
  },
  Deletions: []*mq.DeleteUserInput{
@@ -169,22 +174,25 @@ func TestDiffUsers(t *testing.T) {
  {
  OldUsers: []interface{}{
  map[string]interface{}{
- "console_access": true,
- "username": "first",
- "password": "TestTest1111updated",
+ "console_access": true,
+ "username": "first",
+ "password": "TestTest1111updated",
+ "replication_user": false,
  },
  map[string]interface{}{
- "console_access": false,
- "username": "second",
- "password": "TestTest2222",
+ "console_access": false,
+ "username": "second",
+ "password": "TestTest2222",
+ "replication_user": false,
  },
  },
  NewUsers: []interface{}{
  map[string]interface{}{
- "console_access": false,
- "username": "second",
- "password": "TestTest2222",
- "groups": schema.NewSet(schema.HashString, []interface{}{"admin"}),
+ "console_access": false,
+ "username": "second",
+ "password": "TestTest2222",
+ "groups": schema.NewSet(schema.HashString, []interface{}{"admin"}),
+ "replication_user": false,
  },
  },
  Creations: []*mq.CreateUserRequest{},
@@ -193,11 +201,12 @@ func TestDiffUsers(t *testing.T) {
  },
  Updates: []*mq.UpdateUserRequest{
  {
- BrokerId: aws.String("test"),
- ConsoleAccess: aws.Bool(false),
- Username: aws.String("second"),
- Password: aws.String("TestTest2222"),
- Groups: aws.StringSlice([]string{"admin"}),
+ BrokerId: aws.String("test"),
+ ConsoleAccess: aws.Bool(false),
+ Username: aws.String("second"),
+ Password: aws.String("TestTest2222"),
+ Groups: aws.StringSlice([]string{"admin"}),
+ ReplicationUser: aws.Bool(false),
  },
  },
  },

@@ -146,6 +146,7 @@ The following arguments are required:
 * `console_access` - (Optional) Whether to enable access to the [ActiveMQ Web Console](http://activemq.apache.org/web-console.html) for the user. Applies to `engine_type` of `ActiveMQ` only.
 * `groups` - (Optional) List of groups (20 maximum) to which the ActiveMQ user belongs. Applies to `engine_type` of `ActiveMQ` only.
 * `password` - (Required) Password of the user. It must be 12 to 250 characters long, at least 4 unique characters, and must not contain commas.
+* `replication_user` - (Optional) Whether to set set replication user. Defaults to `false`.
 * `username` - (Required) Username of the user.
 
 ~> **NOTE:** AWS currently does not support updating RabbitMQ users. Updates to users can only be in the RabbitMQ UI.