From 57d40dd8b83ae7741af1dd69cbaa84a86021db47 Mon Sep 17 00:00:00 2001 From: George Christidis Date: Sat, 30 Sep 2023 13:06:54 +0800 Subject: [PATCH 1/5] Fixed manage_master_password from snapshot or PITR --- internal/service/rds/instance.go | 20 +++ internal/service/rds/instance_test.go | 171 ++++++++++++++++++++++++++ 2 files changed, 191 insertions(+) diff --git a/internal/service/rds/instance.go b/internal/service/rds/instance.go index dac32567253..daeaf793bbd 100644 --- a/internal/service/rds/instance.go +++ b/internal/service/rds/instance.go @@ -1120,6 +1120,16 @@ func resourceInstanceCreate(ctx context.Context, d *schema.ResourceData, meta in requiresModifyDbInstance = true } + if v, ok := d.GetOk("manage_master_user_password"); ok { + modifyDbInstanceInput.ManageMasterUserPassword = aws.Bool(v.(bool)) + requiresModifyDbInstance = true + } + + if v, ok := d.GetOk("master_user_secret_kms_key_id"); ok { + modifyDbInstanceInput.MasterUserSecretKmsKeyId = aws.String(v.(string)) + requiresModifyDbInstance = true + } + if v, ok := d.GetOk("max_allocated_storage"); ok { modifyDbInstanceInput.MaxAllocatedStorage = aws.Int64(int64(v.(int))) requiresModifyDbInstance = true @@ -1328,6 +1338,16 @@ func resourceInstanceCreate(ctx context.Context, d *schema.ResourceData, meta in input.MaxAllocatedStorage = aws.Int64(int64(v.(int))) } + if v, ok := d.GetOk("manage_master_user_password"); ok { + modifyDbInstanceInput.ManageMasterUserPassword = aws.Bool(v.(bool)) + requiresModifyDbInstance = true + } + + if v, ok := d.GetOk("master_user_secret_kms_key_id"); ok { + modifyDbInstanceInput.MasterUserSecretKmsKeyId = aws.String(v.(string)) + requiresModifyDbInstance = true + } + if v, ok := d.GetOk("monitoring_interval"); ok { modifyDbInstanceInput.MonitoringInterval = aws.Int64(int64(v.(int))) requiresModifyDbInstance = true diff --git a/internal/service/rds/instance_test.go b/internal/service/rds/instance_test.go index d332d7f792b..b2ab099be62 100644 --- a/internal/service/rds/instance_test.go +++ b/internal/service/rds/instance_test.go @@ -2297,6 +2297,56 @@ func TestAccRDSInstance_SnapshotIdentifier_basic(t *testing.T) { }) } +func TestAccRDSInstance_SnapshotIdentifier_ManagedMasterPasswordKmsKey(t *testing.T) { + ctx := acctest.Context(t) + if testing.Short() { + t.Skip("skipping long-running test in short mode") + } + + var dbInstance, sourceDbInstance rds.DBInstance + var dbSnapshot rds.DBSnapshot + + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + sourceDbResourceName := "aws_db_instance.source" + snapshotResourceName := "aws_db_snapshot.test" + resourceName := "aws_db_instance.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, rds.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckInstanceDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccInstanceConfig_snapshotID_ManagedMasterPasswordKmsKey(rName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckInstanceExists(ctx, sourceDbResourceName, &sourceDbInstance), + testAccCheckDBSnapshotExists(ctx, snapshotResourceName, &dbSnapshot), + testAccCheckInstanceExists(ctx, resourceName, &dbInstance), + resource.TestCheckResourceAttr(resourceName, "manage_master_user_password", "true"), + resource.TestCheckResourceAttr(resourceName, "master_user_secret.#", "1"), + resource.TestCheckResourceAttrSet(resourceName, "master_user_secret.0.kms_key_id"), + resource.TestCheckResourceAttrSet(resourceName, "master_user_secret.0.secret_arn"), + resource.TestCheckResourceAttrSet(resourceName, "master_user_secret.0.secret_status"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{ + "apply_immediately", + "final_snapshot_identifier", + "manage_master_user_password", + "master_user_secret_kms_key_id", + "snapshot_identifier", + "skip_final_snapshot", + }, + }, + }, + }) +} + func TestAccRDSInstance_SnapshotIdentifier_namePrefix(t *testing.T) { ctx := acctest.Context(t) if testing.Short() { @@ -4345,6 +4395,54 @@ func TestAccRDSInstance_RestoreToPointInTime_monitoring(t *testing.T) { }) } +func TestAccRDSInstance_RestoreToPointInTime_ManagedMasterPassword(t *testing.T) { + ctx := acctest.Context(t) + if testing.Short() { + t.Skip("skipping long-running test in short mode") + } + + var dbInstance, sourceDbInstance rds.DBInstance + sourceName := "aws_db_instance.test" + resourceName := "aws_db_instance.restore" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, rds.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckInstanceDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccInstanceConfig_RestoreToPointInTime_ManageMasterPassword(rName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckInstanceExists(ctx, sourceName, &sourceDbInstance), + testAccCheckInstanceExists(ctx, resourceName, &dbInstance), + resource.TestCheckResourceAttr(resourceName, "manage_master_user_password", "true"), + resource.TestCheckResourceAttr(resourceName, "master_user_secret.#", "1"), + resource.TestCheckResourceAttrSet(resourceName, "master_user_secret.0.kms_key_id"), + resource.TestCheckResourceAttrSet(resourceName, "master_user_secret.0.secret_arn"), + resource.TestCheckResourceAttrSet(resourceName, "master_user_secret.0.secret_status"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{ + "apply_immediately", + "delete_automated_backups", + "final_snapshot_identifier", + "latest_restorable_time", // dynamic value of a DBInstance + "manage_master_user_password", + "password", + "restore_to_point_in_time", + "skip_final_snapshot", + }, + }, + }, + }) +} + func TestAccRDSInstance_NationalCharacterSet_oracle(t *testing.T) { ctx := acctest.Context(t) if testing.Short() { @@ -6690,6 +6788,23 @@ resource "aws_db_instance" "restore" { `, rName, monitoringInterval)) } +func testAccInstanceConfig_RestoreToPointInTime_ManageMasterPassword(rName string) string { + return acctest.ConfigCompose( + testAccInstanceConfig_baseForPITR(rName), + fmt.Sprintf(` +resource "aws_db_instance" "restore" { + identifier = "%[1]s-restore" + instance_class = aws_db_instance.test.instance_class + restore_to_point_in_time { + source_db_instance_identifier = aws_db_instance.test.identifier + use_latest_restorable_time = true + } + skip_final_snapshot = true + manage_master_user_password = true +} +`, rName)) +} + func testAccInstanceConfig_iopsUpdate(rName string, iops int) string { return fmt.Sprintf(` data "aws_rds_engine_version" "default" { @@ -8923,6 +9038,62 @@ resource "aws_db_instance" "test" { `, rName)) } +func testAccInstanceConfig_snapshotID_ManagedMasterPasswordKmsKey(rName string) string { + return acctest.ConfigCompose( + testAccInstanceConfig_orderableClassMariadb(), + fmt.Sprintf(` +data "aws_caller_identity" "current" {} +data "aws_partition" "current" {} + +resource "aws_kms_key" "example" { + description = "Terraform acc test %[1]s" + + policy = < Date: Sat, 30 Sep 2023 14:07:34 +0800 Subject: [PATCH 2/5] add 33699 changelog --- .changelog/33699.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/33699.txt diff --git a/.changelog/33699.txt b/.changelog/33699.txt new file mode 100644 index 00000000000..850ac0562fc --- /dev/null +++ b/.changelog/33699.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_db_instance: Creating resource from snapshot or point in time recovery now handles manage_master_user_password and master_user_secret_kms_key_id attributes correctly. +``` From 8db3d8914dbac72a2c3a8c2e3d52c8d14fe51748 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 18 Oct 2023 12:11:24 -0400 Subject: [PATCH 3/5] Update 33699.txt --- .changelog/33699.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changelog/33699.txt b/.changelog/33699.txt index 850ac0562fc..01bab98ee86 100644 --- a/.changelog/33699.txt +++ b/.changelog/33699.txt @@ -1,3 +1,3 @@ ```release-note:bug -resource/aws_db_instance: Creating resource from snapshot or point in time recovery now handles manage_master_user_password and master_user_secret_kms_key_id attributes correctly. +resource/aws_db_instance: Creating resource from snapshot or point-in-time recovery now handles `manage_master_user_password` and `master_user_secret_kms_key_id` attributes correctly ``` From 7e79779cc3d294a8e3cec80e2fb4e88b228c754a Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 18 Oct 2023 12:23:43 -0400 Subject: [PATCH 4/5] Fix semgrep 'ci.caps4-in-func-name'. --- internal/service/rds/instance_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/service/rds/instance_test.go b/internal/service/rds/instance_test.go index b2ab099be62..344967979f4 100644 --- a/internal/service/rds/instance_test.go +++ b/internal/service/rds/instance_test.go @@ -2297,7 +2297,7 @@ func TestAccRDSInstance_SnapshotIdentifier_basic(t *testing.T) { }) } -func TestAccRDSInstance_SnapshotIdentifier_ManagedMasterPasswordKmsKey(t *testing.T) { +func TestAccRDSInstance_SnapshotIdentifier_ManagedMasterPasswordKMSKey(t *testing.T) { ctx := acctest.Context(t) if testing.Short() { t.Skip("skipping long-running test in short mode") @@ -2318,7 +2318,7 @@ func TestAccRDSInstance_SnapshotIdentifier_ManagedMasterPasswordKmsKey(t *testin CheckDestroy: testAccCheckInstanceDestroy(ctx), Steps: []resource.TestStep{ { - Config: testAccInstanceConfig_snapshotID_ManagedMasterPasswordKmsKey(rName), + Config: testAccInstanceConfig_snapshotID_ManagedMasterPasswordKMSKey(rName), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckInstanceExists(ctx, sourceDbResourceName, &sourceDbInstance), testAccCheckDBSnapshotExists(ctx, snapshotResourceName, &dbSnapshot), @@ -9038,7 +9038,7 @@ resource "aws_db_instance" "test" { `, rName)) } -func testAccInstanceConfig_snapshotID_ManagedMasterPasswordKmsKey(rName string) string { +func testAccInstanceConfig_snapshotID_ManagedMasterPasswordKMSKey(rName string) string { return acctest.ConfigCompose( testAccInstanceConfig_orderableClassMariadb(), fmt.Sprintf(` From 1ed9a3fec63c56d3b8c8760ba0264b585d1f3868 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 18 Oct 2023 12:25:45 -0400 Subject: [PATCH 5/5] Fix terrafmt errors. --- internal/service/rds/instance_test.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/internal/service/rds/instance_test.go b/internal/service/rds/instance_test.go index 344967979f4..2555364198c 100644 --- a/internal/service/rds/instance_test.go +++ b/internal/service/rds/instance_test.go @@ -6795,11 +6795,13 @@ func testAccInstanceConfig_RestoreToPointInTime_ManageMasterPassword(rName strin resource "aws_db_instance" "restore" { identifier = "%[1]s-restore" instance_class = aws_db_instance.test.instance_class + restore_to_point_in_time { source_db_instance_identifier = aws_db_instance.test.identifier use_latest_restorable_time = true } - skip_final_snapshot = true + + skip_final_snapshot = true manage_master_user_password = true } `, rName)) @@ -9084,10 +9086,10 @@ resource "aws_db_snapshot" "test" { } resource "aws_db_instance" "test" { - identifier = %[1]q - instance_class = aws_db_instance.source.instance_class - snapshot_identifier = aws_db_snapshot.test.id - skip_final_snapshot = true + identifier = %[1]q + instance_class = aws_db_instance.source.instance_class + snapshot_identifier = aws_db_snapshot.test.id + skip_final_snapshot = true manage_master_user_password = true master_user_secret_kms_key_id = aws_kms_key.example.arn }