Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add self managed active directory settings to aws_db_instance #35500

Merged
101 changes: 96 additions & 5 deletions internal/service/rds/instance.go
Original file line number Diff line number Diff line change
Expand Up @@ -222,12 +222,40 @@ func ResourceInstance() *schema.Resource {
Optional: true,
},
"domain": {
Type: schema.TypeString,
Optional: true,
Type: schema.TypeString,
ConflictsWith: []string{"domain_fqdn", "domain_ou", "domain_auth_secret_arn", "domain_dns_ips"},
Optional: true,
},
"domain_auth_secret_arn": {
Type: schema.TypeString,
ConflictsWith: []string{"domain", "domain_iam_role_name"},
Optional: true,
},
"domain_dns_ips": {
Type: schema.TypeSet,
ConflictsWith: []string{"domain", "domain_iam_role_name"},
Optional: true,
MinItems: 2,
MaxItems: 2,
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validation.IsIPAddress,
},
},
"domain_fqdn": {
Type: schema.TypeString,
ConflictsWith: []string{"domain", "domain_iam_role_name"},
Optional: true,
},
"domain_iam_role_name": {
Type: schema.TypeString,
Optional: true,
Type: schema.TypeString,
ConflictsWith: []string{"domain_fqdn", "domain_ou", "domain_auth_secret_arn", "domain_dns_ips"},
Optional: true,
},
"domain_ou": {
Type: schema.TypeString,
ConflictsWith: []string{"domain", "domain_iam_role_name"},
Optional: true,
},
"enabled_cloudwatch_logs_exports": {
Type: schema.TypeSet,
Expand Down Expand Up @@ -1085,10 +1113,26 @@ func resourceInstanceCreate(ctx context.Context, d *schema.ResourceData, meta in
input.Domain = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_auth_secret_arn"); ok {
input.DomainAuthSecretArn = aws.String(v.(string))
}

if v := d.Get("domain_dns_ips").(*schema.Set).List(); len(v) == 2 {
input.DomainDnsIps = flex.ExpandStringList(v)
}

if v, ok := d.GetOk("domain_fqdn"); ok {
input.DomainFqdn = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_iam_role_name"); ok {
input.DomainIAMRoleName = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_ou"); ok {
input.DomainOu = aws.String(v.(string))
}

if v, ok := d.GetOk("enabled_cloudwatch_logs_exports"); ok && v.(*schema.Set).Len() > 0 {
input.EnableCloudwatchLogsExports = flex.ExpandStringSet(v.(*schema.Set))
}
Expand Down Expand Up @@ -1314,6 +1358,22 @@ func resourceInstanceCreate(ctx context.Context, d *schema.ResourceData, meta in
input.DomainIAMRoleName = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_fqdn"); ok {
input.DomainFqdn = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_ou"); ok {
input.DomainOu = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_auth_secret_arn"); ok {
input.DomainAuthSecretArn = aws.String(v.(string))
}

if v := d.Get("domain_dns_ips").(*schema.Set).List(); len(v) == 2 {
input.DomainDnsIps = flex.ExpandStringList(v)
}

if v, ok := d.GetOk("enabled_cloudwatch_logs_exports"); ok && v.(*schema.Set).Len() > 0 {
input.EnableCloudwatchLogsExports = flex.ExpandStringSet(v.(*schema.Set))
}
Expand Down Expand Up @@ -1473,10 +1533,26 @@ func resourceInstanceCreate(ctx context.Context, d *schema.ResourceData, meta in
input.Domain = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_auth_secret_arn"); ok {
input.DomainAuthSecretArn = aws.String(v.(string))
}

if v := d.Get("domain_dns_ips").(*schema.Set).List(); len(v) == 2 {
input.DomainDnsIps = flex.ExpandStringList(v)
}

if v, ok := d.GetOk("domain_fqdn"); ok {
input.DomainFqdn = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_iam_role_name"); ok {
input.DomainIAMRoleName = aws.String(v.(string))
}

if v, ok := d.GetOk("domain_ou"); ok {
input.DomainOu = aws.String(v.(string))
}

if v, ok := d.GetOk("enabled_cloudwatch_logs_exports"); ok && v.(*schema.Set).Len() > 0 {
input.EnableCloudwatchLogsExports = flex.ExpandStringSet(v.(*schema.Set))
}
Expand Down Expand Up @@ -1695,10 +1771,18 @@ func resourceInstanceRead(ctx context.Context, d *schema.ResourceData, meta inte
d.Set("deletion_protection", v.DeletionProtection)
if len(v.DomainMemberships) > 0 && v.DomainMemberships[0] != nil {
d.Set("domain", v.DomainMemberships[0].Domain)
d.Set("domain_auth_secret_arn", v.DomainMemberships[0].AuthSecretArn)
d.Set("domain_dns_ips", v.DomainMemberships[0].DnsIps)
d.Set("domain_fqdn", v.DomainMemberships[0].FQDN)
d.Set("domain_iam_role_name", v.DomainMemberships[0].IAMRoleName)
d.Set("domain_ou", v.DomainMemberships[0].OU)
} else {
d.Set("domain", nil)
d.Set("domain_auth_secret_arn", nil)
d.Set("domain_dns_ips", nil)
d.Set("domain_fqdn", nil)
d.Set("domain_iam_role_name", nil)
d.Set("domain_ou", nil)
}
d.Set("enabled_cloudwatch_logs_exports", aws.StringValueSlice(v.EnabledCloudwatchLogsExports))
d.Set("engine", v.Engine)
Expand Down Expand Up @@ -2074,10 +2158,17 @@ func dbInstancePopulateModify(input *rds_sdkv2.ModifyDBInstanceInput, d *schema.
// Always set this. Fixes TestAccRDSInstance_BlueGreenDeployment_updateWithDeletionProtection
input.DeletionProtection = aws.Bool(d.Get("deletion_protection").(bool))

if d.HasChanges("domain", "domain_iam_role_name") {
if d.HasChanges("domain", "domain_iam_role_name", "domain_fqdn", "domain_ou", "domain_auth_secret_arn", "domain_dns_ips") {
needsModify = true
input.Domain = aws.String(d.Get("domain").(string))
input.DomainAuthSecretArn = aws.String(d.Get("domain_auth_secret_arn").(string))
input.DomainFqdn = aws.String(d.Get("domain_fqdn").(string))
input.DomainIAMRoleName = aws.String(d.Get("domain_iam_role_name").(string))
input.DomainOu = aws.String(d.Get("domain_ou").(string))
if v := d.Get("domain_dns_ips").(*schema.Set).List(); len(v) == 2 {
needsModify = true
input.DomainDnsIps = flex.ExpandStringValueList(v)
}
}

if d.HasChange("enabled_cloudwatch_logs_exports") {
Expand Down
41 changes: 41 additions & 0 deletions internal/service/rds/instance_migrate.go
Original file line number Diff line number Diff line change
Expand Up @@ -368,6 +368,26 @@
Optional: true,
},

"domain_fqdn": {
Type: schema.TypeString,
Optional: true,
},

"domain_ou": {
Type: schema.TypeString,
Optional: true,
},

"domain_auth_secret_arn": {
Type: schema.TypeString,
Optional: true,
},

"domain_dns_ips": {

Check failure on line 386 in internal/service/rds/instance_migrate.go

View workflow job for this annotation

GitHub Actions / providerlint

S001: schema of TypeList or TypeSet should include Elem
Type: schema.TypeSet,
Optional: true,
},

"performance_insights_enabled": {
Type: schema.TypeBool,
Optional: true,
Expand Down Expand Up @@ -543,6 +563,27 @@
Type: schema.TypeString,
Optional: true,
},

"domain_fqdn": {
Type: schema.TypeString,
Optional: true,
},

"domain_ou": {
Type: schema.TypeString,
Optional: true,
},

"domain_auth_secret_arn": {
Type: schema.TypeString,
Optional: true,
},

"domain_dns_ips": {

Check failure on line 582 in internal/service/rds/instance_migrate.go

View workflow job for this annotation

GitHub Actions / providerlint

S001: schema of TypeList or TypeSet should include Elem
Type: schema.TypeSet,
Optional: true,
},

"enabled_cloudwatch_logs_exports": {
Type: schema.TypeSet,
Optional: true,
Expand Down
Loading
Loading