From d4c9f79d6ddea8da5b2aa04ab237ed0859056ef6 Mon Sep 17 00:00:00 2001 From: prestonprice57 Date: Fri, 6 Sep 2024 16:58:57 -0700 Subject: [PATCH 1/6] Add hsm2m.medium as valid type for hsm_type on aws_cloudhsm_v2_cluster, and add mode as property --- CHANGELOG.md | 1 + .../service/cloudhsmv2/cloudhsmv2_test.go | 1 + internal/service/cloudhsmv2/cluster.go | 29 +++++++++++++- internal/service/cloudhsmv2/cluster_test.go | 38 +++++++++++++++++++ names/attr_consts_gen.go | 1 + .../r/cloudhsm_v2_cluster.html.markdown | 3 +- .../r/cloudhsm_v2_cluster.html.markdown | 3 +- .../docs/r/cloudhsm_v2_cluster.html.markdown | 3 +- 8 files changed, 75 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 78e75d33bf8..c96565af8b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -88,6 +88,7 @@ BUG FIXES: * resource/aws_cloudformation_stack_set_instance: Fix crash during construction of the `id` attribute when `deployment_targets` does not include organizational unit IDs. ([#38969](https://github.com/hashicorp/terraform-provider-aws/issues/38969)) * resource/aws_glue_trigger: Fix crash when null `action` is configured ([#38994](https://github.com/hashicorp/terraform-provider-aws/issues/38994)) * resource/aws_rds_cluster: Allow Web Service Data API (`enabled_http_endpoint`) to be enabled and disabled for `provisioned` engine mode and serverlessv2 ([#38997](https://github.com/hashicorp/terraform-provider-aws/issues/38997)) +* resource/aws_cloudhsm_v2_cluster: Add `hsm2m.medium` as a valid `hsm_type` and `mode` as a new property ([#39018](https://github.com/hashicorp/terraform-provider-aws/issues/39018)) ## 5.63.1 (August 20, 2024) diff --git a/internal/service/cloudhsmv2/cloudhsmv2_test.go b/internal/service/cloudhsmv2/cloudhsmv2_test.go index 1a04a6f8fb5..7983e74e942 100644 --- a/internal/service/cloudhsmv2/cloudhsmv2_test.go +++ b/internal/service/cloudhsmv2/cloudhsmv2_test.go @@ -17,6 +17,7 @@ func TestAccCloudHSMV2_serial(t *testing.T) { acctest.CtBasic: testAccCluster_basic, acctest.CtDisappears: testAccCluster_disappears, "tags": testAccCluster_tags, + "hsmType": testAccCluster_hsmtype, }, "Hsm": { "availabilityZone": testAccHSM_AvailabilityZone, diff --git a/internal/service/cloudhsmv2/cluster.go b/internal/service/cloudhsmv2/cluster.go index e8580dcae67..b3e63545b1b 100644 --- a/internal/service/cloudhsmv2/cluster.go +++ b/internal/service/cloudhsmv2/cluster.go @@ -88,7 +88,13 @@ func resourceCluster() *schema.Resource { Type: schema.TypeString, Required: true, ForceNew: true, - ValidateFunc: validation.StringInSlice([]string{"hsm1.medium"}, false), + ValidateFunc: validation.StringInSlice([]string{"hsm1.medium", "hsm2m.medium"}, false), + }, + "mode": { + Type: schema.TypeString, + Optional: true, + Default: string(types.ClusterModeFips), + ValidateFunc: validation.StringInSlice(validClusterModes(), false), }, "security_group_id": { Type: schema.TypeString, @@ -127,6 +133,17 @@ func resourceClusterCreate(ctx context.Context, d *schema.ResourceData, meta int TagList: getTagsIn(ctx), } + if v, ok := d.GetOk("mode"); ok && v != "" { + switch v.(string) { + case string(types.ClusterModeFips): + input.Mode = types.ClusterModeFips + case string(types.ClusterModeNonFips): + input.Mode = types.ClusterModeNonFips + default: + sdkdiag.AppendErrorf(diags, "invalid cluster mode: %s", v) + } + } + if v, ok := d.GetOk("source_backup_identifier"); ok { input.SourceBackupId = aws.String(v.(string)) } @@ -173,6 +190,7 @@ func resourceClusterRead(ctx context.Context, d *schema.ResourceData, meta inter d.Set("cluster_id", cluster.ClusterId) d.Set("cluster_state", cluster.State) d.Set("hsm_type", cluster.HsmType) + d.Set("mode", cluster.Mode) d.Set("security_group_id", cluster.SecurityGroup) d.Set("source_backup_identifier", cluster.SourceBackupId) d.Set(names.AttrSubnetIDs, tfmaps.Values(cluster.SubnetMapping)) @@ -371,3 +389,12 @@ func flattenCertificates(apiObject *types.Cluster) []map[string]interface{} { return []map[string]interface{}{} } + +func validClusterModes() []string { + var clusterModeStrings []string + for _, mode := range types.ClusterModeFips.Values() { + clusterModeStrings = append(clusterModeStrings, string(mode)) + } + + return clusterModeStrings +} diff --git a/internal/service/cloudhsmv2/cluster_test.go b/internal/service/cloudhsmv2/cluster_test.go index 7f65749aade..d0219d07d25 100644 --- a/internal/service/cloudhsmv2/cluster_test.go +++ b/internal/service/cloudhsmv2/cluster_test.go @@ -126,6 +126,34 @@ func testAccCluster_tags(t *testing.T) { }) } +func testAccCluster_hsmtype(t *testing.T) { + ctx := acctest.Context(t) + resourceName := "aws_cloudhsm_v2_cluster.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, names.CloudHSMV2ServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckClusterDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccClusterConfig_hsm2m_medium(rName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckClusterExists(ctx, resourceName), + resource.TestCheckResourceAttr(resourceName, "hsm_type", "hsm2m.medium"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"cluster_certificates"}, + }, + }, + }) +} + func testAccCheckClusterDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { conn := acctest.Provider.Meta().(*conns.AWSClient).CloudHSMV2Client(ctx) @@ -180,6 +208,16 @@ resource "aws_cloudhsm_v2_cluster" "test" { `) } +func testAccClusterConfig_hsm2m_medium(rName string) string { + return acctest.ConfigCompose(testAccClusterConfig_base(rName), ` +resource "aws_cloudhsm_v2_cluster" "test" { + hsm_type = "hsm2m.medium" + mode = "NON_FIPS" + subnet_ids = aws_subnet.test[*].id +} +`) +} + func testAccClusterConfig_tags1(rName, tagKey1, tagValue1 string) string { return acctest.ConfigCompose(testAccClusterConfig_base(rName), fmt.Sprintf(` resource "aws_cloudhsm_v2_cluster" "test" { diff --git a/names/attr_consts_gen.go b/names/attr_consts_gen.go index 783e418eb0f..7037f66e11c 100644 --- a/names/attr_consts_gen.go +++ b/names/attr_consts_gen.go @@ -36,6 +36,7 @@ const ( AttrClientSecret = "client_secret" AttrCloudWatchLogGroupARN = "cloudwatch_log_group_arn" AttrCloudWatchLogs = "cloudwatch_logs" + AttrCloudHSMType = "hsm_type" AttrClusterIdentifier = "cluster_identifier" AttrClusterName = "cluster_name" AttrComment = "comment" diff --git a/website/docs/cdktf/python/r/cloudhsm_v2_cluster.html.markdown b/website/docs/cdktf/python/r/cloudhsm_v2_cluster.html.markdown index 23b6f64a5bb..582dd806e3e 100644 --- a/website/docs/cdktf/python/r/cloudhsm_v2_cluster.html.markdown +++ b/website/docs/cdktf/python/r/cloudhsm_v2_cluster.html.markdown @@ -83,7 +83,8 @@ class MyConvertedCode(TerraformStack): This resource supports the following arguments: * `source_backup_identifier` - (Optional) ID of Cloud HSM v2 cluster backup to be restored. -* `hsm_type` - (Required) The type of HSM module in the cluster. Currently, only `hsm1.medium` is supported. +* `hsm_type` - (Required) The type of HSM module in the cluster. Currently, `hsm1.medium` and `hsm2m.medium` are supported. +* `mode` - (Optional) The mode to use in the cluster. The allowed values are `FIPS` and `NON_FIPS`. This field is required if `hsm_type` is `hsm2m.medium`. * `subnet_ids` - (Required) The IDs of subnets in which cluster will operate. * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level. diff --git a/website/docs/cdktf/typescript/r/cloudhsm_v2_cluster.html.markdown b/website/docs/cdktf/typescript/r/cloudhsm_v2_cluster.html.markdown index 368aaadcff3..ab23521670d 100644 --- a/website/docs/cdktf/typescript/r/cloudhsm_v2_cluster.html.markdown +++ b/website/docs/cdktf/typescript/r/cloudhsm_v2_cluster.html.markdown @@ -90,7 +90,8 @@ class MyConvertedCode extends TerraformStack { This resource supports the following arguments: * `sourceBackupIdentifier` - (Optional) ID of Cloud HSM v2 cluster backup to be restored. -* `hsmType` - (Required) The type of HSM module in the cluster. Currently, only `hsm1.medium` is supported. +* `hsmType` - (Required) The type of HSM module in the cluster. Currently, `hsm1.medium` and `hsm2m.medium` are supported. +* `mode` - (Optional) The mode to use in the cluster. The allowed values are `FIPS` and `NON_FIPS`. This field is required if `hsm_type` is `hsm2m.medium`. * `subnetIds` - (Required) The IDs of subnets in which cluster will operate. * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`defaultTags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level. diff --git a/website/docs/r/cloudhsm_v2_cluster.html.markdown b/website/docs/r/cloudhsm_v2_cluster.html.markdown index 474356eb477..0d952775e65 100644 --- a/website/docs/r/cloudhsm_v2_cluster.html.markdown +++ b/website/docs/r/cloudhsm_v2_cluster.html.markdown @@ -65,8 +65,9 @@ resource "aws_cloudhsm_v2_cluster" "cloudhsm_v2_cluster" { This resource supports the following arguments: * `source_backup_identifier` - (Optional) ID of Cloud HSM v2 cluster backup to be restored. -* `hsm_type` - (Required) The type of HSM module in the cluster. Currently, only `hsm1.medium` is supported. +* `hsm_type` - (Required) The type of HSM module in the cluster. Currently, `hsm1.medium` and `hsm2m.medium` are supported. * `subnet_ids` - (Required) The IDs of subnets in which cluster will operate. +* `mode` - (Optional) The mode to use in the cluster. The allowed values are `FIPS` and `NON_FIPS`. This field is required if `hsm_type` is `hsm2m.medium`. * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level. ## Attribute Reference From b8ec923286822e52f978bb41c3072fe8b3d20f73 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 10 Sep 2024 16:40:33 -0400 Subject: [PATCH 2/6] Tweak CHANGELOG entries. --- .changelog/39206.txt | 7 +++++++ CHANGELOG.md | 1 - 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 .changelog/39206.txt diff --git a/.changelog/39206.txt b/.changelog/39206.txt new file mode 100644 index 00000000000..4e053c25a15 --- /dev/null +++ b/.changelog/39206.txt @@ -0,0 +1,7 @@ +```release-note:enhancement +resource/aws_cloudhsm_v2_cluster: Support `hsm2m.medium` as a valid value for `hsm_type` +``` + +```release-note:enhancement +resource/aws_cloudhsm_v2_cluster: Add `mode` argument +``` \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index ffb66def7cd..d7b6289c9d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -121,7 +121,6 @@ BUG FIXES: * resource/aws_cloudformation_stack_set_instance: Fix crash during construction of the `id` attribute when `deployment_targets` does not include organizational unit IDs. ([#38969](https://github.com/hashicorp/terraform-provider-aws/issues/38969)) * resource/aws_glue_trigger: Fix crash when null `action` is configured ([#38994](https://github.com/hashicorp/terraform-provider-aws/issues/38994)) * resource/aws_rds_cluster: Allow Web Service Data API (`enabled_http_endpoint`) to be enabled and disabled for `provisioned` engine mode and serverlessv2 ([#38997](https://github.com/hashicorp/terraform-provider-aws/issues/38997)) -* resource/aws_cloudhsm_v2_cluster: Add `hsm2m.medium` as a valid `hsm_type` and `mode` as a new property ([#39018](https://github.com/hashicorp/terraform-provider-aws/issues/39018)) ## 5.63.1 (August 20, 2024) From da65ad5cc5c24c2a3c328883e5ab562631eb0ef1 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 10 Sep 2024 16:47:49 -0400 Subject: [PATCH 3/6] Fix terrafmt errors. --- internal/service/cloudhsmv2/cloudhsmv2_test.go | 2 +- internal/service/cloudhsmv2/cluster_test.go | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/internal/service/cloudhsmv2/cloudhsmv2_test.go b/internal/service/cloudhsmv2/cloudhsmv2_test.go index 7983e74e942..879dd568672 100644 --- a/internal/service/cloudhsmv2/cloudhsmv2_test.go +++ b/internal/service/cloudhsmv2/cloudhsmv2_test.go @@ -17,7 +17,7 @@ func TestAccCloudHSMV2_serial(t *testing.T) { acctest.CtBasic: testAccCluster_basic, acctest.CtDisappears: testAccCluster_disappears, "tags": testAccCluster_tags, - "hsmType": testAccCluster_hsmtype, + "hsmType": testAccCluster_hsmType, }, "Hsm": { "availabilityZone": testAccHSM_AvailabilityZone, diff --git a/internal/service/cloudhsmv2/cluster_test.go b/internal/service/cloudhsmv2/cluster_test.go index d0219d07d25..be1a3bbcd7f 100644 --- a/internal/service/cloudhsmv2/cluster_test.go +++ b/internal/service/cloudhsmv2/cluster_test.go @@ -38,6 +38,7 @@ func testAccCluster_basic(t *testing.T) { resource.TestMatchResourceAttr(resourceName, "cluster_id", regexache.MustCompile(`^cluster-.+`)), resource.TestCheckResourceAttr(resourceName, "cluster_state", string(types.ClusterStateUninitialized)), resource.TestCheckResourceAttr(resourceName, "hsm_type", "hsm1.medium"), + resource.TestCheckResourceAttr(resourceName, "mode", "FIPS"), resource.TestMatchResourceAttr(resourceName, "security_group_id", regexache.MustCompile(`^sg-.+`)), resource.TestCheckResourceAttr(resourceName, "source_backup_identifier", ""), resource.TestCheckResourceAttr(resourceName, "subnet_ids.#", acctest.Ct2), @@ -126,7 +127,7 @@ func testAccCluster_tags(t *testing.T) { }) } -func testAccCluster_hsmtype(t *testing.T) { +func testAccCluster_hsmType(t *testing.T) { ctx := acctest.Context(t) resourceName := "aws_cloudhsm_v2_cluster.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -142,6 +143,7 @@ func testAccCluster_hsmtype(t *testing.T) { Check: resource.ComposeAggregateTestCheckFunc( testAccCheckClusterExists(ctx, resourceName), resource.TestCheckResourceAttr(resourceName, "hsm_type", "hsm2m.medium"), + resource.TestCheckResourceAttr(resourceName, "mode", "NON_FIPS"), ), }, { @@ -212,7 +214,7 @@ func testAccClusterConfig_hsm2m_medium(rName string) string { return acctest.ConfigCompose(testAccClusterConfig_base(rName), ` resource "aws_cloudhsm_v2_cluster" "test" { hsm_type = "hsm2m.medium" - mode = "NON_FIPS" + mode = "NON_FIPS" subnet_ids = aws_subnet.test[*].id } `) From f9cbff27407813269a84bc2df4a95e4162b80203 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 10 Sep 2024 16:48:40 -0400 Subject: [PATCH 4/6] r/aws_cloudhsm_v2_cluster: 'mode' is ForceNew. --- internal/service/cloudhsmv2/cluster.go | 27 ++++++-------------------- 1 file changed, 6 insertions(+), 21 deletions(-) diff --git a/internal/service/cloudhsmv2/cluster.go b/internal/service/cloudhsmv2/cluster.go index b3e63545b1b..dd4b0301cab 100644 --- a/internal/service/cloudhsmv2/cluster.go +++ b/internal/service/cloudhsmv2/cluster.go @@ -91,10 +91,11 @@ func resourceCluster() *schema.Resource { ValidateFunc: validation.StringInSlice([]string{"hsm1.medium", "hsm2m.medium"}, false), }, "mode": { - Type: schema.TypeString, - Optional: true, - Default: string(types.ClusterModeFips), - ValidateFunc: validation.StringInSlice(validClusterModes(), false), + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ValidateDiagFunc: enum.Validate[types.ClusterMode](), }, "security_group_id": { Type: schema.TypeString, @@ -134,14 +135,7 @@ func resourceClusterCreate(ctx context.Context, d *schema.ResourceData, meta int } if v, ok := d.GetOk("mode"); ok && v != "" { - switch v.(string) { - case string(types.ClusterModeFips): - input.Mode = types.ClusterModeFips - case string(types.ClusterModeNonFips): - input.Mode = types.ClusterModeNonFips - default: - sdkdiag.AppendErrorf(diags, "invalid cluster mode: %s", v) - } + input.Mode = types.ClusterMode(v.(string)) } if v, ok := d.GetOk("source_backup_identifier"); ok { @@ -389,12 +383,3 @@ func flattenCertificates(apiObject *types.Cluster) []map[string]interface{} { return []map[string]interface{}{} } - -func validClusterModes() []string { - var clusterModeStrings []string - for _, mode := range types.ClusterModeFips.Values() { - clusterModeStrings = append(clusterModeStrings, string(mode)) - } - - return clusterModeStrings -} From b5b706c72d49fbb826bb955efba1ada70550082c Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 10 Sep 2024 16:49:32 -0400 Subject: [PATCH 5/6] Run 'make gen'. --- names/attr_consts_gen.go | 1 - 1 file changed, 1 deletion(-) diff --git a/names/attr_consts_gen.go b/names/attr_consts_gen.go index 7037f66e11c..783e418eb0f 100644 --- a/names/attr_consts_gen.go +++ b/names/attr_consts_gen.go @@ -36,7 +36,6 @@ const ( AttrClientSecret = "client_secret" AttrCloudWatchLogGroupARN = "cloudwatch_log_group_arn" AttrCloudWatchLogs = "cloudwatch_logs" - AttrCloudHSMType = "hsm_type" AttrClusterIdentifier = "cluster_identifier" AttrClusterName = "cluster_name" AttrComment = "comment" From f40b057fd4dcef08aa9628bd55d585e322736c4e Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 10 Sep 2024 16:50:22 -0400 Subject: [PATCH 6/6] Run 'make fix-constants PKG=cloudhsmv2'. --- internal/service/cloudhsmv2/cluster.go | 6 +++--- internal/service/cloudhsmv2/cluster_test.go | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/service/cloudhsmv2/cluster.go b/internal/service/cloudhsmv2/cluster.go index dd4b0301cab..7f91b74ff53 100644 --- a/internal/service/cloudhsmv2/cluster.go +++ b/internal/service/cloudhsmv2/cluster.go @@ -90,7 +90,7 @@ func resourceCluster() *schema.Resource { ForceNew: true, ValidateFunc: validation.StringInSlice([]string{"hsm1.medium", "hsm2m.medium"}, false), }, - "mode": { + names.AttrMode: { Type: schema.TypeString, Optional: true, Computed: true, @@ -134,7 +134,7 @@ func resourceClusterCreate(ctx context.Context, d *schema.ResourceData, meta int TagList: getTagsIn(ctx), } - if v, ok := d.GetOk("mode"); ok && v != "" { + if v, ok := d.GetOk(names.AttrMode); ok && v != "" { input.Mode = types.ClusterMode(v.(string)) } @@ -184,7 +184,7 @@ func resourceClusterRead(ctx context.Context, d *schema.ResourceData, meta inter d.Set("cluster_id", cluster.ClusterId) d.Set("cluster_state", cluster.State) d.Set("hsm_type", cluster.HsmType) - d.Set("mode", cluster.Mode) + d.Set(names.AttrMode, cluster.Mode) d.Set("security_group_id", cluster.SecurityGroup) d.Set("source_backup_identifier", cluster.SourceBackupId) d.Set(names.AttrSubnetIDs, tfmaps.Values(cluster.SubnetMapping)) diff --git a/internal/service/cloudhsmv2/cluster_test.go b/internal/service/cloudhsmv2/cluster_test.go index be1a3bbcd7f..68165288282 100644 --- a/internal/service/cloudhsmv2/cluster_test.go +++ b/internal/service/cloudhsmv2/cluster_test.go @@ -38,7 +38,7 @@ func testAccCluster_basic(t *testing.T) { resource.TestMatchResourceAttr(resourceName, "cluster_id", regexache.MustCompile(`^cluster-.+`)), resource.TestCheckResourceAttr(resourceName, "cluster_state", string(types.ClusterStateUninitialized)), resource.TestCheckResourceAttr(resourceName, "hsm_type", "hsm1.medium"), - resource.TestCheckResourceAttr(resourceName, "mode", "FIPS"), + resource.TestCheckResourceAttr(resourceName, names.AttrMode, "FIPS"), resource.TestMatchResourceAttr(resourceName, "security_group_id", regexache.MustCompile(`^sg-.+`)), resource.TestCheckResourceAttr(resourceName, "source_backup_identifier", ""), resource.TestCheckResourceAttr(resourceName, "subnet_ids.#", acctest.Ct2), @@ -143,7 +143,7 @@ func testAccCluster_hsmType(t *testing.T) { Check: resource.ComposeAggregateTestCheckFunc( testAccCheckClusterExists(ctx, resourceName), resource.TestCheckResourceAttr(resourceName, "hsm_type", "hsm2m.medium"), - resource.TestCheckResourceAttr(resourceName, "mode", "NON_FIPS"), + resource.TestCheckResourceAttr(resourceName, names.AttrMode, "NON_FIPS"), ), }, {