From 4b020aa0a484db1a80430d6be6c5e9e61b0804a8 Mon Sep 17 00:00:00 2001 From: Kamil Turek Date: Tue, 23 Jul 2024 18:15:14 +0200 Subject: [PATCH 1/7] Add kms_key_identifier attribute --- internal/service/events/bus.go | 26 ++- internal/service/events/bus_data_source.go | 5 + .../service/events/bus_data_source_test.go | 86 ++++++++++ internal/service/events/bus_test.go | 157 ++++++++++++++++++ .../docs/d/cloudwatch_event_bus.html.markdown | 1 + .../docs/r/cloudwatch_event_bus.html.markdown | 3 +- 6 files changed, 276 insertions(+), 2 deletions(-) diff --git a/internal/service/events/bus.go b/internal/service/events/bus.go index f82e3b3ebfe..255138145ab 100644 --- a/internal/service/events/bus.go +++ b/internal/service/events/bus.go @@ -13,6 +13,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/hashicorp/terraform-provider-aws/internal/conns" "github.com/hashicorp/terraform-provider-aws/internal/errs" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" @@ -46,6 +47,11 @@ func resourceBus() *schema.Resource { ForceNew: true, ValidateFunc: validSourceName, }, + "kms_key_identifier": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringLenBetween(1, 2048), + }, names.AttrName: { Type: schema.TypeString, Required: true, @@ -74,6 +80,10 @@ func resourceBusCreate(ctx context.Context, d *schema.ResourceData, meta interfa input.EventSourceName = aws.String(v.(string)) } + if v, ok := d.GetOk("kms_key_identifier"); ok { + input.KmsKeyIdentifier = aws.String(v.(string)) + } + output, err := conn.CreateEventBus(ctx, input) // Some partitions (e.g. ISO) may not support tag-on-create. @@ -123,6 +133,7 @@ func resourceBusRead(ctx context.Context, d *schema.ResourceData, meta interface } d.Set(names.AttrARN, output.Arn) + d.Set("kms_key_identifier", output.KmsKeyIdentifier) d.Set(names.AttrName, output.Name) return diags @@ -130,8 +141,21 @@ func resourceBusRead(ctx context.Context, d *schema.ResourceData, meta interface func resourceBusUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics + conn := meta.(*conns.AWSClient).EventsClient(ctx) - // Tags only. + input := &eventbridge.UpdateEventBusInput{ + Name: aws.String(d.Get(names.AttrName).(string)), + } + + if v, ok := d.GetOk("kms_key_identifier"); ok { + input.KmsKeyIdentifier = aws.String(v.(string)) + } + + _, err := conn.UpdateEventBus(ctx, input) + + if err != nil { + return sdkdiag.AppendErrorf(diags, "updating EventBridge Event Bus (%s): %s", d.Id(), err) + } return append(diags, resourceBusRead(ctx, d, meta)...) } diff --git a/internal/service/events/bus_data_source.go b/internal/service/events/bus_data_source.go index 025249e5608..f71ec0347b5 100644 --- a/internal/service/events/bus_data_source.go +++ b/internal/service/events/bus_data_source.go @@ -23,6 +23,10 @@ func dataSourceBus() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "kms_key_identifier": { + Type: schema.TypeString, + Computed: true, + }, names.AttrName: { Type: schema.TypeString, Required: true, @@ -44,6 +48,7 @@ func dataSourceBusRead(ctx context.Context, d *schema.ResourceData, meta interfa d.SetId(eventBusName) d.Set(names.AttrARN, output.Arn) + d.Set("kms_key_identifier", output.KmsKeyIdentifier) d.Set(names.AttrName, output.Name) return diags diff --git a/internal/service/events/bus_data_source_test.go b/internal/service/events/bus_data_source_test.go index 9d89c887b0c..e73fb276c34 100644 --- a/internal/service/events/bus_data_source_test.go +++ b/internal/service/events/bus_data_source_test.go @@ -35,6 +35,27 @@ func TestAccEventsBusDataSource_basic(t *testing.T) { }) } +func TestAccEventsBusDataSource_kmsKeyIdentifier(t *testing.T) { + ctx := acctest.Context(t) + busName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + dataSourceName := "data.aws_cloudwatch_event_bus.test" + resourceName := "aws_cloudwatch_event_bus.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, names.EventsServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccBusDataSourceConfig_kmsKeyIdentifier(busName), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "kms_key_identifier", resourceName, "kms_key_identifier"), + ), + }, + }, + }) +} + func testAccBusDataSourceConfig_basic(busName string) string { return fmt.Sprintf(` resource "aws_cloudwatch_event_bus" "test" { @@ -46,3 +67,68 @@ data "aws_cloudwatch_event_bus" "test" { } `, busName) } + +func testAccBusDataSourceConfig_kmsKeyIdentifier(busName string) string { + return fmt.Sprintf(` +data "aws_caller_identity" "current" {} + +data "aws_partition" "current" {} + +resource "aws_kms_key" "test" { + deletion_window_in_days = 7 +} + +data "aws_iam_policy_document" "key_policy" { + statement { + actions = [ + "kms:Decrypt", + "kms:GenerateDataKey" + ] + + resources = [ + aws_kms_key.test.arn, + ] + + principals { + type = "Service" + identifiers = ["events.amazonaws.com"] + } + + condition { + test = "StringEquals" + variable = "aws:SourceAccount" + values = [data.aws_caller_identity.current.account_id] + } + } + + statement { + actions = [ + "kms:*", + ] + + resources = [ + aws_kms_key.test.arn + ] + + principals { + type = "AWS" + identifiers = ["arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"] + } + } +} + +resource "aws_kms_key_policy" "test" { + key_id = aws_kms_key.test.id + policy = data.aws_iam_policy_document.key_policy.json +} + +resource "aws_cloudwatch_event_bus" "test" { + name = %[1]q + kms_key_identifier = aws_kms_key.test.arn +} + +data "aws_cloudwatch_event_bus" "test" { + name = aws_cloudwatch_event_bus.test.name +} +`, busName) +} diff --git a/internal/service/events/bus_test.go b/internal/service/events/bus_test.go index fcbf1d2445f..18285cfdede 100644 --- a/internal/service/events/bus_test.go +++ b/internal/service/events/bus_test.go @@ -74,6 +74,41 @@ func TestAccEventsBus_basic(t *testing.T) { }) } +func TestAccEventBus_kmsKeyIdentifier(t *testing.T) { + ctx := acctest.Context(t) + var v1, v2 eventbridge.DescribeEventBusOutput + busName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_cloudwatch_event_bus.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, names.EventsServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckBusDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccBusConfig_kmsKeyIdentifier1(busName), + Check: resource.ComposeTestCheckFunc( + testAccCheckBusExists(ctx, resourceName, &v1), + resource.TestCheckResourceAttrPair(resourceName, "kms_key_identifier", "aws_kms_key.test1", "arn"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccBusConfig_kmsKeyIdentifier2(busName), + Check: resource.ComposeTestCheckFunc( + testAccCheckBusExists(ctx, resourceName, &v2), + resource.TestCheckResourceAttrPair(resourceName, "kms_key_identifier", "aws_kms_key.test2", "arn"), + ), + }, + }, + }) +} + func TestAccEventsBus_tags(t *testing.T) { ctx := acctest.Context(t) var v1, v2, v3 eventbridge.DescribeEventBusOutput @@ -267,6 +302,128 @@ resource "aws_cloudwatch_event_bus" "test" { `, name) } +func testAccBusConfig_kmsKeyIdentifier1(name string) string { + return fmt.Sprintf(` +data "aws_caller_identity" "current" {} + +data "aws_partition" "current" {} + +resource "aws_kms_key" "test1" { + deletion_window_in_days = 7 +} + +data "aws_iam_policy_document" "key_policy" { + statement { + actions = [ + "kms:Decrypt", + "kms:GenerateDataKey" + ] + + resources = [ + aws_kms_key.test1.arn, + ] + + principals { + type = "Service" + identifiers = ["events.amazonaws.com"] + } + + condition { + test = "StringEquals" + variable = "aws:SourceAccount" + values = [data.aws_caller_identity.current.account_id] + } + } + + statement { + actions = [ + "kms:*", + ] + + resources = [ + aws_kms_key.test1.arn + ] + + principals { + type = "AWS" + identifiers = ["arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"] + } + } +} + +resource "aws_kms_key_policy" "test1" { + key_id = aws_kms_key.test1.id + policy = data.aws_iam_policy_document.key_policy.json +} + +resource "aws_cloudwatch_event_bus" "test" { + name = %[1]q + kms_key_identifier = aws_kms_key.test1.arn +} +`, name) +} + +func testAccBusConfig_kmsKeyIdentifier2(name string) string { + return fmt.Sprintf(` +data "aws_caller_identity" "current" {} + +data "aws_partition" "current" {} + +resource "aws_kms_key" "test2" { + deletion_window_in_days = 7 +} + +data "aws_iam_policy_document" "key_policy" { + statement { + actions = [ + "kms:Decrypt", + "kms:GenerateDataKey" + ] + + resources = [ + aws_kms_key.test2.arn, + ] + + principals { + type = "Service" + identifiers = ["events.amazonaws.com"] + } + + condition { + test = "StringEquals" + variable = "aws:SourceAccount" + values = [data.aws_caller_identity.current.account_id] + } + } + + statement { + actions = [ + "kms:*", + ] + + resources = [ + aws_kms_key.test2.arn + ] + + principals { + type = "AWS" + identifiers = ["arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"] + } + } +} + +resource "aws_kms_key_policy" "test2" { + key_id = aws_kms_key.test2.id + policy = data.aws_iam_policy_document.key_policy.json +} + +resource "aws_cloudwatch_event_bus" "test" { + name = %[1]q + kms_key_identifier = aws_kms_key.test2.arn +} +`, name) +} + func testAccBusConfig_tags1(name, key, value string) string { return fmt.Sprintf(` resource "aws_cloudwatch_event_bus" "test" { diff --git a/website/docs/d/cloudwatch_event_bus.html.markdown b/website/docs/d/cloudwatch_event_bus.html.markdown index d3232cc7bc9..3a804c6ad5d 100644 --- a/website/docs/d/cloudwatch_event_bus.html.markdown +++ b/website/docs/d/cloudwatch_event_bus.html.markdown @@ -29,3 +29,4 @@ data "aws_cloudwatch_event_bus" "example" { This data source exports the following attributes in addition to the arguments above: * `arn` - ARN. +* `kms_key_identifier` - The identifier of the AWS KMS customer managed key for EventBridge to use to encrypt events on this event bus, if one has been specified. diff --git a/website/docs/r/cloudwatch_event_bus.html.markdown b/website/docs/r/cloudwatch_event_bus.html.markdown index 1fe814860a7..cefcf691583 100644 --- a/website/docs/r/cloudwatch_event_bus.html.markdown +++ b/website/docs/r/cloudwatch_event_bus.html.markdown @@ -36,7 +36,8 @@ resource "aws_cloudwatch_event_bus" "examplepartner" { This resource supports the following arguments: * `name` - (Required) The name of the new event bus. The names of custom event buses can't contain the / character. To create a partner event bus, ensure the `name` matches the `event_source_name`. -* `event_source_name` (Optional) The partner event source that the new event bus will be matched with. Must match `name`. +* `event_source_name` - (Optional) The partner event source that the new event bus will be matched with. Must match `name`. +* `kms_key_identifier` - (Optional) The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt events on this event bus. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN. * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level. ## Attribute Reference From b79ba5f2402360eb6ac026cb5899835f9a247709 Mon Sep 17 00:00:00 2001 From: Kamil Turek Date: Tue, 23 Jul 2024 18:22:56 +0200 Subject: [PATCH 2/7] Fix terrafmt issues --- internal/service/events/bus_data_source_test.go | 2 +- internal/service/events/bus_test.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/service/events/bus_data_source_test.go b/internal/service/events/bus_data_source_test.go index e73fb276c34..9baad712d58 100644 --- a/internal/service/events/bus_data_source_test.go +++ b/internal/service/events/bus_data_source_test.go @@ -123,7 +123,7 @@ resource "aws_kms_key_policy" "test" { } resource "aws_cloudwatch_event_bus" "test" { - name = %[1]q + name = %[1]q kms_key_identifier = aws_kms_key.test.arn } diff --git a/internal/service/events/bus_test.go b/internal/service/events/bus_test.go index 18285cfdede..97d70dd893a 100644 --- a/internal/service/events/bus_test.go +++ b/internal/service/events/bus_test.go @@ -357,7 +357,7 @@ resource "aws_kms_key_policy" "test1" { } resource "aws_cloudwatch_event_bus" "test" { - name = %[1]q + name = %[1]q kms_key_identifier = aws_kms_key.test1.arn } `, name) @@ -418,7 +418,7 @@ resource "aws_kms_key_policy" "test2" { } resource "aws_cloudwatch_event_bus" "test" { - name = %[1]q + name = %[1]q kms_key_identifier = aws_kms_key.test2.arn } `, name) From ef859f90ad83c916c85df5004be998371f7e0467 Mon Sep 17 00:00:00 2001 From: Kamil Turek Date: Tue, 23 Jul 2024 18:45:09 +0200 Subject: [PATCH 3/7] Add changelog --- .changelog/38492.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .changelog/38492.txt diff --git a/.changelog/38492.txt b/.changelog/38492.txt new file mode 100644 index 00000000000..de4753d6ca7 --- /dev/null +++ b/.changelog/38492.txt @@ -0,0 +1,7 @@ +```release-note:enhancement +resource/aws_cloudwatch_event_bus: Add `kms_key_identifier` argument +``` + +```release-note:enhancement +data-source/aws_cloudwatch_event_bus: Add `kms_key_identifier` attribute +``` From 5f9f83a822e2f391fff7e91939b4f8d8d619ae5f Mon Sep 17 00:00:00 2001 From: Kamil Turek Date: Tue, 23 Jul 2024 18:45:17 +0200 Subject: [PATCH 4/7] Fix semgrep issues --- internal/service/events/bus_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/events/bus_test.go b/internal/service/events/bus_test.go index 97d70dd893a..51d64cc6eec 100644 --- a/internal/service/events/bus_test.go +++ b/internal/service/events/bus_test.go @@ -74,7 +74,7 @@ func TestAccEventsBus_basic(t *testing.T) { }) } -func TestAccEventBus_kmsKeyIdentifier(t *testing.T) { +func TestAccEventsBus_kmsKeyIdentifier(t *testing.T) { ctx := acctest.Context(t) var v1, v2 eventbridge.DescribeEventBusOutput busName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) From 5d293bf7579871c7ba5256b7a72307e85f0eb9dd Mon Sep 17 00:00:00 2001 From: Kamil Turek Date: Tue, 23 Jul 2024 19:12:30 +0200 Subject: [PATCH 5/7] Fix more semgrep issues --- internal/service/events/bus_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/service/events/bus_test.go b/internal/service/events/bus_test.go index 51d64cc6eec..f51a7255fb0 100644 --- a/internal/service/events/bus_test.go +++ b/internal/service/events/bus_test.go @@ -90,7 +90,7 @@ func TestAccEventsBus_kmsKeyIdentifier(t *testing.T) { Config: testAccBusConfig_kmsKeyIdentifier1(busName), Check: resource.ComposeTestCheckFunc( testAccCheckBusExists(ctx, resourceName, &v1), - resource.TestCheckResourceAttrPair(resourceName, "kms_key_identifier", "aws_kms_key.test1", "arn"), + resource.TestCheckResourceAttrPair(resourceName, "kms_key_identifier", "aws_kms_key.test1", names.AttrARN), ), }, { @@ -102,7 +102,7 @@ func TestAccEventsBus_kmsKeyIdentifier(t *testing.T) { Config: testAccBusConfig_kmsKeyIdentifier2(busName), Check: resource.ComposeTestCheckFunc( testAccCheckBusExists(ctx, resourceName, &v2), - resource.TestCheckResourceAttrPair(resourceName, "kms_key_identifier", "aws_kms_key.test2", "arn"), + resource.TestCheckResourceAttrPair(resourceName, "kms_key_identifier", "aws_kms_key.test2", names.AttrARN), ), }, }, From b76497e85d2d0643b21d0db2f5f3e27cd71d7cc2 Mon Sep 17 00:00:00 2001 From: Jared Baker Date: Wed, 24 Jul 2024 16:34:34 -0400 Subject: [PATCH 6/7] r/aws_cloudwatch_event_bus: only update when kms key changes --- internal/service/events/bus.go | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/internal/service/events/bus.go b/internal/service/events/bus.go index 255138145ab..29a75c29b57 100644 --- a/internal/service/events/bus.go +++ b/internal/service/events/bus.go @@ -143,18 +143,20 @@ func resourceBusUpdate(ctx context.Context, d *schema.ResourceData, meta interfa var diags diag.Diagnostics conn := meta.(*conns.AWSClient).EventsClient(ctx) - input := &eventbridge.UpdateEventBusInput{ - Name: aws.String(d.Get(names.AttrName).(string)), - } + if d.HasChange("kms_key_identifier") { + input := &eventbridge.UpdateEventBusInput{ + Name: aws.String(d.Get(names.AttrName).(string)), + } - if v, ok := d.GetOk("kms_key_identifier"); ok { - input.KmsKeyIdentifier = aws.String(v.(string)) - } + if v, ok := d.GetOk("kms_key_identifier"); ok { + input.KmsKeyIdentifier = aws.String(v.(string)) + } - _, err := conn.UpdateEventBus(ctx, input) + _, err := conn.UpdateEventBus(ctx, input) - if err != nil { - return sdkdiag.AppendErrorf(diags, "updating EventBridge Event Bus (%s): %s", d.Id(), err) + if err != nil { + return sdkdiag.AppendErrorf(diags, "updating EventBridge Event Bus (%s): %s", d.Id(), err) + } } return append(diags, resourceBusRead(ctx, d, meta)...) From e9d3fbf2181644a5c397140faceec66077fc9e5e Mon Sep 17 00:00:00 2001 From: Jared Baker Date: Wed, 24 Jul 2024 16:35:03 -0400 Subject: [PATCH 7/7] r/aws_cloudwatch_event_bus(test): add base kms key config ```console % make testacc PKG=events TESTS=TestAccEventsBus_kmsKeyIdentifier make: Verifying source code with gofmt... ==> Checking that code complies with gofmt requirements... TF_ACC=1 go1.22.5 test ./internal/service/events/... -v -count 1 -parallel 20 -run='TestAccEventsBus_kmsKeyIdentifier' -timeout 360m === RUN TestAccEventsBus_kmsKeyIdentifier === PAUSE TestAccEventsBus_kmsKeyIdentifier === CONT TestAccEventsBus_kmsKeyIdentifier --- PASS: TestAccEventsBus_kmsKeyIdentifier (55.82s) PASS ok github.com/hashicorp/terraform-provider-aws/internal/service/events 61.663s ``` --- internal/service/events/bus_test.go | 131 +++++++++++----------------- 1 file changed, 49 insertions(+), 82 deletions(-) diff --git a/internal/service/events/bus_test.go b/internal/service/events/bus_test.go index f51a7255fb0..704caee5e16 100644 --- a/internal/service/events/bus_test.go +++ b/internal/service/events/bus_test.go @@ -302,73 +302,50 @@ resource "aws_cloudwatch_event_bus" "test" { `, name) } -func testAccBusConfig_kmsKeyIdentifier1(name string) string { +func testAccBusConfig_tags1(name, key, value string) string { return fmt.Sprintf(` -data "aws_caller_identity" "current" {} - -data "aws_partition" "current" {} - -resource "aws_kms_key" "test1" { - deletion_window_in_days = 7 -} - -data "aws_iam_policy_document" "key_policy" { - statement { - actions = [ - "kms:Decrypt", - "kms:GenerateDataKey" - ] - - resources = [ - aws_kms_key.test1.arn, - ] - - principals { - type = "Service" - identifiers = ["events.amazonaws.com"] - } +resource "aws_cloudwatch_event_bus" "test" { + name = %[1]q - condition { - test = "StringEquals" - variable = "aws:SourceAccount" - values = [data.aws_caller_identity.current.account_id] - } + tags = { + %[2]q = %[3]q } +} +`, name, key, value) +} - statement { - actions = [ - "kms:*", - ] - - resources = [ - aws_kms_key.test1.arn - ] +func testAccBusConfig_tags2(name, key1, value1, key2, value2 string) string { + return fmt.Sprintf(` +resource "aws_cloudwatch_event_bus" "test" { + name = %[1]q - principals { - type = "AWS" - identifiers = ["arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:root"] - } + tags = { + %[2]q = %[3]q + %[4]q = %[5]q } } - -resource "aws_kms_key_policy" "test1" { - key_id = aws_kms_key.test1.id - policy = data.aws_iam_policy_document.key_policy.json +`, name, key1, value1, key2, value2) } +func testAccBusConfig_partnerSource(name string) string { + return fmt.Sprintf(` resource "aws_cloudwatch_event_bus" "test" { - name = %[1]q - kms_key_identifier = aws_kms_key.test1.arn + name = %[1]q + event_source_name = %[1]q } `, name) } -func testAccBusConfig_kmsKeyIdentifier2(name string) string { - return fmt.Sprintf(` +func testAccBusConfig_kmsKeyIdentifierBase() string { + return ` data "aws_caller_identity" "current" {} data "aws_partition" "current" {} +resource "aws_kms_key" "test1" { + deletion_window_in_days = 7 +} + resource "aws_kms_key" "test2" { deletion_window_in_days = 7 } @@ -381,6 +358,7 @@ data "aws_iam_policy_document" "key_policy" { ] resources = [ + aws_kms_key.test1.arn, aws_kms_key.test2.arn, ] @@ -402,7 +380,8 @@ data "aws_iam_policy_document" "key_policy" { ] resources = [ - aws_kms_key.test2.arn + aws_kms_key.test1.arn, + aws_kms_key.test2.arn, ] principals { @@ -412,48 +391,36 @@ data "aws_iam_policy_document" "key_policy" { } } -resource "aws_kms_key_policy" "test2" { - key_id = aws_kms_key.test2.id +resource "aws_kms_key_policy" "test1" { + key_id = aws_kms_key.test1.id policy = data.aws_iam_policy_document.key_policy.json } -resource "aws_cloudwatch_event_bus" "test" { - name = %[1]q - kms_key_identifier = aws_kms_key.test2.arn -} -`, name) -} - -func testAccBusConfig_tags1(name, key, value string) string { - return fmt.Sprintf(` -resource "aws_cloudwatch_event_bus" "test" { - name = %[1]q - - tags = { - %[2]q = %[3]q - } +resource "aws_kms_key_policy" "test2" { + key_id = aws_kms_key.test2.id + policy = data.aws_iam_policy_document.key_policy.json } -`, name, key, value) +` } -func testAccBusConfig_tags2(name, key1, value1, key2, value2 string) string { - return fmt.Sprintf(` +func testAccBusConfig_kmsKeyIdentifier1(name string) string { + return acctest.ConfigCompose( + testAccBusConfig_kmsKeyIdentifierBase(), + fmt.Sprintf(` resource "aws_cloudwatch_event_bus" "test" { - name = %[1]q - - tags = { - %[2]q = %[3]q - %[4]q = %[5]q - } + name = %[1]q + kms_key_identifier = aws_kms_key.test1.arn } -`, name, key1, value1, key2, value2) +`, name)) } -func testAccBusConfig_partnerSource(name string) string { - return fmt.Sprintf(` +func testAccBusConfig_kmsKeyIdentifier2(name string) string { + return acctest.ConfigCompose( + testAccBusConfig_kmsKeyIdentifierBase(), + fmt.Sprintf(` resource "aws_cloudwatch_event_bus" "test" { - name = %[1]q - event_source_name = %[1]q + name = %[1]q + kms_key_identifier = aws_kms_key.test2.arn } -`, name) +`, name)) }