Merge pull request #15136 from FaHeymann/prevent-duplicate-config-rul…

…es-on-name-change

b/Config Service rule: Prevent duplication on name change

.changelog/15136.txt

@@ -0,0 +1,19 @@
+```release-note:bug
+resource/aws_config_configuration_recorder: Fix `panic: interface conversion: interface {} is nil, not map[string]interface {}` when `recording_group.exclusion_by_resource_types` is empty
+```
+
+```release-note:enhancement
+resource/aws_config_configuration_recorder: Add plan-time validation of `aws_config_organization_custom_rule.lambda_function_arn`
+```
+
+```release-note:bug
+resource/aws_config_rule: Change `name` to [ForceNew](https://developer.hashicorp.com/terraform/plugin/sdkv2/schemas/schema-behaviors#forcenew)
+```
+
+```release-note:new-resource
+aws_config_retention_configuration
+```
+
+```release-note:bug
+resource/aws_config_rule: Fix `InvalidParameterValueException: PolicyText is required when Owner is CUSTOM_POLICY` errors on resource Update
+```

go.mod

@@ -49,6 +49,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/codestarnotifications v1.22.1
 	github.com/aws/aws-sdk-go-v2/service/comprehend v1.31.1
 	github.com/aws/aws-sdk-go-v2/service/computeoptimizer v1.33.1
+	github.com/aws/aws-sdk-go-v2/service/configservice v1.46.1
 	github.com/aws/aws-sdk-go-v2/service/connectcases v1.15.1
 	github.com/aws/aws-sdk-go-v2/service/controltower v1.13.1
 	github.com/aws/aws-sdk-go-v2/service/costoptimizationhub v1.4.1

go.sum

@@ -120,6 +120,8 @@ github.com/aws/aws-sdk-go-v2/service/comprehend v1.31.1 h1:CAoDG5wkvJ8x/woXDxsnS
 github.com/aws/aws-sdk-go-v2/service/comprehend v1.31.1/go.mod h1:tWhHJ9LUWQEdX5wwopa00xsTkYrOgi1sDwUxNuFYMfI=
 github.com/aws/aws-sdk-go-v2/service/computeoptimizer v1.33.1 h1:rQpdG0ooVj8GhQDJSpXnFJRiUCSfftT4O4AI0zqNsBA=
 github.com/aws/aws-sdk-go-v2/service/computeoptimizer v1.33.1/go.mod h1:3dkJ/DPuEmKrFcbqNuBbhmFWe/6D8I5sOwCO5OZFEXk=
+github.com/aws/aws-sdk-go-v2/service/configservice v1.46.1 h1:emsv8VBtQkrBm2OJ4qT80e03KCtJj6zfKuWnDYqwtNE=
+github.com/aws/aws-sdk-go-v2/service/configservice v1.46.1/go.mod h1:cuYIudpyQM/SiVg/P/UZBzThfq1IbXnswiyYDBFcTY4=
 github.com/aws/aws-sdk-go-v2/service/connectcases v1.15.1 h1:CQg3/P8gT7Kg2mYBM/V6oGyW88QrC2wYlPG9/mGJ5rc=
 github.com/aws/aws-sdk-go-v2/service/connectcases v1.15.1/go.mod h1:MyqG3o70o57M1M7Bw0X7hffxp8DhPKp4bgvovzwxNOA=
 github.com/aws/aws-sdk-go-v2/service/controltower v1.13.1 h1:+ADMUxi3W7Wq+f2XQPpZiKBAylHZkjk8NLwYXM3VerY=

internal/acctest/acctest.go

@@ -2301,7 +2301,7 @@ resource "aws_vpc" "vpc_for_lambda" {
   assign_generated_ipv6_cidr_block = true
 
   tags = {
-    Name = "terraform-testacc-lambda-function"
+    Name = %[3]q
   }
 }
 
@@ -2313,7 +2313,7 @@ resource "aws_subnet" "subnet_for_lambda" {
   assign_ipv6_address_on_creation = true
 
   tags = {
-    Name = "tf-acc-lambda-function-1"
+    Name = %[3]q
   }
 }
 
@@ -2327,7 +2327,7 @@ resource "aws_subnet" "subnet_for_lambda_az2" {
   assign_ipv6_address_on_creation = true
 
   tags = {
-    Name = "tf-acc-lambda-function-2"
+    Name = %[3]q
   }
 }
 

internal/acctest/vcr.go

@@ -78,7 +78,7 @@ var (
 )
 
 // ProviderMeta returns the current provider's state (AKA "meta" or "conns.AWSClient").
-func ProviderMeta(t *testing.T) *conns.AWSClient {
+func ProviderMeta(_ context.Context, t *testing.T) *conns.AWSClient {
 	t.Helper()
 
 	providerMetas.Lock()
@@ -108,14 +108,14 @@ func vcrMode() (recorder.Mode, error) {
 }
 
 // vcrEnabledProtoV5ProviderFactories returns ProtoV5ProviderFactories ready for use with VCR.
-func vcrEnabledProtoV5ProviderFactories(t *testing.T, input map[string]func() (tfprotov5.ProviderServer, error)) map[string]func() (tfprotov5.ProviderServer, error) {
+func vcrEnabledProtoV5ProviderFactories(ctx context.Context, t *testing.T, input map[string]func() (tfprotov5.ProviderServer, error)) map[string]func() (tfprotov5.ProviderServer, error) {
 	t.Helper()
 
 	output := make(map[string]func() (tfprotov5.ProviderServer, error), len(input))
 
 	for name := range input {
 		output[name] = func() (tfprotov5.ProviderServer, error) {
-			providerServerFactory, primary, err := provider.ProtoV5ProviderServerFactory(context.Background())
+			providerServerFactory, primary, err := provider.ProtoV5ProviderServerFactory(ctx)
 
 			if err != nil {
 				return nil, err
@@ -383,15 +383,14 @@ func writeSeedToFile(seed int64, fileName string) error {
 }
 
 // closeVCRRecorder closes the VCR recorder, saving the cassette and randomness seed.
-func closeVCRRecorder(t *testing.T) {
+func closeVCRRecorder(ctx context.Context, t *testing.T) {
 	t.Helper()
 
 	// Don't close the recorder if we're running because of a panic.
 	if p := recover(); p != nil {
 		panic(p)
 	}
 
-	ctx := context.TODO() // nosemgrep:ci.semgrep.migrate.context-todo
 	testName := t.Name()
 	providerMetas.Lock()
 	meta, ok := providerMetas[testName]
@@ -428,24 +427,24 @@ func closeVCRRecorder(t *testing.T) {
 }
 
 // ParallelTest wraps resource.ParallelTest, initializing VCR if enabled.
-func ParallelTest(t *testing.T, c resource.TestCase) {
+func ParallelTest(ctx context.Context, t *testing.T, c resource.TestCase) {
 	t.Helper()
 
 	if isVCREnabled() {
-		c.ProtoV5ProviderFactories = vcrEnabledProtoV5ProviderFactories(t, c.ProtoV5ProviderFactories)
-		defer closeVCRRecorder(t)
+		c.ProtoV5ProviderFactories = vcrEnabledProtoV5ProviderFactories(ctx, t, c.ProtoV5ProviderFactories)
+		defer closeVCRRecorder(ctx, t)
 	}
 
 	resource.ParallelTest(t, c)
 }
 
 // Test wraps resource.Test, initializing VCR if enabled.
-func Test(t *testing.T, c resource.TestCase) {
+func Test(ctx context.Context, t *testing.T, c resource.TestCase) {
 	t.Helper()
 
 	if isVCREnabled() {
-		c.ProtoV5ProviderFactories = vcrEnabledProtoV5ProviderFactories(t, c.ProtoV5ProviderFactories)
-		defer closeVCRRecorder(t)
+		c.ProtoV5ProviderFactories = vcrEnabledProtoV5ProviderFactories(ctx, t, c.ProtoV5ProviderFactories)
+		defer closeVCRRecorder(ctx, t)
 	}
 
 	resource.Test(t, c)

internal/acctest/vcr_test.go

@@ -10,12 +10,14 @@ import (
 )
 
 func TestRandInt(t *testing.T) {
+	ctx := acctest.Context(t)
+
 	t.Setenv("VCR_PATH", t.TempDir())
 
 	t.Setenv("VCR_MODE", "RECORDING")
 	rec1 := acctest.RandInt(t)
 	rec2 := acctest.RandInt(t)
-	acctest.CloseVCRRecorder(t)
+	acctest.CloseVCRRecorder(ctx, t)
 
 	t.Setenv("VCR_MODE", "REPLAYING")
 	rep1 := acctest.RandInt(t)
@@ -30,12 +32,14 @@ func TestRandInt(t *testing.T) {
 }
 
 func TestRandomWithPrefix(t *testing.T) {
+	ctx := acctest.Context(t)
+
 	t.Setenv("VCR_PATH", t.TempDir())
 
 	t.Setenv("VCR_MODE", "RECORDING")
 	rec1 := acctest.RandomWithPrefix(t, acctest.ResourcePrefix)
 	rec2 := acctest.RandomWithPrefix(t, acctest.ResourcePrefix)
-	acctest.CloseVCRRecorder(t)
+	acctest.CloseVCRRecorder(ctx, t)
 
 	t.Setenv("VCR_MODE", "REPLAYING")
 	rep1 := acctest.RandomWithPrefix(t, acctest.ResourcePrefix)

internal/service/cloudhsmv2/service_package.go

@@ -6,19 +6,28 @@ package cloudhsmv2
 import (
 	"context"
 
-	aws_sdkv1 "github.com/aws/aws-sdk-go/aws"
-	request_sdkv1 "github.com/aws/aws-sdk-go/aws/request"
-	cloudhsmv2_sdkv1 "github.com/aws/aws-sdk-go/service/cloudhsmv2"
-	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/aws/retry"
+	"github.com/aws/aws-sdk-go-v2/service/cloudhsmv2"
+	"github.com/aws/aws-sdk-go-v2/service/cloudhsmv2/types"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/errs"
 )
 
-// CustomizeConn customizes a new AWS SDK for Go v1 client for this service package's AWS API.
-func (p *servicePackage) CustomizeConn(ctx context.Context, conn *cloudhsmv2_sdkv1.CloudHSMV2) (*cloudhsmv2_sdkv1.CloudHSMV2, error) {
-	conn.Handlers.Retry.PushBack(func(r *request_sdkv1.Request) {
-		if tfawserr.ErrMessageContains(r.Error, cloudhsmv2_sdkv1.ErrCodeCloudHsmInternalFailureException, "request was rejected because of an AWS CloudHSM internal failure") {
-			r.Retryable = aws_sdkv1.Bool(true)
+// NewClient returns a new AWS SDK for Go v2 client for this service package's AWS API.
+func (p *servicePackage) NewClient(ctx context.Context, config map[string]any) (*cloudhsmv2.Client, error) {
+	cfg := *(config["aws_sdkv2_config"].(*aws.Config))
+
+	return cloudhsmv2.NewFromConfig(cfg, func(o *cloudhsmv2.Options) {
+		if endpoint := config["endpoint"].(string); endpoint != "" {
+			o.BaseEndpoint = aws.String(endpoint)
 		}
-	})
 
-	return conn, nil
+		o.Retryer = conns.AddIsErrorRetryables(cfg.Retryer().(aws.RetryerV2), retry.IsErrorRetryableFunc(func(err error) aws.Ternary {
+			if errs.IsAErrorMessageContains[*types.CloudHsmInternalFailureException](err, "request was rejected because of an AWS CloudHSM internal failure") {
+				return aws.TrueTernary
+			}
+			return aws.UnknownTernary // Delegate to configured Retryer.
+		}))
+	}), nil
 }

internal/service/codestarnotifications/sweep.go

@@ -41,7 +41,7 @@ func sweepNotificationRules(region string) error {
 		}
 
 		if err != nil {
-			return fmt.Errorf("error listingCodeStar Notification Rules (%s): %w", region, err)
+			return fmt.Errorf("error listing CodeStar Notification Rules (%s): %w", region, err)
 		}
 
 		for _, v := range page.NotificationRules {