From ebda1011bb90d01ea8f664e18ad58f3d8f1531cd Mon Sep 17 00:00:00 2001 From: "roman.peresypkin" Date: Mon, 22 Aug 2022 01:00:15 +0300 Subject: [PATCH 01/12] aws_dms_endpoint redist target settings fix --- internal/service/dms/endpoint.go | 124 ++++++++++++++++++++++ internal/service/dms/endpoint_test.go | 123 +++++++++++++++++++++ website/docs/r/dms_endpoint.html.markdown | 12 +++ 3 files changed, 259 insertions(+) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index 43dd1315291..f8e0a63c722 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -333,6 +333,51 @@ func ResourceEndpoint() *schema.Resource { Optional: true, ConflictsWith: []string{"secrets_manager_access_role_arn", "secrets_manager_arn"}, }, + "redis_settings": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + DiffSuppressFunc: verify.SuppressMissingOptionalConfigurationBlock, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "auth_password": { + Type: schema.TypeString, + Optional: true, + RequiredWith: []string{"auth_type"}, + }, + "auth_type": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice(dms.RedisAuthTypeValue_Values(), false), + }, + "auth_user_name": { + Type: schema.TypeString, + Optional: true, + RequiredWith: []string{"auth_type"}, + }, + "port": { + Type: schema.TypeInt, + Required: true, + ValidateFunc: validation.IntAtLeast(0), + }, + "server_name": { + Type: schema.TypeString, + Required: true, + }, + "ssl_ca_certificate_arn": { + Type: schema.TypeString, + Optional: true, + RequiredWith: []string{"ssl_security_protocol"}, + }, + "ssl_security_protocol": { + Type: schema.TypeString, + Required: true, + Default: dms.SslSecurityProtocolValueSslEncryption, + ValidateFunc: validation.StringInSlice(dms.SslSecurityProtocolValue_Values(), false), + }, + }, + }, + }, "redshift_settings": { Type: schema.TypeList, Optional: true, @@ -757,6 +802,8 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error { // Set connection info in top-level namespace as well expandTopLevelConnectionInfo(d, input) } + case engineNameRedis: + input.RedisSettings = expandRedisSettings(d.Get("redis_settings").([]interface{})[0].(map[string]interface{})) case engineNameRedshift: var settings = &dms.RedshiftSettings{ DatabaseName: aws.String(d.Get("database_name").(string)), @@ -1062,6 +1109,11 @@ func resourceEndpointUpdate(d *schema.ResourceData, meta interface{}) error { expandTopLevelConnectionInfoModify(d, input) } } + case engineNameRedis: + if d.HasChanges("redis_settings") { + input.RedisSettings = expandRedisSettings(d.Get("redis_settings").([]interface{})[0].(map[string]interface{})) + input.EngineName = aws.String(engineName) + } case engineNameRedshift: if d.HasChanges( "username", "password", "server_name", "port", "database_name", @@ -1223,6 +1275,10 @@ func resourceEndpointCustomizeDiff(_ context.Context, diff *schema.ResourceDiff, if v, ok := diff.GetOk("mongodb_settings"); !ok || len(v.([]interface{})) == 0 || v.([]interface{})[0] == nil { return fmt.Errorf("mongodb_settings must be set when engine_name = %q", engineName) } + case engineNameRedis: + if v, ok := diff.GetOk("redis_settings"); !ok || len(v.([]interface{})) == 0 || v.([]interface{})[0] == nil { + return fmt.Errorf("redis_settings must be set when engine_name = %q", engineName) + } case engineNameS3: if v, ok := diff.GetOk("s3_settings"); !ok || len(v.([]interface{})) == 0 || v.([]interface{})[0] == nil { return fmt.Errorf("s3_settings must be set when engine_name = %q", engineName) @@ -1317,6 +1373,10 @@ func resourceEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoint) er } else { flattenTopLevelConnectionInfo(d, endpoint) } + case engineNameRedis: + if err := d.Set("redis_settings", flattenRedisSettings(endpoint.RedisSettings)); err != nil { + return fmt.Errorf("Error setting redis_settings for DMS: %s", err) + } case engineNameRedshift: if endpoint.RedshiftSettings != nil { d.Set("username", endpoint.RedshiftSettings.Username) @@ -1648,6 +1708,70 @@ func flattenMongoDBSettings(settings *dms.MongoDbSettings) []map[string]interfac return []map[string]interface{}{m} } +func expandRedisSettings(tfMap map[string]interface{}) *dms.RedisSettings { + if tfMap == nil { + return nil + } + + apiObject := &dms.RedisSettings{} + + if v, ok := tfMap["auth_password"].(string); ok { + apiObject.AuthPassword = aws.String(v) + } + if v, ok := tfMap["auth_type"].(string); ok { + apiObject.AuthType = aws.String(v) + } + if v, ok := tfMap["auth_user_name"].(string); ok { + apiObject.AuthUserName = aws.String(v) + } + if v, ok := tfMap["port"].(int); ok { + apiObject.Port = aws.Int64(int64(v)) + } + if v, ok := tfMap["server_name"].(string); ok { + apiObject.ServerName = aws.String(v) + } + if v, ok := tfMap["ssl_ca_certificate_arn"].(string); ok { + apiObject.SslCaCertificateArn = aws.String(v) + } + if v, ok := tfMap["ssl_security_protocol"].(string); ok { + apiObject.SslSecurityProtocol = aws.String(v) + } + + return apiObject +} + +func flattenRedisSettings(apiObject *dms.RedisSettings) []map[string]interface{} { + if apiObject == nil { + return []map[string]interface{}{} + } + + tfMap := map[string]interface{}{} + + if v := apiObject.AuthPassword; v != nil { + tfMap["auth_password"] = aws.StringValue(v) + } + if v := apiObject.AuthType; v != nil { + tfMap["auth_type"] = aws.StringValue(v) + } + if v := apiObject.AuthUserName; v != nil { + tfMap["auth_user_name"] = aws.StringValue(v) + } + if v := apiObject.Port; v != nil { + tfMap["port"] = aws.Int64Value(v) + } + if v := apiObject.ServerName; v != nil { + tfMap["server_name"] = aws.StringValue(v) + } + if v := apiObject.SslCaCertificateArn; v != nil { + tfMap["ssl_ca_certificate_arn"] = aws.StringValue(v) + } + if v := apiObject.SslSecurityProtocol; v != nil { + tfMap["ssl_security_protocol"] = aws.StringValue(v) + } + + return []map[string]interface{}{tfMap} +} + func flattenRedshiftSettings(settings *dms.RedshiftSettings) []map[string]interface{} { if settings == nil { return []map[string]interface{}{} diff --git a/internal/service/dms/endpoint_test.go b/internal/service/dms/endpoint_test.go index ae0a030824f..f61b7c1c212 100644 --- a/internal/service/dms/endpoint_test.go +++ b/internal/service/dms/endpoint_test.go @@ -1310,6 +1310,81 @@ func TestAccDMSEndpoint_db2(t *testing.T) { }) } +func TestAccDMSEndpoint_Redis_basic(t *testing.T) { + resourceName := "aws_dms_endpoint.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckEndpointDestroy, + Steps: []resource.TestStep{ + { + Config: testAccEndpointConfig_redis(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.auth_type", "auth-role"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.auth_user_name", "user"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.port", "6379"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.server_name", "redis_dns"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.ssl_ca_certificate_arn", "arn"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.ssl_security_protocol", "ssl-encryption"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"redis_settings.0.auth_password"}, + }, + }, + }) +} + +func TestAccDMSEndpoint_Redis_update(t *testing.T) { + resourceName := "aws_dms_endpoint.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckEndpointDestroy, + Steps: []resource.TestStep{ + { + Config: testAccEndpointConfig_redisUpdate(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.#", "1"), + ), + }, + { + Config: testAccEndpointConfig_redisUpdate(rName), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "redis_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.auth_type", "auth-role"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.auth_user_name", "user"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.port", "6379"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.server_name", "redis_dns"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.ssl_ca_certificate_arn", "arn"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.ssl_security_protocol", "ssl-encryption"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"redis_settings.0.auth_password"}, + }, + }, + }) +} + func TestAccDMSEndpoint_Redshift_basic(t *testing.T) { resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -2918,6 +2993,54 @@ resource "aws_dms_endpoint" "test" { `, rName) } +func testAccEndpointConfig_redis(rName string) string { + return fmt.Sprintf(` +resource "aws_dms_endpoint" "test" { + endpoint_id = %[1]q + endpoint_type = "target" + engine_name = "redis" + redis_settings { + auth_password = "password" + auth_type = "auth-role" + auth_user_name = "user" + port = 6379 + server_name = "redis_dns" + ssl_ca_certificate_arn = "arn" + ssl_security_protocol = "ssl-encryption" + } + tags = { + Name = %[1]q + Update = "to-update" + Remove = "to-remove" + } +} +`, rName) +} + +func testAccEndpointConfig_redisUpdate(rName string) string { + return fmt.Sprintf(` +resource "aws_dms_endpoint" "test" { + endpoint_id = %[1]q + endpoint_type = "target" + engine_name = "redis" + redis_settings { + auth_password = "password" + auth_type = "auth-role" + auth_user_name = "user" + port = 6379 + server_name = "redis_dns" + ssl_ca_certificate_arn = "arn" + ssl_security_protocol = "ssl-encryption" + } + tags = { + Name = %[1]q + Update = "to-update" + Remove = "to-remove" + } +} +`, rName) +} + func testAccEndpointConfig_redshiftBase(rName string) string { return acctest.ConfigCompose(acctest.ConfigAvailableAZsNoOptInExclude("usw2-az2"), fmt.Sprintf(` resource "aws_redshift_cluster" "test" { diff --git a/website/docs/r/dms_endpoint.html.markdown b/website/docs/r/dms_endpoint.html.markdown index 095e22cd677..ca822a8f22a 100644 --- a/website/docs/r/dms_endpoint.html.markdown +++ b/website/docs/r/dms_endpoint.html.markdown @@ -125,6 +125,18 @@ The following arguments are optional: * `extract_doc_id` - (Optional) Document ID. Use this setting when `nesting_level` is set to `none`. Default is `false`. * `nesting_level` - (Optional) Specifies either document or table mode. Default is `none`. Valid values are `one` (table mode) and `none` (document mode). +### redis_settings + +-> Additional information can be found in the [Using Redis as a target for AWS Database Migration Service](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Redis.html). + +* `auth_password` - (Optional) The password provided with the auth-role and auth-token options of the AuthType setting for a Redis target endpoint. +* `auth_type` - (Required) The type of authentication to perform when connecting to a Redis target. Options include `none`, `auth-token`, and `auth-role`. The `auth-token` option requires an `auth_password` value to be provided. The `auth-role` option requires `auth_user_name` and `auth_password` values to be provided. +* `auth_user_name` - (Optional) The username provided with the `auth-role` option of the AuthType setting for a Redis target endpoint. +* `server_name` - Fully qualified domain name of the endpoint. +* `port` - Transmission Control Protocol (TCP) port for the endpoint. +* `ssl_ca_certificate_arn` - (Optional) The Amazon Resource Name (ARN) for the certificate authority (CA) that DMS uses to connect to your Redis target endpoint. +* `ssl_security_protocol`- (Required) The plaintext option doesn't provide Transport Layer Security (TLS) encryption for traffic between endpoint and database. Options include `plaintext`, `ssl-encryption`. For `ssl-encryption` please reffer to docs + ### redshift_settings -> Additional information can be found in the [Using Amazon Redshift as a Target for AWS Database Migration Service documentation](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.Redshift.html). From 71f3d9595f722889f024288741a7a63fce2dcf33 Mon Sep 17 00:00:00 2001 From: "roman.peresypkin" Date: Mon, 22 Aug 2022 01:51:35 +0300 Subject: [PATCH 02/12] remove RequiredWith for structure validation --- internal/service/dms/endpoint.go | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index f8e0a63c722..62350524870 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -340,20 +340,18 @@ func ResourceEndpoint() *schema.Resource { DiffSuppressFunc: verify.SuppressMissingOptionalConfigurationBlock, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "auth_password": { - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{"auth_type"}, - }, "auth_type": { Type: schema.TypeString, Required: true, ValidateFunc: validation.StringInSlice(dms.RedisAuthTypeValue_Values(), false), }, + "auth_password": { + Type: schema.TypeString, + Optional: true, + }, "auth_user_name": { - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{"auth_type"}, + Type: schema.TypeString, + Optional: true, }, "port": { Type: schema.TypeInt, @@ -365,14 +363,12 @@ func ResourceEndpoint() *schema.Resource { Required: true, }, "ssl_ca_certificate_arn": { - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{"ssl_security_protocol"}, + Type: schema.TypeString, + Optional: true, }, "ssl_security_protocol": { Type: schema.TypeString, Required: true, - Default: dms.SslSecurityProtocolValueSslEncryption, ValidateFunc: validation.StringInSlice(dms.SslSecurityProtocolValue_Values(), false), }, }, From 1ee64ac4e91ab6e34072ea08fd357b55b38c7806 Mon Sep 17 00:00:00 2001 From: "roman.peresypkin" Date: Mon, 22 Aug 2022 01:55:24 +0300 Subject: [PATCH 03/12] persist order from api RedisSettings --- internal/service/dms/endpoint.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index 62350524870..92827aa441e 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -340,15 +340,15 @@ func ResourceEndpoint() *schema.Resource { DiffSuppressFunc: verify.SuppressMissingOptionalConfigurationBlock, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "auth_password": { + Type: schema.TypeString, + Optional: true, + }, "auth_type": { Type: schema.TypeString, Required: true, ValidateFunc: validation.StringInSlice(dms.RedisAuthTypeValue_Values(), false), }, - "auth_password": { - Type: schema.TypeString, - Optional: true, - }, "auth_user_name": { Type: schema.TypeString, Optional: true, From 4fc73dec81bb27d3281f3f539d4e93f6ccdaee7d Mon Sep 17 00:00:00 2001 From: "roman.peresypkin" Date: Mon, 22 Aug 2022 16:55:26 +0300 Subject: [PATCH 04/12] fix formatting --- internal/service/dms/endpoint_test.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/service/dms/endpoint_test.go b/internal/service/dms/endpoint_test.go index f61b7c1c212..e82c54a6bb7 100644 --- a/internal/service/dms/endpoint_test.go +++ b/internal/service/dms/endpoint_test.go @@ -2996,9 +2996,9 @@ resource "aws_dms_endpoint" "test" { func testAccEndpointConfig_redis(rName string) string { return fmt.Sprintf(` resource "aws_dms_endpoint" "test" { - endpoint_id = %[1]q - endpoint_type = "target" - engine_name = "redis" + endpoint_id = %[1]q + endpoint_type = "target" + engine_name = "redis" redis_settings { auth_password = "password" auth_type = "auth-role" @@ -3020,9 +3020,9 @@ resource "aws_dms_endpoint" "test" { func testAccEndpointConfig_redisUpdate(rName string) string { return fmt.Sprintf(` resource "aws_dms_endpoint" "test" { - endpoint_id = %[1]q - endpoint_type = "target" - engine_name = "redis" + endpoint_id = %[1]q + endpoint_type = "target" + engine_name = "redis" redis_settings { auth_password = "password" auth_type = "auth-role" From 6e4d84d6453b0c69e6f02e7cf7b1d892b3291969 Mon Sep 17 00:00:00 2001 From: "roman.peresypkin" Date: Tue, 23 Aug 2022 13:34:44 +0300 Subject: [PATCH 05/12] forbid implict empty string values --- internal/service/dms/endpoint.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index 92827aa441e..fce09320fb0 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -1711,25 +1711,25 @@ func expandRedisSettings(tfMap map[string]interface{}) *dms.RedisSettings { apiObject := &dms.RedisSettings{} - if v, ok := tfMap["auth_password"].(string); ok { + if v, ok := tfMap["auth_password"].(string); ok && v != "" { apiObject.AuthPassword = aws.String(v) } - if v, ok := tfMap["auth_type"].(string); ok { + if v, ok := tfMap["auth_type"].(string); ok && v != "" { apiObject.AuthType = aws.String(v) } - if v, ok := tfMap["auth_user_name"].(string); ok { + if v, ok := tfMap["auth_user_name"].(string); ok && v != "" { apiObject.AuthUserName = aws.String(v) } if v, ok := tfMap["port"].(int); ok { apiObject.Port = aws.Int64(int64(v)) } - if v, ok := tfMap["server_name"].(string); ok { + if v, ok := tfMap["server_name"].(string); ok && v != "" { apiObject.ServerName = aws.String(v) } - if v, ok := tfMap["ssl_ca_certificate_arn"].(string); ok { + if v, ok := tfMap["ssl_ca_certificate_arn"].(string); ok && v != "" { apiObject.SslCaCertificateArn = aws.String(v) } - if v, ok := tfMap["ssl_security_protocol"].(string); ok { + if v, ok := tfMap["ssl_security_protocol"].(string); ok && v != "" { apiObject.SslSecurityProtocol = aws.String(v) } From e8a6d227cad7ffc31b7f0f27ce6ae8191001698d Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 26 Aug 2022 10:02:43 -0400 Subject: [PATCH 06/12] Add CHANGELOG entry. --- .changelog/26411.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/26411.txt diff --git a/.changelog/26411.txt b/.changelog/26411.txt new file mode 100644 index 00000000000..97898ac4966 --- /dev/null +++ b/.changelog/26411.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_dms_endpoint: Add `redis_settings` configuration block +``` \ No newline at end of file From 1fdc8654c674dc2d0b30c91bba3d3f96fd344dab Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 26 Aug 2022 10:06:07 -0400 Subject: [PATCH 07/12] Fix terrafmt errors. --- internal/service/dms/endpoint_test.go | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/internal/service/dms/endpoint_test.go b/internal/service/dms/endpoint_test.go index e82c54a6bb7..6271208135a 100644 --- a/internal/service/dms/endpoint_test.go +++ b/internal/service/dms/endpoint_test.go @@ -2996,9 +2996,10 @@ resource "aws_dms_endpoint" "test" { func testAccEndpointConfig_redis(rName string) string { return fmt.Sprintf(` resource "aws_dms_endpoint" "test" { - endpoint_id = %[1]q - endpoint_type = "target" - engine_name = "redis" + endpoint_id = %[1]q + endpoint_type = "target" + engine_name = "redis" + redis_settings { auth_password = "password" auth_type = "auth-role" @@ -3008,11 +3009,6 @@ resource "aws_dms_endpoint" "test" { ssl_ca_certificate_arn = "arn" ssl_security_protocol = "ssl-encryption" } - tags = { - Name = %[1]q - Update = "to-update" - Remove = "to-remove" - } } `, rName) } @@ -3020,9 +3016,10 @@ resource "aws_dms_endpoint" "test" { func testAccEndpointConfig_redisUpdate(rName string) string { return fmt.Sprintf(` resource "aws_dms_endpoint" "test" { - endpoint_id = %[1]q - endpoint_type = "target" - engine_name = "redis" + endpoint_id = %[1]q + endpoint_type = "target" + engine_name = "redis" + redis_settings { auth_password = "password" auth_type = "auth-role" @@ -3032,11 +3029,6 @@ resource "aws_dms_endpoint" "test" { ssl_ca_certificate_arn = "arn" ssl_security_protocol = "ssl-encryption" } - tags = { - Name = %[1]q - Update = "to-update" - Remove = "to-remove" - } } `, rName) } From 2c4ae190ae8e32d428c9e3482265ce4a49bd2e89 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 26 Aug 2022 10:27:01 -0400 Subject: [PATCH 08/12] r/aws_dms_endpoint: 'redis_settings.auth_password' is Sensitive. --- internal/service/dms/endpoint.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index fce09320fb0..e767609eb8f 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -341,8 +341,9 @@ func ResourceEndpoint() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "auth_password": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + Sensitive: true, }, "auth_type": { Type: schema.TypeString, From 02faf978349fb6ebec8e8be4fe2bb88dc84bec2e Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 26 Aug 2022 10:29:41 -0400 Subject: [PATCH 09/12] r/aws_dms_endpoint: 'redis_settings.ssl_security_protocol' is Optional. --- internal/service/dms/endpoint.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index e767609eb8f..cdd06dd30b3 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -369,7 +369,7 @@ func ResourceEndpoint() *schema.Resource { }, "ssl_security_protocol": { Type: schema.TypeString, - Required: true, + Optional: true, ValidateFunc: validation.StringInSlice(dms.SslSecurityProtocolValue_Values(), false), }, }, From 7f81c812c6c2ed44f1fb1a646075d802ca9f3d70 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 26 Aug 2022 11:09:26 -0400 Subject: [PATCH 10/12] r/aws_dms_endpoint: Redis Auth password isn't returned in API. Propagate state value.. --- internal/service/dms/endpoint.go | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index cdd06dd30b3..55ec11d92d2 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -370,6 +370,7 @@ func ResourceEndpoint() *schema.Resource { "ssl_security_protocol": { Type: schema.TypeString, Optional: true, + Default: dms.SslSecurityProtocolValueSslEncryption, ValidateFunc: validation.StringInSlice(dms.SslSecurityProtocolValue_Values(), false), }, }, @@ -1371,8 +1372,12 @@ func resourceEndpointSetState(d *schema.ResourceData, endpoint *dms.Endpoint) er flattenTopLevelConnectionInfo(d, endpoint) } case engineNameRedis: - if err := d.Set("redis_settings", flattenRedisSettings(endpoint.RedisSettings)); err != nil { - return fmt.Errorf("Error setting redis_settings for DMS: %s", err) + // Auth password isn't returned in API. Propagate state value. + tfMap := flattenRedisSettings(endpoint.RedisSettings) + tfMap["auth_password"] = d.Get("redis_settings.0.auth_password").(string) + + if err := d.Set("redis_settings", []interface{}{tfMap}); err != nil { + return fmt.Errorf("setting redis_settings: %w", err) } case engineNameRedshift: if endpoint.RedshiftSettings != nil { @@ -1737,9 +1742,9 @@ func expandRedisSettings(tfMap map[string]interface{}) *dms.RedisSettings { return apiObject } -func flattenRedisSettings(apiObject *dms.RedisSettings) []map[string]interface{} { +func flattenRedisSettings(apiObject *dms.RedisSettings) map[string]interface{} { if apiObject == nil { - return []map[string]interface{}{} + return nil } tfMap := map[string]interface{}{} @@ -1766,7 +1771,7 @@ func flattenRedisSettings(apiObject *dms.RedisSettings) []map[string]interface{} tfMap["ssl_security_protocol"] = aws.StringValue(v) } - return []map[string]interface{}{tfMap} + return tfMap } func flattenRedshiftSettings(settings *dms.RedshiftSettings) []map[string]interface{} { From 833c56711d5042ed5418a468f6084b210e14603d Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 26 Aug 2022 11:09:56 -0400 Subject: [PATCH 11/12] r/aws_dms_endpoint: Simplify acceptance tests. --- internal/service/dms/endpoint_test.go | 78 ++++++++------------------- 1 file changed, 23 insertions(+), 55 deletions(-) diff --git a/internal/service/dms/endpoint_test.go b/internal/service/dms/endpoint_test.go index 6271208135a..73c922d1c3a 100644 --- a/internal/service/dms/endpoint_test.go +++ b/internal/service/dms/endpoint_test.go @@ -1310,7 +1310,7 @@ func TestAccDMSEndpoint_db2(t *testing.T) { }) } -func TestAccDMSEndpoint_Redis_basic(t *testing.T) { +func TestAccDMSEndpoint_redis(t *testing.T) { resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -1326,61 +1326,34 @@ func TestAccDMSEndpoint_Redis_basic(t *testing.T) { testAccCheckEndpointExists(resourceName), resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), resource.TestCheckResourceAttr(resourceName, "redis_settings.#", "1"), - resource.TestCheckResourceAttr(resourceName, "redis_settings.0.auth_type", "auth-role"), - resource.TestCheckResourceAttr(resourceName, "redis_settings.0.auth_user_name", "user"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.auth_password", ""), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.auth_type", "none"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.auth_user_name", ""), resource.TestCheckResourceAttr(resourceName, "redis_settings.0.port", "6379"), - resource.TestCheckResourceAttr(resourceName, "redis_settings.0.server_name", "redis_dns"), - resource.TestCheckResourceAttr(resourceName, "redis_settings.0.ssl_ca_certificate_arn", "arn"), - resource.TestCheckResourceAttr(resourceName, "redis_settings.0.ssl_security_protocol", "ssl-encryption"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.server_name", "redis1.test"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.ssl_ca_certificate_arn", ""), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.ssl_security_protocol", "plaintext"), ), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"redis_settings.0.auth_password"}, - }, - }, - }) -} - -func TestAccDMSEndpoint_Redis_update(t *testing.T) { - resourceName := "aws_dms_endpoint.test" - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) - - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acctest.PreCheck(t) }, - ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), - ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, - CheckDestroy: testAccCheckEndpointDestroy, - Steps: []resource.TestStep{ - { - Config: testAccEndpointConfig_redisUpdate(rName), - Check: resource.ComposeTestCheckFunc( - testAccCheckEndpointExists(resourceName), - resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), - resource.TestCheckResourceAttr(resourceName, "redis_settings.#", "1"), - ), + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, }, { Config: testAccEndpointConfig_redisUpdate(rName), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckEndpointExists(resourceName), resource.TestCheckResourceAttr(resourceName, "redis_settings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.auth_password", "avoid-plaintext-passwords"), resource.TestCheckResourceAttr(resourceName, "redis_settings.0.auth_type", "auth-role"), - resource.TestCheckResourceAttr(resourceName, "redis_settings.0.auth_user_name", "user"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.auth_user_name", "tfacctest"), resource.TestCheckResourceAttr(resourceName, "redis_settings.0.port", "6379"), - resource.TestCheckResourceAttr(resourceName, "redis_settings.0.server_name", "redis_dns"), - resource.TestCheckResourceAttr(resourceName, "redis_settings.0.ssl_ca_certificate_arn", "arn"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.server_name", "redis2.test"), + resource.TestCheckResourceAttr(resourceName, "redis_settings.0.ssl_ca_certificate_arn", ""), resource.TestCheckResourceAttr(resourceName, "redis_settings.0.ssl_security_protocol", "ssl-encryption"), ), }, - { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"redis_settings.0.auth_password"}, - }, }, }) } @@ -3001,13 +2974,10 @@ resource "aws_dms_endpoint" "test" { engine_name = "redis" redis_settings { - auth_password = "password" - auth_type = "auth-role" - auth_user_name = "user" - port = 6379 - server_name = "redis_dns" - ssl_ca_certificate_arn = "arn" - ssl_security_protocol = "ssl-encryption" + auth_type = "none" + port = 6379 + server_name = "redis1.test" + ssl_security_protocol = "plaintext" } } `, rName) @@ -3021,13 +2991,11 @@ resource "aws_dms_endpoint" "test" { engine_name = "redis" redis_settings { - auth_password = "password" - auth_type = "auth-role" - auth_user_name = "user" - port = 6379 - server_name = "redis_dns" - ssl_ca_certificate_arn = "arn" - ssl_security_protocol = "ssl-encryption" + auth_password = "avoid-plaintext-passwords" + auth_type = "auth-role" + auth_user_name = "tfacctest" + port = 6379 + server_name = "redis2.test" } } `, rName) From dfb0c43d985aa6bfaa0bf34121aa0db481eff43d Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 26 Aug 2022 11:20:20 -0400 Subject: [PATCH 12/12] Tweak documentation: 'redis_settings.ssl_security_protocol' is Optional. --- website/docs/r/dms_endpoint.html.markdown | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/website/docs/r/dms_endpoint.html.markdown b/website/docs/r/dms_endpoint.html.markdown index ca822a8f22a..b335c0e3b1b 100644 --- a/website/docs/r/dms_endpoint.html.markdown +++ b/website/docs/r/dms_endpoint.html.markdown @@ -132,10 +132,10 @@ The following arguments are optional: * `auth_password` - (Optional) The password provided with the auth-role and auth-token options of the AuthType setting for a Redis target endpoint. * `auth_type` - (Required) The type of authentication to perform when connecting to a Redis target. Options include `none`, `auth-token`, and `auth-role`. The `auth-token` option requires an `auth_password` value to be provided. The `auth-role` option requires `auth_user_name` and `auth_password` values to be provided. * `auth_user_name` - (Optional) The username provided with the `auth-role` option of the AuthType setting for a Redis target endpoint. -* `server_name` - Fully qualified domain name of the endpoint. -* `port` - Transmission Control Protocol (TCP) port for the endpoint. +* `server_name` - (Required) Fully qualified domain name of the endpoint. +* `port` - (Required) Transmission Control Protocol (TCP) port for the endpoint. * `ssl_ca_certificate_arn` - (Optional) The Amazon Resource Name (ARN) for the certificate authority (CA) that DMS uses to connect to your Redis target endpoint. -* `ssl_security_protocol`- (Required) The plaintext option doesn't provide Transport Layer Security (TLS) encryption for traffic between endpoint and database. Options include `plaintext`, `ssl-encryption`. For `ssl-encryption` please reffer to docs +* `ssl_security_protocol`- (Optional) The plaintext option doesn't provide Transport Layer Security (TLS) encryption for traffic between endpoint and database. Options include `plaintext`, `ssl-encryption`. The default is `ssl-encryption`. ### redshift_settings