Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

r/aws_elasticache_replication_group: Add support for transit_encryption_mode and enabling transit encryption on existing groups #30403

Merged
merged 9 commits into from
Apr 19, 2024
Merged

r/aws_elasticache_replication_group: Add support for transit_encryption_mode and enabling transit encryption on existing groups #30403

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
4fd5252
Do not wait for status to become available if it is already available…
stefansundin Apr 3, 2023
374c881
Allow enabling of transit encryption for Redis >= 7.0.5 without recre…
stefansundin Apr 3, 2023
cf853ec
Merge branch 'main' into replication-group-transit-encryption-updates
jar-b Apr 18, 2024
bca48dc
r/aws_elasticache_replication_group: prefer aws enum function in vali…
jar-b Apr 18, 2024
e4e751b
r/aws_elasticache_replication_group: transit_encryption_mode is optio…
jar-b Apr 18, 2024
7c4b5a5
r/aws_elasticache_replication_group: make replication group wait dela…
jar-b Apr 18, 2024
2aa2359
r/aws_elasticache_replication_group(doc): adjust transit encryption r…
jar-b Apr 18, 2024
0491615
r/aws_elasticache_replication_group(test): additional transit encrypt…
jar-b Apr 18, 2024
7d1b06c
chore: changelog
jar-b Apr 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions .changelog/30403.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
```release-note:bug
resource/aws_elasticache_replication_group: Fix excessive delay on read
```
```release-note:enhancement
resource/aws_elasticache_replication_group: Add `transit_encryption_mode` argument
```
```release-note:enhancement
resource/aws_elasticache_replication_group: Changes to the `transit_encryption_enabled` argument can now be done in-place for engine versions > `7.0.5`
```
2 changes: 2 additions & 0 deletions internal/service/elasticache/exports_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,6 @@ var (
ResourceSubnetGroup = resourceSubnetGroup

FindCacheSubnetGroupByName = findCacheSubnetGroupByName

ReplicationGroupAvailableModifyDelay = replicationGroupAvailableModifyDelay
)
46 changes: 36 additions & 10 deletions internal/service/elasticache/replication_group.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ func ResourceReplicationGroup() *schema.Resource {
"node_type",
"security_group_names",
"transit_encryption_enabled",
"transit_encryption_mode",
"at_rest_encryption_enabled",
"snapshot_arns",
"snapshot_name",
Expand Down Expand Up @@ -327,9 +328,14 @@ func ResourceReplicationGroup() *schema.Resource {
"transit_encryption_enabled": {
Type: schema.TypeBool,
Optional: true,
ForceNew: true,
Computed: true,
},
"transit_encryption_mode": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ValidateFunc: validation.StringInSlice(elasticache.TransitEncryptionMode_Values(), false),
},
"user_group_ids": {
Type: schema.TypeSet,
Optional: true,
Expand Down Expand Up @@ -382,6 +388,11 @@ func ResourceReplicationGroup() *schema.Resource {
diff.HasChange("num_node_groups") ||
diff.HasChange("replicas_per_node_group")
}),
customdiff.ForceNewIf("transit_encryption_enabled", func(_ context.Context, d *schema.ResourceDiff, meta interface{}) bool {
// For Redis engine versions < 7.0.5, transit_encryption_enabled can only
// be configured during creation of the cluster.
return verify.SemVerLessThan(d.Get("engine_version_actual").(string), "7.0.5")
}),
verify.SetTagsDiff,
),
}
Expand Down Expand Up @@ -505,6 +516,10 @@ func resourceReplicationGroupCreate(ctx context.Context, d *schema.ResourceData,
input.TransitEncryptionEnabled = aws.Bool(d.Get("transit_encryption_enabled").(bool))
}

if v, ok := d.GetOk("transit_encryption_mode"); ok {
input.TransitEncryptionMode = aws.String(v.(string))
}

if _, ok := d.GetOk("at_rest_encryption_enabled"); ok {
input.AtRestEncryptionEnabled = aws.Bool(d.Get("at_rest_encryption_enabled").(bool))
}
Expand Down Expand Up @@ -544,7 +559,7 @@ func resourceReplicationGroupCreate(ctx context.Context, d *schema.ResourceData,

d.SetId(aws.StringValue(output.ReplicationGroup.ReplicationGroupId))

if _, err := WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutCreate)); err != nil {
if _, err := WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutCreate), replicationGroupAvailableCreateDelay); err != nil {
return sdkdiag.AppendErrorf(diags, "waiting for ElastiCache Replication Group (%s) create: %s", d.Id(), err)
}

Expand Down Expand Up @@ -665,7 +680,7 @@ func resourceReplicationGroupRead(ctx context.Context, d *schema.ResourceData, m
// Tags cannot be read when the replication group is not Available
log.Printf("[DEBUG] Waiting for ElastiCache Replication Group (%s) to become available", d.Id())

_, err = WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate))
_, err = WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate), replicationGroupAvailableReadDelay)
if err != nil {
return sdkdiag.AppendErrorf(diags, "waiting for ElastiCache Replication Group to be available (%s): %s", aws.StringValue(rgp.ARN), err)
}
Expand Down Expand Up @@ -696,6 +711,7 @@ func resourceReplicationGroupRead(ctx context.Context, d *schema.ResourceData, m

d.Set("at_rest_encryption_enabled", c.AtRestEncryptionEnabled)
d.Set("transit_encryption_enabled", c.TransitEncryptionEnabled)
d.Set("transit_encryption_mode", c.TransitEncryptionMode)

if c.AuthTokenEnabled != nil && !aws.BoolValue(c.AuthTokenEnabled) {
d.Set("auth_token", nil)
Expand Down Expand Up @@ -861,9 +877,19 @@ func resourceReplicationGroupUpdate(ctx context.Context, d *schema.ResourceData,
}
}

if d.HasChange("transit_encryption_enabled") {
input.TransitEncryptionEnabled = aws.Bool(d.Get("transit_encryption_enabled").(bool))
requestUpdate = true
}

if d.HasChange("transit_encryption_mode") {
input.TransitEncryptionMode = aws.String(d.Get("transit_encryption_mode").(string))
requestUpdate = true
}

if requestUpdate {
// tagging may cause this resource to not yet be available, so wait for it to be available
_, err := WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate))
_, err := WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate), replicationGroupAvailableReadDelay)
if err != nil {
return sdkdiag.AppendErrorf(diags, "waiting for ElastiCache Replication Group (%s) to update: %s", d.Id(), err)
}
Expand All @@ -873,7 +899,7 @@ func resourceReplicationGroupUpdate(ctx context.Context, d *schema.ResourceData,
return sdkdiag.AppendErrorf(diags, "updating ElastiCache Replication Group (%s): %s", d.Id(), err)
}

_, err = WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate))
_, err = WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate), replicationGroupAvailableModifyDelay)
if err != nil {
return sdkdiag.AppendErrorf(diags, "waiting for ElastiCache Replication Group (%s) to update: %s", d.Id(), err)
}
Expand All @@ -888,7 +914,7 @@ func resourceReplicationGroupUpdate(ctx context.Context, d *schema.ResourceData,
}

// tagging may cause this resource to not yet be available, so wait for it to be available
_, err := WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate))
_, err := WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate), replicationGroupAvailableReadDelay)
if err != nil {
return sdkdiag.AppendErrorf(diags, "waiting for ElastiCache Replication Group (%s) to update: %s", d.Id(), err)
}
Expand All @@ -898,7 +924,7 @@ func resourceReplicationGroupUpdate(ctx context.Context, d *schema.ResourceData,
return sdkdiag.AppendErrorf(diags, "changing auth_token for ElastiCache Replication Group (%s): %s", d.Id(), err)
}

_, err = WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate))
_, err = WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate), replicationGroupAvailableModifyDelay)
if err != nil {
return sdkdiag.AppendErrorf(diags, "waiting for ElastiCache Replication Group (%s) auth_token change: %s", d.Id(), err)
}
Expand Down Expand Up @@ -1071,7 +1097,7 @@ func modifyReplicationGroupShardConfigurationNumNodeGroups(ctx context.Context,
return fmt.Errorf("modifying ElastiCache Replication Group shard configuration: %w", err)
}

_, err = WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate))
_, err = WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate), replicationGroupAvailableModifyDelay)
if err != nil {
return fmt.Errorf("waiting for ElastiCache Replication Group (%s) shard reconfiguration completion: %w", d.Id(), err)
}
Expand All @@ -1094,7 +1120,7 @@ func modifyReplicationGroupShardConfigurationReplicasPerNodeGroup(ctx context.Co
if err != nil {
return fmt.Errorf("adding ElastiCache Replication Group (%s) replicas: %w", d.Id(), err)
}
_, err = WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate))
_, err = WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate), replicationGroupAvailableModifyDelay)
if err != nil {
return fmt.Errorf("waiting for ElastiCache Replication Group (%s) replica addition: %w", d.Id(), err)
}
Expand All @@ -1108,7 +1134,7 @@ func modifyReplicationGroupShardConfigurationReplicasPerNodeGroup(ctx context.Co
if err != nil {
return fmt.Errorf("removing ElastiCache Replication Group (%s) replicas: %w", d.Id(), err)
}
_, err = WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate))
_, err = WaitReplicationGroupAvailable(ctx, conn, d.Id(), d.Timeout(schema.TimeoutUpdate), replicationGroupAvailableModifyDelay)
if err != nil {
return fmt.Errorf("waiting for ElastiCache Replication Group (%s) replica removal: %w", d.Id(), err)
}
Expand Down
Loading
Loading