diff --git a/.changelog/34020.txt b/.changelog/34020.txt new file mode 100644 index 000000000000..0b46df1f9d2d --- /dev/null +++ b/.changelog/34020.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_ecs_task_definition: Add `0` as a valid value for `volume.efs_volume_configuration.transit_encryption_port`, preventing unexpected drift +``` diff --git a/internal/service/ecs/task_definition.go b/internal/service/ecs/task_definition.go index ec2fc3f8af8a..19a780d5fa54 100644 --- a/internal/service/ecs/task_definition.go +++ b/internal/service/ecs/task_definition.go @@ -371,7 +371,8 @@ func ResourceTaskDefinition() *schema.Resource { Type: schema.TypeInt, ForceNew: true, Optional: true, - ValidateFunc: validation.IsPortNumber, + ValidateFunc: validation.IsPortNumberOrZero, + Default: 0, }, }, }, diff --git a/internal/service/ecs/task_definition_test.go b/internal/service/ecs/task_definition_test.go index 74085c9d7526..2d919ce3856c 100644 --- a/internal/service/ecs/task_definition_test.go +++ b/internal/service/ecs/task_definition_test.go @@ -69,7 +69,6 @@ func Test_StripRevision(t *testing.T) { func TestAccECSTaskDefinition_basic(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -110,7 +109,6 @@ func TestAccECSTaskDefinition_basic(t *testing.T) { func TestAccECSTaskDefinition_scratchVolume(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -140,7 +138,6 @@ func TestAccECSTaskDefinition_scratchVolume(t *testing.T) { func TestAccECSTaskDefinition_DockerVolume_basic(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -184,7 +181,6 @@ func TestAccECSTaskDefinition_DockerVolume_basic(t *testing.T) { func TestAccECSTaskDefinition_DockerVolume_minimal(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -220,7 +216,6 @@ func TestAccECSTaskDefinition_DockerVolume_minimal(t *testing.T) { func TestAccECSTaskDefinition_runtimePlatform(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -255,7 +250,6 @@ func TestAccECSTaskDefinition_runtimePlatform(t *testing.T) { func TestAccECSTaskDefinition_Fargate_runtimePlatform(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -290,7 +284,6 @@ func TestAccECSTaskDefinition_Fargate_runtimePlatform(t *testing.T) { func TestAccECSTaskDefinition_Fargate_runtimePlatformWithoutArch(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -324,7 +317,6 @@ func TestAccECSTaskDefinition_Fargate_runtimePlatformWithoutArch(t *testing.T) { func TestAccECSTaskDefinition_EFSVolume_minimal(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -360,7 +352,6 @@ func TestAccECSTaskDefinition_EFSVolume_minimal(t *testing.T) { func TestAccECSTaskDefinition_EFSVolume_basic(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -394,12 +385,50 @@ func TestAccECSTaskDefinition_EFSVolume_basic(t *testing.T) { }) } -func TestAccECSTaskDefinition_EFSVolume_transitEncryption(t *testing.T) { +func TestAccECSTaskDefinition_EFSVolume_transitEncryptionMinimal(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_ecs_task_definition.test" + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, ecs.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckTaskDefinitionDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccTaskDefinitionConfig_transitEncryptionEFSVolumeMinimal(rName, "null"), + Check: resource.ComposeTestCheckFunc( + testAccCheckTaskDefinitionExists(ctx, resourceName, &def), + resource.TestCheckResourceAttr(resourceName, "volume.#", "1"), + resource.TestCheckTypeSetElemNestedAttrs(resourceName, "volume.*", map[string]string{ + "name": rName, + "efs_volume_configuration.#": "1", + "efs_volume_configuration.0.root_directory": "/", + "efs_volume_configuration.0.transit_encryption": "ENABLED", + // "efs_volume_configuration.0.transit_encryption_port": "0", + }), + resource.TestCheckTypeSetElemAttrPair(resourceName, "volume.*.efs_volume_configuration.0.file_system_id", "aws_efs_file_system.test", "id"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateIdFunc: testAccTaskDefinitionImportStateIdFunc(resourceName), + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"skip_destroy"}, + }, + }, + }) +} + +func TestAccECSTaskDefinition_EFSVolume_transitEncryption(t *testing.T) { + ctx := acctest.Context(t) + var def ecs.TaskDefinition rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" + resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, ecs.EndpointsID), @@ -435,9 +464,9 @@ func TestAccECSTaskDefinition_EFSVolume_transitEncryption(t *testing.T) { func TestAccECSTaskDefinition_EFSVolume_transitEncryptionDisabled(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" + resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(ctx, t) }, ErrorCheck: acctest.ErrorCheck(t, ecs.EndpointsID), @@ -472,7 +501,6 @@ func TestAccECSTaskDefinition_EFSVolume_transitEncryptionDisabled(t *testing.T) func TestAccECSTaskDefinition_EFSVolume_accessPoint(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -514,10 +542,8 @@ func TestAccECSTaskDefinition_EFSVolume_accessPoint(t *testing.T) { func TestAccECSTaskDefinition_fsxWinFileSystem(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" - domainName := acctest.RandomDomainName() if testing.Short() { @@ -564,7 +590,6 @@ func TestAccECSTaskDefinition_fsxWinFileSystem(t *testing.T) { func TestAccECSTaskDefinition_DockerVolume_taskScoped(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -597,10 +622,9 @@ func TestAccECSTaskDefinition_DockerVolume_taskScoped(t *testing.T) { func TestAccECSTaskDefinition_service(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - var service ecs.Service - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" + var service ecs.Service resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(ctx, t) }, @@ -636,7 +660,6 @@ func TestAccECSTaskDefinition_service(t *testing.T) { func TestAccECSTaskDefinition_taskRoleARN(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -666,7 +689,6 @@ func TestAccECSTaskDefinition_taskRoleARN(t *testing.T) { func TestAccECSTaskDefinition_networkMode(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -697,7 +719,6 @@ func TestAccECSTaskDefinition_networkMode(t *testing.T) { func TestAccECSTaskDefinition_ipcMode(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -728,7 +749,6 @@ func TestAccECSTaskDefinition_ipcMode(t *testing.T) { func TestAccECSTaskDefinition_pidMode(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -759,7 +779,6 @@ func TestAccECSTaskDefinition_pidMode(t *testing.T) { func TestAccECSTaskDefinition_constraint(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -790,9 +809,7 @@ func TestAccECSTaskDefinition_constraint(t *testing.T) { func TestAccECSTaskDefinition_changeVolumesForcesNewResource(t *testing.T) { ctx := acctest.Context(t) - var before ecs.TaskDefinition - var after ecs.TaskDefinition - + var before, after ecs.TaskDefinition rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -829,10 +846,9 @@ func TestAccECSTaskDefinition_changeVolumesForcesNewResource(t *testing.T) { // Regression for https://github.com/hashicorp/terraform-provider-aws/issues/2336 func TestAccECSTaskDefinition_arrays(t *testing.T) { ctx := acctest.Context(t) - var conf ecs.TaskDefinition - resourceName := "aws_ecs_task_definition.test" - + var def ecs.TaskDefinition rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_ecs_task_definition.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(ctx, t) }, @@ -843,7 +859,7 @@ func TestAccECSTaskDefinition_arrays(t *testing.T) { { Config: testAccTaskDefinitionConfig_arrays(rName), Check: resource.ComposeTestCheckFunc( - testAccCheckTaskDefinitionExists(ctx, resourceName, &conf), + testAccCheckTaskDefinitionExists(ctx, resourceName, &def), ), }, { @@ -859,8 +875,7 @@ func TestAccECSTaskDefinition_arrays(t *testing.T) { func TestAccECSTaskDefinition_Fargate_basic(t *testing.T) { ctx := acctest.Context(t) - var conf ecs.TaskDefinition - + var def ecs.TaskDefinition rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -873,7 +888,7 @@ func TestAccECSTaskDefinition_Fargate_basic(t *testing.T) { { Config: testAccTaskDefinitionConfig_fargate(rName, `[{"protocol": "tcp", "containerPort": 8000}]`), Check: resource.ComposeTestCheckFunc( - testAccCheckTaskDefinitionExists(ctx, resourceName, &conf), + testAccCheckTaskDefinitionExists(ctx, resourceName, &def), resource.TestCheckResourceAttr(resourceName, "requires_compatibilities.#", "1"), resource.TestCheckResourceAttr(resourceName, "cpu", "256"), resource.TestCheckResourceAttr(resourceName, "memory", "512"), @@ -897,8 +912,7 @@ func TestAccECSTaskDefinition_Fargate_basic(t *testing.T) { func TestAccECSTaskDefinition_Fargate_ephemeralStorage(t *testing.T) { ctx := acctest.Context(t) - var conf ecs.TaskDefinition - + var def ecs.TaskDefinition rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -911,7 +925,7 @@ func TestAccECSTaskDefinition_Fargate_ephemeralStorage(t *testing.T) { { Config: testAccTaskDefinitionConfig_fargateEphemeralStorage(rName, `[{"protocol": "tcp", "containerPort": 8000}]`), Check: resource.ComposeTestCheckFunc( - testAccCheckTaskDefinitionExists(ctx, resourceName, &conf), + testAccCheckTaskDefinitionExists(ctx, resourceName, &def), resource.TestCheckResourceAttr(resourceName, "requires_compatibilities.#", "1"), resource.TestCheckResourceAttr(resourceName, "cpu", "256"), resource.TestCheckResourceAttr(resourceName, "memory", "512"), @@ -932,8 +946,7 @@ func TestAccECSTaskDefinition_Fargate_ephemeralStorage(t *testing.T) { func TestAccECSTaskDefinition_executionRole(t *testing.T) { ctx := acctest.Context(t) - var conf ecs.TaskDefinition - + var def ecs.TaskDefinition rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -946,7 +959,7 @@ func TestAccECSTaskDefinition_executionRole(t *testing.T) { { Config: testAccTaskDefinitionConfig_executionRole(rName), Check: resource.ComposeTestCheckFunc( - testAccCheckTaskDefinitionExists(ctx, resourceName, &conf), + testAccCheckTaskDefinitionExists(ctx, resourceName, &def), ), }, { @@ -964,7 +977,6 @@ func TestAccECSTaskDefinition_executionRole(t *testing.T) { func TestAccECSTaskDefinition_disappears(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -992,7 +1004,7 @@ func TestAccECSTaskDefinition_disappears(t *testing.T) { func TestAccECSTaskDefinition_tags(t *testing.T) { ctx := acctest.Context(t) - var taskDefinition ecs.TaskDefinition + var def ecs.TaskDefinition rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -1005,7 +1017,7 @@ func TestAccECSTaskDefinition_tags(t *testing.T) { { Config: testAccTaskDefinitionConfig_tags1(rName, "key1", "value1"), Check: resource.ComposeTestCheckFunc( - testAccCheckTaskDefinitionExists(ctx, resourceName, &taskDefinition), + testAccCheckTaskDefinitionExists(ctx, resourceName, &def), resource.TestCheckResourceAttr(resourceName, "tags.%", "1"), resource.TestCheckResourceAttr(resourceName, "tags.key1", "value1"), ), @@ -1020,7 +1032,7 @@ func TestAccECSTaskDefinition_tags(t *testing.T) { { Config: testAccTaskDefinitionConfig_tags2(rName, "key1", "value1updated", "key2", "value2"), Check: resource.ComposeTestCheckFunc( - testAccCheckTaskDefinitionExists(ctx, resourceName, &taskDefinition), + testAccCheckTaskDefinitionExists(ctx, resourceName, &def), resource.TestCheckResourceAttr(resourceName, "tags.%", "2"), resource.TestCheckResourceAttr(resourceName, "tags.key1", "value1updated"), resource.TestCheckResourceAttr(resourceName, "tags.key2", "value2"), @@ -1029,7 +1041,7 @@ func TestAccECSTaskDefinition_tags(t *testing.T) { { Config: testAccTaskDefinitionConfig_tags1(rName, "key2", "value2"), Check: resource.ComposeTestCheckFunc( - testAccCheckTaskDefinitionExists(ctx, resourceName, &taskDefinition), + testAccCheckTaskDefinitionExists(ctx, resourceName, &def), resource.TestCheckResourceAttr(resourceName, "tags.%", "1"), resource.TestCheckResourceAttr(resourceName, "tags.key2", "value2"), ), @@ -1040,10 +1052,9 @@ func TestAccECSTaskDefinition_tags(t *testing.T) { func TestAccECSTaskDefinition_proxy(t *testing.T) { ctx := acctest.Context(t) - var taskDefinition ecs.TaskDefinition + var def ecs.TaskDefinition rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" - containerName := "web" proxyType := "APPMESH" ignoredUid := "1337" @@ -1063,8 +1074,8 @@ func TestAccECSTaskDefinition_proxy(t *testing.T) { { Config: testAccTaskDefinitionConfig_proxyConfiguration(rName, containerName, proxyType, ignoredUid, ignoredGid, appPorts, proxyIngressPort, proxyEgressPort, egressIgnoredPorts, egressIgnoredIPs), Check: resource.ComposeTestCheckFunc( - testAccCheckTaskDefinitionExists(ctx, resourceName, &taskDefinition), - testAccCheckTaskDefinitionProxyConfiguration(&taskDefinition, containerName, proxyType, ignoredUid, ignoredGid, appPorts, proxyIngressPort, proxyEgressPort, egressIgnoredPorts, egressIgnoredIPs), + testAccCheckTaskDefinitionExists(ctx, resourceName, &def), + testAccCheckTaskDefinitionProxyConfiguration(&def, containerName, proxyType, ignoredUid, ignoredGid, appPorts, proxyIngressPort, proxyEgressPort, egressIgnoredPorts, egressIgnoredIPs), ), }, { @@ -1081,7 +1092,6 @@ func TestAccECSTaskDefinition_proxy(t *testing.T) { func TestAccECSTaskDefinition_inferenceAccelerator(t *testing.T) { ctx := acctest.Context(t) var def ecs.TaskDefinition - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ecs_task_definition.test" @@ -1927,7 +1937,9 @@ TASK_DEFINITION func testAccTaskDefinitionConfig_efsVolumeMinimal(rName string) string { return fmt.Sprintf(` resource "aws_efs_file_system" "test" { - creation_token = %[1]q + tags = { + Name = %[1]q + } } resource "aws_ecs_task_definition" "test" { @@ -1960,7 +1972,9 @@ TASK_DEFINITION func testAccTaskDefinitionConfig_efsVolume(rName, rDir string) string { return fmt.Sprintf(` resource "aws_efs_file_system" "test" { - creation_token = %[1]q + tags = { + Name = %[1]q + } } resource "aws_ecs_task_definition" "test" { @@ -1991,10 +2005,49 @@ TASK_DEFINITION `, rName, rDir) } +func testAccTaskDefinitionConfig_transitEncryptionEFSVolumeMinimal(rName, transitEncryptionPort string) string { + return fmt.Sprintf(` +resource "aws_efs_file_system" "test" { + tags = { + Name = %[1]q + } +} + +resource "aws_ecs_task_definition" "test" { + family = %[1]q + + container_definitions = <