Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add aws_opensearchserverless_security_policy resource #28470

Conversation

mattburgess
Copy link
Collaborator

@mattburgess mattburgess commented Dec 19, 2022

Description

Adds support for OpenSearch Serverless Security Policy resources.

Relations

Closes #28457
Relates #28313

References

Output from Acceptance Testing

$ make testacc TESTS=TestAccOpenSearchServerlessSecurityPolic
y_ PKG=opensearchserverless
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/opensearchserverless/... -v -count 1 -parallel 20 -run='TestAccOpenSearchServerlessSecurityPolicy_'  -timeout 180m
=== RUN   TestAccOpenSearchServerlessSecurityPolicy_basic
=== PAUSE TestAccOpenSearchServerlessSecurityPolicy_basic
=== RUN   TestAccOpenSearchServerlessSecurityPolicy_disappears
=== PAUSE TestAccOpenSearchServerlessSecurityPolicy_disappears
=== CONT  TestAccOpenSearchServerlessSecurityPolicy_basic
=== CONT  TestAccOpenSearchServerlessSecurityPolicy_disappears
--- PASS: TestAccOpenSearchServerlessSecurityPolicy_disappears (12.92s)
--- PASS: TestAccOpenSearchServerlessSecurityPolicy_basic (17.15s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/opensearchserverless	17.238s

@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added size/XL Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. provider Pertains to the provider itself, rather than any interaction with AWS. service/opensearchserverless Issues and PRs that pertain to the opensearchserverless service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. needs-triage Waiting for first response or review from a maintainer. labels Dec 19, 2022
@mattburgess
Copy link
Collaborator Author

mattburgess commented Dec 19, 2022

The tests intermittently fail like this:

=== CONT  TestAccOpenSearchServerlessSecurityPolicy_basic
    security_policy_test.go:27: Step 1/2 error: Error running apply: exit status 1
        
        Error: creating Amazon OpenSearch Serverless Security Policy (tf-acc-test-1423387959538794016): operation error OpenSearchServerless: CreateSecurityPolicy, https response error StatusCode: 400, RequestID: 9dd8be28-f54d-41eb-854f-dc46f6ee0e33, ConflictException: Failed during processing for policyName: tf-acc-test-1423387959538794016 and type: encryption. Please retry
        
          with aws_opensearchserverless_security_policy.test,
          on terraform_plugin_test.tf line 2, in resource "aws_opensearchserverless_security_policy" "test":
           2: resource "aws_opensearchserverless_security_policy" "test" {

Running with TF_LOG=DEBUG shows that both the client token and the name of the policies are unique, as expected, so I'm a bit stumped with this for now.

@johnsonaj johnsonaj added new-resource Introduces a new resource. and removed needs-triage Waiting for first response or review from a maintainer. labels Dec 21, 2022
@mattburgess mattburgess force-pushed the opensearchserverless-security-policy-resource branch from 80bd461 to 5805a59 Compare December 22, 2022 15:10
@jtbrush56
Copy link

Is there anything stopping this PR from being merged so that the work on #28462 can be completed? This serverless went to GA over a month ago and this code appears to have been done a few months ago.

@mattburgess mattburgess force-pushed the opensearchserverless-security-policy-resource branch from 5805a59 to c04a386 Compare March 18, 2023 15:39
@github-actions github-actions bot added generators Relates to code generators. and removed provider Pertains to the provider itself, rather than any interaction with AWS. labels Mar 18, 2023
@mattburgess
Copy link
Collaborator Author

Having converted this new resource over to use the new plugin framework, I'm seeing this test failure:

make testacc TESTS=TestAccOpenSearchServerlessSecurityPolicy_basic PKG=opensearchserverless
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/opensearchserverless/... -v -count 1 -parallel 20 -run='TestAccOpenSearchServerlessSecurityPolicy_basic'  -timeout 180m
=== RUN   TestAccOpenSearchServerlessSecurityPolicy_basic
=== PAUSE TestAccOpenSearchServerlessSecurityPolicy_basic
=== CONT  TestAccOpenSearchServerlessSecurityPolicy_basic
    security_policy_test.go:28: Step 1/2 error: Error running apply: exit status 1
        
        Error: Provider produced inconsistent result after apply
        
        When applying changes to aws_opensearchserverless_security_policy.test,
        provider "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an
        unexpected new value: .policy: was cty.StringVal("{\n \"Rules\": [\n  {\n
        \t\"Resource\": [\n  \t\t\"collection/tf-acc-test-840881701409025331\"\n
        \t],\n  \t\"ResourceType\": \"collection\"\n  }\n ],\n \"AWSOwnedKey\":
        true\n}\n"), but now
        cty.StringVal("{\"AWSOwnedKey\":true,\"Rules\":[{\"Resource\":[\"collection/tf-acc-test-840881701409025331\"],\"ResourceType\":\"collection\"}]}").
        
        This is a bug in the provider, which should be reported in the provider's own
        issue tracker.
--- FAIL: TestAccOpenSearchServerlessSecurityPolicy_basic (6.73s)
FAIL
FAIL	github.com/hashicorp/terraform-provider-aws/internal/service/opensearchserverless	6.817s
FAIL
make: *** [GNUmakefile:272: testacc] Error 1

If I understand that message correctly, the value of .policy is being correctly normalized when being persisted to state, but then it's being compared against the non-normalized plan output/config input. I'm not sure of the idiomatic way to suppress that diff in the new framework. Is it ModifyPlan?

@mattburgess
Copy link
Collaborator Author

OK, tests are passing again now and AWS appear to have sorted out that ConflictException issue I was seeing back in December; re-running the tests 10 times in a row hasn't shown any issues.

@AdamTylerLynch AdamTylerLynch self-requested a review April 4, 2023 20:23
@jtbrush56
Copy link

Just going to bump this again since this is a blocker for other PRs.

Copy link
Contributor

@johnsonaj johnsonaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

make testacc TESTS=TestAccOpenSearchServerlessSecurityPolicy_ PKG=opensearchserverless

==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/opensearchserverless/... -v -count 1 -parallel 20 -run='TestAccOpenSearchServerlessSecurityPolicy_'  -timeout 180m
--- PASS: TestAccOpenSearchServerlessSecurityPolicy_disappears (15.19s)
--- PASS: TestAccOpenSearchServerlessSecurityPolicy_basic (20.43s)
--- PASS: TestAccOpenSearchServerlessSecurityPolicy_update (29.50s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/opensearchserverless	32.715s

@johnsonaj
Copy link
Contributor

@mattburgess thanks for the contribution! 🎉

@johnsonaj johnsonaj merged commit f80101d into hashicorp:main Jun 12, 2023
@github-actions github-actions bot added this to the v5.3.0 milestone Jun 12, 2023
@github-actions
Copy link

This functionality has been released in v5.3.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 14, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Introduces or discusses updates to documentation. generators Relates to code generators. new-resource Introduces a new resource. service/opensearchserverless Issues and PRs that pertain to the opensearchserverless service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[New Resource]: OpenSearch Serverless Security Policy
3 participants