diff --git a/aws/resource_aws_neptune_cluster.go b/aws/resource_aws_neptune_cluster.go index facbd2cd59f..dc8ba02c549 100644 --- a/aws/resource_aws_neptune_cluster.go +++ b/aws/resource_aws_neptune_cluster.go @@ -15,6 +15,14 @@ import ( "github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags" ) +const ( + + // A constant for the supported CloudwatchLogsExports types + // is not currently available in the AWS sdk-for-go + // https://docs.aws.amazon.com/sdk-for-go/api/service/neptune/#pkg-constants + CloudwatchLogsExportsAudit = "audit" +) + func resourceAwsNeptuneCluster() *schema.Resource { return &schema.Resource{ Create: resourceAwsNeptuneClusterCreate, @@ -95,6 +103,18 @@ func resourceAwsNeptuneCluster() *schema.Resource { Computed: true, }, + "enable_cloudwatch_logs_exports": { + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringInSlice([]string{ + CloudwatchLogsExportsAudit, + }, false), + }, + Set: schema.HashString, + }, + "engine": { Type: schema.TypeString, Optional: true, @@ -284,6 +304,11 @@ func resourceAwsNeptuneClusterCreate(d *schema.ResourceData, meta interface{}) e } } + if attr := d.Get("enable_cloudwatch_logs_exports").(*schema.Set); attr.Len() > 0 { + createDbClusterInput.EnableCloudwatchLogsExports = expandStringList(attr.List()) + restoreDBClusterFromSnapshotInput.EnableCloudwatchLogsExports = expandStringList(attr.List()) + } + if attr, ok := d.GetOk("engine_version"); ok { createDbClusterInput.EngineVersion = aws.String(attr.(string)) restoreDBClusterFromSnapshotInput.EngineVersion = aws.String(attr.(string)) @@ -442,6 +467,11 @@ func flattenAwsNeptuneClusterResource(d *schema.ResourceData, meta interface{}, d.Set("backup_retention_period", dbc.BackupRetentionPeriod) d.Set("cluster_identifier", dbc.DBClusterIdentifier) d.Set("cluster_resource_id", dbc.DbClusterResourceId) + + if err := d.Set("enable_cloudwatch_logs_exports", aws.StringValueSlice(dbc.EnabledCloudwatchLogsExports)); err != nil { + return fmt.Errorf("Error saving EnableCloudwatchLogsExports to state for Neptune Cluster (%s): %s", d.Id(), err) + } + d.Set("endpoint", dbc.Endpoint) d.Set("engine_version", dbc.EngineVersion) d.Set("engine", dbc.Engine) @@ -516,6 +546,27 @@ func resourceAwsNeptuneClusterUpdate(d *schema.ResourceData, meta interface{}) e requestUpdate = true } + if d.HasChange("enable_cloudwatch_logs_exports") { + logs := &neptune.CloudwatchLogsExportConfiguration{} + + old, new := d.GetChange("enable_cloudwatch_logs_exports") + + disableLogTypes := old.(*schema.Set).Difference(new.(*schema.Set)) + + if disableLogTypes.Len() > 0 { + logs.SetDisableLogTypes(expandStringList(disableLogTypes.List())) + } + + enableLogTypes := new.(*schema.Set).Difference(old.(*schema.Set)) + + if enableLogTypes.Len() > 0 { + logs.SetEnableLogTypes(expandStringList(enableLogTypes.List())) + } + + req.CloudwatchLogsExportConfiguration = logs + requestUpdate = true + } + if d.HasChange("preferred_backup_window") { req.PreferredBackupWindow = aws.String(d.Get("preferred_backup_window").(string)) requestUpdate = true diff --git a/aws/resource_aws_neptune_cluster_test.go b/aws/resource_aws_neptune_cluster_test.go index 09ebe9501f4..bf939af4de9 100644 --- a/aws/resource_aws_neptune_cluster_test.go +++ b/aws/resource_aws_neptune_cluster_test.go @@ -343,6 +343,54 @@ func TestAccAWSNeptuneCluster_iamAuth(t *testing.T) { }) } +func TestAccAWSNeptuneCluster_updateCloudwatchLogsExports(t *testing.T) { + var dbCluster neptune.DBCluster + rInt := acctest.RandInt() + resourceName := "aws_neptune_cluster.default" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSNeptuneClusterDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSNeptuneClusterConfig(rInt), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSNeptuneClusterExists(resourceName, &dbCluster), + resource.TestCheckNoResourceAttr( + resourceName, "enable_cloudwatch_logs_exports.#"), + ), + }, + { + Config: testAccAWSNeptuneClusterConfig_cloudwatchLogsExports(rInt), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSNeptuneClusterExists("aws_neptune_cluster.default", &dbCluster), + resource.TestCheckResourceAttr(resourceName, "enable_cloudwatch_logs_exports.#", "1"), + resource.TestCheckResourceAttr(resourceName, "enable_cloudwatch_logs_exports.2451111801", "audit"), + ), + }, + { + Config: testAccAWSNeptuneClusterConfig(rInt), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSNeptuneClusterExists("aws_neptune_cluster.default", &dbCluster), + resource.TestCheckResourceAttr(resourceName, "enable_cloudwatch_logs_exports.#", "0"), + ), + }, + { + ResourceName: "aws_neptune_cluster.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{ + "apply_immediately", + "cluster_identifier_prefix", + "final_snapshot_identifier", + "skip_final_snapshot", + }, + }, + }, + }) +} + func testAccCheckAWSNeptuneClusterDestroy(s *terraform.State) error { return testAccCheckAWSNeptuneClusterDestroyWithProvider(s, testAccProvider) } @@ -844,3 +892,14 @@ resource "aws_neptune_cluster" "default" { } `, n) } + +func testAccAWSNeptuneClusterConfig_cloudwatchLogsExports(n int) string { + return fmt.Sprintf(` +resource "aws_neptune_cluster" "default" { + cluster_identifier = "tf-neptune-cluster-%d" + availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"] + skip_final_snapshot = true + enable_cloudwatch_logs_exports = ["audit"] +} +`, n) +} diff --git a/website/docs/r/neptune_cluster.html.markdown b/website/docs/r/neptune_cluster.html.markdown index 428cd7583fa..d7c3d47052b 100644 --- a/website/docs/r/neptune_cluster.html.markdown +++ b/website/docs/r/neptune_cluster.html.markdown @@ -44,6 +44,7 @@ The following arguments are supported: * `backup_retention_period` - (Optional) The days to retain backups for. Default `1` * `cluster_identifier` - (Optional, Forces new resources) The cluster identifier. If omitted, Terraform will assign a random, unique identifier. * `cluster_identifier_prefix` - (Optional, Forces new resource) Creates a unique cluster identifier beginning with the specified prefix. Conflicts with `cluster_identifier`. +* `enable_cloudwatch_logs_exports` - (Optional) A list of the log types this DB cluster is configured to export to Cloudwatch Logs. Currently only supports `audit`. * `engine` - (Optional) The name of the database engine to be used for this Neptune cluster. Defaults to `neptune`. * `engine_version` - (Optional) The database engine version. * `final_snapshot_identifier` - (Optional) The name of your final Neptune snapshot when this Neptune cluster is deleted. If omitted, no final snapshot will be made.