From 90c1c226a20bbdf6f7d72b23ebde6144a02e3510 Mon Sep 17 00:00:00 2001 From: trung Date: Wed, 20 Sep 2017 14:54:36 -0500 Subject: [PATCH 1/9] test case to cover gp2 with iops --- aws/resource_aws_instance_test.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/aws/resource_aws_instance_test.go b/aws/resource_aws_instance_test.go index 242f60a7f61..e0f4c01e1cc 100644 --- a/aws/resource_aws_instance_test.go +++ b/aws/resource_aws_instance_test.go @@ -189,6 +189,11 @@ func TestAccAWSInstance_GP2IopsDevice(t *testing.T) { testCheck(), ), }, + { + Config: testAccInstanceGP2IopsDeviceExplicit, + PlanOnly: true, + ExpectNonEmptyPlan: false, + }, }, }) } @@ -1513,6 +1518,25 @@ resource "aws_instance" "foo" { } ` +const testAccInstanceGP2IopsDeviceExplicit = ` +resource "aws_instance" "foo" { + # us-west-2 + ami = "ami-55a7ea65" + + # In order to attach an encrypted volume to an instance you need to have an + # m3.medium or larger. See "Supported Instance Types" in: + # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html + instance_type = "m3.medium" + + root_block_device { + volume_type = "gp2" + volume_size = 11 + # demo a test scenario + iops = 10 + } +} +` + const testAccInstanceConfigBlockDevices = ` resource "aws_instance" "foo" { # us-west-2 From 68ed0d73810d160952338e5f7163b195c5ebb6a4 Mon Sep 17 00:00:00 2001 From: trung Date: Wed, 20 Sep 2017 14:54:36 -0500 Subject: [PATCH 2/9] test case to cover gp2 with iops --- aws/resource_aws_instance_test.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/aws/resource_aws_instance_test.go b/aws/resource_aws_instance_test.go index 85d7cc2b4a5..792c0fd41f8 100644 --- a/aws/resource_aws_instance_test.go +++ b/aws/resource_aws_instance_test.go @@ -189,6 +189,11 @@ func TestAccAWSInstance_GP2IopsDevice(t *testing.T) { testCheck(), ), }, + { + Config: testAccInstanceGP2IopsDeviceExplicit, + PlanOnly: true, + ExpectNonEmptyPlan: false, + }, }, }) } @@ -1555,6 +1560,25 @@ resource "aws_instance" "foo" { } ` +const testAccInstanceGP2IopsDeviceExplicit = ` +resource "aws_instance" "foo" { + # us-west-2 + ami = "ami-55a7ea65" + + # In order to attach an encrypted volume to an instance you need to have an + # m3.medium or larger. See "Supported Instance Types" in: + # http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html + instance_type = "m3.medium" + + root_block_device { + volume_type = "gp2" + volume_size = 11 + # demo a test scenario + iops = 10 + } +} +` + const testAccInstanceConfigBlockDevices = ` resource "aws_instance" "foo" { # us-west-2 From 7ad8692edb5acec1acc09c6b438c24fc3e67557f Mon Sep 17 00:00:00 2001 From: trung Date: Tue, 24 Oct 2017 11:56:28 -0400 Subject: [PATCH 3/9] validate kms key input format --- aws/data_source_aws_kms_key.go | 25 ++++++++++++++++++ aws/validators.go | 16 ++++++++++++ aws/validators_test.go | 47 ++++++++++++++++++++++++++++++++++ 3 files changed, 88 insertions(+) create mode 100644 aws/data_source_aws_kms_key.go diff --git a/aws/data_source_aws_kms_key.go b/aws/data_source_aws_kms_key.go new file mode 100644 index 00000000000..fadffbee45c --- /dev/null +++ b/aws/data_source_aws_kms_key.go @@ -0,0 +1,25 @@ +package aws + +import "github.com/hashicorp/terraform/helper/schema" + +func dataSourceAwsKmsKey() *schema.Resource { + return &schema.Resource{ + Read: dataSourceAwsKmsKeyRead, + Schema: map[string]*schema.Schema{ + "key_id": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validateKmsKey, + }, + "grant_tokens": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + } +} + +func dataSourceAwsKmsKeyRead(d *schema.ResourceData, meta interface{}) error { + return nil +} diff --git a/aws/validators.go b/aws/validators.go index 44acd2cf1a6..5888fbfadb0 100644 --- a/aws/validators.go +++ b/aws/validators.go @@ -1651,3 +1651,19 @@ func validateCognitoRoles(v map[string]interface{}, k string) (errors []error) { return } + +func validateKmsKey(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + arnPrefixPattern := `arn:[\w-]+:([a-zA-Z0-9\-])+:([a-z]{2}-(gov-)?[a-z]+-\d{1})?:(\d{12})?:` + keyIdPattern := "[A-Za-z0-9-]+" + keyArnPattern := arnPrefixPattern + "key/" + keyIdPattern + aliasNamePattern := "alias/[a-zA-Z0-9:/_-]+" + aliasArnPattern := arnPrefixPattern + aliasNamePattern + if !regexp.MustCompile(fmt.Sprintf("^%s$", keyIdPattern)).MatchString(value) && + !regexp.MustCompile(fmt.Sprintf("^%s$", keyArnPattern)).MatchString(value) && + !regexp.MustCompile(fmt.Sprintf("^%s$", aliasNamePattern)).MatchString(value) && + !regexp.MustCompile(fmt.Sprintf("^%s$", aliasArnPattern)).MatchString(value) { + errors = append(errors, fmt.Errorf("%q must be one of the following patterns: %s, %s, %s or %s", k, keyIdPattern, keyArnPattern, aliasNamePattern, aliasArnPattern)) + } + return +} diff --git a/aws/validators_test.go b/aws/validators_test.go index 2e9dae246b9..148b5d190de 100644 --- a/aws/validators_test.go +++ b/aws/validators_test.go @@ -2603,3 +2603,50 @@ func TestValidateCognitoRoleMappingsType(t *testing.T) { } } } + +func TestValidateKmsKey(t *testing.T) { + cases := []struct { + Value string + ErrCount int + }{ + { + Value: "arbitrary-uuid-1234", + ErrCount: 0, + }, + { + Value: "arn:aws:kms:us-west-2:111122223333:key/arbitrary-uuid-1234", + ErrCount: 0, + }, + { + Value: "alias/arbitrary-key", + ErrCount: 0, + }, + { + Value: "alias/arbitrary/key", + ErrCount: 0, + }, + { + Value: "arn:aws:kms:us-west-2:111122223333:alias/arbitrary-key", + ErrCount: 0, + }, + { + Value: "arn:aws:kms:us-west-2:111122223333:alias/arbitrary/key", + ErrCount: 0, + }, + { + Value: "$%wrongkey", + ErrCount: 1, + }, + { + Value: "arn:aws:lamda:foo:bar:key/xyz", + ErrCount: 1, + }, + } + + for _, tc := range cases { + _, errors := validateKmsKey(tc.Value, "key_id") + if len(errors) != tc.ErrCount { + t.Fatalf("%q validation failed: %v", tc.Value, errors) + } + } +} \ No newline at end of file From c9efdad8c63f02c5a85eba1e0a8b994d05345082 Mon Sep 17 00:00:00 2001 From: trung Date: Tue, 24 Oct 2017 12:02:58 -0400 Subject: [PATCH 4/9] setup schema --- aws/data_source_aws_kms_key.go | 48 ++++++++++++++++++++++++++++++++++ aws/provider.go | 1 + 2 files changed, 49 insertions(+) diff --git a/aws/data_source_aws_kms_key.go b/aws/data_source_aws_kms_key.go index fadffbee45c..8cd07188663 100644 --- a/aws/data_source_aws_kms_key.go +++ b/aws/data_source_aws_kms_key.go @@ -16,6 +16,54 @@ func dataSourceAwsKmsKey() *schema.Resource { Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, + "arn": { + Type: schema.TypeString, + Computed: true, + }, + "aws_account_id": { + Type: schema.TypeString, + Computed: true, + }, + "creation_date": { + Type: schema.TypeFloat, + Computed: true, + }, + "deletion_date": { + Type: schema.TypeFloat, + Computed: true, + }, + "description": { + Type: schema.TypeString, + Computed: true, + }, + "enabled": { + Type: schema.TypeBool, + Computed: true, + }, + "expiration_model": { + Type: schema.TypeString, + Computed: true, + }, + "key_manager": { + Type: schema.TypeString, + Computed: true, + }, + "key_state": { + Type: schema.TypeString, + Computed: true, + }, + "key_usage": { + Type: schema.TypeString, + Computed: true, + }, + "origin": { + Type: schema.TypeString, + Computed: true, + }, + "valid_to": { + Type: schema.TypeFloat, + Computed: true, + }, }, } } diff --git a/aws/provider.go b/aws/provider.go index f4e3c4f9bc0..c47ab53d2cb 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -199,6 +199,7 @@ func Provider() terraform.ResourceProvider { "aws_kinesis_stream": dataSourceAwsKinesisStream(), "aws_kms_alias": dataSourceAwsKmsAlias(), "aws_kms_ciphertext": dataSourceAwsKmsCiphertext(), + "aws_kms_key": dataSourceAwsKmsKey(), "aws_kms_secret": dataSourceAwsKmsSecret(), "aws_partition": dataSourceAwsPartition(), "aws_prefix_list": dataSourceAwsPrefixList(), From 7c572c3c74509396a56e4e231eb95155fb4cb8c7 Mon Sep 17 00:00:00 2001 From: trung Date: Wed, 8 Nov 2017 16:53:38 -0500 Subject: [PATCH 5/9] #2009: support DescribeKey --- aws/data_source_aws_kms_key.go | 42 +++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/aws/data_source_aws_kms_key.go b/aws/data_source_aws_kms_key.go index 8cd07188663..b4966a9682c 100644 --- a/aws/data_source_aws_kms_key.go +++ b/aws/data_source_aws_kms_key.go @@ -1,6 +1,10 @@ package aws -import "github.com/hashicorp/terraform/helper/schema" +import ( + "github.com/hashicorp/terraform/helper/schema" + "github.com/aws/aws-sdk-go/service/kms" + "fmt" +) func dataSourceAwsKmsKey() *schema.Resource { return &schema.Resource{ @@ -17,51 +21,51 @@ func dataSourceAwsKmsKey() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, }, "arn": { - Type: schema.TypeString, + Type: schema.TypeString, Computed: true, }, "aws_account_id": { - Type: schema.TypeString, + Type: schema.TypeString, Computed: true, }, "creation_date": { - Type: schema.TypeFloat, + Type: schema.TypeFloat, Computed: true, }, "deletion_date": { - Type: schema.TypeFloat, + Type: schema.TypeFloat, Computed: true, }, "description": { - Type: schema.TypeString, + Type: schema.TypeString, Computed: true, }, "enabled": { - Type: schema.TypeBool, + Type: schema.TypeBool, Computed: true, }, "expiration_model": { - Type: schema.TypeString, + Type: schema.TypeString, Computed: true, }, "key_manager": { - Type: schema.TypeString, + Type: schema.TypeString, Computed: true, }, "key_state": { - Type: schema.TypeString, + Type: schema.TypeString, Computed: true, }, "key_usage": { - Type: schema.TypeString, + Type: schema.TypeString, Computed: true, }, "origin": { - Type: schema.TypeString, + Type: schema.TypeString, Computed: true, }, "valid_to": { - Type: schema.TypeFloat, + Type: schema.TypeFloat, Computed: true, }, }, @@ -69,5 +73,17 @@ func dataSourceAwsKmsKey() *schema.Resource { } func dataSourceAwsKmsKeyRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).kmsconn + keyId := d.Get("key_id") + input := &kms.DescribeKeyInput{ + KeyId: keyId, + GrantTokens: d.Get("grant_tokens"), + } + output, err := conn.DescribeKey(input) + if err != nil { + return fmt.Errorf("Error while describing key [%s]: %s", keyId, err) + } + d.SetId(keyId) + d.Set("arn", output.KeyMetadata.Arn) return nil } From 55800a4d0c6d4cad3f8a1188fb2db0727be622ed Mon Sep 17 00:00:00 2001 From: trung Date: Wed, 8 Nov 2017 17:26:30 -0500 Subject: [PATCH 6/9] #2009: acceptance test --- aws/data_source_aws_kms_key.go | 35 ++++++++++++---- aws/data_source_aws_kms_key_test.go | 65 +++++++++++++++++++++++++++++ aws/resource_aws_instance_test.go | 2 +- aws/validators.go | 1 + aws/validators_test.go | 2 +- 5 files changed, 96 insertions(+), 9 deletions(-) create mode 100644 aws/data_source_aws_kms_key_test.go diff --git a/aws/data_source_aws_kms_key.go b/aws/data_source_aws_kms_key.go index b4966a9682c..3c84ca7ce23 100644 --- a/aws/data_source_aws_kms_key.go +++ b/aws/data_source_aws_kms_key.go @@ -1,9 +1,10 @@ package aws import ( - "github.com/hashicorp/terraform/helper/schema" - "github.com/aws/aws-sdk-go/service/kms" "fmt" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/kms" + "github.com/hashicorp/terraform/helper/schema" ) func dataSourceAwsKmsKey() *schema.Resource { @@ -74,16 +75,36 @@ func dataSourceAwsKmsKey() *schema.Resource { func dataSourceAwsKmsKeyRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).kmsconn - keyId := d.Get("key_id") + keyId, keyIdOk := d.GetOk("key_id") + if !keyIdOk { + return fmt.Errorf("key_id value is missing") + } + var grantTokens []*string + if v, ok := d.GetOk("grant_tokens"); ok { + for _, token := range v.([]interface{}) { + grantTokens = append(grantTokens, aws.String(token.(string))) + } + } input := &kms.DescribeKeyInput{ - KeyId: keyId, - GrantTokens: d.Get("grant_tokens"), + KeyId: aws.String(keyId.(string)), + GrantTokens: grantTokens, } output, err := conn.DescribeKey(input) if err != nil { - return fmt.Errorf("Error while describing key [%s]: %s", keyId, err) + return fmt.Errorf("error while describing key [%s]: %s", keyId, err) } - d.SetId(keyId) + d.SetId(keyId.(string)) d.Set("arn", output.KeyMetadata.Arn) + d.Set("aws_account_id", output.KeyMetadata.AWSAccountId) + d.Set("creation_date", output.KeyMetadata.CreationDate) + d.Set("deletion_date", output.KeyMetadata.DeletionDate) + d.Set("description", output.KeyMetadata.Description) + d.Set("enabled", output.KeyMetadata.Enabled) + d.Set("expiration_model", output.KeyMetadata.ExpirationModel) + d.Set("key_manager", output.KeyMetadata.KeyManager) + d.Set("key_state", output.KeyMetadata.KeyState) + d.Set("key_usage", output.KeyMetadata.KeyUsage) + d.Set("origin", output.KeyMetadata.Origin) + d.Set("valid_to", output.KeyMetadata.ValidTo) return nil } diff --git a/aws/data_source_aws_kms_key_test.go b/aws/data_source_aws_kms_key_test.go new file mode 100644 index 00000000000..3860763ba33 --- /dev/null +++ b/aws/data_source_aws_kms_key_test.go @@ -0,0 +1,65 @@ +package aws + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccDataSourceAwsKmsKey(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccDataSourceAwsKmsKeyConfig, + Check: resource.ComposeTestCheckFunc( + testAccDataSourceAwsKmsKeyCheck("data.aws_kms_key.arbitrary"), + ), + }, + }, + }) +} + +func testAccDataSourceAwsKmsKeyCheck(name string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[name] + if !ok { + return fmt.Errorf("root module has no resource called %s", name) + } + + kmsKeyRs, ok := s.RootModule().Resources["aws_kms_key.arbitrary"] + if !ok { + return fmt.Errorf("can't find aws_kms_key.arbitrary in state") + } + + attr := rs.Primary.Attributes + + checkProperties := []string{"arn", "key_usage", "description"} + + for _, p := range checkProperties { + if attr[p] != kmsKeyRs.Primary.Attributes[p] { + return fmt.Errorf( + "%s is %s; want %s", + p, + attr[p], + kmsKeyRs.Primary.Attributes[p], + ) + } + } + + return nil + } +} + +const testAccDataSourceAwsKmsKeyConfig = ` +resource "aws_kms_key" "arbitrary" { + description = "Terraform acc test" + deletion_window_in_days = 7 +} + +data "aws_kms_key" "arbitrary" { + key_id = "${aws_kms_key.arbitrary.key_id}" +}` diff --git a/aws/resource_aws_instance_test.go b/aws/resource_aws_instance_test.go index ff07ffad7c7..85d7cc2b4a5 100644 --- a/aws/resource_aws_instance_test.go +++ b/aws/resource_aws_instance_test.go @@ -2718,4 +2718,4 @@ resource "aws_instance" "foo" { Name = "tf-acctest-%d" } }`, rInt, rInt) -} \ No newline at end of file +} diff --git a/aws/validators.go b/aws/validators.go index a2095154b0a..cd479b1314f 100644 --- a/aws/validators.go +++ b/aws/validators.go @@ -1692,6 +1692,7 @@ func validateDxConnectionBandWidth(v interface{}, k string) (ws []string, errors } errors = append(errors, fmt.Errorf("expected %s to be one of %v, got %s", k, validBandWidth, val)) + return } func validateKmsKey(v interface{}, k string) (ws []string, errors []error) { diff --git a/aws/validators_test.go b/aws/validators_test.go index 20894a54448..b6487c0a840 100644 --- a/aws/validators_test.go +++ b/aws/validators_test.go @@ -2676,4 +2676,4 @@ func TestValidateKmsKey(t *testing.T) { t.Fatalf("%q validation failed: %v", tc.Value, errors) } } -} \ No newline at end of file +} From 1195057be2808d186726c59cb32b5b4ef91c61a6 Mon Sep 17 00:00:00 2001 From: trung Date: Wed, 8 Nov 2017 20:42:31 -0500 Subject: [PATCH 7/9] #2009: documentation --- aws/data_source_aws_kms_key.go | 2 +- website/aws.erb | 3 ++ website/docs/d/kms_key.html.markdown | 59 ++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 website/docs/d/kms_key.html.markdown diff --git a/aws/data_source_aws_kms_key.go b/aws/data_source_aws_kms_key.go index 3c84ca7ce23..d377a9acfb8 100644 --- a/aws/data_source_aws_kms_key.go +++ b/aws/data_source_aws_kms_key.go @@ -93,7 +93,7 @@ func dataSourceAwsKmsKeyRead(d *schema.ResourceData, meta interface{}) error { if err != nil { return fmt.Errorf("error while describing key [%s]: %s", keyId, err) } - d.SetId(keyId.(string)) + d.SetId(aws.StringValue(output.KeyMetadata.KeyId)) d.Set("arn", output.KeyMetadata.Arn) d.Set("aws_account_id", output.KeyMetadata.AWSAccountId) d.Set("creation_date", output.KeyMetadata.CreationDate) diff --git a/website/aws.erb b/website/aws.erb index 2cfdf4dfd75..8b7f1b439b7 100644 --- a/website/aws.erb +++ b/website/aws.erb @@ -143,6 +143,9 @@ > aws_kms_alias + > + aws_kms_key + > aws_kms_ciphertext diff --git a/website/docs/d/kms_key.html.markdown b/website/docs/d/kms_key.html.markdown new file mode 100644 index 00000000000..8fd4944cf42 --- /dev/null +++ b/website/docs/d/kms_key.html.markdown @@ -0,0 +1,59 @@ +--- +layout: "aws" +page_title: "AWS: aws_kms_key" +sidebar_current: "docs-aws-datasource-kms-key" +description: |- + Get information on a AWS Key Management Service (KMS) Key +--- + +# aws\_kms\_key + +Use this data source to get detailed information about +the specified KMS Key with flexible key id input. +This can be useful to reference key alias +without having to hard code the ARN as input. + +## Example Usage + +```hcl +data "aws_kms_key" "foo" { + key_id = "alias/my-key" +} + +data "aws_kms_key" "foo" { + key_id = "1234abcd-12ab-34cd-56ef-1234567890ab" +} + +data "aws_kms_key" "foo" { + key_id = "arn:aws:kms:us-east-1:111122223333:alias/my-key" +} + +data "aws_kms_key" "foo" { + key_id = "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" +} +``` + +## Argument Reference + +* `key_id` - (Required) Key identifier which can be one of the following format: + * Key ID. E.g: `1234abcd-12ab-34cd-56ef-1234567890ab` + * Key ARN. E.g.: `arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` + * Alias name. E.g.: `alias/my-key` + * Alias ARN: E.g.: `arn:aws:kms:us-east-1:111122223333:alias/my-key` +* `grant_tokens` - (Optional) List of grant tokens + +## Attributes Reference + +* `id`: The globally unique identifier for the key +* `arn`: The Amazon Resource Name (ARN) of the key +* `aws_account_id`: The twelve-digit account ID of the AWS account that owns the key +* `creation_date`: The date and time when the key was created +* `deletion_date`: The date and time after which AWS KMS deletes the key. This value is present only when `key_state` is `PendingDeletion`, otherwise this value is 0 +* `description`: The description of the key. +* `enabled`: Specifies whether the key is enabled. When `key_state` is `Enabled` this value is true, otherwise it is false +* `expiration_model`: Specifies whether the Key's key material expires. This value is present only when `origin` is `EXTERNAL`, otherwise this value is empty +* `key_manager`: The key's manager +* `key_state`: The state of the key +* `key_usage`: Currently the only allowed value is `ENCRYPT_DECRYPT` +* `origin`: When this value is `AWS_KMS`, AWS KMS created the key material. When this value is `EXTERNAL`, the key material was imported from your existing key management infrastructure or the CMK lacks key material +* `valid_to`: The time at which the imported key material expires. This value is present only when `origin` is `EXTERNAL` and whose `expiration_model` is `KEY_MATERIAL_EXPIRES`, otherwise this value is 0 \ No newline at end of file From e28ea81df3e0d986e7972b61a731484f30a97326 Mon Sep 17 00:00:00 2001 From: trung Date: Sun, 25 Feb 2018 23:06:08 -0500 Subject: [PATCH 8/9] #2009: fixed per @bflad review --- aws/data_source_aws_kms_key.go | 9 ++------- aws/data_source_aws_kms_key_test.go | 17 +++++++++++++++-- aws/validators.go | 2 +- website/docs/d/kms_key.html.markdown | 2 +- 4 files changed, 19 insertions(+), 11 deletions(-) diff --git a/aws/data_source_aws_kms_key.go b/aws/data_source_aws_kms_key.go index d377a9acfb8..fcf13159a04 100644 --- a/aws/data_source_aws_kms_key.go +++ b/aws/data_source_aws_kms_key.go @@ -75,15 +75,10 @@ func dataSourceAwsKmsKey() *schema.Resource { func dataSourceAwsKmsKeyRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).kmsconn - keyId, keyIdOk := d.GetOk("key_id") - if !keyIdOk { - return fmt.Errorf("key_id value is missing") - } + keyId := d.Get("key_id") var grantTokens []*string if v, ok := d.GetOk("grant_tokens"); ok { - for _, token := range v.([]interface{}) { - grantTokens = append(grantTokens, aws.String(token.(string))) - } + grantTokens = aws.StringSlice(v.([]string)) } input := &kms.DescribeKeyInput{ KeyId: aws.String(keyId.(string)), diff --git a/aws/data_source_aws_kms_key_test.go b/aws/data_source_aws_kms_key_test.go index 3860763ba33..bfa17b047c0 100644 --- a/aws/data_source_aws_kms_key_test.go +++ b/aws/data_source_aws_kms_key_test.go @@ -6,17 +6,30 @@ import ( "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" + "regexp" ) -func TestAccDataSourceAwsKmsKey(t *testing.T) { +func TestAccDataSourceAwsKmsKey_basic(t *testing.T) { resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, Steps: []resource.TestStep{ - resource.TestStep{ + { Config: testAccDataSourceAwsKmsKeyConfig, Check: resource.ComposeTestCheckFunc( testAccDataSourceAwsKmsKeyCheck("data.aws_kms_key.arbitrary"), + resource.TestMatchResourceAttr("data.aws_kms_key.arbitrary", "arn", regexp.MustCompile("^arn:[^:]+:kms:[^:]+:[^:]+:key/.+")), + resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "aws_account_id"), + resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "creation_date"), + resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "deletion_date"), + resource.TestCheckResourceAttr("data.aws_kms_key.arbitrary", "description", "Terraform acc test"), + resource.TestCheckResourceAttr("data.aws_kms_key.arbitrary", "enabled", "true"), + resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "expiration_model"), + resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "key_manager"), + resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "key_state"), + resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "key_usage"), + resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "origin"), + resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "valid_to"), ), }, }, diff --git a/aws/validators.go b/aws/validators.go index 7573a0c5690..086b5008d91 100644 --- a/aws/validators.go +++ b/aws/validators.go @@ -2146,7 +2146,7 @@ func validateDxConnectionBandWidth(v interface{}, k string) (ws []string, errors func validateKmsKey(v interface{}, k string) (ws []string, errors []error) { value := v.(string) - arnPrefixPattern := `arn:[\w-]+:([a-zA-Z0-9\-])+:([a-z]{2}-(gov-)?[a-z]+-\d{1})?:(\d{12})?:` + arnPrefixPattern := `arn:[^:]+:kms:[^:]+:[^:]+:` keyIdPattern := "[A-Za-z0-9-]+" keyArnPattern := arnPrefixPattern + "key/" + keyIdPattern aliasNamePattern := "alias/[a-zA-Z0-9:/_-]+" diff --git a/website/docs/d/kms_key.html.markdown b/website/docs/d/kms_key.html.markdown index 8fd4944cf42..3ef84638046 100644 --- a/website/docs/d/kms_key.html.markdown +++ b/website/docs/d/kms_key.html.markdown @@ -6,7 +6,7 @@ description: |- Get information on a AWS Key Management Service (KMS) Key --- -# aws\_kms\_key +# aws_kms_key Use this data source to get detailed information about the specified KMS Key with flexible key id input. From 7b9f50d27038cb1fab84b15afcb2066fb50c2665 Mon Sep 17 00:00:00 2001 From: trung Date: Sun, 25 Feb 2018 23:29:24 -0500 Subject: [PATCH 9/9] #2009: fixed tests --- aws/data_source_aws_kms_key.go | 17 +++++++++++------ aws/data_source_aws_kms_key_test.go | 5 +---- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/aws/data_source_aws_kms_key.go b/aws/data_source_aws_kms_key.go index fcf13159a04..35c231ead10 100644 --- a/aws/data_source_aws_kms_key.go +++ b/aws/data_source_aws_kms_key.go @@ -5,6 +5,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/kms" "github.com/hashicorp/terraform/helper/schema" + "time" ) func dataSourceAwsKmsKey() *schema.Resource { @@ -30,11 +31,11 @@ func dataSourceAwsKmsKey() *schema.Resource { Computed: true, }, "creation_date": { - Type: schema.TypeFloat, + Type: schema.TypeString, Computed: true, }, "deletion_date": { - Type: schema.TypeFloat, + Type: schema.TypeString, Computed: true, }, "description": { @@ -66,7 +67,7 @@ func dataSourceAwsKmsKey() *schema.Resource { Computed: true, }, "valid_to": { - Type: schema.TypeFloat, + Type: schema.TypeString, Computed: true, }, }, @@ -91,8 +92,10 @@ func dataSourceAwsKmsKeyRead(d *schema.ResourceData, meta interface{}) error { d.SetId(aws.StringValue(output.KeyMetadata.KeyId)) d.Set("arn", output.KeyMetadata.Arn) d.Set("aws_account_id", output.KeyMetadata.AWSAccountId) - d.Set("creation_date", output.KeyMetadata.CreationDate) - d.Set("deletion_date", output.KeyMetadata.DeletionDate) + d.Set("creation_date", aws.TimeValue(output.KeyMetadata.CreationDate).Format(time.RFC3339)) + if output.KeyMetadata.DeletionDate != nil { + d.Set("deletion_date", aws.TimeValue(output.KeyMetadata.DeletionDate).Format(time.RFC3339)) + } d.Set("description", output.KeyMetadata.Description) d.Set("enabled", output.KeyMetadata.Enabled) d.Set("expiration_model", output.KeyMetadata.ExpirationModel) @@ -100,6 +103,8 @@ func dataSourceAwsKmsKeyRead(d *schema.ResourceData, meta interface{}) error { d.Set("key_state", output.KeyMetadata.KeyState) d.Set("key_usage", output.KeyMetadata.KeyUsage) d.Set("origin", output.KeyMetadata.Origin) - d.Set("valid_to", output.KeyMetadata.ValidTo) + if output.KeyMetadata.ValidTo != nil { + d.Set("valid_to", aws.TimeValue(output.KeyMetadata.ValidTo).Format(time.RFC3339)) + } return nil } diff --git a/aws/data_source_aws_kms_key_test.go b/aws/data_source_aws_kms_key_test.go index bfa17b047c0..6bb239ceb27 100644 --- a/aws/data_source_aws_kms_key_test.go +++ b/aws/data_source_aws_kms_key_test.go @@ -21,15 +21,12 @@ func TestAccDataSourceAwsKmsKey_basic(t *testing.T) { resource.TestMatchResourceAttr("data.aws_kms_key.arbitrary", "arn", regexp.MustCompile("^arn:[^:]+:kms:[^:]+:[^:]+:key/.+")), resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "aws_account_id"), resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "creation_date"), - resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "deletion_date"), resource.TestCheckResourceAttr("data.aws_kms_key.arbitrary", "description", "Terraform acc test"), resource.TestCheckResourceAttr("data.aws_kms_key.arbitrary", "enabled", "true"), - resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "expiration_model"), resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "key_manager"), resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "key_state"), - resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "key_usage"), + resource.TestCheckResourceAttr("data.aws_kms_key.arbitrary", "key_usage", "ENCRYPT_DECRYPT"), resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "origin"), - resource.TestCheckResourceAttrSet("data.aws_kms_key.arbitrary", "valid_to"), ), }, },