diff --git a/.changelog/23444.txt b/.changelog/23444.txt new file mode 100644 index 00000000000..c003dde3977 --- /dev/null +++ b/.changelog/23444.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_dms_endpoint: Fix bug where KMS key was ignored for DynamoDB, OpenSearch, Kafka, Kinesis, Oracle, PostgreSQL, and S3 engines. +``` \ No newline at end of file diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go index 79480e396d8..3341452fbde 100644 --- a/internal/service/dms/endpoint.go +++ b/internal/service/dms/endpoint.go @@ -601,6 +601,24 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error { Tags: Tags(tags.IgnoreAWS()), } + if v, ok := d.GetOk("certificate_arn"); ok { + request.CertificateArn = aws.String(v.(string)) + } + + // Send ExtraConnectionAttributes in the API request for all resource types + // per https://github.com/hashicorp/terraform-provider-aws/issues/8009 + if v, ok := d.GetOk("extra_connection_attributes"); ok { + request.ExtraConnectionAttributes = aws.String(v.(string)) + } + + if v, ok := d.GetOk("kms_key_arn"); ok { + request.KmsKeyId = aws.String(v.(string)) + } + + if v, ok := d.GetOk("ssl_mode"); ok { + request.SslMode = aws.String(v.(string)) + } + switch d.Get("engine_name").(string) { case engineNameDynamoDB: request.DynamoDbSettings = &dms.DynamoDbSettings{ @@ -697,24 +715,6 @@ func resourceEndpointCreate(d *schema.ResourceData, meta interface{}) error { if v, ok := d.GetOk("database_name"); ok { request.DatabaseName = aws.String(v.(string)) } - - if v, ok := d.GetOk("kms_key_arn"); ok { - request.KmsKeyId = aws.String(v.(string)) - } - } - - if v, ok := d.GetOk("certificate_arn"); ok { - request.CertificateArn = aws.String(v.(string)) - } - - // Send ExtraConnectionAttributes in the API request for all resource types - // per https://github.com/hashicorp/terraform-provider-aws/issues/8009 - if v, ok := d.GetOk("extra_connection_attributes"); ok { - request.ExtraConnectionAttributes = aws.String(v.(string)) - } - - if v, ok := d.GetOk("ssl_mode"); ok { - request.SslMode = aws.String(v.(string)) } log.Println("[DEBUG] DMS create endpoint:", request) diff --git a/internal/service/dms/endpoint_test.go b/internal/service/dms/endpoint_test.go index fba8c61614d..3ea896e4cc3 100644 --- a/internal/service/dms/endpoint_test.go +++ b/internal/service/dms/endpoint_test.go @@ -16,7 +16,7 @@ import ( ) func TestAccDMSEndpoint_basic(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -56,7 +56,7 @@ func TestAccDMSEndpoint_basic(t *testing.T) { } func TestAccDMSEndpoint_S3_basic(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -113,7 +113,7 @@ func TestAccDMSEndpoint_S3_basic(t *testing.T) { // Reference: https://github.com/hashicorp/terraform-provider-aws/issues/8009 func TestAccDMSEndpoint_S3_extraConnectionAttributes(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -140,7 +140,7 @@ func TestAccDMSEndpoint_S3_extraConnectionAttributes(t *testing.T) { } func TestAccDMSEndpoint_dynamoDB(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -434,7 +434,7 @@ func TestAccDMSEndpoint_kinesis(t *testing.T) { } func TestAccDMSEndpoint_MongoDB_basic(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -464,7 +464,7 @@ func TestAccDMSEndpoint_MongoDB_basic(t *testing.T) { // configured fields and extra_connection_attributes now set in the resource // per https://github.com/hashicorp/terraform-provider-aws/issues/8009 func TestAccDMSEndpoint_MongoDB_update(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -509,7 +509,7 @@ func TestAccDMSEndpoint_MongoDB_update(t *testing.T) { } func TestAccDMSEndpoint_Oracle_basic(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -536,7 +536,7 @@ func TestAccDMSEndpoint_Oracle_basic(t *testing.T) { } func TestAccDMSEndpoint_Oracle_secretID(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -562,7 +562,7 @@ func TestAccDMSEndpoint_Oracle_secretID(t *testing.T) { } func TestAccDMSEndpoint_Oracle_update(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -602,7 +602,7 @@ func TestAccDMSEndpoint_Oracle_update(t *testing.T) { } func TestAccDMSEndpoint_PostgreSQL_basic(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -629,7 +629,7 @@ func TestAccDMSEndpoint_PostgreSQL_basic(t *testing.T) { } func TestAccDMSEndpoint_PostgreSQL_secretID(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -655,7 +655,7 @@ func TestAccDMSEndpoint_PostgreSQL_secretID(t *testing.T) { } func TestAccDMSEndpoint_PostgreSQL_update(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -694,8 +694,30 @@ func TestAccDMSEndpoint_PostgreSQL_update(t *testing.T) { }) } +// https://github.com/hashicorp/terraform-provider-aws/issues/23143 +func TestAccDMSEndpoint_PostgreSQL_kmsKey(t *testing.T) { + resourceName := "aws_dms_endpoint.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, dms.EndpointsID), + Providers: acctest.Providers, + CheckDestroy: testAccCheckEndpointDestroy, + Steps: []resource.TestStep{ + { + Config: testAccEndpointConfig_postgresKey(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckEndpointExists(resourceName), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_arn"), + ), + }, + }, + }) +} + func TestAccDMSEndpoint_docDB(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -735,7 +757,7 @@ func TestAccDMSEndpoint_docDB(t *testing.T) { } func TestAccDMSEndpoint_db2(t *testing.T) { - resourceName := "aws_dms_endpoint.dms_endpoint" + resourceName := "aws_dms_endpoint.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource.ParallelTest(t, resource.TestCase{ @@ -832,7 +854,7 @@ func testAccCheckEndpointExists(n string) resource.TestCheckFunc { func testAccEndpointConfig_basic(rName string) string { return fmt.Sprintf(` -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { database_name = "tf-test-dms-db" endpoint_id = %[1]q endpoint_type = "source" @@ -856,7 +878,7 @@ resource "aws_dms_endpoint" "dms_endpoint" { func testAccEndpointConfig_basicUpdate(rName string) string { return fmt.Sprintf(` -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { database_name = "tf-test-dms-db-updated" endpoint_id = %[1]q endpoint_type = "source" @@ -882,7 +904,7 @@ func testAccEndpointConfig_dynamoDB(rName string) string { return fmt.Sprintf(` data "aws_partition" "current" {} -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { endpoint_id = %[1]q endpoint_type = "target" engine_name = "dynamodb" @@ -948,7 +970,7 @@ func testAccEndpointConfig_dynamoDBUpdate(rName string) string { return fmt.Sprintf(` data "aws_partition" "current" {} -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { endpoint_id = %[1]q endpoint_type = "target" engine_name = "dynamodb" @@ -1012,7 +1034,7 @@ func testAccEndpointConfig_s3(rName string) string { return fmt.Sprintf(` data "aws_partition" "current" {} -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { endpoint_id = %[1]q endpoint_type = "target" engine_name = "s3" @@ -1092,7 +1114,7 @@ func testAccEndpointConfig_s3ExtraConnectionAttributes(rName string) string { return fmt.Sprintf(` data "aws_partition" "current" {} -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { endpoint_id = %[1]q endpoint_type = "target" engine_name = "s3" @@ -1170,7 +1192,7 @@ func testAccEndpointConfig_s3Config(rName string) string { return fmt.Sprintf(` data "aws_partition" "current" {} -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { endpoint_id = %[1]q endpoint_type = "target" engine_name = "s3" @@ -1525,7 +1547,7 @@ data "aws_kms_alias" "dms" { name = "alias/aws/dms" } -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { endpoint_id = %[1]q endpoint_type = "source" engine_name = "mongodb" @@ -1562,7 +1584,7 @@ data "aws_kms_alias" "dms" { name = "alias/aws/dms" } -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { endpoint_id = %[1]q endpoint_type = "source" engine_name = "mongodb" @@ -1593,7 +1615,7 @@ resource "aws_dms_endpoint" "dms_endpoint" { func testAccEndpointConfig_oracle(rName string) string { return fmt.Sprintf(` -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { endpoint_id = %[1]q endpoint_type = "source" engine_name = "oracle" @@ -1616,7 +1638,7 @@ resource "aws_dms_endpoint" "dms_endpoint" { func testAccEndpointConfig_oracleUpdate(rName string) string { return fmt.Sprintf(` -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { endpoint_id = %[1]q endpoint_type = "source" engine_name = "oracle" @@ -1687,7 +1709,7 @@ resource "aws_iam_role_policy" "test" { EOF } -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { endpoint_id = %[1]q endpoint_type = "source" engine_name = "oracle" @@ -1709,7 +1731,7 @@ resource "aws_dms_endpoint" "dms_endpoint" { func testAccEndpointConfig_postgreSQL(rName string) string { return fmt.Sprintf(` -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { endpoint_id = %[1]q endpoint_type = "source" engine_name = "postgres" @@ -1732,7 +1754,7 @@ resource "aws_dms_endpoint" "dms_endpoint" { func testAccEndpointConfig_postgreSQLUpdate(rName string) string { return fmt.Sprintf(` -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { endpoint_id = %[1]q endpoint_type = "source" engine_name = "postgres" @@ -1802,7 +1824,7 @@ resource "aws_iam_role_policy" "test" { } EOF } -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { endpoint_id = %[1]q endpoint_type = "source" engine_name = "postgres" @@ -1824,7 +1846,7 @@ resource "aws_dms_endpoint" "dms_endpoint" { func testAccEndpointConfig_docDB(rName string) string { return fmt.Sprintf(` -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { database_name = "tf-test-dms-db" endpoint_id = %[1]q endpoint_type = "target" @@ -1848,7 +1870,7 @@ resource "aws_dms_endpoint" "dms_endpoint" { func testAccEndpointConfig_docDBUpdate(rName string) string { return fmt.Sprintf(` -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { database_name = "tf-test-dms-db-updated" endpoint_id = %[1]q endpoint_type = "target" @@ -1872,7 +1894,7 @@ resource "aws_dms_endpoint" "dms_endpoint" { func testAccEndpointConfig_db2(rName string) string { return fmt.Sprintf(` -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { database_name = "tf-test-dms-db" endpoint_id = %[1]q endpoint_type = "source" @@ -1896,7 +1918,7 @@ resource "aws_dms_endpoint" "dms_endpoint" { func testAccEndpointConfig_db2Update(rName string) string { return fmt.Sprintf(` -resource "aws_dms_endpoint" "dms_endpoint" { +resource "aws_dms_endpoint" "test" { database_name = "tf-test-dms-db-updated" endpoint_id = %[1]q endpoint_type = "source" @@ -1917,3 +1939,30 @@ resource "aws_dms_endpoint" "dms_endpoint" { } `, rName) } + +func testAccEndpointConfig_postgresKey(rName string) string { + return fmt.Sprintf(` +resource "aws_kms_key" "test" { + description = %[1]q + deletion_window_in_days = 7 +} + +resource "aws_dms_endpoint" "test" { + endpoint_id = %[1]q + endpoint_type = "source" + engine_name = "postgres" + server_name = "tftest" + port = 27018 + username = "tftest" + password = "tftest" + database_name = "tftest" + ssl_mode = "require" + extra_connection_attributes = "" + kms_key_arn = aws_kms_key.test.arn + + tags = { + Name = %[1]q + } +} +`, rName) +}