hashicorp · ewbankkit · Feb 1, 2024 · Jan 30, 2024 · Jan 30, 2024 · Feb 1, 2024
@@ -1,3 +1,3 @@
 ```release-note:enhancement
-resource/aws_lakeformation_resource: Add with_federation argument
+resource/aws_lakeformation_resource: Add `with_federation` argument
 ```
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_lakeformation_resource: Add `hybrid_access_enabled` argument
+```
@@ -12,13 +12,15 @@ import (
 	"github.com/aws/aws-sdk-go/service/lakeformation"
 	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
+	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/internal/verify"
 )
 
-// @SDKResource("aws_lakeformation_resource")
+// @SDKResource("aws_lakeformation_resource", name="Resource")
 func ResourceResource() *schema.Resource {
 	return &schema.Resource{
 		CreateWithoutTimeout: resourceResourceCreate,
@@ -32,6 +34,12 @@ func ResourceResource() *schema.Resource {
 				ForceNew:     true,
 				ValidateFunc: verify.ValidARN,
 			},
+			"hybrid_access_enabled": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
 			"last_modified": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -43,14 +51,15 @@ func ResourceResource() *schema.Resource {
 				ForceNew:     true,
 				ValidateFunc: verify.ValidARN,
 			},
-			"with_federation": {
+			"use_service_linked_role": {
 				Type:     schema.TypeBool,
 				Optional: true,
-				Computed: true,
+				ForceNew: true,
 			},
-			"use_service_linked_role": {
+			"with_federation": {
 				Type:     schema.TypeBool,
 				Optional: true,
+				Computed: true,
 				ForceNew: true,
 			},
 		},
@@ -60,10 +69,14 @@ func ResourceResource() *schema.Resource {
 func resourceResourceCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
 	conn := meta.(*conns.AWSClient).LakeFormationConn(ctx)
-	resourceArn := d.Get("arn").(string)
 
+	resourceARN := d.Get("arn").(string)
 	input := &lakeformation.RegisterResourceInput{
-		ResourceArn: aws.String(resourceArn),
+		ResourceArn: aws.String(resourceARN),
+	}
+
+	if v, ok := d.GetOk("hybrid_access_enabled"); ok {
+		input.HybridAccessEnabled = aws.Bool(v.(bool))
 	}
 
 	if v, ok := d.GetOk("role_arn"); ok {
@@ -72,78 +85,95 @@ func resourceResourceCreate(ctx context.Context, d *schema.ResourceData, meta in
 		input.UseServiceLinkedRole = aws.Bool(true)
 	}
 
-	if v, ok := d.GetOk("with_federation"); ok {
-		input.WithFederation = aws.Bool(v.(bool))
-	}
-
 	if v, ok := d.GetOk("use_service_linked_role"); ok {
 		input.UseServiceLinkedRole = aws.Bool(v.(bool))
 	}
 
+	if v, ok := d.GetOk("with_federation"); ok {
+		input.WithFederation = aws.Bool(v.(bool))
+	}
+
 	_, err := conn.RegisterResourceWithContext(ctx, input)
 
 	if tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeAlreadyExistsException) {
-		log.Printf("[WARN] Lake Formation Resource (%s) already exists", resourceArn)
+		log.Printf("[WARN] Lake Formation Resource (%s) already exists", resourceARN)
 	} else if err != nil {
-		return sdkdiag.AppendErrorf(diags, "registering Lake Formation Resource (%s): %s", resourceArn, err)
+		return sdkdiag.AppendErrorf(diags, "registering Lake Formation Resource (%s): %s", resourceARN, err)
 	}
 
-	d.SetId(resourceArn)
+	d.SetId(resourceARN)
+
 	return append(diags, resourceResourceRead(ctx, d, meta)...)
 }
 
 func resourceResourceRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
 	conn := meta.(*conns.AWSClient).LakeFormationConn(ctx)
-	resourceArn := d.Get("arn").(string)
 
-	input := &lakeformation.DescribeResourceInput{
-		ResourceArn: aws.String(resourceArn),
-	}
+	resource, err := FindResourceByARN(ctx, conn, d.Id())
 
-	output, err := conn.DescribeResourceWithContext(ctx, input)
-
-	if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeEntityNotFoundException) {
+	if !d.IsNewResource() && tfresource.NotFound(err) {
 		log.Printf("[WARN] Resource Lake Formation Resource (%s) not found, removing from state", d.Id())
 		d.SetId("")
 		return diags
 	}
 
 	if err != nil {
-		return sdkdiag.AppendErrorf(diags, "reading resource Lake Formation Resource (%s): %s", d.Id(), err)
-	}
-
-	if output == nil || output.ResourceInfo == nil {
-		return sdkdiag.AppendErrorf(diags, "reading resource Lake Formation Resource (%s): empty response", d.Id())
+		return sdkdiag.AppendErrorf(diags, "reading Lake Formation Resource (%s): %s", d.Id(), err)
 	}
 
-	d.Set("with_federation", output.ResourceInfo.WithFederation)
-
-	// d.Set("arn", output.ResourceInfo.ResourceArn) // output not including resource arn currently
-	d.Set("role_arn", output.ResourceInfo.RoleArn)
-	if output.ResourceInfo.LastModified != nil { // output not including last modified currently
-		d.Set("last_modified", output.ResourceInfo.LastModified.Format(time.RFC3339))
+	d.Set("arn", d.Id())
+	d.Set("hybrid_access_enabled", resource.HybridAccessEnabled)
+	if v := resource.LastModified; v != nil { // output not including last modified currently
+		d.Set("last_modified", v.Format(time.RFC3339))
 	}
+	d.Set("role_arn", resource.RoleArn)
+	d.Set("with_federation", resource.WithFederation)
 
 	return diags
 }
 
 func resourceResourceDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
 	conn := meta.(*conns.AWSClient).LakeFormationConn(ctx)
-	resourceArn := d.Get("arn").(string)
 
-	input := &lakeformation.DeregisterResourceInput{
-		ResourceArn: aws.String(resourceArn),
-	}
+	log.Printf("[INFO] Deleting Lake Formation Resource: %s", d.Id())
+	_, err := conn.DeregisterResourceWithContext(ctx, &lakeformation.DeregisterResourceInput{
+		ResourceArn: aws.String(d.Id()),
+	})
 
-	_, err := conn.DeregisterResourceWithContext(ctx, input)
 	if tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeEntityNotFoundException) {
 		return diags
 	}
+
 	if err != nil {
 		return sdkdiag.AppendErrorf(diags, "deregistering Lake Formation Resource (%s): %s", d.Id(), err)
 	}
 
 	return diags
 }
+
+func FindResourceByARN(ctx context.Context, conn *lakeformation.LakeFormation, arn string) (*lakeformation.ResourceInfo, error) {
+	input := &lakeformation.DescribeResourceInput{
+		ResourceArn: aws.String(arn),
+	}
+
+	output, err := conn.DescribeResourceWithContext(ctx, input)
+
+	if tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeEntityNotFoundException) {
+		return nil, &retry.NotFoundError{
+			LastError:   err,
+			LastRequest: input,
+		}
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	if output == nil || output.ResourceInfo == nil {
+		return nil, tfresource.NewEmptyResultError(input)
+	}
+
+	return output.ResourceInfo, nil
+}