From 1a3b53f2bf11308759bbaedbcec1d70453f509f3 Mon Sep 17 00:00:00 2001 From: prithvi514 Date: Tue, 30 Jan 2024 16:47:26 -0600 Subject: [PATCH 1/6] r/aws_lakeformation_resource: add hybrid_access_enabled argument --- internal/service/lakeformation/resource.go | 9 +++++ .../service/lakeformation/resource_test.go | 40 +++++++++++++++++++ .../r/lakeformation_resource.html.markdown | 1 + 3 files changed, 50 insertions(+) diff --git a/internal/service/lakeformation/resource.go b/internal/service/lakeformation/resource.go index 2c7e0e454adc..d5ca234d46c7 100644 --- a/internal/service/lakeformation/resource.go +++ b/internal/service/lakeformation/resource.go @@ -48,6 +48,11 @@ func ResourceResource() *schema.Resource { Optional: true, ForceNew: true, }, + "hybrid_access_enabled": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + }, }, } } @@ -71,6 +76,10 @@ func resourceResourceCreate(ctx context.Context, d *schema.ResourceData, meta in input.UseServiceLinkedRole = aws.Bool(v.(bool)) } + if v, ok := d.GetOk("hybrid_access_enabled"); ok { + input.HybridAccessEnabled = aws.Bool(v.(bool)) + } + _, err := conn.RegisterResourceWithContext(ctx, input) if tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeAlreadyExistsException) { diff --git a/internal/service/lakeformation/resource_test.go b/internal/service/lakeformation/resource_test.go index 7102f808eb0f..399245f5d745 100644 --- a/internal/service/lakeformation/resource_test.go +++ b/internal/service/lakeformation/resource_test.go @@ -169,6 +169,33 @@ func TestAccLakeFormationResource_updateSLRToRole(t *testing.T) { }) } +func TestAccLakeFormationResource_hybridAccessEnabled(t *testing.T) { + ctx := acctest.Context(t) + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceAddr := "aws_lakeformation_resource.test" + bucketAddr := "aws_s3_bucket.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(ctx, t) + acctest.PreCheckPartitionHasService(t, lakeformation.EndpointsID) + }, + ErrorCheck: acctest.ErrorCheck(t, lakeformation.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckResourceDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccResourceConfig_hybridAccessEnabled(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckResourceExists(ctx, resourceAddr), + resource.TestCheckResourceAttrPair(resourceAddr, "arn", bucketAddr, "arn"), + resource.TestCheckResourceAttr(resourceAddr, "hybrid_access_enabled", "true"), + ), + }, + }, + }) +} + // AWS does not support changing from an IAM role to an SLR. No error is thrown // but the registration is not changed (the IAM role continues in the registration). // @@ -310,3 +337,16 @@ resource "aws_lakeformation_resource" "test" { } `, rName) } + +func testAccResourceConfig_hybridAccessEnabled(rName string) string { + return fmt.Sprintf(` +resource "aws_s3_bucket" "test" { + bucket = %[1]q +} + +resource "aws_lakeformation_resource" "test" { + arn = aws_s3_bucket.test.arn + hybrid_access_enabled = true +} +`, rName) +} diff --git a/website/docs/r/lakeformation_resource.html.markdown b/website/docs/r/lakeformation_resource.html.markdown index f6847070ac4d..814384bb5636 100644 --- a/website/docs/r/lakeformation_resource.html.markdown +++ b/website/docs/r/lakeformation_resource.html.markdown @@ -37,6 +37,7 @@ The following arguments are optional: * `role_arn` – (Optional) Role that has read/write access to the resource. * `use_service_linked_role` - (Optional) Designates an AWS Identity and Access Management (IAM) service-linked role by registering this role with the Data Catalog. +* `hybrid_access_enabled` - (Optional) Flag to enable AWS LakeFormation hybrid access permission mode. ~> **NOTE:** AWS does not support registering an S3 location with an IAM role and subsequently updating the S3 location registration to a service-linked role. From c7d00dc6a11bb09fcb39f0cba1a560cfab7ac28d Mon Sep 17 00:00:00 2001 From: prithvi514 Date: Tue, 30 Jan 2024 16:59:07 -0600 Subject: [PATCH 2/6] chore: changelog --- .changelog/35571.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/35571.txt diff --git a/.changelog/35571.txt b/.changelog/35571.txt new file mode 100644 index 000000000000..6d7ec184cf36 --- /dev/null +++ b/.changelog/35571.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_lakeformation_resource: Add `hybrid_access_enabled` argument +``` \ No newline at end of file From 5a0aac5c4878df04c3f60b7f0139494b3459a559 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 1 Feb 2024 14:21:07 -0500 Subject: [PATCH 3/6] r/aws_lakeformation_resource: Set 'hybrid_access_enabled' in Read. --- internal/service/lakeformation/resource.go | 92 +++++++++++-------- .../lakeformation/service_package_gen.go | 1 + 2 files changed, 57 insertions(+), 36 deletions(-) diff --git a/internal/service/lakeformation/resource.go b/internal/service/lakeformation/resource.go index d5ca234d46c7..41b1c6fbbae8 100644 --- a/internal/service/lakeformation/resource.go +++ b/internal/service/lakeformation/resource.go @@ -12,13 +12,15 @@ import ( "github.com/aws/aws-sdk-go/service/lakeformation" "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" + "github.com/hashicorp/terraform-provider-aws/internal/tfresource" "github.com/hashicorp/terraform-provider-aws/internal/verify" ) -// @SDKResource("aws_lakeformation_resource") +// @SDKResource("aws_lakeformation_resource", name="Resource") func ResourceResource() *schema.Resource { return &schema.Resource{ CreateWithoutTimeout: resourceResourceCreate, @@ -32,6 +34,11 @@ func ResourceResource() *schema.Resource { ForceNew: true, ValidateFunc: verify.ValidARN, }, + "hybrid_access_enabled": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + }, "last_modified": { Type: schema.TypeString, Computed: true, @@ -48,11 +55,6 @@ func ResourceResource() *schema.Resource { Optional: true, ForceNew: true, }, - "hybrid_access_enabled": { - Type: schema.TypeBool, - Optional: true, - ForceNew: true, - }, }, } } @@ -60,10 +62,14 @@ func ResourceResource() *schema.Resource { func resourceResourceCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics conn := meta.(*conns.AWSClient).LakeFormationConn(ctx) - resourceArn := d.Get("arn").(string) + resourceARN := d.Get("arn").(string) input := &lakeformation.RegisterResourceInput{ - ResourceArn: aws.String(resourceArn), + ResourceArn: aws.String(resourceARN), + } + + if v, ok := d.GetOk("hybrid_access_enabled"); ok { + input.HybridAccessEnabled = aws.Bool(v.(bool)) } if v, ok := d.GetOk("role_arn"); ok { @@ -76,52 +82,41 @@ func resourceResourceCreate(ctx context.Context, d *schema.ResourceData, meta in input.UseServiceLinkedRole = aws.Bool(v.(bool)) } - if v, ok := d.GetOk("hybrid_access_enabled"); ok { - input.HybridAccessEnabled = aws.Bool(v.(bool)) - } - _, err := conn.RegisterResourceWithContext(ctx, input) if tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeAlreadyExistsException) { - log.Printf("[WARN] Lake Formation Resource (%s) already exists", resourceArn) + log.Printf("[WARN] Lake Formation Resource (%s) already exists", resourceARN) } else if err != nil { - return sdkdiag.AppendErrorf(diags, "registering Lake Formation Resource (%s): %s", resourceArn, err) + return sdkdiag.AppendErrorf(diags, "registering Lake Formation Resource (%s): %s", resourceARN, err) } - d.SetId(resourceArn) + d.SetId(resourceARN) + return append(diags, resourceResourceRead(ctx, d, meta)...) } func resourceResourceRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics conn := meta.(*conns.AWSClient).LakeFormationConn(ctx) - resourceArn := d.Get("arn").(string) - - input := &lakeformation.DescribeResourceInput{ - ResourceArn: aws.String(resourceArn), - } - output, err := conn.DescribeResourceWithContext(ctx, input) + resource, err := FindResourceByARN(ctx, conn, d.Id()) - if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeEntityNotFoundException) { + if !d.IsNewResource() && tfresource.NotFound(err) { log.Printf("[WARN] Resource Lake Formation Resource (%s) not found, removing from state", d.Id()) d.SetId("") return diags } if err != nil { - return sdkdiag.AppendErrorf(diags, "reading resource Lake Formation Resource (%s): %s", d.Id(), err) - } - - if output == nil || output.ResourceInfo == nil { - return sdkdiag.AppendErrorf(diags, "reading resource Lake Formation Resource (%s): empty response", d.Id()) + return sdkdiag.AppendErrorf(diags, "reading Lake Formation Resource (%s): %s", d.Id(), err) } - // d.Set("arn", output.ResourceInfo.ResourceArn) // output not including resource arn currently - d.Set("role_arn", output.ResourceInfo.RoleArn) - if output.ResourceInfo.LastModified != nil { // output not including last modified currently - d.Set("last_modified", output.ResourceInfo.LastModified.Format(time.RFC3339)) + d.Set("arn", d.Id()) + d.Set("hybrid_access_enabled", resource.HybridAccessEnabled) + if v := resource.LastModified; v != nil { // output not including last modified currently + d.Set("last_modified", v.Format(time.RFC3339)) } + d.Set("role_arn", resource.RoleArn) return diags } @@ -129,19 +124,44 @@ func resourceResourceRead(ctx context.Context, d *schema.ResourceData, meta inte func resourceResourceDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics conn := meta.(*conns.AWSClient).LakeFormationConn(ctx) - resourceArn := d.Get("arn").(string) - input := &lakeformation.DeregisterResourceInput{ - ResourceArn: aws.String(resourceArn), - } + log.Printf("[INFO] Deleting Lake Formation Resource: %s", d.Id()) + _, err := conn.DeregisterResourceWithContext(ctx, &lakeformation.DeregisterResourceInput{ + ResourceArn: aws.String(d.Id()), + }) - _, err := conn.DeregisterResourceWithContext(ctx, input) if tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeEntityNotFoundException) { return diags } + if err != nil { return sdkdiag.AppendErrorf(diags, "deregistering Lake Formation Resource (%s): %s", d.Id(), err) } return diags } + +func FindResourceByARN(ctx context.Context, conn *lakeformation.LakeFormation, arn string) (*lakeformation.ResourceInfo, error) { + input := &lakeformation.DescribeResourceInput{ + ResourceArn: aws.String(arn), + } + + output, err := conn.DescribeResourceWithContext(ctx, input) + + if tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeEntityNotFoundException) { + return nil, &retry.NotFoundError{ + LastError: err, + LastRequest: input, + } + } + + if err != nil { + return nil, err + } + + if output == nil || output.ResourceInfo == nil { + return nil, tfresource.NewEmptyResultError(input) + } + + return output.ResourceInfo, nil +} diff --git a/internal/service/lakeformation/service_package_gen.go b/internal/service/lakeformation/service_package_gen.go index b6396ca6763d..0e29e1a14d3b 100644 --- a/internal/service/lakeformation/service_package_gen.go +++ b/internal/service/lakeformation/service_package_gen.go @@ -57,6 +57,7 @@ func (p *servicePackage) SDKResources(ctx context.Context) []*types.ServicePacka { Factory: ResourceResource, TypeName: "aws_lakeformation_resource", + Name: "Resource", }, { Factory: ResourceResourceLFTags, From 42b3c3a0582a1a87a64fc02fcf51682c105adecc Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 1 Feb 2024 14:27:10 -0500 Subject: [PATCH 4/6] r/aws_lakeformation_resource: Tidy up acceptance tests. --- .../service/lakeformation/resource_test.go | 113 ++++++++---------- 1 file changed, 48 insertions(+), 65 deletions(-) diff --git a/internal/service/lakeformation/resource_test.go b/internal/service/lakeformation/resource_test.go index 399245f5d745..c8381fd2187e 100644 --- a/internal/service/lakeformation/resource_test.go +++ b/internal/service/lakeformation/resource_test.go @@ -8,24 +8,23 @@ import ( "fmt" "testing" - "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/lakeformation" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/hashicorp/terraform-provider-aws/internal/acctest" "github.com/hashicorp/terraform-provider-aws/internal/conns" tflakeformation "github.com/hashicorp/terraform-provider-aws/internal/service/lakeformation" + "github.com/hashicorp/terraform-provider-aws/internal/tfresource" ) func TestAccLakeFormationResource_basic(t *testing.T) { ctx := acctest.Context(t) bucketName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) roleName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) - resourceAddr := "aws_lakeformation_resource.test" - bucketAddr := "aws_s3_bucket.test" - roleAddr := "aws_iam_role.test" + resourceName := "aws_lakeformation_resource.test" + bucketResourceName := "aws_s3_bucket.test" + roleResourceName := "aws_iam_role.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(ctx, t); acctest.PreCheckPartitionHasService(t, lakeformation.EndpointsID) }, @@ -35,10 +34,11 @@ func TestAccLakeFormationResource_basic(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccResourceConfig_basic(bucketName, roleName), - Check: resource.ComposeTestCheckFunc( - testAccCheckResourceExists(ctx, resourceAddr), - resource.TestCheckResourceAttrPair(resourceAddr, "role_arn", roleAddr, "arn"), - resource.TestCheckResourceAttrPair(resourceAddr, "arn", bucketAddr, "arn"), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckResourceExists(ctx, resourceName), + resource.TestCheckResourceAttrPair(resourceName, "role_arn", roleResourceName, "arn"), + resource.TestCheckResourceAttr(resourceName, "hybrid_access_enabled", ""), + resource.TestCheckResourceAttrPair(resourceName, "arn", bucketResourceName, "arn"), ), }, }, @@ -71,8 +71,8 @@ func TestAccLakeFormationResource_disappears(t *testing.T) { func TestAccLakeFormationResource_serviceLinkedRole(t *testing.T) { ctx := acctest.Context(t) rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) - resourceAddr := "aws_lakeformation_resource.test" - bucketAddr := "aws_s3_bucket.test" + resourceName := "aws_lakeformation_resource.test" + bucketResourceName := "aws_s3_bucket.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { @@ -87,9 +87,9 @@ func TestAccLakeFormationResource_serviceLinkedRole(t *testing.T) { { Config: testAccResourceConfig_serviceLinkedRole(rName), Check: resource.ComposeTestCheckFunc( - testAccCheckResourceExists(ctx, resourceAddr), - resource.TestCheckResourceAttrPair(resourceAddr, "arn", bucketAddr, "arn"), - acctest.CheckResourceAttrGlobalARN(resourceAddr, "role_arn", "iam", "role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess"), + testAccCheckResourceExists(ctx, resourceName), + resource.TestCheckResourceAttrPair(resourceName, "arn", bucketResourceName, "arn"), + acctest.CheckResourceAttrGlobalARN(resourceName, "role_arn", "iam", "role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess"), ), }, }, @@ -101,9 +101,9 @@ func TestAccLakeFormationResource_updateRoleToRole(t *testing.T) { bucketName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) roleName1 := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) roleName2 := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) - resourceAddr := "aws_lakeformation_resource.test" - bucketAddr := "aws_s3_bucket.test" - roleAddr := "aws_iam_role.test" + resourceName := "aws_lakeformation_resource.test" + bucketResourceName := "aws_s3_bucket.test" + roleResourceName := "aws_iam_role.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(ctx, t); acctest.PreCheckPartitionHasService(t, lakeformation.EndpointsID) }, @@ -114,17 +114,17 @@ func TestAccLakeFormationResource_updateRoleToRole(t *testing.T) { { Config: testAccResourceConfig_basic(bucketName, roleName1), Check: resource.ComposeTestCheckFunc( - testAccCheckResourceExists(ctx, resourceAddr), - resource.TestCheckResourceAttrPair(resourceAddr, "role_arn", roleAddr, "arn"), - resource.TestCheckResourceAttrPair(resourceAddr, "arn", bucketAddr, "arn"), + testAccCheckResourceExists(ctx, resourceName), + resource.TestCheckResourceAttrPair(resourceName, "role_arn", roleResourceName, "arn"), + resource.TestCheckResourceAttrPair(resourceName, "arn", bucketResourceName, "arn"), ), }, { Config: testAccResourceConfig_basic(bucketName, roleName2), Check: resource.ComposeTestCheckFunc( - testAccCheckResourceExists(ctx, resourceAddr), - resource.TestCheckResourceAttrPair(resourceAddr, "role_arn", roleAddr, "arn"), - resource.TestCheckResourceAttrPair(resourceAddr, "arn", bucketAddr, "arn"), + testAccCheckResourceExists(ctx, resourceName), + resource.TestCheckResourceAttrPair(resourceName, "role_arn", roleResourceName, "arn"), + resource.TestCheckResourceAttrPair(resourceName, "arn", bucketResourceName, "arn"), ), }, }, @@ -135,9 +135,9 @@ func TestAccLakeFormationResource_updateSLRToRole(t *testing.T) { ctx := acctest.Context(t) bucketName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) roleName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) - resourceAddr := "aws_lakeformation_resource.test" - bucketAddr := "aws_s3_bucket.test" - roleAddr := "aws_iam_role.test" + resourceName := "aws_lakeformation_resource.test" + bucketResourceName := "aws_s3_bucket.test" + roleResourceName := "aws_iam_role.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { @@ -152,17 +152,17 @@ func TestAccLakeFormationResource_updateSLRToRole(t *testing.T) { { Config: testAccResourceConfig_serviceLinkedRole(bucketName), Check: resource.ComposeTestCheckFunc( - testAccCheckResourceExists(ctx, resourceAddr), - resource.TestCheckResourceAttrPair(resourceAddr, "arn", bucketAddr, "arn"), - acctest.CheckResourceAttrGlobalARN(resourceAddr, "role_arn", "iam", "role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess"), + testAccCheckResourceExists(ctx, resourceName), + resource.TestCheckResourceAttrPair(resourceName, "arn", bucketResourceName, "arn"), + acctest.CheckResourceAttrGlobalARN(resourceName, "role_arn", "iam", "role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess"), ), }, { Config: testAccResourceConfig_basic(bucketName, roleName), Check: resource.ComposeTestCheckFunc( - testAccCheckResourceExists(ctx, resourceAddr), - resource.TestCheckResourceAttrPair(resourceAddr, "role_arn", roleAddr, "arn"), - resource.TestCheckResourceAttrPair(resourceAddr, "arn", bucketAddr, "arn"), + testAccCheckResourceExists(ctx, resourceName), + resource.TestCheckResourceAttrPair(resourceName, "role_arn", roleResourceName, "arn"), + resource.TestCheckResourceAttrPair(resourceName, "arn", bucketResourceName, "arn"), ), }, }, @@ -172,8 +172,8 @@ func TestAccLakeFormationResource_updateSLRToRole(t *testing.T) { func TestAccLakeFormationResource_hybridAccessEnabled(t *testing.T) { ctx := acctest.Context(t) rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) - resourceAddr := "aws_lakeformation_resource.test" - bucketAddr := "aws_s3_bucket.test" + resourceName := "aws_lakeformation_resource.test" + bucketResourceName := "aws_s3_bucket.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { @@ -187,9 +187,9 @@ func TestAccLakeFormationResource_hybridAccessEnabled(t *testing.T) { { Config: testAccResourceConfig_hybridAccessEnabled(rName), Check: resource.ComposeTestCheckFunc( - testAccCheckResourceExists(ctx, resourceAddr), - resource.TestCheckResourceAttrPair(resourceAddr, "arn", bucketAddr, "arn"), - resource.TestCheckResourceAttr(resourceAddr, "hybrid_access_enabled", "true"), + testAccCheckResourceExists(ctx, resourceName), + resource.TestCheckResourceAttrPair(resourceName, "arn", bucketResourceName, "arn"), + resource.TestCheckResourceAttr(resourceName, "hybrid_access_enabled", "true"), ), }, }, @@ -210,55 +210,38 @@ func testAccCheckResourceDestroy(ctx context.Context) resource.TestCheckFunc { continue } - resourceArn := rs.Primary.Attributes["arn"] + _, err := tflakeformation.FindResourceByARN(ctx, conn, rs.Primary.ID) - input := &lakeformation.DescribeResourceInput{ - ResourceArn: aws.String(resourceArn), + if tfresource.NotFound(err) { + continue } - _, err := conn.DescribeResourceWithContext(ctx, input) - if err == nil { - return fmt.Errorf("resource still registered: %s", resourceArn) - } - if !isResourceNotFoundErr(err) { + if err != nil { return err } + + return fmt.Errorf("Lake Formation Resource (%s) still exists", rs.Primary.ID) } return nil } } -func testAccCheckResourceExists(ctx context.Context, resourceName string) resource.TestCheckFunc { +func testAccCheckResourceExists(ctx context.Context, n string) resource.TestCheckFunc { return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[resourceName] + rs, ok := s.RootModule().Resources[n] if !ok { - return fmt.Errorf("resource not found: %s", resourceName) + return fmt.Errorf("Not found: %s", n) } conn := acctest.Provider.Meta().(*conns.AWSClient).LakeFormationConn(ctx) - input := &lakeformation.DescribeResourceInput{ - ResourceArn: aws.String(rs.Primary.ID), - } - - _, err := conn.DescribeResourceWithContext(ctx, input) + _, err := tflakeformation.FindResourceByARN(ctx, conn, rs.Primary.ID) - if err != nil { - return fmt.Errorf("error getting Lake Formation resource (%s): %w", rs.Primary.ID, err) - } - - return nil + return err } } -func isResourceNotFoundErr(err error) bool { - return tfawserr.ErrMessageContains( - err, - "EntityNotFoundException", - "Entity not found") -} - func testAccResourceConfig_basic(bucket, role string) string { return fmt.Sprintf(` resource "aws_s3_bucket" "test" { From 333ad6b46d0ab2e98c0010d867850ea962c380ff Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 1 Feb 2024 14:31:58 -0500 Subject: [PATCH 5/6] Make 'hybrid_access_enabled' Computed. --- internal/service/lakeformation/resource.go | 1 + internal/service/lakeformation/resource_test.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/service/lakeformation/resource.go b/internal/service/lakeformation/resource.go index 41b1c6fbbae8..d3aa215dd829 100644 --- a/internal/service/lakeformation/resource.go +++ b/internal/service/lakeformation/resource.go @@ -37,6 +37,7 @@ func ResourceResource() *schema.Resource { "hybrid_access_enabled": { Type: schema.TypeBool, Optional: true, + Computed: true, ForceNew: true, }, "last_modified": { diff --git a/internal/service/lakeformation/resource_test.go b/internal/service/lakeformation/resource_test.go index c8381fd2187e..f3763918b411 100644 --- a/internal/service/lakeformation/resource_test.go +++ b/internal/service/lakeformation/resource_test.go @@ -37,7 +37,7 @@ func TestAccLakeFormationResource_basic(t *testing.T) { Check: resource.ComposeAggregateTestCheckFunc( testAccCheckResourceExists(ctx, resourceName), resource.TestCheckResourceAttrPair(resourceName, "role_arn", roleResourceName, "arn"), - resource.TestCheckResourceAttr(resourceName, "hybrid_access_enabled", ""), + resource.TestCheckResourceAttr(resourceName, "hybrid_access_enabled", "false"), resource.TestCheckResourceAttrPair(resourceName, "arn", bucketResourceName, "arn"), ), }, From 40f8d830bbff36e7141529477e32238b0e2b7a83 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 1 Feb 2024 14:50:10 -0500 Subject: [PATCH 6/6] Fix terrafmt error. --- internal/service/lakeformation/resource_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/lakeformation/resource_test.go b/internal/service/lakeformation/resource_test.go index 29cbc2b1161f..faa2233e151c 100644 --- a/internal/service/lakeformation/resource_test.go +++ b/internal/service/lakeformation/resource_test.go @@ -329,7 +329,7 @@ resource "aws_s3_bucket" "test" { } resource "aws_lakeformation_resource" "test" { - arn = aws_s3_bucket.test.arn + arn = aws_s3_bucket.test.arn hybrid_access_enabled = true } `, rName)