Merge pull request #33880 from GlennChia/f-aws_verifiedaccess_instanc…

…e-fips_enabled r/aws_verifiedaccess_instance - fips_enabled
hashicorp · Oct 11, 2023 · 4b80464 · 4b80464
2 parents 136ae55 + 2e8cc5d
commit 4b80464
Show file tree

Hide file tree

Showing 4 changed files with 108 additions and 9 deletions.
diff --git a/.changelog/33880.txt b/.changelog/33880.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_verifiedaccess_instance: Add `fips_enabled` argument
+```
diff --git a/internal/service/ec2/verifiedaccess_instance.go b/internal/service/ec2/verifiedaccess_instance.go
@@ -44,6 +44,11 @@ func ResourceVerifiedAccessInstance() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 			},
+			"fips_enabled": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				ForceNew: true,
+			},
 			"last_updated_time": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -97,6 +102,10 @@ func resourceVerifiedAccessInstanceCreate(ctx context.Context, d *schema.Resourc
 		input.Description = aws.String(v.(string))
 	}
 
+	if v, ok := d.GetOk("fips_enabled"); ok {
+		input.FIPSEnabled = aws.Bool(v.(bool))
+	}
+
 	output, err := conn.CreateVerifiedAccessInstance(ctx, input)
 
 	if err != nil {
@@ -126,6 +135,7 @@ func resourceVerifiedAccessInstanceRead(ctx context.Context, d *schema.ResourceD
 
 	d.Set("creation_time", output.CreationTime)
 	d.Set("description", output.Description)
+	d.Set("fips_enabled", output.FipsEnabled)
 	d.Set("last_updated_time", output.LastUpdatedTime)
 
 	if v := output.VerifiedAccessTrustProviders; v != nil {

diff --git a/internal/service/ec2/verifiedaccess_instance_test.go b/internal/service/ec2/verifiedaccess_instance_test.go
@@ -6,8 +6,10 @@ package ec2_test
 import (
 	"context"
 	"fmt"
+	"strconv"
 	"testing"
 
+	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
 	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
@@ -54,7 +56,7 @@ func TestAccVerifiedAccessInstance_basic(t *testing.T) {
 
 func TestAccVerifiedAccessInstance_description(t *testing.T) {
 	ctx := acctest.Context(t)
-	var v types.VerifiedAccessInstance
+	var v1, v2 types.VerifiedAccessInstance
 	resourceName := "aws_verifiedaccess_instance.test"
 
 	originalDescription := "original description"
@@ -72,7 +74,7 @@ func TestAccVerifiedAccessInstance_description(t *testing.T) {
 			{
 				Config: testAccVerifiedAccessInstanceConfig_description(originalDescription),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v),
+					testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v1),
 					resource.TestCheckResourceAttr(resourceName, "description", originalDescription),
 				),
 			},
@@ -85,14 +87,57 @@ func TestAccVerifiedAccessInstance_description(t *testing.T) {
 			{
 				Config: testAccVerifiedAccessInstanceConfig_description(updatedDescription),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v),
+					testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v2),
+					testAccCheckVerifiedAccessInstanceNotRecreated(&v1, &v2),
 					resource.TestCheckResourceAttr(resourceName, "description", updatedDescription),
 				),
 			},
 		},
 	})
 }
 
+func TestAccVerifiedAccessInstance_fipsEnabled(t *testing.T) {
+	ctx := acctest.Context(t)
+	var v1, v2 types.VerifiedAccessInstance
+	resourceName := "aws_verifiedaccess_instance.test"
+
+	originalFipsEnabled := true
+	updatedFipsEnabled := false
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			testAccPreCheckVerifiedAccessInstance(ctx, t)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.EC2),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckVerifiedAccessInstanceDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccVerifiedAccessInstanceConfig_fipsEnabled(originalFipsEnabled),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v1),
+					resource.TestCheckResourceAttr(resourceName, "fips_enabled", strconv.FormatBool(originalFipsEnabled)),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{},
+			},
+			{
+				Config: testAccVerifiedAccessInstanceConfig_fipsEnabled(updatedFipsEnabled),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v2),
+					testAccCheckVerifiedAccessInstanceRecreated(&v1, &v2),
+					resource.TestCheckResourceAttr(resourceName, "fips_enabled", strconv.FormatBool(updatedFipsEnabled)),
+				),
+			},
+		},
+	})
+}
+
 func TestAccVerifiedAccessInstance_disappears(t *testing.T) {
 	ctx := acctest.Context(t)
 	var v types.VerifiedAccessInstance
@@ -121,7 +166,7 @@ func TestAccVerifiedAccessInstance_disappears(t *testing.T) {
 
 func TestAccVerifiedAccessInstance_tags(t *testing.T) {
 	ctx := acctest.Context(t)
-	var v types.VerifiedAccessInstance
+	var v1, v2, v3 types.VerifiedAccessInstance
 	resourceName := "aws_verifiedaccess_instance.test"
 
 	resource.ParallelTest(t, resource.TestCase{
@@ -136,15 +181,16 @@ func TestAccVerifiedAccessInstance_tags(t *testing.T) {
 			{
 				Config: testAccVerifiedAccessInstanceConfig_tags1("key1", "value1"),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v),
+					testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v1),
 					resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
 					resource.TestCheckResourceAttr(resourceName, "tags.key1", "value1"),
 				),
 			},
 			{
 				Config: testAccVerifiedAccessInstanceConfig_tags2("key1", "value1updated", "key2", "value2"),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v),
+					testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v2),
+					testAccCheckVerifiedAccessInstanceNotRecreated(&v1, &v2),
 					resource.TestCheckResourceAttr(resourceName, "tags.%", "2"),
 					resource.TestCheckResourceAttr(resourceName, "tags.key1", "value1updated"),
 					resource.TestCheckResourceAttr(resourceName, "tags.key2", "value2"),
@@ -153,7 +199,8 @@ func TestAccVerifiedAccessInstance_tags(t *testing.T) {
 			{
 				Config: testAccVerifiedAccessInstanceConfig_tags1("key2", "value2"),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v),
+					testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v3),
+					testAccCheckVerifiedAccessInstanceNotRecreated(&v2, &v3),
 					resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
 					resource.TestCheckResourceAttr(resourceName, "tags.key2", "value2"),
 				),
@@ -168,6 +215,26 @@ func TestAccVerifiedAccessInstance_tags(t *testing.T) {
 	})
 }
 
+func testAccCheckVerifiedAccessInstanceNotRecreated(before, after *types.VerifiedAccessInstance) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		if before, after := aws.ToString(before.VerifiedAccessInstanceId), aws.ToString(after.VerifiedAccessInstanceId); before != after {
+			return fmt.Errorf("Verified Access Instance (%s/%s) recreated", before, after)
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckVerifiedAccessInstanceRecreated(before, after *types.VerifiedAccessInstance) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		if before, after := aws.ToString(before.VerifiedAccessInstanceId), aws.ToString(after.VerifiedAccessInstanceId); before == after {
+			return fmt.Errorf("Verified Access Instance (%s) not recreated", before)
+		}
+
+		return nil
+	}
+}
+
 func testAccCheckVerifiedAccessInstanceExists(ctx context.Context, n string, v *types.VerifiedAccessInstance) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
@@ -243,6 +310,14 @@ resource "aws_verifiedaccess_instance" "test" {
 `, description)
 }
 
+func testAccVerifiedAccessInstanceConfig_fipsEnabled(fipsEnabled bool) string {
+	return fmt.Sprintf(`
+resource "aws_verifiedaccess_instance" "test" {
+  fips_enabled = %[1]t
+}
+`, fipsEnabled)
+}
+
 func testAccVerifiedAccessInstanceConfig_tags1(tagKey1, tagValue1 string) string {
 	return fmt.Sprintf(`
 resource "aws_verifiedaccess_instance" "test" {

diff --git a/website/docs/r/verifiedaccess_instance.html.markdown b/website/docs/r/verifiedaccess_instance.html.markdown
@@ -12,6 +12,8 @@ Terraform resource for managing a Verified Access Instance.
 
 ## Example Usage
 
+### Basic
+
 ```terraform
 resource "aws_verifiedaccess_instance" "example" {
   description = "example"
@@ -22,11 +24,20 @@ resource "aws_verifiedaccess_instance" "example" {
 }
 ```
 
+### With `fips_enabled`
+
+```terraform
+resource "aws_verifiedaccess_instance" "example" {
+  fips_enabled = true
+}
+```
+
 ## Argument Reference
 
 The following arguments are optional:
 
 * `description` - (Optional) A description for the AWS Verified Access Instance.
+* `fips_enabled` - (Optional, Forces new resource) Enable or disable support for Federal Information Processing Standards (FIPS) on the AWS Verified Access Instance.
 * `tags` - (Optional) Key-value mapping of resource tags. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 
 ## Attribute Reference
@@ -50,7 +61,7 @@ Each `verified_access_trust_providers` supports the following argument:
 
 ## Import
 
-In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Transfer Workflows using the `id`. For example:
+In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Verified Access Instances using the `id`. For example:
 
 ```terraform
 import {
@@ -59,7 +70,7 @@ import {
 }
 ```
 
-Using `terraform import`, import Transfer Workflows using the  `id`. For example:
+Using `terraform import`, import Verified Access Instances using the  `id`. For example:
 
 ```console
 % terraform import aws_verifiedaccess_instance.example vai-1234567890abcdef0