Merge pull request #19834 from hashicorp/b-aws_sqs_queue-kms_data_key…

…_reuse_period_seconds-default r/aws_sqs_queue: Backwards compatibility fix for default `kms_data_key_reuse_period_seconds`
hashicorp · Jun 16, 2021 · a58464d · a58464d
2 parents b5be757 + 48fc2ba
commit a58464d
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 6 deletions.
diff --git a/.changelog/19834.txt b/.changelog/19834.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_sqs_queue: Correctly handle the default `kms_data_key_reuse_period_seconds` value of `300` for unencrypted queues
+```
diff --git a/aws/internal/service/sqs/consts.go b/aws/internal/service/sqs/consts.go
@@ -10,6 +10,7 @@ const (
 
 const (
 	DefaultQueueDelaySeconds                  = 0
+	DefaultQueueKmsDataKeyReusePeriodSeconds  = 300
 	DefaultQueueMaximumMessageSize            = 262_144 // 256 KiB.
 	DefaultQueueMessageRetentionPeriod        = 345_600 // 4 days.
 	DefaultQueueReceiveMessageWaitTimeSeconds = 0

diff --git a/aws/internal/service/sqs/waiter/waiter.go b/aws/internal/service/sqs/waiter/waiter.go
@@ -2,12 +2,14 @@ package waiter
 
 import (
 	"fmt"
+	"strconv"
 	"time"
 
 	"github.com/aws/aws-sdk-go/service/sqs"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	awspolicy "github.com/jen20/awspolicyequivalence"
 	tfjson "github.com/terraform-providers/terraform-provider-aws/aws/internal/json"
+	tfsqs "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/sqs"
 	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/sqs/finder"
 	"github.com/terraform-providers/terraform-provider-aws/aws/internal/tfresource"
 )
@@ -35,6 +37,16 @@ func QueueAttributesPropagated(conn *sqs.SQS, url string, expected map[string]st
 			g, ok := got[k]
 
 			if !ok {
+				// Missing attribute equivalent to empty expected value.
+				if e == "" {
+					continue
+				}
+
+				// Backwards compatibility: https://github.com/hashicorp/terraform-provider-aws/issues/19786.
+				if k == sqs.QueueAttributeNameKmsDataKeyReusePeriodSeconds && e == strconv.Itoa(tfsqs.DefaultQueueKmsDataKeyReusePeriodSeconds) {
+					continue
+				}
+
 				return fmt.Errorf("SQS Queue attribute (%s) not available", k)
 			}
 
@@ -90,10 +102,10 @@ func QueueAttributesPropagated(conn *sqs.SQS, url string, expected map[string]st
 		}
 
 		err = attributesMatch(got)
+	}
 
-		if err != nil {
-			return err
-		}
+	if err != nil {
+		return err
 	}
 
 	return nil

diff --git a/aws/resource_aws_sqs_queue.go b/aws/resource_aws_sqs_queue.go
@@ -290,6 +290,11 @@ func resourceAwsSqsQueueRead(d *schema.ResourceData, meta interface{}) error {
 		return err
 	}
 
+	// Backwards compatibility: https://github.com/hashicorp/terraform-provider-aws/issues/19786.
+	if d.Get("kms_data_key_reuse_period_seconds").(int) == 0 {
+		d.Set("kms_data_key_reuse_period_seconds", tfsqs.DefaultQueueKmsDataKeyReusePeriodSeconds)
+	}
+
 	d.Set("name", name)
 	if d.Get("fifo_queue").(bool) {
 		d.Set("name_prefix", naming.NamePrefixFromNameWithSuffix(name, tfsqs.FifoQueueNameSuffix))

diff --git a/aws/resource_aws_sqs_queue_test.go b/aws/resource_aws_sqs_queue_test.go
@@ -99,7 +99,7 @@ func TestAccAWSSQSQueue_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "delay_seconds", strconv.Itoa(tfsqs.DefaultQueueDelaySeconds)),
 					resource.TestCheckResourceAttr(resourceName, "fifo_queue", "false"),
 					resource.TestCheckResourceAttr(resourceName, "fifo_throughput_limit", ""),
-					resource.TestCheckResourceAttr(resourceName, "kms_data_key_reuse_period_seconds", "0"),
+					resource.TestCheckResourceAttr(resourceName, "kms_data_key_reuse_period_seconds", strconv.Itoa(tfsqs.DefaultQueueKmsDataKeyReusePeriodSeconds)),
 					resource.TestCheckResourceAttr(resourceName, "kms_master_key_id", ""),
 					resource.TestCheckResourceAttr(resourceName, "max_message_size", strconv.Itoa(tfsqs.DefaultQueueMaximumMessageSize)),
 					resource.TestCheckResourceAttr(resourceName, "message_retention_seconds", strconv.Itoa(tfsqs.DefaultQueueMessageRetentionPeriod)),
@@ -323,7 +323,7 @@ func TestAccAWSSQSQueue_Update(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "delay_seconds", strconv.Itoa(tfsqs.DefaultQueueDelaySeconds)),
 					resource.TestCheckResourceAttr(resourceName, "fifo_queue", "false"),
 					resource.TestCheckResourceAttr(resourceName, "fifo_throughput_limit", ""),
-					resource.TestCheckResourceAttr(resourceName, "kms_data_key_reuse_period_seconds", "0"),
+					resource.TestCheckResourceAttr(resourceName, "kms_data_key_reuse_period_seconds", strconv.Itoa(tfsqs.DefaultQueueKmsDataKeyReusePeriodSeconds)),
 					resource.TestCheckResourceAttr(resourceName, "kms_master_key_id", ""),
 					resource.TestCheckResourceAttr(resourceName, "max_message_size", strconv.Itoa(tfsqs.DefaultQueueMaximumMessageSize)),
 					resource.TestCheckResourceAttr(resourceName, "message_retention_seconds", strconv.Itoa(tfsqs.DefaultQueueMessageRetentionPeriod)),
@@ -346,7 +346,7 @@ func TestAccAWSSQSQueue_Update(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "delay_seconds", "90"),
 					resource.TestCheckResourceAttr(resourceName, "fifo_queue", "false"),
 					resource.TestCheckResourceAttr(resourceName, "fifo_throughput_limit", ""),
-					resource.TestCheckResourceAttr(resourceName, "kms_data_key_reuse_period_seconds", "0"),
+					resource.TestCheckResourceAttr(resourceName, "kms_data_key_reuse_period_seconds", strconv.Itoa(tfsqs.DefaultQueueKmsDataKeyReusePeriodSeconds)),
 					resource.TestCheckResourceAttr(resourceName, "kms_master_key_id", ""),
 					resource.TestCheckResourceAttr(resourceName, "max_message_size", "2048"),
 					resource.TestCheckResourceAttr(resourceName, "message_retention_seconds", "86400"),
@@ -650,6 +650,34 @@ func TestAccAWSSQSQueue_ZeroVisibilityTimeoutSeconds(t *testing.T) {
 	})
 }
 
+// https://github.com/hashicorp/terraform-provider-aws/issues/19786.
+func TestAccAWSSQSQueue_DefaultKmsDataKeyReusePeriodSeconds(t *testing.T) {
+	var queueAttributes map[string]string
+	resourceName := "aws_sqs_queue.test"
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		ErrorCheck:   testAccErrorCheck(t, sqs.EndpointsID),
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSSQSQueueDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSSQSConfigDefaultKmsDataKeyReusePeriodSeconds(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSQSQueueExists(resourceName, &queueAttributes),
+					resource.TestCheckResourceAttr(resourceName, "kms_data_key_reuse_period_seconds", strconv.Itoa(tfsqs.DefaultQueueKmsDataKeyReusePeriodSeconds)),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccCheckAWSSQSQueuePolicyAttribute(queueAttributes *map[string]string, rName string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		expectedPolicyText := fmt.Sprintf(
@@ -952,3 +980,12 @@ resource "aws_sqs_queue" "test" {
 }
 `, rName)
 }
+
+func testAccAWSSQSConfigDefaultKmsDataKeyReusePeriodSeconds(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_sqs_queue" "test" {
+  name                              = %[1]q
+  kms_data_key_reuse_period_seconds = 300
+}
+`, rName)
+}