diff --git a/.changelog/30379.txt b/.changelog/30379.txt new file mode 100644 index 000000000000..687b1456b9ca --- /dev/null +++ b/.changelog/30379.txt @@ -0,0 +1,7 @@ +```release-note:bug +resource/aws_rds_cluster: Fix crash when updating `master_password` +``` + +```release-note:bug +resource/aws_db_instance: Fix crash when updating `password` +``` \ No newline at end of file diff --git a/internal/service/rds/cluster.go b/internal/service/rds/cluster.go index a147b8ff8d74..f0d971fa89e4 100644 --- a/internal/service/rds/cluster.go +++ b/internal/service/rds/cluster.go @@ -1279,12 +1279,12 @@ func resourceClusterUpdate(ctx context.Context, d *schema.ResourceData, meta int input.ManageMasterUserPassword = aws.Bool(d.Get("manage_master_user_password").(bool)) } if d.HasChange("master_password") { - if v, ok := d.GetOk("master_password"); ok && len(v.([]interface{})) > 0 && v.([]interface{}) != nil { + if v, ok := d.GetOk("master_password"); ok { input.MasterUserPassword = aws.String(v.(string)) } } if d.HasChange("master_user_secret_kms_key_id") { - if v, ok := d.GetOk("master_user_secret_kms_key_id"); ok && len(v.([]interface{})) > 0 && v.([]interface{}) != nil { + if v, ok := d.GetOk("master_user_secret_kms_key_id"); ok { input.MasterUserSecretKmsKeyId = aws.String(v.(string)) } } diff --git a/internal/service/rds/cluster_test.go b/internal/service/rds/cluster_test.go index 37d0d5d44498..3cd4435a953d 100644 --- a/internal/service/rds/cluster_test.go +++ b/internal/service/rds/cluster_test.go @@ -2338,6 +2338,36 @@ func TestAccRDSCluster_enableHTTPEndpoint(t *testing.T) { }) } +func TestAccRDSCluster_password(t *testing.T) { + ctx := acctest.Context(t) + var dbCluster rds.DBCluster + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_rds_cluster.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, rds.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckClusterDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccClusterConfig_password(rName, "valid-password-1"), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckClusterExists(ctx, resourceName, &dbCluster), + resource.TestCheckResourceAttr(resourceName, "master_password", "valid-password-1"), + ), + }, + { + Config: testAccClusterConfig_password(rName, "valid-password-2"), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckClusterExists(ctx, resourceName, &dbCluster), + resource.TestCheckResourceAttr(resourceName, "master_password", "valid-password-2"), + ), + }, + }, + }) +} + func testAccCheckClusterDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { return testAccCheckClusterDestroyWithProvider(ctx)(s, acctest.Provider) @@ -2470,7 +2500,8 @@ resource "aws_rds_cluster" "test" { database_name = "test" manage_master_user_password = true master_username = "tfacctest" - db_cluster_parameter_group_name = "default.aurora5.6" + engine = "aurora-mysql" + db_cluster_parameter_group_name = "default.aurora-mysql5.7" skip_final_snapshot = true } `, rName) @@ -4359,3 +4390,17 @@ resource "aws_rds_cluster" "test" { } `, rName, enableHttpEndpoint) } + +func testAccClusterConfig_password(rName, password string) string { + return fmt.Sprintf(` +resource "aws_rds_cluster" "test" { + cluster_identifier = %[1]q + database_name = "test" + master_username = "tfacctest" + master_password = %[2]q + engine = "aurora-mysql" + db_cluster_parameter_group_name = "default.aurora-mysql5.7" + skip_final_snapshot = true +} +`, rName, password) +} diff --git a/internal/service/rds/instance.go b/internal/service/rds/instance.go index 9e8182a17239..d6f0b7329504 100644 --- a/internal/service/rds/instance.go +++ b/internal/service/rds/instance.go @@ -2092,8 +2092,11 @@ func dbInstancePopulateModify(input *rds_sdkv2.ModifyDBInstanceInput, d *schema. } if d.HasChange("master_user_secret_kms_key_id") { - if v, ok := d.GetOk("master_user_secret_kms_key_id"); ok && len(v.([]interface{})) > 0 && v.([]interface{}) != nil { + needsModify = true + if v, ok := d.GetOk("master_user_secret_kms_key_id"); ok { input.MasterUserSecretKmsKeyId = aws.String(v.(string)) + // InvalidParameterValue: A ManageMasterUserPassword value is required when MasterUserSecretKmsKeyId is specified. + input.ManageMasterUserPassword = aws.Bool(d.Get("manage_master_user_password").(bool)) } } @@ -2139,7 +2142,7 @@ func dbInstancePopulateModify(input *rds_sdkv2.ModifyDBInstanceInput, d *schema. if d.HasChange("password") { needsModify = true // With ManageMasterUserPassword set to true, the password is no longer needed, so we omit it from the API call. - if v, ok := d.GetOk("password"); ok && len(v.([]interface{})) > 0 && v.([]interface{}) != nil { + if v, ok := d.GetOk("password"); ok { input.MasterUserPassword = aws.String(v.(string)) } } diff --git a/internal/service/rds/instance_test.go b/internal/service/rds/instance_test.go index bcf6240088ca..24d2bbb6f56f 100644 --- a/internal/service/rds/instance_test.go +++ b/internal/service/rds/instance_test.go @@ -971,10 +971,10 @@ func TestAccRDSInstance_password(t *testing.T) { ExpectError: regexp.MustCompile(`MasterUserPassword is not a valid password because it is shorter than 8 characters`), }, { - Config: testAccInstanceConfig_password(rName, "valid-password"), + Config: testAccInstanceConfig_password(rName, "valid-password-1"), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckInstanceExists(ctx, resourceName, &v), - resource.TestCheckResourceAttr(resourceName, "password", "valid-password"), + resource.TestCheckResourceAttr(resourceName, "password", "valid-password-1"), ), }, { @@ -988,6 +988,13 @@ func TestAccRDSInstance_password(t *testing.T) { "skip_final_snapshot", }, }, + { + Config: testAccInstanceConfig_password(rName, "valid-password-2"), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckInstanceExists(ctx, resourceName, &v), + resource.TestCheckResourceAttr(resourceName, "password", "valid-password-2"), + ), + }, }, }) }