Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

r/aws_verifiedaccess_instance - fips_enabled #33880

Merged
merged 7 commits into from
Oct 11, 2023
Merged

r/aws_verifiedaccess_instance - fips_enabled #33880

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
08a76df
feat(veracc): inst fips_enabled arg
GlennChia Oct 11, 2023
21e53a6
test(veracc): inst fips_enabled arg
GlennChia Oct 11, 2023
e05d86f
test(veracc): inst check not recreated
GlennChia Oct 11, 2023
841baac
docs(veracc): inst fips_enabled arg
GlennChia Oct 11, 2023
c33791f
docs(veracc): inst import typos
GlennChia Oct 11, 2023
a0bff42
ci(veracc): inst fips_enabled arg
GlennChia Oct 11, 2023
2e8cc5d
Use 'github.com/aws/aws-sdk-go-v2/aws'.
ewbankkit Oct 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/33880.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
resource/aws_verifiedaccess_instance: Add `fips_enabled` argument
```
10 changes: 10 additions & 0 deletions internal/service/ec2/verifiedaccess_instance.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,11 @@ func ResourceVerifiedAccessInstance() *schema.Resource {
Type: schema.TypeString,
Optional: true,
},
"fips_enabled": {
Type: schema.TypeBool,
Optional: true,
ForceNew: true,
},
"last_updated_time": {
Type: schema.TypeString,
Computed: true,
Expand Down Expand Up @@ -97,6 +102,10 @@ func resourceVerifiedAccessInstanceCreate(ctx context.Context, d *schema.Resourc
input.Description = aws.String(v.(string))
}

if v, ok := d.GetOk("fips_enabled"); ok {
input.FIPSEnabled = aws.Bool(v.(bool))
}

output, err := conn.CreateVerifiedAccessInstance(ctx, input)

if err != nil {
Expand Down Expand Up @@ -126,6 +135,7 @@ func resourceVerifiedAccessInstanceRead(ctx context.Context, d *schema.ResourceD

d.Set("creation_time", output.CreationTime)
d.Set("description", output.Description)
d.Set("fips_enabled", output.FipsEnabled)
d.Set("last_updated_time", output.LastUpdatedTime)

if v := output.VerifiedAccessTrustProviders; v != nil {
Expand Down
89 changes: 82 additions & 7 deletions internal/service/ec2/verifiedaccess_instance_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,10 @@ package ec2_test
import (
"context"
"fmt"
"strconv"
"testing"

"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/ec2"
"github.com/aws/aws-sdk-go-v2/service/ec2/types"
"github.com/hashicorp/terraform-plugin-testing/helper/resource"
Expand Down Expand Up @@ -54,7 +56,7 @@ func TestAccVerifiedAccessInstance_basic(t *testing.T) {

func TestAccVerifiedAccessInstance_description(t *testing.T) {
ctx := acctest.Context(t)
var v types.VerifiedAccessInstance
var v1, v2 types.VerifiedAccessInstance
resourceName := "aws_verifiedaccess_instance.test"

originalDescription := "original description"
Expand All @@ -72,7 +74,7 @@ func TestAccVerifiedAccessInstance_description(t *testing.T) {
{
Config: testAccVerifiedAccessInstanceConfig_description(originalDescription),
Check: resource.ComposeTestCheckFunc(
testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v),
testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v1),
resource.TestCheckResourceAttr(resourceName, "description", originalDescription),
),
},
Expand All @@ -85,14 +87,57 @@ func TestAccVerifiedAccessInstance_description(t *testing.T) {
{
Config: testAccVerifiedAccessInstanceConfig_description(updatedDescription),
Check: resource.ComposeTestCheckFunc(
testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v),
testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v2),
testAccCheckVerifiedAccessInstanceNotRecreated(&v1, &v2),
resource.TestCheckResourceAttr(resourceName, "description", updatedDescription),
),
},
},
})
}

func TestAccVerifiedAccessInstance_fipsEnabled(t *testing.T) {
ctx := acctest.Context(t)
var v1, v2 types.VerifiedAccessInstance
resourceName := "aws_verifiedaccess_instance.test"

originalFipsEnabled := true
updatedFipsEnabled := false

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() {
acctest.PreCheck(ctx, t)
testAccPreCheckVerifiedAccessInstance(ctx, t)
},
ErrorCheck: acctest.ErrorCheck(t, names.EC2),
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
CheckDestroy: testAccCheckVerifiedAccessInstanceDestroy(ctx),
Steps: []resource.TestStep{
{
Config: testAccVerifiedAccessInstanceConfig_fipsEnabled(originalFipsEnabled),
Check: resource.ComposeTestCheckFunc(
testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v1),
resource.TestCheckResourceAttr(resourceName, "fips_enabled", strconv.FormatBool(originalFipsEnabled)),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{},
},
{
Config: testAccVerifiedAccessInstanceConfig_fipsEnabled(updatedFipsEnabled),
Check: resource.ComposeTestCheckFunc(
testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v2),
testAccCheckVerifiedAccessInstanceRecreated(&v1, &v2),
resource.TestCheckResourceAttr(resourceName, "fips_enabled", strconv.FormatBool(updatedFipsEnabled)),
),
},
},
})
}

func TestAccVerifiedAccessInstance_disappears(t *testing.T) {
ctx := acctest.Context(t)
var v types.VerifiedAccessInstance
Expand Down Expand Up @@ -121,7 +166,7 @@ func TestAccVerifiedAccessInstance_disappears(t *testing.T) {

func TestAccVerifiedAccessInstance_tags(t *testing.T) {
ctx := acctest.Context(t)
var v types.VerifiedAccessInstance
var v1, v2, v3 types.VerifiedAccessInstance
resourceName := "aws_verifiedaccess_instance.test"

resource.ParallelTest(t, resource.TestCase{
Expand All @@ -136,15 +181,16 @@ func TestAccVerifiedAccessInstance_tags(t *testing.T) {
{
Config: testAccVerifiedAccessInstanceConfig_tags1("key1", "value1"),
Check: resource.ComposeTestCheckFunc(
testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v),
testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v1),
resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
resource.TestCheckResourceAttr(resourceName, "tags.key1", "value1"),
),
},
{
Config: testAccVerifiedAccessInstanceConfig_tags2("key1", "value1updated", "key2", "value2"),
Check: resource.ComposeTestCheckFunc(
testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v),
testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v2),
testAccCheckVerifiedAccessInstanceNotRecreated(&v1, &v2),
resource.TestCheckResourceAttr(resourceName, "tags.%", "2"),
resource.TestCheckResourceAttr(resourceName, "tags.key1", "value1updated"),
resource.TestCheckResourceAttr(resourceName, "tags.key2", "value2"),
Expand All @@ -153,7 +199,8 @@ func TestAccVerifiedAccessInstance_tags(t *testing.T) {
{
Config: testAccVerifiedAccessInstanceConfig_tags1("key2", "value2"),
Check: resource.ComposeTestCheckFunc(
testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v),
testAccCheckVerifiedAccessInstanceExists(ctx, resourceName, &v3),
testAccCheckVerifiedAccessInstanceNotRecreated(&v2, &v3),
resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
resource.TestCheckResourceAttr(resourceName, "tags.key2", "value2"),
),
Expand All @@ -168,6 +215,26 @@ func TestAccVerifiedAccessInstance_tags(t *testing.T) {
})
}

func testAccCheckVerifiedAccessInstanceNotRecreated(before, after *types.VerifiedAccessInstance) resource.TestCheckFunc {
return func(s *terraform.State) error {
if before, after := aws.ToString(before.VerifiedAccessInstanceId), aws.ToString(after.VerifiedAccessInstanceId); before != after {
return fmt.Errorf("Verified Access Instance (%s/%s) recreated", before, after)
}

return nil
}
}

func testAccCheckVerifiedAccessInstanceRecreated(before, after *types.VerifiedAccessInstance) resource.TestCheckFunc {
return func(s *terraform.State) error {
if before, after := aws.ToString(before.VerifiedAccessInstanceId), aws.ToString(after.VerifiedAccessInstanceId); before == after {
return fmt.Errorf("Verified Access Instance (%s) not recreated", before)
}

return nil
}
}

func testAccCheckVerifiedAccessInstanceExists(ctx context.Context, n string, v *types.VerifiedAccessInstance) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
Expand Down Expand Up @@ -243,6 +310,14 @@ resource "aws_verifiedaccess_instance" "test" {
`, description)
}

func testAccVerifiedAccessInstanceConfig_fipsEnabled(fipsEnabled bool) string {
return fmt.Sprintf(`
resource "aws_verifiedaccess_instance" "test" {
fips_enabled = %[1]t
}
`, fipsEnabled)
}

func testAccVerifiedAccessInstanceConfig_tags1(tagKey1, tagValue1 string) string {
return fmt.Sprintf(`
resource "aws_verifiedaccess_instance" "test" {
Expand Down
15 changes: 13 additions & 2 deletions website/docs/r/verifiedaccess_instance.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ Terraform resource for managing a Verified Access Instance.

## Example Usage

### Basic

```terraform
resource "aws_verifiedaccess_instance" "example" {
description = "example"
Expand All @@ -22,11 +24,20 @@ resource "aws_verifiedaccess_instance" "example" {
}
```

### With `fips_enabled`

```terraform
resource "aws_verifiedaccess_instance" "example" {
fips_enabled = true
}
```

## Argument Reference

The following arguments are optional:

* `description` - (Optional) A description for the AWS Verified Access Instance.
* `fips_enabled` - (Optional, Forces new resource) Enable or disable support for Federal Information Processing Standards (FIPS) on the AWS Verified Access Instance.
* `tags` - (Optional) Key-value mapping of resource tags. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.

## Attribute Reference
Expand All @@ -50,7 +61,7 @@ Each `verified_access_trust_providers` supports the following argument:

## Import

In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Transfer Workflows using the `id`. For example:
In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Verified Access Instances using the `id`. For example:

```terraform
import {
Expand All @@ -59,7 +70,7 @@ import {
}
```

Using `terraform import`, import Transfer Workflows using the `id`. For example:
Using `terraform import`, import Verified Access Instances using the `id`. For example:

```console
% terraform import aws_verifiedaccess_instance.example vai-1234567890abcdef0
Expand Down