From 49125f26bacb8497654531980ae958b687b7cb9e Mon Sep 17 00:00:00 2001
From: Trevor Rea <t.rea@kainos.com>
Date: Mon, 4 Dec 2023 08:38:50 +0000
Subject: [PATCH 1/2] r/aws_transfer_server: Add support for
 TransferSecurityPolicy-FIPS-2023-05

---
 .changelog/34709.txt                         | 3 +++
 internal/service/transfer/enum.go            | 2 ++
 internal/service/transfer/server_test.go     | 7 +++++++
 website/docs/r/transfer_server.html.markdown | 2 +-
 4 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 .changelog/34709.txt

diff --git a/.changelog/34709.txt b/.changelog/34709.txt
new file mode 100644
index 000000000000..795e30999d50
--- /dev/null
+++ b/.changelog/34709.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_transfer_server: Add support for `TransferSecurityPolicy-FIPS-2023-05` `security_policy_name` value
+```
\ No newline at end of file
diff --git a/internal/service/transfer/enum.go b/internal/service/transfer/enum.go
index ef8645b1df67..d0e6d1871b0d 100644
--- a/internal/service/transfer/enum.go
+++ b/internal/service/transfer/enum.go
@@ -7,6 +7,7 @@ const (
 	SecurityPolicyName2018_11      = "TransferSecurityPolicy-2018-11"
 	SecurityPolicyName2020_06      = "TransferSecurityPolicy-2020-06"
 	SecurityPolicyNameFIPS_2020_06 = "TransferSecurityPolicy-FIPS-2020-06"
+	SecurityPolicyNameFIPS_2023_05 = "TransferSecurityPolicy-FIPS-2023-05"
 	SecurityPolicyName2022_03      = "TransferSecurityPolicy-2022-03"
 	SecurityPolicyName2023_05      = "TransferSecurityPolicy-2023-05"
 )
@@ -16,6 +17,7 @@ func SecurityPolicyName_Values() []string {
 		SecurityPolicyName2018_11,
 		SecurityPolicyName2020_06,
 		SecurityPolicyNameFIPS_2020_06,
+		SecurityPolicyNameFIPS_2023_05,
 		SecurityPolicyName2022_03,
 		SecurityPolicyName2023_05,
 	}
diff --git a/internal/service/transfer/server_test.go b/internal/service/transfer/server_test.go
index 158baf35bebb..193b5e1a1247 100644
--- a/internal/service/transfer/server_test.go
+++ b/internal/service/transfer/server_test.go
@@ -256,6 +256,13 @@ func testAccServer_securityPolicy(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "security_policy_name", "TransferSecurityPolicy-2023-05"),
 				),
 			},
+			{
+				Config: testAccServerConfig_securityPolicy(rName, "TransferSecurityPolicy-FIPS-2023-05"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckServerExists(ctx, resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "security_policy_name", "TransferSecurityPolicy-FIPS-2023-05"),
+				),
+			},
 		},
 	})
 }
diff --git a/website/docs/r/transfer_server.html.markdown b/website/docs/r/transfer_server.html.markdown
index cad092fb8b22..d771934e7714 100644
--- a/website/docs/r/transfer_server.html.markdown
+++ b/website/docs/r/transfer_server.html.markdown
@@ -145,7 +145,7 @@ This resource supports the following arguments:
 * `post_authentication_login_banner`- (Optional) Specify a string to display when users connect to a server. This string is displayed after the user authenticates. The SFTP protocol does not support post-authentication display banners.
 * `pre_authentication_login_banner`- (Optional) Specify a string to display when users connect to a server. This string is displayed before the user authenticates.
 * `protocol_details`- (Optional) The protocol settings that are configured for your server.
-* `security_policy_name` - (Optional) Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, `TransferSecurityPolicy-FIPS-2020-06`, `TransferSecurityPolicy-2022-03` and `TransferSecurityPolicy-2023-05`. Default value is: `TransferSecurityPolicy-2018-11`.
+* `security_policy_name` - (Optional) Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, `TransferSecurityPolicy-FIPS-2020-06`, `TransferSecurityPolicy-FIPS-2023-05`, `TransferSecurityPolicy-2022-03` and `TransferSecurityPolicy-2023-05`. Default value is: `TransferSecurityPolicy-2018-11`.
 * `structured_log_destinations` - (Optional) A set of ARNs of destinations that will receive structured logs from the transfer server such as CloudWatch Log Group ARNs. If provided this enables the transfer server to emit structured logs to the specified locations.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 * `workflow_details` - (Optional) Specifies the workflow details. See Workflow Details below.

From 2a11b8684756fe49c57c88fd80047b4b22f3c5f9 Mon Sep 17 00:00:00 2001
From: Kit Ewbank <Kit_Ewbank@hotmail.com>
Date: Tue, 5 Dec 2023 16:16:59 -0500
Subject: [PATCH 2/2] r/aws_transfer_server: Add
 'testAccServer_securityPolicyFIPS' (InvalidRequestException: Cannot change
 between FIPS and non-FIPS policies).

---
 internal/service/transfer/server_test.go   | 22 ++++++++++++++++++++++
 internal/service/transfer/transfer_test.go |  1 +
 2 files changed, 23 insertions(+)

diff --git a/internal/service/transfer/server_test.go b/internal/service/transfer/server_test.go
index 193b5e1a1247..0317207c99d1 100644
--- a/internal/service/transfer/server_test.go
+++ b/internal/service/transfer/server_test.go
@@ -256,6 +256,22 @@ func testAccServer_securityPolicy(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "security_policy_name", "TransferSecurityPolicy-2023-05"),
 				),
 			},
+		},
+	})
+}
+
+func testAccServer_securityPolicyFIPS(t *testing.T) {
+	ctx := acctest.Context(t)
+	var conf transfer.DescribedServer
+	resourceName := "aws_transfer_server.test"
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, transfer.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckServerDestroy(ctx),
+		Steps: []resource.TestStep{
 			{
 				Config: testAccServerConfig_securityPolicy(rName, "TransferSecurityPolicy-FIPS-2023-05"),
 				Check: resource.ComposeTestCheckFunc(
@@ -263,6 +279,12 @@ func testAccServer_securityPolicy(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "security_policy_name", "TransferSecurityPolicy-FIPS-2023-05"),
 				),
 			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"force_destroy"},
+			},
 		},
 	})
 }
diff --git a/internal/service/transfer/transfer_test.go b/internal/service/transfer/transfer_test.go
index c9a016d5d44a..de67d78bb3f6 100644
--- a/internal/service/transfer/transfer_test.go
+++ b/internal/service/transfer/transfer_test.go
@@ -42,6 +42,7 @@ func TestAccTransfer_serial(t *testing.T) {
 			"Protocols":                     testAccServer_protocols,
 			"ProtocolDetails":               testAccServer_protocolDetails,
 			"SecurityPolicy":                testAccServer_securityPolicy,
+			"SecurityPolicyFIPS":            testAccServer_securityPolicyFIPS,
 			"StructuredLogDestinations":     testAccServer_structuredLogDestinations,
 			"UpdateEndpointTypePublicToVPC": testAccServer_updateEndpointType_publicToVPC,
 			"UpdateEndpointTypePublicToVPCAddressAllocationIDs":      testAccServer_updateEndpointType_publicToVPC_addressAllocationIDs,