Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add support for single scram secret association #37056

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/37056.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:new-resource
aws_msk_single_scram_secret_association
```
30 changes: 16 additions & 14 deletions internal/service/kafka/exports_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,21 @@ package kafka

// Exports for use in tests only.
var (
ResourceCluster = resourceCluster
ResourceClusterPolicy = resourceClusterPolicy
ResourceConfiguration = resourceConfiguration
ResourceReplicator = resourceReplicator
ResourceSCRAMSecretAssociation = resourceSCRAMSecretAssociation
ResourceServerlessCluster = resourceServerlessCluster
ResourceVPCConnection = resourceVPCConnection
ResourceCluster = resourceCluster
ResourceClusterPolicy = resourceClusterPolicy
ResourceConfiguration = resourceConfiguration
ResourceReplicator = resourceReplicator
ResourceSCRAMSecretAssociation = resourceSCRAMSecretAssociation
ResourceSingleSCRAMSecretAssociation = newSingleSCRAMSecretAssociationResource
ResourceServerlessCluster = resourceServerlessCluster
ResourceVPCConnection = resourceVPCConnection

FindClusterByARN = findClusterByARN
FindClusterPolicyByARN = findClusterPolicyByARN
FindConfigurationByARN = findConfigurationByARN
FindReplicatorByARN = findReplicatorByARN
FindSCRAMSecretsByClusterARN = findSCRAMSecretsByClusterARN
FindServerlessClusterByARN = findServerlessClusterByARN
FindVPCConnectionByARN = findVPCConnectionByARN
FindClusterByARN = findClusterByARN
FindClusterPolicyByARN = findClusterPolicyByARN
FindConfigurationByARN = findConfigurationByARN
FindReplicatorByARN = findReplicatorByARN
FindSCRAMSecretAssociation = findSCRAMSecretAssociation
FindSingleSCRAMSecretAssociationByTwoPartKey = findSingleSCRAMSecretAssociationByTwoPartKey
FindServerlessClusterByARN = findServerlessClusterByARN
FindVPCConnectionByARN = findVPCConnectionByARN
)
23 changes: 21 additions & 2 deletions internal/service/kafka/scram_secret_association.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ const (
scramSecretBatchSize = 10
)

// @SDKResource("aws_msk_scram_secret_association", name="SCRAM Secret Association)
// @SDKResource("aws_msk_scram_secret_association", name="SCRAM Secret Association")
func resourceSCRAMSecretAssociation() *schema.Resource {
return &schema.Resource{
CreateWithoutTimeout: resourceSCRAMSecretAssociationCreate,
Expand Down Expand Up @@ -78,7 +78,7 @@ func resourceSCRAMSecretAssociationRead(ctx context.Context, d *schema.ResourceD
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).KafkaClient(ctx)

scramSecrets, err := findSCRAMSecretsByClusterARN(ctx, conn, d.Id())
scramSecrets, err := findSCRAMSecretAssociation(ctx, conn, d.Id())

if !d.IsNewResource() && tfresource.NotFound(err) {
log.Printf("[WARN] MSK SCRAM Secret Association (%s) not found, removing from state", d.Id())
Expand Down Expand Up @@ -135,10 +135,29 @@ func resourceSCRAMSecretAssociationDelete(ctx context.Context, d *schema.Resourc
return diags
}

func findSCRAMSecretAssociation(ctx context.Context, conn *kafka.Client, clusterARN string) ([]string, error) {
output, err := findSCRAMSecretsByClusterARN(ctx, conn, clusterARN)

if err != nil {
return nil, err
}

if len(output) == 0 {
return nil, tfresource.NewEmptyResultError(nil)
}

return output, nil
}

func findSCRAMSecretsByClusterARN(ctx context.Context, conn *kafka.Client, clusterARN string) ([]string, error) {
input := &kafka.ListScramSecretsInput{
ClusterArn: aws.String(clusterARN),
}

return findSCRAMSecrets(ctx, conn, input)
}

func findSCRAMSecrets(ctx context.Context, conn *kafka.Client, input *kafka.ListScramSecretsInput) ([]string, error) {
var output []string

pages := kafka.NewListScramSecretsPaginator(conn, input)
Expand Down
56 changes: 28 additions & 28 deletions internal/service/kafka/scram_secret_association_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import (
"github.com/hashicorp/terraform-provider-aws/names"
)

func TestAccKafkaScramSecretAssociation_basic(t *testing.T) {
func TestAccKafkaSCRAMSecretAssociation_basic(t *testing.T) {
ctx := acctest.Context(t)
rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
resourceName := "aws_msk_scram_secret_association.test"
Expand All @@ -29,12 +29,12 @@ func TestAccKafkaScramSecretAssociation_basic(t *testing.T) {
PreCheck: func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) },
ErrorCheck: acctest.ErrorCheck(t, names.KafkaServiceID),
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
CheckDestroy: testAccCheckScramSecretAssociationDestroy(ctx),
CheckDestroy: testAccCheckSCRAMSecretAssociationDestroy(ctx),
Steps: []resource.TestStep{
{
Config: testAccScramSecretAssociationConfig_basic(rName, 1),
Config: testAccSCRAMSecretAssociationConfig_basic(rName, 1),
Check: resource.ComposeTestCheckFunc(
testAccCheckScramSecretAssociationExists(ctx, resourceName),
testAccCheckSCRAMSecretAssociationExists(ctx, resourceName),
resource.TestCheckResourceAttrPair(resourceName, "cluster_arn", clusterResourceName, names.AttrARN),
resource.TestCheckResourceAttr(resourceName, "secret_arn_list.#", "1"),
resource.TestCheckTypeSetElemAttrPair(resourceName, "secret_arn_list.*", secretResourceName, names.AttrARN),
Expand All @@ -49,7 +49,7 @@ func TestAccKafkaScramSecretAssociation_basic(t *testing.T) {
})
}

func TestAccKafkaScramSecretAssociation_update(t *testing.T) {
func TestAccKafkaSCRAMSecretAssociation_update(t *testing.T) {
ctx := acctest.Context(t)
rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
resourceName := "aws_msk_scram_secret_association.test"
Expand All @@ -61,28 +61,28 @@ func TestAccKafkaScramSecretAssociation_update(t *testing.T) {
PreCheck: func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) },
ErrorCheck: acctest.ErrorCheck(t, names.KafkaServiceID),
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
CheckDestroy: testAccCheckScramSecretAssociationDestroy(ctx),
CheckDestroy: testAccCheckSCRAMSecretAssociationDestroy(ctx),
Steps: []resource.TestStep{
{
Config: testAccScramSecretAssociationConfig_basic(rName, 1),
Config: testAccSCRAMSecretAssociationConfig_basic(rName, 1),
Check: resource.ComposeTestCheckFunc(
testAccCheckScramSecretAssociationExists(ctx, resourceName),
testAccCheckSCRAMSecretAssociationExists(ctx, resourceName),
),
},
{
Config: testAccScramSecretAssociationConfig_basic(rName, 3),
Config: testAccSCRAMSecretAssociationConfig_basic(rName, 3),
Check: resource.ComposeTestCheckFunc(
testAccCheckScramSecretAssociationExists(ctx, resourceName),
testAccCheckSCRAMSecretAssociationExists(ctx, resourceName),
resource.TestCheckResourceAttr(resourceName, "secret_arn_list.#", "3"),
resource.TestCheckTypeSetElemAttrPair(resourceName, "secret_arn_list.*", secretResourceName, names.AttrARN),
resource.TestCheckTypeSetElemAttrPair(resourceName, "secret_arn_list.*", secretResourceName2, names.AttrARN),
resource.TestCheckTypeSetElemAttrPair(resourceName, "secret_arn_list.*", secretResourceName3, names.AttrARN),
),
},
{
Config: testAccScramSecretAssociationConfig_basic(rName, 2),
Config: testAccSCRAMSecretAssociationConfig_basic(rName, 2),
Check: resource.ComposeTestCheckFunc(
testAccCheckScramSecretAssociationExists(ctx, resourceName),
testAccCheckSCRAMSecretAssociationExists(ctx, resourceName),
resource.TestCheckResourceAttr(resourceName, "secret_arn_list.#", "2"),
resource.TestCheckTypeSetElemAttrPair(resourceName, "secret_arn_list.*", secretResourceName, names.AttrARN),
resource.TestCheckTypeSetElemAttrPair(resourceName, "secret_arn_list.*", secretResourceName2, names.AttrARN),
Expand All @@ -97,7 +97,7 @@ func TestAccKafkaScramSecretAssociation_update(t *testing.T) {
})
}

func TestAccKafkaScramSecretAssociation_disappears(t *testing.T) {
func TestAccKafkaSCRAMSecretAssociation_disappears(t *testing.T) {
ctx := acctest.Context(t)
rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
resourceName := "aws_msk_scram_secret_association.test"
Expand All @@ -106,12 +106,12 @@ func TestAccKafkaScramSecretAssociation_disappears(t *testing.T) {
PreCheck: func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) },
ErrorCheck: acctest.ErrorCheck(t, names.KafkaServiceID),
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
CheckDestroy: testAccCheckScramSecretAssociationDestroy(ctx),
CheckDestroy: testAccCheckSCRAMSecretAssociationDestroy(ctx),
Steps: []resource.TestStep{
{
Config: testAccScramSecretAssociationConfig_basic(rName, 1),
Config: testAccSCRAMSecretAssociationConfig_basic(rName, 1),
Check: resource.ComposeTestCheckFunc(
testAccCheckScramSecretAssociationExists(ctx, resourceName),
testAccCheckSCRAMSecretAssociationExists(ctx, resourceName),
acctest.CheckResourceDisappears(ctx, acctest.Provider, tfkafka.ResourceSCRAMSecretAssociation(), resourceName),
),
ExpectNonEmptyPlan: true,
Expand All @@ -120,7 +120,7 @@ func TestAccKafkaScramSecretAssociation_disappears(t *testing.T) {
})
}

func TestAccKafkaScramSecretAssociation_Disappears_cluster(t *testing.T) {
func TestAccKafkaSCRAMSecretAssociation_Disappears_cluster(t *testing.T) {
ctx := acctest.Context(t)
rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
resourceName := "aws_msk_scram_secret_association.test"
Expand All @@ -130,12 +130,12 @@ func TestAccKafkaScramSecretAssociation_Disappears_cluster(t *testing.T) {
PreCheck: func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) },
ErrorCheck: acctest.ErrorCheck(t, names.KafkaServiceID),
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
CheckDestroy: testAccCheckScramSecretAssociationDestroy(ctx),
CheckDestroy: testAccCheckSCRAMSecretAssociationDestroy(ctx),
Steps: []resource.TestStep{
{
Config: testAccScramSecretAssociationConfig_basic(rName, 1),
Config: testAccSCRAMSecretAssociationConfig_basic(rName, 1),
Check: resource.ComposeTestCheckFunc(
testAccCheckScramSecretAssociationExists(ctx, resourceName),
testAccCheckSCRAMSecretAssociationExists(ctx, resourceName),
acctest.CheckResourceDisappears(ctx, acctest.Provider, tfkafka.ResourceCluster(), clusterResourceName),
),
ExpectNonEmptyPlan: true,
Expand All @@ -144,7 +144,7 @@ func TestAccKafkaScramSecretAssociation_Disappears_cluster(t *testing.T) {
})
}

func testAccCheckScramSecretAssociationDestroy(ctx context.Context) resource.TestCheckFunc {
func testAccCheckSCRAMSecretAssociationDestroy(ctx context.Context) resource.TestCheckFunc {
return func(s *terraform.State) error {
for _, rs := range s.RootModule().Resources {
if rs.Type != "aws_msk_scram_secret_association" {
Expand All @@ -153,7 +153,7 @@ func testAccCheckScramSecretAssociationDestroy(ctx context.Context) resource.Tes

conn := acctest.Provider.Meta().(*conns.AWSClient).KafkaClient(ctx)

_, err := tfkafka.FindSCRAMSecretsByClusterARN(ctx, conn, rs.Primary.ID)
_, err := tfkafka.FindSCRAMSecretAssociation(ctx, conn, rs.Primary.ID)

if tfresource.NotFound(err) {
continue
Expand All @@ -163,14 +163,14 @@ func testAccCheckScramSecretAssociationDestroy(ctx context.Context) resource.Tes
return err
}

return fmt.Errorf("MSK Cluster %s still exists", rs.Primary.ID)
return fmt.Errorf("MSK SCRAM Secret Association %s still exists", rs.Primary.ID)
}

return nil
}
}

func testAccCheckScramSecretAssociationExists(ctx context.Context, n string) resource.TestCheckFunc {
func testAccCheckSCRAMSecretAssociationExists(ctx context.Context, n string) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
Expand All @@ -179,13 +179,13 @@ func testAccCheckScramSecretAssociationExists(ctx context.Context, n string) res

conn := acctest.Provider.Meta().(*conns.AWSClient).KafkaClient(ctx)

_, err := tfkafka.FindSCRAMSecretsByClusterARN(ctx, conn, rs.Primary.ID)
_, err := tfkafka.FindSCRAMSecretAssociation(ctx, conn, rs.Primary.ID)

return err
}
}

func testAccScramSecretAssociationConfig_base(rName string, count int) string {
func testAccSCRAMSecretAssociationConfig_base(rName string, count int) string {
return acctest.ConfigCompose(testAccClusterConfig_base(rName), fmt.Sprintf(`
data "aws_partition" "current" {}

Expand Down Expand Up @@ -251,8 +251,8 @@ POLICY
`, rName, count))
}

func testAccScramSecretAssociationConfig_basic(rName string, count int) string {
return acctest.ConfigCompose(testAccScramSecretAssociationConfig_base(rName, count), `
func testAccSCRAMSecretAssociationConfig_basic(rName string, count int) string {
return acctest.ConfigCompose(testAccSCRAMSecretAssociationConfig_base(rName, count), `
resource "aws_msk_scram_secret_association" "test" {
cluster_arn = aws_msk_cluster.test.arn
secret_arn_list = aws_secretsmanager_secret.test[*].arn
Expand Down
7 changes: 6 additions & 1 deletion internal/service/kafka/service_package_gen.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading