Skip to content

Commit

Permalink
Merge pull request hashicorp#32027 from exoego/b-memory_db-feat-31528
Browse files Browse the repository at this point in the history
r/memorydb_user: Support IAM authentication mode
  • Loading branch information
jar-b authored Apr 25, 2024
2 parents 2e71459 + a407a62 commit 11ef371
Show file tree
Hide file tree
Showing 6 changed files with 131 additions and 22 deletions.
3 changes: 3 additions & 0 deletions .changelog/32027.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
resource/aws_memorydb_user: Support IAM authentication mode
```
39 changes: 27 additions & 12 deletions internal/service/memorydb/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ func ResourceUser() *schema.Resource {
Schema: map[string]*schema.Schema{
"passwords": {
Type: schema.TypeSet,
Required: true,
Optional: true,
MinItems: 1,
MaxItems: 2,
Elem: &schema.Schema{
Expand Down Expand Up @@ -100,12 +100,12 @@ func resourceUserCreate(ctx context.Context, d *schema.ResourceData, meta interf
userName := d.Get("user_name").(string)
input := &memorydb.CreateUserInput{
AccessString: aws.String(d.Get("access_string").(string)),
AuthenticationMode: &memorydb.AuthenticationMode{
Passwords: flex.ExpandStringSet(d.Get("authentication_mode.0.passwords").(*schema.Set)),
Type: aws.String(d.Get("authentication_mode.0.type").(string)),
},
Tags: getTagsIn(ctx),
UserName: aws.String(userName),
Tags: getTagsIn(ctx),
UserName: aws.String(userName),
}

if v, ok := d.GetOk("authentication_mode"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil {
input.AuthenticationMode = expandAuthenticationMode(v.([]interface{})[0].(map[string]interface{}))
}

_, err := conn.CreateUserWithContext(ctx, input)
Expand Down Expand Up @@ -171,11 +171,8 @@ func resourceUserUpdate(ctx context.Context, d *schema.ResourceData, meta interf
input.AccessString = aws.String(d.Get("access_string").(string))
}

if d.HasChange("authentication_mode") {
input.AuthenticationMode = &memorydb.AuthenticationMode{
Passwords: flex.ExpandStringSet(d.Get("authentication_mode.0.passwords").(*schema.Set)),
Type: aws.String(d.Get("authentication_mode.0.type").(string)),
}
if v, ok := d.GetOk("authentication_mode"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil {
input.AuthenticationMode = expandAuthenticationMode(v.([]interface{})[0].(map[string]interface{}))
}

_, err := conn.UpdateUserWithContext(ctx, input)
Expand Down Expand Up @@ -216,3 +213,21 @@ func resourceUserDelete(ctx context.Context, d *schema.ResourceData, meta interf

return diags
}

func expandAuthenticationMode(tfMap map[string]interface{}) *memorydb.AuthenticationMode {
if tfMap == nil {
return nil
}

apiObject := &memorydb.AuthenticationMode{}

if v, ok := tfMap["passwords"].(*schema.Set); ok && v.Len() > 0 {
apiObject.Passwords = flex.ExpandStringSet(v)
}

if v, ok := tfMap["type"].(string); ok && v != "" {
apiObject.Type = aws.String(v)
}

return apiObject
}
43 changes: 43 additions & 0 deletions internal/service/memorydb/user_data_source_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,32 @@ func TestAccMemoryDBUserDataSource_basic(t *testing.T) {
})
}

func TestAccMemoryDBUserDataSource_authenticationModeIAM(t *testing.T) {
ctx := acctest.Context(t)
rName := "tf-test-" + sdkacctest.RandString(8)
resourceName := "aws_memorydb_user.test"
dataSourceName := "data.aws_memorydb_user.test"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { acctest.PreCheck(ctx, t); testAccPreCheck(t) },
ErrorCheck: acctest.ErrorCheck(t, names.MemoryDBServiceID),
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
Steps: []resource.TestStep{
{
Config: testAccUserDataSourceConfig_authenticationModeIAM(rName),
Check: resource.ComposeAggregateTestCheckFunc(
resource.TestCheckResourceAttrPair(dataSourceName, "access_string", resourceName, "access_string"),
resource.TestCheckResourceAttrPair(dataSourceName, "arn", resourceName, "arn"),
resource.TestCheckResourceAttrPair(dataSourceName, "authentication_mode.0.type", resourceName, "authentication_mode.0.type"),
resource.TestCheckResourceAttrPair(dataSourceName, "authentication_mode.0.password_count", resourceName, "authentication_mode.0.password_count"),
resource.TestCheckResourceAttrPair(dataSourceName, "minimum_engine_version", resourceName, "minimum_engine_version"),
resource.TestCheckResourceAttrPair(dataSourceName, "user_name", resourceName, "user_name"),
),
},
},
})
}

func testAccUserDataSourceConfig_basic(rName string) string {
return fmt.Sprintf(`
resource "aws_memorydb_user" "test" {
Expand All @@ -62,3 +88,20 @@ data "aws_memorydb_user" "test" {
}
`, rName)
}

func testAccUserDataSourceConfig_authenticationModeIAM(rName string) string {
return fmt.Sprintf(`
resource "aws_memorydb_user" "test" {
access_string = "on ~* &* +@all"
user_name = %[1]q
authentication_mode {
type = "iam"
}
}
data "aws_memorydb_user" "test" {
user_name = aws_memorydb_user.test.user_name
}
`, rName)
}
48 changes: 48 additions & 0 deletions internal/service/memorydb/user_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,41 @@ func TestAccMemoryDBUser_basic(t *testing.T) {
})
}

func TestAccMemoryDBUser_authenticationModeIAM(t *testing.T) {
ctx := acctest.Context(t)
rName := "tf-test-" + sdkacctest.RandString(8)
resourceName := "aws_memorydb_user.test"

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { acctest.PreCheck(ctx, t); testAccPreCheck(t) },
ErrorCheck: acctest.ErrorCheck(t, names.MemoryDBServiceID),
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
CheckDestroy: testAccCheckUserDestroy(ctx),
Steps: []resource.TestStep{
{
Config: testAccUserConfig_authenticationModeIAM(rName),
Check: resource.ComposeTestCheckFunc(
testAccCheckUserExists(ctx, resourceName),
resource.TestCheckResourceAttr(resourceName, "access_string", "on ~* &* +@all"),
acctest.CheckResourceAttrRegionalARN(resourceName, "arn", "memorydb", "user/"+rName),
resource.TestCheckResourceAttr(resourceName, "authentication_mode.0.type", "iam"),
resource.TestCheckResourceAttr(resourceName, "authentication_mode.0.password_count", "0"),
resource.TestCheckResourceAttrSet(resourceName, "minimum_engine_version"),
resource.TestCheckResourceAttr(resourceName, "user_name", rName),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{
"authentication_mode.0.passwords",
},
},
},
})
}

func TestAccMemoryDBUser_disappears(t *testing.T) {
ctx := acctest.Context(t)
rName := "tf-test-" + sdkacctest.RandString(8)
Expand Down Expand Up @@ -276,6 +311,19 @@ resource "aws_memorydb_user" "test" {
`, rName)
}

func testAccUserConfig_authenticationModeIAM(rName string) string {
return fmt.Sprintf(`
resource "aws_memorydb_user" "test" {
access_string = "on ~* &* +@all"
user_name = %[1]q
authentication_mode {
type = "iam"
}
}
`, rName)
}

func testAccUserConfig_accessString(rName, accessString string) string {
return fmt.Sprintf(`
resource "aws_memorydb_user" "test" {
Expand Down
8 changes: 4 additions & 4 deletions website/docs/d/memorydb_user.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ This data source exports the following attributes in addition to the arguments a
* `access_string` - Access permissions string used for this user.
* `arn` - ARN of the user.
* `authentication_mode` - Denotes the user's authentication properties.
* `password_count` - The number of passwords belonging to the user.
* `type` - Whether the user requires a password to authenticate.
* `minimum_engine_version` - The minimum engine version supported for the user.
* `tags` - Map of tags assigned to the subnet group.
* `password_count` - Number of passwords belonging to the user if `type` is set to `password`.
* `type` - Type of authentication configured.
* `minimum_engine_version` - Minimum engine version supported for the user.
* `tags` - Map of tags assigned to the user.
12 changes: 6 additions & 6 deletions website/docs/r/memorydb_user.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ resource "aws_memorydb_user" "example" {

The following arguments are required:

* `access_string` - (Required) The access permissions string used for this user.
* `access_string` - (Required) Access permissions string used for this user.
* `authentication_mode` - (Required) Denotes the user's authentication properties. Detailed below.
* `user_name` - (Required, Forces new resource) Name of the MemoryDB user. Up to 40 characters.

Expand All @@ -47,18 +47,18 @@ The following arguments are optional:

### authentication_mode Configuration Block

* `passwords` - (Required) The set of passwords used for authentication. You can create up to two passwords for each user.
* `type` - (Required) Indicates whether the user requires a password to authenticate. Must be set to `password`.
* `passwords` - (Optional) Set of passwords used for authentication if `type` is set to `password`. You can create up to two passwords for each user.
* `type` - (Required) Specifies the authentication type. Valid values are: `password` or `iam`.

## Attribute Reference

This resource exports the following attributes in addition to the arguments above:

* `id` - Same as `user_name`.
* `arn` - The ARN of the user.
* `minimum_engine_version` - The minimum engine version supported for the user.
* `arn` - ARN of the user.
* `minimum_engine_version` - Minimum engine version supported for the user.
* `authentication_mode` configuration block
* `password_count` - The number of passwords belonging to the user.
* `password_count` - Number of passwords belonging to the user if `type` is set to `password`.
* `tags_all` - A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block).

## Import
Expand Down

0 comments on commit 11ef371

Please sign in to comment.