From 472a694ae82d8826a14db5eab1b3c123b010d18a Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Tue, 2 Feb 2021 15:27:44 -0300 Subject: [PATCH 01/45] ADd new key --- aws/resource_aws_transfer_server.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index eef991d07cec..7b455f00fff3 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -66,6 +66,14 @@ func resourceAwsTransferServer() *schema.Resource { Set: schema.HashString, ConflictsWith: []string{"endpoint_details.0.vpc_endpoint_id"}, }, + "security_group_ids": { + Type: schema.TypeSet, + Optional: true, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: schema.HashString, + ConflictsWith: []string{"endpoint_details.0.vpc_endpoint_id"}, + }, "subnet_ids": { Type: schema.TypeSet, Optional: true, @@ -76,7 +84,7 @@ func resourceAwsTransferServer() *schema.Resource { "vpc_endpoint_id": { Type: schema.TypeString, Optional: true, - ConflictsWith: []string{"endpoint_details.0.address_allocation_ids", "endpoint_details.0.subnet_ids", "endpoint_details.0.vpc_id"}, + ConflictsWith: []string{"endpoint_details.0.address_allocation_ids", "endpoint_details.0.security_group_ids", "endpoint_details.0.subnet_ids", "endpoint_details.0.vpc_id"}, Computed: true, }, "vpc_id": { From a1aa8edc05bb916368c5f329f91db6b0f3aa4340 Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Tue, 2 Feb 2021 17:35:19 -0300 Subject: [PATCH 02/45] Change --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9470fd018ef0..c836d55f1921 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -836,6 +836,7 @@ FEATURES: ENHANCEMENTS: + * data-source/aws_subnet: Add `customer_owned_ipv4_pool` and `map_customer_owned_ip_on_launch` attributes ([#16676](https://github.com/hashicorp/terraform-provider-aws/issues/16676)) * resource/aws_glacier_vault: Add plan-time validation for `notification` configuration block `events` and `sns_topic_arn` arguments ([#12645](https://github.com/hashicorp/terraform-provider-aws/issues/12645)) * resource/aws_glue_catalog_table: Adds support for specifying schema from schema registry. ([#17335](https://github.com/hashicorp/terraform-provider-aws/issues/17335)) From fc1a43740549f04b7b4c5498c512807f42c4a0a2 Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Thu, 4 Feb 2021 15:13:34 -0300 Subject: [PATCH 03/45] Add security_group_ids parameter. --- aws/resource_aws_transfer_server.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index 7b455f00fff3..3750be1faf8f 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -268,6 +268,9 @@ func resourceAwsTransferServerCreate(d *schema.ResourceData, meta interface{}) e if err := stopTransferServer(conn, d.Id(), d.Timeout(schema.TimeoutCreate)); err != nil { return err } + updateEndPoint := d.Get("endpoint_details") + // delete(updateEndPoint, "SecurityGroupIds") + // updateEndPoint.SecurityGroupIds = {} input := &transfer.UpdateServerInput{ ServerId: aws.String(d.Id()), From 2d4c47c9274d3529e3aaec73c250fcea77168925 Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Thu, 4 Feb 2021 18:18:03 -0300 Subject: [PATCH 04/45] change --- .goreleaser.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index fe1eb97fe8c6..999f7af3d857 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -11,15 +11,15 @@ builds: flags: - -trimpath goarch: - - '386' - - amd64 - - arm +# - '386' +# - amd64 +# - arm - arm64 goos: - darwin - - freebsd - - linux - - windows +# - freebsd +# - linux +# - windows ignore: - goarch: '386' goos: darwin From 8d2dd00a5b05d1e694db5fa7129ccfbd46a1f9bb Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Thu, 4 Feb 2021 18:18:58 -0300 Subject: [PATCH 05/45] change --- .goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 999f7af3d857..6b174af7874c 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -18,7 +18,7 @@ builds: goos: - darwin # - freebsd -# - linux + - linux # - windows ignore: - goarch: '386' From 708b2671f891aa526eb06f82a76df0764878c4e8 Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Thu, 4 Feb 2021 18:35:20 -0300 Subject: [PATCH 06/45] Change --- .goreleaser.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 6b174af7874c..fe1eb97fe8c6 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -11,15 +11,15 @@ builds: flags: - -trimpath goarch: -# - '386' -# - amd64 -# - arm + - '386' + - amd64 + - arm - arm64 goos: - darwin -# - freebsd + - freebsd - linux -# - windows + - windows ignore: - goarch: '386' goos: darwin From e1751a8fe5953853026575d5800b280962f48e01 Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Thu, 4 Feb 2021 19:15:55 -0300 Subject: [PATCH 07/45] Change --- .github/workflows/release.yml | 54 +++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 90969c0596bd..5ed1b05a5020 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,3 +1,4 @@ +<<<<<<< HEAD name: Post Publish on: release: @@ -52,3 +53,56 @@ jobs: git add CHANGELOG.md git commit -m "Update CHANGELOG.md after ${{ github.event.release.tag_name }}" git push +======= +# This GitHub action can publish assets for release when a tag is created. +# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0). +# +# This uses an action (paultyng/ghaction-import-gpg) that assumes you set your +# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE` +# secret. If you would rather own your own GPG handling, please fork this action +# or use an alternative one for key handling. +# +# You will need to pass the `--batch` flag to `gpg` in your signing step +# in `goreleaser` to indicate this is being used in a non-interactive mode. +# +name: release +on: + push: + tags: + - 'v*' +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Unshallow + run: git fetch --prune --unshallow + - + name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.14 + - + name: Import GPG key + id: import_gpg + # TODO: move this to HashiCorp namespace or find alternative that is just simple gpg commands + # see https://github.com/hashicorp/terraform-provider-scaffolding/issues/22 + uses: paultyng/ghaction-import-gpg@v2.1.0 + env: + # These secrets will need to be configured for the repository: + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + PASSPHRASE: ${{ secrets.PASSPHRASE }} + - + name: Run GoReleaser + uses: goreleaser/goreleaser-action@v2 + with: + version: latest + args: release --rm-dist + env: + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} + # GitHub sets this automatically + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +>>>>>>> 19bf7eb9c (Change) From 82f0197fcd53d92c1db54e0db0563030d4b67b2d Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Fri, 5 Feb 2021 21:52:10 -0300 Subject: [PATCH 08/45] Update --- aws/resource_aws_transfer_server.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index 3750be1faf8f..2ed9554e5be6 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -268,9 +268,8 @@ func resourceAwsTransferServerCreate(d *schema.ResourceData, meta interface{}) e if err := stopTransferServer(conn, d.Id(), d.Timeout(schema.TimeoutCreate)); err != nil { return err } - updateEndPoint := d.Get("endpoint_details") - // delete(updateEndPoint, "SecurityGroupIds") - // updateEndPoint.SecurityGroupIds = {} + // Here we ansure that SecurityGroupsids is nil. We can't update this + createOpts.EndpointDetails.SecurityGroupIds = nil input := &transfer.UpdateServerInput{ ServerId: aws.String(d.Id()), From 240e4456efd6e7cd0c09c903362f1bb90d842f25 Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Fri, 5 Feb 2021 22:03:12 -0300 Subject: [PATCH 09/45] Update Doc --- website/docs/r/transfer_server.html.markdown | 1 + 1 file changed, 1 insertion(+) diff --git a/website/docs/r/transfer_server.html.markdown b/website/docs/r/transfer_server.html.markdown index 6b172348db8a..ef4616f87e52 100644 --- a/website/docs/r/transfer_server.html.markdown +++ b/website/docs/r/transfer_server.html.markdown @@ -108,6 +108,7 @@ The following arguments are supported: * `address_allocation_ids` - (Optional) A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when `endpoint_type` is set to `VPC`. * `subnet_ids` - (Optional) A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when `endpoint_type` is set to `VPC`. * `vpc_id` - (Optional) The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when `endpoint_type` is set to `VPC`. +* `security_group_ids` - (Optional) A list of Security Groups Ids. This property can only be used when `endpoint_type` is set to `VPC`. It can't be change after transfer server creation. ## Attributes Reference In addition to all arguments above, the following attributes are exported: From f8a62376bdb9f7be9e5a1285869168d01ad35483 Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Tue, 9 Feb 2021 17:43:16 -0300 Subject: [PATCH 10/45] Add go.yaml --- .github/workflows/go.yml | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/go.yml diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml new file mode 100644 index 000000000000..7fe92da0143d --- /dev/null +++ b/.github/workflows/go.yml @@ -0,0 +1,40 @@ +name: release +on: + push: + tags: + - 'v*' +jobs: + goreleaser: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + - + name: Unshallow + run: git fetch --prune --unshallow + - + name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.14 + - + name: Import GPG key + id: import_gpg + # TODO: move this to HashiCorp namespace or find alternative that is just simple gpg commands + # see https://github.com/hashicorp/terraform-provider-scaffolding/issues/22 + uses: paultyng/ghaction-import-gpg@v2.1.0 + env: + # These secrets will need to be configured for the repository: + GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + PASSPHRASE: ${{ secrets.PASSPHRASE }} + - + name: Run GoReleaser + uses: goreleaser/goreleaser-action@v2 + with: + version: latest + args: release --rm-dist + env: + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} + # GitHub sets this automatically + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 4b191fb2f384eb8e303de820897967c317a61e75 Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Tue, 9 Feb 2021 19:04:02 -0300 Subject: [PATCH 11/45] Change --- .goreleaser.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index fe1eb97fe8c6..17ec99994b2d 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -11,15 +11,15 @@ builds: flags: - -trimpath goarch: - - '386' +# - '386' - amd64 - - arm +# - arm - arm64 goos: - darwin - - freebsd +# - freebsd - linux - - windows +# - windows ignore: - goarch: '386' goos: darwin From 54698e8999ea81ad257593245b48acf8b4252a9d Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Tue, 9 Feb 2021 19:05:05 -0300 Subject: [PATCH 12/45] Change --- .goreleaser.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 17ec99994b2d..a98c6242ceb3 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -27,7 +27,7 @@ builds: - -s -w -X version.ProviderVersion={{.Version}} mod_timestamp: '{{ .CommitTimestamp }}' changelog: - skip: true + skip: false checksum: name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS' algorithm: sha256 From 1183799c04a30b5a615c10eca56f30c598c122ab Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Tue, 9 Feb 2021 19:13:30 -0300 Subject: [PATCH 13/45] Change --- .goreleaser.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index a98c6242ceb3..3fae370f305a 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -12,7 +12,7 @@ builds: - -trimpath goarch: # - '386' - - amd64 +# - amd64 # - arm - arm64 goos: @@ -34,7 +34,7 @@ checksum: env: - CGO_ENABLED=0 release: - disable: true + disable: false signs: - artifacts: checksum args: From 18f986ab726b69fc213ec212388fcbd89c0f82d5 Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Tue, 9 Feb 2021 19:18:31 -0300 Subject: [PATCH 14/45] Change --- .goreleaser.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.goreleaser.yml b/.goreleaser.yml index 3fae370f305a..84a1671a58ba 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -35,6 +35,12 @@ env: - CGO_ENABLED=0 release: disable: false + github: + owner: amadureira + name: terraform-provider-aws + + + signs: - artifacts: checksum args: From c439ede8c7b0eee78a63aab7587941f4cfb964fc Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Tue, 9 Feb 2021 19:40:34 -0300 Subject: [PATCH 15/45] Change only one line --- .goreleaser.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.goreleaser.yml b/.goreleaser.yml index 84a1671a58ba..194a26e93532 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -6,6 +6,7 @@ archives: before: hooks: - go mod download + builds: - binary: '{{ .ProjectName }}_{{ .Version }}' flags: From 471c29e41751369384cbc48fb9c236043aab229d Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Tue, 9 Feb 2021 20:00:54 -0300 Subject: [PATCH 16/45] Change --- .goreleaser.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 194a26e93532..a16b9e5bbc9b 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -13,14 +13,14 @@ builds: - -trimpath goarch: # - '386' -# - amd64 -# - arm + - amd64 + - arm - arm64 goos: - darwin -# - freebsd + - freebsd - linux -# - windows + - windows ignore: - goarch: '386' goos: darwin From f96aaa9464aa64bf6cde612d086cbd83726c1a07 Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Tue, 9 Feb 2021 23:37:02 -0300 Subject: [PATCH 17/45] Add changelog --- .changelog/17496.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/17496.txt diff --git a/.changelog/17496.txt b/.changelog/17496.txt new file mode 100644 index 000000000000..70e1bc075d30 --- /dev/null +++ b/.changelog/17496.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_transfer_server: Add security_group_ids for endpoint_details block +``` From 8ab5322e57cc93a2654aac0d6034387e5a55ed34 Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Tue, 16 Feb 2021 15:20:10 -0300 Subject: [PATCH 18/45] Add changelog, reset .goreleaser.yml and fix aws/resource_aws_transfer_server.go --- .changelog/17539.txt | 3 +++ .goreleaser.yml | 13 +++---------- aws/resource_aws_transfer_server.go | 1 + 3 files changed, 7 insertions(+), 10 deletions(-) create mode 100644 .changelog/17539.txt diff --git a/.changelog/17539.txt b/.changelog/17539.txt new file mode 100644 index 000000000000..3961f2085c94 --- /dev/null +++ b/.changelog/17539.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_transfer_server: Add security_group_ids parameter +``` diff --git a/.goreleaser.yml b/.goreleaser.yml index a16b9e5bbc9b..fe1eb97fe8c6 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -6,13 +6,12 @@ archives: before: hooks: - go mod download - builds: - binary: '{{ .ProjectName }}_{{ .Version }}' flags: - -trimpath goarch: -# - '386' + - '386' - amd64 - arm - arm64 @@ -28,20 +27,14 @@ builds: - -s -w -X version.ProviderVersion={{.Version}} mod_timestamp: '{{ .CommitTimestamp }}' changelog: - skip: false + skip: true checksum: name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS' algorithm: sha256 env: - CGO_ENABLED=0 release: - disable: false - github: - owner: amadureira - name: terraform-provider-aws - - - + disable: true signs: - artifacts: checksum args: diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index 2ed9554e5be6..2831f0520769 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -268,6 +268,7 @@ func resourceAwsTransferServerCreate(d *schema.ResourceData, meta interface{}) e if err := stopTransferServer(conn, d.Id(), d.Timeout(schema.TimeoutCreate)); err != nil { return err } + // Here we ansure that SecurityGroupsids is nil. We can't update this createOpts.EndpointDetails.SecurityGroupIds = nil From 083b5188bb014a73bd87c6254931a6094532196e Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Fri, 19 Feb 2021 10:34:04 -0300 Subject: [PATCH 19/45] A little change --- .changelog/17539.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changelog/17539.txt b/.changelog/17539.txt index 3961f2085c94..085b0471cb72 100644 --- a/.changelog/17539.txt +++ b/.changelog/17539.txt @@ -1,3 +1,3 @@ ```release-note:enhancement -resource/aws_transfer_server: Add security_group_ids parameter +resource/aws_transfer_server: Add security_group_ids parameter. ``` From 3660eb6323ab51a537a8ea7c126e2e9da980db19 Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Tue, 16 Feb 2021 21:54:14 -0300 Subject: [PATCH 20/45] Return .goreleaser.yml and CHANGELOG.md to original state --- .goreleaser.yml | 2 +- CHANGELOG.md | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index fe1eb97fe8c6..8d1a78155dd9 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -24,7 +24,7 @@ builds: - goarch: '386' goos: darwin ldflags: - - -s -w -X version.ProviderVersion={{.Version}} + - -s -w -X aws/version.ProviderVersion={{.Version}} mod_timestamp: '{{ .CommitTimestamp }}' changelog: skip: true diff --git a/CHANGELOG.md b/CHANGELOG.md index c836d55f1921..9470fd018ef0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -836,7 +836,6 @@ FEATURES: ENHANCEMENTS: - * data-source/aws_subnet: Add `customer_owned_ipv4_pool` and `map_customer_owned_ip_on_launch` attributes ([#16676](https://github.com/hashicorp/terraform-provider-aws/issues/16676)) * resource/aws_glacier_vault: Add plan-time validation for `notification` configuration block `events` and `sns_topic_arn` arguments ([#12645](https://github.com/hashicorp/terraform-provider-aws/issues/12645)) * resource/aws_glue_catalog_table: Adds support for specifying schema from schema registry. ([#17335](https://github.com/hashicorp/terraform-provider-aws/issues/17335)) From e6d232091bba6851783572f45cf38fedd2b788ff Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Tue, 16 Feb 2021 21:55:11 -0300 Subject: [PATCH 21/45] Remove Custom workflow files --- .github/workflows/go.yml | 40 ---------------------------------------- 1 file changed, 40 deletions(-) delete mode 100644 .github/workflows/go.yml diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml deleted file mode 100644 index 7fe92da0143d..000000000000 --- a/.github/workflows/go.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: release -on: - push: - tags: - - 'v*' -jobs: - goreleaser: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v2 - - - name: Unshallow - run: git fetch --prune --unshallow - - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.14 - - - name: Import GPG key - id: import_gpg - # TODO: move this to HashiCorp namespace or find alternative that is just simple gpg commands - # see https://github.com/hashicorp/terraform-provider-scaffolding/issues/22 - uses: paultyng/ghaction-import-gpg@v2.1.0 - env: - # These secrets will need to be configured for the repository: - GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - PASSPHRASE: ${{ secrets.PASSPHRASE }} - - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v2 - with: - version: latest - args: release --rm-dist - env: - GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} - # GitHub sets this automatically - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 9c72f21c098a1ec41230c5e1354b8ecad3f785c6 Mon Sep 17 00:00:00 2001 From: Anderson Madureira Date: Fri, 26 Feb 2021 10:34:56 -0300 Subject: [PATCH 22/45] Change --- .changelog/17496.txt | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 .changelog/17496.txt diff --git a/.changelog/17496.txt b/.changelog/17496.txt deleted file mode 100644 index 70e1bc075d30..000000000000 --- a/.changelog/17496.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:enhancement -resource/aws_transfer_server: Add security_group_ids for endpoint_details block -``` From 64d2c2b494d9dc9017c0edead923b48e876f39f7 Mon Sep 17 00:00:00 2001 From: amadureira Date: Fri, 26 Feb 2021 10:34:32 -0300 Subject: [PATCH 23/45] Update .changelog/17539.txt Co-authored-by: Kit Ewbank --- .changelog/17539.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changelog/17539.txt b/.changelog/17539.txt index 085b0471cb72..8f9455ff51b3 100644 --- a/.changelog/17539.txt +++ b/.changelog/17539.txt @@ -1,3 +1,3 @@ ```release-note:enhancement -resource/aws_transfer_server: Add security_group_ids parameter. +resource/aws_transfer_server: Add `security_group_ids` attribute. ``` From 5a01d013cc9fc368b9f9a5f9fb419c4182613c34 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 28 Jun 2021 15:46:17 -0400 Subject: [PATCH 24/45] Tidy up after rebase. --- .changelog/17539.txt | 2 +- aws/resource_aws_transfer_server.go | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/.changelog/17539.txt b/.changelog/17539.txt index 8f9455ff51b3..4ea42cc41558 100644 --- a/.changelog/17539.txt +++ b/.changelog/17539.txt @@ -1,3 +1,3 @@ ```release-note:enhancement -resource/aws_transfer_server: Add `security_group_ids` attribute. +resource/aws_transfer_server: Add `security_group_ids` argument to `endpoint_details` configuration block. ``` diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index 2831f0520769..7b455f00fff3 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -269,9 +269,6 @@ func resourceAwsTransferServerCreate(d *schema.ResourceData, meta interface{}) e return err } - // Here we ansure that SecurityGroupsids is nil. We can't update this - createOpts.EndpointDetails.SecurityGroupIds = nil - input := &transfer.UpdateServerInput{ ServerId: aws.String(d.Id()), EndpointDetails: expandTransferEndpointDetails(d.Get("endpoint_details").([]interface{})[0].(map[string]interface{})), From 0b55299cb7fb033460c7e339c7a7524f163f655d Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 28 Jun 2021 16:23:43 -0400 Subject: [PATCH 25/45] r/aws_transfer_server: Add TODOs for security group ID updates. Acceptance test output: % make testacc TEST=./aws TESTARGS='-run=TestAccAWSTransferServer_vpc' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSTransferServer_vpc -timeout 180m === RUN TestAccAWSTransferServer_vpc === PAUSE TestAccAWSTransferServer_vpc === RUN TestAccAWSTransferServer_vpcEndpointId === PAUSE TestAccAWSTransferServer_vpcEndpointId === CONT TestAccAWSTransferServer_vpc === CONT TestAccAWSTransferServer_vpcEndpointId --- PASS: TestAccAWSTransferServer_vpcEndpointId (55.36s) --- PASS: TestAccAWSTransferServer_vpc (230.58s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 235.878s --- aws/resource_aws_transfer_server.go | 17 +++++++++++++++++ website/docs/r/transfer_server.html.markdown | 4 ++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index 7b455f00fff3..c19d62e809b1 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -40,6 +40,7 @@ func resourceAwsTransferServer() *schema.Resource { Optional: true, ValidateFunc: validateArn, }, + "domain": { Type: schema.TypeString, Optional: true, @@ -269,6 +270,10 @@ func resourceAwsTransferServerCreate(d *schema.ResourceData, meta interface{}) e return err } + // TODO + // TODO You can edit the SecurityGroupIds property in the UpdateServer API only if you are changing the EndpointType from PUBLIC or VPC_ENDPOINT to VPC. To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 ModifyVpcEndpoint API. + // TODO + input := &transfer.UpdateServerInput{ ServerId: aws.String(d.Id()), EndpointDetails: expandTransferEndpointDetails(d.Get("endpoint_details").([]interface{})[0].(map[string]interface{})), @@ -398,6 +403,10 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e if d.HasChange("endpoint_details.0.address_allocation_ids") { stopFlag = true } + + // TODO + // TODO You can edit the SecurityGroupIds property in the UpdateServer API only if you are changing the EndpointType from PUBLIC or VPC_ENDPOINT to VPC. To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 ModifyVpcEndpoint API. + // TODO } if d.HasChange("host_key") { @@ -509,6 +518,10 @@ func expandTransferEndpointDetails(tfMap map[string]interface{}) *transfer.Endpo apiObject.AddressAllocationIds = expandStringSet(v) } + if v, ok := tfMap["security_group_ids"].(*schema.Set); ok && v.Len() > 0 { + apiObject.SecurityGroupIds = expandStringSet(v) + } + if v, ok := tfMap["subnet_ids"].(*schema.Set); ok && v.Len() > 0 { apiObject.SubnetIds = expandStringSet(v) } @@ -535,6 +548,10 @@ func flattenTransferEndpointDetails(apiObject *transfer.EndpointDetails) map[str tfMap["address_allocation_ids"] = aws.StringValueSlice(v) } + if v := apiObject.SecurityGroupIds; v != nil { + tfMap["security_group_ids"] = aws.StringValueSlice(v) + } + if v := apiObject.SubnetIds; v != nil { tfMap["subnet_ids"] = aws.StringValueSlice(v) } diff --git a/website/docs/r/transfer_server.html.markdown b/website/docs/r/transfer_server.html.markdown index ef4616f87e52..5ca1f12a3dea 100644 --- a/website/docs/r/transfer_server.html.markdown +++ b/website/docs/r/transfer_server.html.markdown @@ -104,11 +104,11 @@ The following arguments are supported: **endpoint_details** requires the following: -* `vpc_endpoint_id` - (Optional) The ID of the VPC endpoint. This property can only be used when `endpoint_type` is set to `VPC_ENDPOINT` * `address_allocation_ids` - (Optional) A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when `endpoint_type` is set to `VPC`. +* `security_group_ids` - (Optional) A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when `endpoint_type` is set to `VPC`. * `subnet_ids` - (Optional) A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when `endpoint_type` is set to `VPC`. +* `vpc_endpoint_id` - (Optional) The ID of the VPC endpoint. This property can only be used when `endpoint_type` is set to `VPC_ENDPOINT` * `vpc_id` - (Optional) The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when `endpoint_type` is set to `VPC`. -* `security_group_ids` - (Optional) A list of Security Groups Ids. This property can only be used when `endpoint_type` is set to `VPC`. It can't be change after transfer server creation. ## Attributes Reference In addition to all arguments above, the following attributes are exported: From a470bb6cef96cec15b5d5c72424f1f8e9e1faa56 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 28 Jun 2021 17:17:15 -0400 Subject: [PATCH 26/45] r/aws_transfer_server: Enhance 'TestAccAWSTransferServer_vpc'. --- aws/resource_aws_transfer_server_test.go | 42 +++++++++++++++++++----- 1 file changed, 33 insertions(+), 9 deletions(-) diff --git a/aws/resource_aws_transfer_server_test.go b/aws/resource_aws_transfer_server_test.go index 1480ef6872c6..1d924260e0a6 100644 --- a/aws/resource_aws_transfer_server_test.go +++ b/aws/resource_aws_transfer_server_test.go @@ -228,6 +228,11 @@ func TestAccAWSTransferServer_securityPolicy(t *testing.T) { func TestAccAWSTransferServer_vpc(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" + eip1ResourceName := "aws_eip.test.0" + eip2ResourceName := "aws_eip.test.0" + defaultSecurityGroupResourceName := "aws_default_security_group.test" + subnetResourceName := "aws_subnet.test" + vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") resource.ParallelTest(t, resource.TestCase{ @@ -237,12 +242,17 @@ func TestAccAWSTransferServer_vpc(t *testing.T) { CheckDestroy: testAccCheckAWSTransferServerDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSTransferServerVpcConfig(rName), + Config: testAccAWSTransferServerVpcNoSecurityGroupsConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip1ResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, { @@ -252,11 +262,17 @@ func TestAccAWSTransferServer_vpc(t *testing.T) { ImportStateVerifyIgnore: []string{"force_destroy"}, }, { - Config: testAccAWSTransferServerVpcUpdateConfig(rName), + Config: testAccAWSTransferServerVpcNoSecurityGroupsUpdateConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip2ResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, }, @@ -468,7 +484,7 @@ func TestAccAWSTransferServer_vpcEndpointId(t *testing.T) { CheckDestroy: testAccCheckAWSTransferServerDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSTransferServerVpcEndPointConfig(rName), + Config: testAccAWSTransferServerVpcEndpointConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC_ENDPOINT"), @@ -804,7 +820,7 @@ resource "aws_transfer_ssh_key" "test" { `, rName) } -func testAccAWSTransferServerVpcEndPointConfig(rName string) string { +func testAccAWSTransferServerVpcEndpointConfig(rName string) string { return composeConfig( testAccAWSTransferServerConfigBaseVpc(rName), fmt.Sprintf(` @@ -836,7 +852,7 @@ resource "aws_transfer_server" "test" { `, rName)) } -func testAccAWSTransferServerVpcConfig(rName string) string { +func testAccAWSTransferServerVpcNoSecurityGroupsConfig(rName string) string { return composeConfig( testAccAWSTransferServerConfigBaseVpc(rName), fmt.Sprintf(` @@ -850,19 +866,23 @@ resource "aws_eip" "test" { } } +resource "aws_default_security_group" "test" { + vpc_id = aws_vpc.test.id +} + resource "aws_transfer_server" "test" { endpoint_type = "VPC" endpoint_details { address_allocation_ids = [aws_eip.test[0].id] subnet_ids = [aws_subnet.test.id] - vpc_id = aws_vpc.test.id + vpc_id = aws_default_security_group.test.vpc_id } } `, rName)) } -func testAccAWSTransferServerVpcUpdateConfig(rName string) string { +func testAccAWSTransferServerVpcNoSecurityGroupsUpdateConfig(rName string) string { return composeConfig( testAccAWSTransferServerConfigBaseVpc(rName), fmt.Sprintf(` @@ -876,13 +896,17 @@ resource "aws_eip" "test" { } } +resource "aws_default_security_group" "test" { + vpc_id = aws_vpc.test.id +} + resource "aws_transfer_server" "test" { endpoint_type = "VPC" endpoint_details { address_allocation_ids = [aws_eip.test[1].id] subnet_ids = [aws_subnet.test.id] - vpc_id = aws_vpc.test.id + vpc_id = aws_default_security_group.test.vpc_id } } `, rName)) From 3ebf3a27db02a4fbf35468200be95ff3a61b57b6 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 29 Jun 2021 09:13:27 -0400 Subject: [PATCH 27/45] r/aws_transfer_server: Security Group IDs are not Computed. --- aws/internal/service/transfer/enum.go | 15 +++++++++++++++ aws/resource_aws_transfer_server.go | 18 +++++------------- aws/resource_aws_transfer_server_test.go | 21 +++++---------------- 3 files changed, 25 insertions(+), 29 deletions(-) create mode 100644 aws/internal/service/transfer/enum.go diff --git a/aws/internal/service/transfer/enum.go b/aws/internal/service/transfer/enum.go new file mode 100644 index 000000000000..880b435fa838 --- /dev/null +++ b/aws/internal/service/transfer/enum.go @@ -0,0 +1,15 @@ +package transfer + +const ( + SecurityPolicyName2018_11 = "TransferSecurityPolicy-2018-11" + SecurityPolicyName2020_06 = "TransferSecurityPolicy-2020-06" + SecurityPolicyNameFIPS_2020_06 = "TransferSecurityPolicy-FIPS-2020-06" +) + +func SecurityPolicyName_Values() []string { + return []string{ + SecurityPolicyName2018_11, + SecurityPolicyName2020_06, + SecurityPolicyNameFIPS_2020_06, + } +} diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index c19d62e809b1..207cec30cbae 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -64,29 +64,25 @@ func resourceAwsTransferServer() *schema.Resource { Type: schema.TypeSet, Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, - Set: schema.HashString, ConflictsWith: []string{"endpoint_details.0.vpc_endpoint_id"}, }, "security_group_ids": { Type: schema.TypeSet, Optional: true, - Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, - Set: schema.HashString, ConflictsWith: []string{"endpoint_details.0.vpc_endpoint_id"}, }, "subnet_ids": { Type: schema.TypeSet, Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, - Set: schema.HashString, ConflictsWith: []string{"endpoint_details.0.vpc_endpoint_id"}, }, "vpc_endpoint_id": { Type: schema.TypeString, Optional: true, - ConflictsWith: []string{"endpoint_details.0.address_allocation_ids", "endpoint_details.0.security_group_ids", "endpoint_details.0.subnet_ids", "endpoint_details.0.vpc_id"}, Computed: true, + ConflictsWith: []string{"endpoint_details.0.address_allocation_ids", "endpoint_details.0.security_group_ids", "endpoint_details.0.subnet_ids", "endpoint_details.0.vpc_id"}, }, "vpc_id": { Type: schema.TypeString, @@ -156,14 +152,10 @@ func resourceAwsTransferServer() *schema.Resource { }, "security_policy_name": { - Type: schema.TypeString, - Optional: true, - Default: "TransferSecurityPolicy-2018-11", - ValidateFunc: validation.StringInSlice([]string{ - "TransferSecurityPolicy-2018-11", - "TransferSecurityPolicy-2020-06", - "TransferSecurityPolicy-FIPS-2020-06", - }, false), + Type: schema.TypeString, + Optional: true, + Default: tftransfer.SecurityPolicyName2018_11, + ValidateFunc: validation.StringInSlice(tftransfer.SecurityPolicyName_Values(), false), }, "tags": tagsSchema(), diff --git a/aws/resource_aws_transfer_server_test.go b/aws/resource_aws_transfer_server_test.go index 1d924260e0a6..fc02972f6419 100644 --- a/aws/resource_aws_transfer_server_test.go +++ b/aws/resource_aws_transfer_server_test.go @@ -229,8 +229,7 @@ func TestAccAWSTransferServer_vpc(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" eip1ResourceName := "aws_eip.test.0" - eip2ResourceName := "aws_eip.test.0" - defaultSecurityGroupResourceName := "aws_default_security_group.test" + eip2ResourceName := "aws_eip.test.1" subnetResourceName := "aws_subnet.test" vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") @@ -248,8 +247,7 @@ func TestAccAWSTransferServer_vpc(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip1ResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), - resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), @@ -268,8 +266,7 @@ func TestAccAWSTransferServer_vpc(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip2ResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), - resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), @@ -866,17 +863,13 @@ resource "aws_eip" "test" { } } -resource "aws_default_security_group" "test" { - vpc_id = aws_vpc.test.id -} - resource "aws_transfer_server" "test" { endpoint_type = "VPC" endpoint_details { address_allocation_ids = [aws_eip.test[0].id] subnet_ids = [aws_subnet.test.id] - vpc_id = aws_default_security_group.test.vpc_id + vpc_id = aws_vpc.test.id } } `, rName)) @@ -896,17 +889,13 @@ resource "aws_eip" "test" { } } -resource "aws_default_security_group" "test" { - vpc_id = aws_vpc.test.id -} - resource "aws_transfer_server" "test" { endpoint_type = "VPC" endpoint_details { address_allocation_ids = [aws_eip.test[1].id] subnet_ids = [aws_subnet.test.id] - vpc_id = aws_default_security_group.test.vpc_id + vpc_id = aws_vpc.test.id } } `, rName)) From d320a06afe2f5c14aa64778911b13d5223974e4e Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 17 Jun 2021 15:13:27 -0400 Subject: [PATCH 28/45] r/aws_transfer_server: 'force_destroy' only applies to SERVICE_MANAGED identity providers. Acceptance test output: % TEST=./aws SWEEP=us-east-1,us-east-2,us-west-1,us-west-2 SWEEPARGS=-sweep-run=aws_transfer_server make sweep WARNING: This will destroy infrastructure. Use only in development accounts. go test ./aws -v -sweep=us-east-1,us-east-2,us-west-1,us-west-2 -sweep-run=aws_transfer_server -timeout 60m 2021/06/17 15:10:15 [DEBUG] Running Sweepers for region (us-east-1): 2021/06/17 15:10:15 [DEBUG] Running Sweeper (aws_transfer_server) in region (us-east-1) 2021/06/17 15:10:15 [INFO] AWS Auth provider used: "EnvProvider" 2021/06/17 15:10:15 [DEBUG] Trying to get account information via sts:GetCallerIdentity 2021/06/17 15:10:15 [DEBUG] Trying to get account information via sts:GetCallerIdentity 2021/06/17 15:10:15 Sweeper Tests ran successfully: - aws_transfer_server 2021/06/17 15:10:15 [DEBUG] Running Sweepers for region (us-east-2): 2021/06/17 15:10:15 [DEBUG] Running Sweeper (aws_transfer_server) in region (us-east-2) 2021/06/17 15:10:15 [INFO] AWS Auth provider used: "EnvProvider" 2021/06/17 15:10:15 [DEBUG] Trying to get account information via sts:GetCallerIdentity 2021/06/17 15:10:15 [DEBUG] Trying to get account information via sts:GetCallerIdentity 2021/06/17 15:10:16 Sweeper Tests ran successfully: - aws_transfer_server 2021/06/17 15:10:16 [DEBUG] Running Sweepers for region (us-west-1): 2021/06/17 15:10:16 [DEBUG] Running Sweeper (aws_transfer_server) in region (us-west-1) 2021/06/17 15:10:16 [INFO] AWS Auth provider used: "EnvProvider" 2021/06/17 15:10:16 [DEBUG] Trying to get account information via sts:GetCallerIdentity 2021/06/17 15:10:16 [DEBUG] Trying to get account information via sts:GetCallerIdentity 2021/06/17 15:10:17 Sweeper Tests ran successfully: - aws_transfer_server 2021/06/17 15:10:17 [DEBUG] Running Sweepers for region (us-west-2): 2021/06/17 15:10:17 [DEBUG] Running Sweeper (aws_transfer_server) in region (us-west-2) 2021/06/17 15:10:17 [INFO] AWS Auth provider used: "EnvProvider" 2021/06/17 15:10:17 [DEBUG] Trying to get account information via sts:GetCallerIdentity 2021/06/17 15:10:17 [DEBUG] Trying to get account information via sts:GetCallerIdentity 2021/06/17 15:10:19 [DEBUG] Deleting Transfer Server: (s-b61cc3bc5a0e40888) 2021/06/17 15:10:19 [DEBUG] Deleting Transfer Server: (s-a26280943c9345d0b) 2021/06/17 15:10:20 [DEBUG] Waiting for state to become: [] 2021/06/17 15:10:20 [DEBUG] Waiting for state to become: [] 2021/06/17 15:10:21 Sweeper Tests ran successfully: - aws_transfer_server ok github.com/terraform-providers/terraform-provider-aws/aws 8.971s --- aws/resource_aws_transfer_server.go | 18 ++---- aws/resource_aws_transfer_server_test.go | 68 +++++++++++++++----- aws/resource_aws_transfer_user.go | 28 +++++--- website/docs/r/transfer_server.html.markdown | 2 +- 4 files changed, 80 insertions(+), 36 deletions(-) diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index 207cec30cbae..628cd9173c9d 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -8,12 +8,11 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/transfer" "github.com/hashicorp/aws-sdk-go-base/tfawserr" - "github.com/hashicorp/go-multierror" + multierror "github.com/hashicorp/go-multierror" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags" - tftransfer "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/transfer" "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/transfer/finder" "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/transfer/waiter" "github.com/terraform-providers/terraform-provider-aws/aws/internal/tfresource" @@ -438,7 +437,7 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e func resourceAwsTransferServerDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).transferconn - if d.Get("force_destroy").(bool) { + if d.Get("force_destroy").(bool) && d.Get("identity_provider_type").(string) == transfer.IdentityProviderTypeServiceManaged { input := &transfer.ListUsersInput{ ServerId: aws.String(d.Id()), } @@ -450,15 +449,12 @@ func resourceAwsTransferServerDelete(d *schema.ResourceData, meta interface{}) e } for _, user := range page.Users { - resourceID := tftransfer.UserCreateResourceID(d.Id(), aws.StringValue(user.UserName)) - - r := resourceAwsTransferUser() - d := r.Data(nil) - d.SetId(resourceID) - err := r.Delete(d, meta) + err := transferUserDelete(conn, d.Id(), aws.StringValue(user.UserName)) if err != nil { - deletionErrs = multierror.Append(deletionErrs, fmt.Errorf("error deleting Transfer User (%s): %w", resourceID, err)) + log.Printf("[ERROR] %s", err) + deletionErrs = multierror.Append(deletionErrs, err) + continue } } @@ -477,7 +473,7 @@ func resourceAwsTransferServerDelete(d *schema.ResourceData, meta interface{}) e } } - log.Printf("[DEBUG] Deleting Transfer Server (%s)", d.Id()) + log.Printf("[DEBUG] Deleting Transfer Server: (%s)", d.Id()) _, err := conn.DeleteServer(&transfer.DeleteServerInput{ ServerId: aws.String(d.Id()), }) diff --git a/aws/resource_aws_transfer_server_test.go b/aws/resource_aws_transfer_server_test.go index fc02972f6419..d00b4ff9c3f2 100644 --- a/aws/resource_aws_transfer_server_test.go +++ b/aws/resource_aws_transfer_server_test.go @@ -9,7 +9,6 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/acmpca" "github.com/aws/aws-sdk-go/service/transfer" - "github.com/hashicorp/go-multierror" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" @@ -33,7 +32,7 @@ func testSweepTransferServers(region string) error { } conn := client.(*AWSClient).transferconn input := &transfer.ListServersInput{} - var sweeperErrs *multierror.Error + sweepResources := make([]*testSweepResource, 0) err = conn.ListServersPages(input, func(page *transfer.ListServersOutput, lastPage bool) bool { if page == nil { @@ -45,13 +44,9 @@ func testSweepTransferServers(region string) error { d := r.Data(nil) d.SetId(aws.StringValue(server.ServerId)) d.Set("force_destroy", true) // In lieu of an aws_transfer_user sweeper. - err = r.Delete(d, client) + d.Set("identity_provider_type", server.IdentityProviderType) - if err != nil { - log.Printf("[ERROR] %s", err) - sweeperErrs = multierror.Append(sweeperErrs, err) - continue - } + sweepResources = append(sweepResources, NewTestSweepResource(r, d, client)) } return !lastPage @@ -59,14 +54,20 @@ func testSweepTransferServers(region string) error { if testSweepSkipSweepError(err) { log.Printf("[WARN] Skipping Transfer Server sweep for %s: %s", region, err) - return sweeperErrs.ErrorOrNil() // In case we have completed some pages, but had errors + return nil + } + + if err != nil { + return fmt.Errorf("error listing Transfer Servers (%s): %w", region, err) } + err = testSweepResourceOrchestrator(sweepResources) + if err != nil { - sweeperErrs = multierror.Append(sweeperErrs, fmt.Errorf("error listing Transfer Servers: %w", err)) + return fmt.Errorf("error sweeping Transfer Servers (%s): %w", region, err) } - return sweeperErrs.ErrorOrNil() + return nil } func testAccErrorCheckSkipTransfer(t *testing.T) resource.ErrorCheckFunc { @@ -392,13 +393,48 @@ func TestAccAWSTransferServer_apiGateway(t *testing.T) { CheckDestroy: testAccCheckAWSTransferServerDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSTransferServerApiGatewayIdentityProviderTypeConfig(rName), + Config: testAccAWSTransferServerApiGatewayIdentityProviderTypeConfig(rName, false), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "identity_provider_type", "API_GATEWAY"), resource.TestCheckResourceAttrPair(resourceName, "invocation_role", "aws_iam_role.test", "arn"), ), }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"force_destroy"}, + }, + }, + }) +} + +func TestAccAWSTransferServer_apiGateway_forceDestroy(t *testing.T) { + var conf transfer.DescribedServer + resourceName := "aws_transfer_server.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccAPIGatewayTypeEDGEPreCheck(t); testAccPreCheckAWSTransfer(t) }, + ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSTransferServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSTransferServerApiGatewayIdentityProviderTypeConfig(rName, true), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "identity_provider_type", "API_GATEWAY"), + resource.TestCheckResourceAttrPair(resourceName, "invocation_role", "aws_iam_role.test", "arn"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"force_destroy"}, + }, }, }) } @@ -747,18 +783,20 @@ resource "aws_transfer_server" "test" { `) } -func testAccAWSTransferServerApiGatewayIdentityProviderTypeConfig(rName string) string { +func testAccAWSTransferServerApiGatewayIdentityProviderTypeConfig(rName string, forceDestroy bool) string { return composeConfig( testAccAWSTransferServerConfigBaseApiGateway(rName), testAccAWSTransferServerConfigBaseLoggingRole(rName), - ` + fmt.Sprintf(` resource "aws_transfer_server" "test" { identity_provider_type = "API_GATEWAY" url = "${aws_api_gateway_deployment.test.invoke_url}${aws_api_gateway_resource.test.path}" invocation_role = aws_iam_role.test.arn logging_role = aws_iam_role.test.arn + + force_destroy = %[1]t } -`) +`, forceDestroy)) } func testAccAWSTransferServerForceDestroyConfig(rName string) string { diff --git a/aws/resource_aws_transfer_user.go b/aws/resource_aws_transfer_user.go index 61f8fdc5fd3e..b34f1ea9b59a 100644 --- a/aws/resource_aws_transfer_user.go +++ b/aws/resource_aws_transfer_user.go @@ -6,6 +6,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/transfer" + "github.com/hashicorp/aws-sdk-go-base/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags" @@ -288,30 +289,39 @@ func resourceAwsTransferUserUpdate(d *schema.ResourceData, meta interface{}) err func resourceAwsTransferUserDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).transferconn + serverID, userName, err := tftransfer.UserParseResourceID(d.Id()) + if err != nil { return fmt.Errorf("error parsing Transfer User ID: %w", err) } - delOpts := &transfer.DeleteUserInput{ - UserName: aws.String(userName), + return transferUserDelete(conn, serverID, userName) +} + +// transferUserDelete attempts to delete a transfer user. +func transferUserDelete(conn *transfer.Transfer, serverID, userName string) error { + id := fmt.Sprintf("%s/%s", serverID, userName) + input := &transfer.DeleteUserInput{ ServerId: aws.String(serverID), + UserName: aws.String(userName), } - log.Printf("[DEBUG] Delete Transfer User Option: %#v", delOpts) + log.Printf("[INFO] Deleting Transfer User: %s", id) + _, err := conn.DeleteUser(input) + + if tfawserr.ErrCodeEquals(err, transfer.ErrCodeResourceNotFoundException) { + return nil + } - _, err = conn.DeleteUser(delOpts) if err != nil { - if isAWSErr(err, transfer.ErrCodeResourceNotFoundException, "") { - return nil - } - return fmt.Errorf("error deleting Transfer User (%s) for Server(%s): %w", userName, serverID, err) + return fmt.Errorf("error deleting Transfer User (%s): %w", id, err) } _, err = waiter.UserDeleted(conn, serverID, userName) if err != nil { - return fmt.Errorf("error waiting for Transfer User (%s) delete: %w", d.Id(), err) + return fmt.Errorf("error waiting for Transfer User (%s) delete: %w", id, err) } return nil diff --git a/website/docs/r/transfer_server.html.markdown b/website/docs/r/transfer_server.html.markdown index 5ca1f12a3dea..257f4703b11c 100644 --- a/website/docs/r/transfer_server.html.markdown +++ b/website/docs/r/transfer_server.html.markdown @@ -98,7 +98,7 @@ The following arguments are supported: * `url` - (Optional) - URL of the service endpoint used to authenticate users with an `identity_provider_type` of `API_GATEWAY`. * `identity_provider_type` - (Optional) The mode of authentication enabled for this service. The default value is `SERVICE_MANAGED`, which allows you to store and access SFTP user credentials within the service. `API_GATEWAY` indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice. * `logging_role` - (Optional) Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes. -* `force_destroy` - (Optional) A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is `false`. +* `force_destroy` - (Optional) A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is `false`. This option only applies to servers configured with a `SERVICE_MANAGED` `identity_provider_type`. * `security_policy_name` - (Optional) Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, and `TransferSecurityPolicy-FIPS-2020-06`. Default value is: `TransferSecurityPolicy-2018-11`. * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level. From 4a36d75bfe0f3f5be2fae083e0c0d569750e8588 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 17 Jun 2021 17:03:27 -0400 Subject: [PATCH 29/45] Serialize Transfer acceptance tests. --- aws/resource_aws_transfer_server_test.go | 48 +++++++++++------------ aws/resource_aws_transfer_ssh_key_test.go | 4 +- aws/resource_aws_transfer_test.go | 46 ++++++++++++++++++++++ aws/resource_aws_transfer_user_test.go | 24 ++++++------ 4 files changed, 84 insertions(+), 38 deletions(-) create mode 100644 aws/resource_aws_transfer_test.go diff --git a/aws/resource_aws_transfer_server_test.go b/aws/resource_aws_transfer_server_test.go index d00b4ff9c3f2..efd9601cd4ac 100644 --- a/aws/resource_aws_transfer_server_test.go +++ b/aws/resource_aws_transfer_server_test.go @@ -76,13 +76,13 @@ func testAccErrorCheckSkipTransfer(t *testing.T) resource.ErrorCheckFunc { ) } -func TestAccAWSTransferServer_basic(t *testing.T) { +func testAccAWSTransferServer_basic(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" iamRoleResourceName := "aws_iam_role.test" rName := acctest.RandomWithPrefix("tf-acc-test") - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -143,11 +143,11 @@ func TestAccAWSTransferServer_basic(t *testing.T) { }) } -func TestAccAWSTransferServer_domain(t *testing.T) { +func testAccAWSTransferServer_domain(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -170,11 +170,11 @@ func TestAccAWSTransferServer_domain(t *testing.T) { }) } -func TestAccAWSTransferServer_disappears(t *testing.T) { +func testAccAWSTransferServer_disappears(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -192,11 +192,11 @@ func TestAccAWSTransferServer_disappears(t *testing.T) { }) } -func TestAccAWSTransferServer_securityPolicy(t *testing.T) { +func testAccAWSTransferServer_securityPolicy(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -226,7 +226,7 @@ func TestAccAWSTransferServer_securityPolicy(t *testing.T) { }) } -func TestAccAWSTransferServer_vpc(t *testing.T) { +func testAccAWSTransferServer_vpc(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" eip1ResourceName := "aws_eip.test.0" @@ -235,7 +235,7 @@ func TestAccAWSTransferServer_vpc(t *testing.T) { vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -279,12 +279,12 @@ func TestAccAWSTransferServer_vpc(t *testing.T) { // Reference: https://github.com/hashicorp/terraform-provider-aws/issues/16556 /* -func TestAccAWSTransferServer_updateEndpointType(t *testing.T) { +func testAccAWSTransferServer_updateEndpointType(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" rName := acctest.RandomWithPrefix("tf-acc-test") - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -318,7 +318,7 @@ func TestAccAWSTransferServer_updateEndpointType(t *testing.T) { } */ -func TestAccAWSTransferServer_protocols(t *testing.T) { +func testAccAWSTransferServer_protocols(t *testing.T) { var s transfer.DescribedServer var ca acmpca.CertificateAuthority resourceName := "aws_transfer_server.test" @@ -326,7 +326,7 @@ func TestAccAWSTransferServer_protocols(t *testing.T) { acmCertificateResourceName := "aws_acm_certificate.test" rName := acctest.RandomWithPrefix("tf-acc-test") - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccAPIGatewayTypeEDGEPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -381,12 +381,12 @@ func TestAccAWSTransferServer_protocols(t *testing.T) { }) } -func TestAccAWSTransferServer_apiGateway(t *testing.T) { +func testAccAWSTransferServer_apiGateway(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" rName := acctest.RandomWithPrefix("tf-acc-test") - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccAPIGatewayTypeEDGEPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -410,12 +410,12 @@ func TestAccAWSTransferServer_apiGateway(t *testing.T) { }) } -func TestAccAWSTransferServer_apiGateway_forceDestroy(t *testing.T) { +func testAccAWSTransferServer_apiGateway_forceDestroy(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" rName := acctest.RandomWithPrefix("tf-acc-test") - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccAPIGatewayTypeEDGEPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -439,7 +439,7 @@ func TestAccAWSTransferServer_apiGateway_forceDestroy(t *testing.T) { }) } -func TestAccAWSTransferServer_forceDestroy(t *testing.T) { +func testAccAWSTransferServer_forceDestroy(t *testing.T) { var s transfer.DescribedServer var u transfer.DescribedUser var k transfer.SshPublicKey @@ -448,7 +448,7 @@ func TestAccAWSTransferServer_forceDestroy(t *testing.T) { sshKeyResourceName := "aws_transfer_ssh_key.test" rName := acctest.RandomWithPrefix("tf-acc-test") - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -473,12 +473,12 @@ func TestAccAWSTransferServer_forceDestroy(t *testing.T) { }) } -func TestAccAWSTransferServer_hostKey(t *testing.T) { +func testAccAWSTransferServer_hostKey(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" hostKey := "test-fixtures/transfer-ssh-rsa-key" - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -501,7 +501,7 @@ func TestAccAWSTransferServer_hostKey(t *testing.T) { }) } -func TestAccAWSTransferServer_vpcEndpointId(t *testing.T) { +func testAccAWSTransferServer_vpcEndpointId(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" rName := acctest.RandomWithPrefix("tf-acc-test") @@ -510,7 +510,7 @@ func TestAccAWSTransferServer_vpcEndpointId(t *testing.T) { t.Skip("Transfer Server VPC_ENDPOINT endpoint type is not supported in GovCloud partition") } - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, diff --git a/aws/resource_aws_transfer_ssh_key_test.go b/aws/resource_aws_transfer_ssh_key_test.go index 9437daee8f8d..c7bc79c9c8d5 100644 --- a/aws/resource_aws_transfer_ssh_key_test.go +++ b/aws/resource_aws_transfer_ssh_key_test.go @@ -11,11 +11,11 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) -func TestAccAWSTransferSshKey_basic(t *testing.T) { +func testAccAWSTransferSshKey_basic(t *testing.T) { var conf transfer.SshPublicKey rName := acctest.RandString(5) - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, diff --git a/aws/resource_aws_transfer_test.go b/aws/resource_aws_transfer_test.go new file mode 100644 index 000000000000..49a5ef44dad2 --- /dev/null +++ b/aws/resource_aws_transfer_test.go @@ -0,0 +1,46 @@ +package aws + +import ( + "testing" +) + +func TestAccAWSTransfer_serial(t *testing.T) { + testCases := map[string]map[string]func(t *testing.T){ + "Server": { + "basic": testAccAWSTransferServer_basic, + "disappears": testAccAWSTransferServer_disappears, + "APIGateway": testAccAWSTransferServer_apiGateway, + "APIGatewayForceDestroy": testAccAWSTransferServer_apiGateway_forceDestroy, + "Domain": testAccAWSTransferServer_domain, + "ForceDestroy": testAccAWSTransferServer_forceDestroy, + "HostKey": testAccAWSTransferServer_hostKey, + "Protocols": testAccAWSTransferServer_protocols, + "SecurityPolicy": testAccAWSTransferServer_securityPolicy, + "VPC": testAccAWSTransferServer_vpc, + "VPCEndpointID": testAccAWSTransferServer_vpcEndpointId, + }, + "SSHKey": { + "basic": testAccAWSTransferSshKey_basic, + }, + "User": { + "basic": testAccAWSTransferUser_basic, + "disappears": testAccAWSTransferUser_disappears, + "HomeDirectoryMappings": testAccAWSTransferUser_homeDirectoryMappings, + "ModifyWithOptions": testAccAWSTransferUser_modifyWithOptions, + "Posix": testAccAWSTransferUser_posix, + "UserNameValidation": testAccAWSTransferUser_UserName_Validation, + }, + } + + for group, m := range testCases { + m := m + t.Run(group, func(t *testing.T) { + for name, tc := range m { + tc := tc + t.Run(name, func(t *testing.T) { + tc(t) + }) + } + }) + } +} diff --git a/aws/resource_aws_transfer_user_test.go b/aws/resource_aws_transfer_user_test.go index c92e735b503f..def98d4f7532 100644 --- a/aws/resource_aws_transfer_user_test.go +++ b/aws/resource_aws_transfer_user_test.go @@ -13,12 +13,12 @@ import ( "github.com/terraform-providers/terraform-provider-aws/aws/internal/tfresource" ) -func TestAccAWSTransferUser_basic(t *testing.T) { +func testAccAWSTransferUser_basic(t *testing.T) { var conf transfer.DescribedUser resourceName := "aws_transfer_user.test" rName := acctest.RandString(10) - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -43,12 +43,12 @@ func TestAccAWSTransferUser_basic(t *testing.T) { }) } -func TestAccAWSTransferUser_posix(t *testing.T) { +func testAccAWSTransferUser_posix(t *testing.T) { var conf transfer.DescribedUser resourceName := "aws_transfer_user.test" rName := acctest.RandString(10) - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -82,13 +82,13 @@ func TestAccAWSTransferUser_posix(t *testing.T) { }) } -func TestAccAWSTransferUser_modifyWithOptions(t *testing.T) { +func testAccAWSTransferUser_modifyWithOptions(t *testing.T) { var conf transfer.DescribedUser resourceName := "aws_transfer_user.test" rName := acctest.RandString(10) rName2 := acctest.RandString(10) - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -129,13 +129,13 @@ func TestAccAWSTransferUser_modifyWithOptions(t *testing.T) { }) } -func TestAccAWSTransferUser_disappears(t *testing.T) { +func testAccAWSTransferUser_disappears(t *testing.T) { var serverConf transfer.DescribedServer var userConf transfer.DescribedUser rName := acctest.RandString(10) resourceName := "aws_transfer_user.test" - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -154,8 +154,8 @@ func TestAccAWSTransferUser_disappears(t *testing.T) { }) } -func TestAccAWSTransferUser_UserName_Validation(t *testing.T) { - resource.ParallelTest(t, resource.TestCase{ +func testAccAWSTransferUser_UserName_Validation(t *testing.T) { + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, @@ -191,12 +191,12 @@ func TestAccAWSTransferUser_UserName_Validation(t *testing.T) { }) } -func TestAccAWSTransferUser_homeDirectoryMappings(t *testing.T) { +func testAccAWSTransferUser_homeDirectoryMappings(t *testing.T) { var conf transfer.DescribedUser rName := acctest.RandString(10) resourceName := "aws_transfer_user.test" - resource.ParallelTest(t, resource.TestCase{ + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), Providers: testAccProviders, From 47f3107079149fc42d4fd3e06f15a7293c563352 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 29 Jun 2021 09:59:31 -0400 Subject: [PATCH 30/45] r/aws_transfer_server: Prevent "InvalidRequestException: Changing VpcId is not supported". --- aws/resource_aws_transfer_server.go | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index 628cd9173c9d..7d91952c85f3 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -1,6 +1,7 @@ package aws import ( + "context" "fmt" "log" "time" @@ -9,10 +10,12 @@ import ( "github.com/aws/aws-sdk-go/service/transfer" "github.com/hashicorp/aws-sdk-go-base/tfawserr" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags" + tftransfer "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/transfer" "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/transfer/finder" "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/transfer/waiter" "github.com/terraform-providers/terraform-provider-aws/aws/internal/tfresource" @@ -28,6 +31,18 @@ func resourceAwsTransferServer() *schema.Resource { State: schema.ImportStatePassthrough, }, + CustomizeDiff: customdiff.Sequence( + SetTagsDiff, + customdiff.ForceNewIfChange("endpoint_details.0.vpc_id", func(_ context.Context, old, new, meta interface{}) bool { + // "InvalidRequestException: Changing VpcId is not supported". + if old, new := old.(string), new.(string); old != "" && new != old { + return true + } + + return false + }), + ), + Schema: map[string]*schema.Schema{ "arn": { Type: schema.TypeString, @@ -165,8 +180,6 @@ func resourceAwsTransferServer() *schema.Resource { Optional: true, }, }, - - CustomizeDiff: SetTagsDiff, } } From 19d7ee958f6c0e4bceffadfaca234957af24381e Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 29 Jun 2021 11:07:39 -0400 Subject: [PATCH 31/45] r/aws_transfer_server: Read security group IDs via EC2 DecsribeVpcEndpoints API. Acceptance test output (failures expected): % make testacc TEST=./aws TESTARGS='-run=TestAccAWSTransfer_serial/Server/VPC$' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSTransfer_serial/Server/VPC -timeout 180m === RUN TestAccAWSTransfer_serial === RUN TestAccAWSTransfer_serial/Server === RUN TestAccAWSTransfer_serial/Server/VPCAddressAllocationIDs resource_aws_transfer_server_test.go:288: Step 3/3 error: Error running apply: exit status 1 2021/06/29 10:59:43 [DEBUG] Using modified User-Agent: Terraform/0.12.31 HashiCorp-terraform-exec/0.13.3 Error: error updating Transfer Server (s-45159289697f40d29): InvalidRequestException: Changing Security Group is not supported on terraform_plugin_test.tf line 66, in resource "aws_transfer_server" "test": 66: resource "aws_transfer_server" "test" { === RUN TestAccAWSTransfer_serial/Server/VPC resource_aws_transfer_server_test.go:237: Step 3/3 error: Error running apply: exit status 1 2021/06/29 11:00:57 [DEBUG] Using modified User-Agent: Terraform/0.12.31 HashiCorp-terraform-exec/0.13.3 Error: error updating Transfer Server (s-e9f52c9d825845e5a): InvalidRequestException: Changing Security Group is not supported on terraform_plugin_test.tf line 56, in resource "aws_transfer_server" "test": 56: resource "aws_transfer_server" "test" { === RUN TestAccAWSTransfer_serial/Server/VPCEndpointID === RUN TestAccAWSTransfer_serial/Server/VPCSecurityGroupIDs resource_aws_transfer_server_test.go:340: Step 3/3 error: Error running apply: exit status 1 2021/06/29 11:03:44 [DEBUG] Using modified User-Agent: Terraform/0.12.31 HashiCorp-terraform-exec/0.13.3 Error: error updating Transfer Server (s-1e131250f9944c45a): InvalidRequestException: Changing Security Group is not supported on terraform_plugin_test.tf line 65, in resource "aws_transfer_server" "test": 65: resource "aws_transfer_server" "test" { --- FAIL: TestAccAWSTransfer_serial (411.21s) --- FAIL: TestAccAWSTransfer_serial/Server (411.21s) --- FAIL: TestAccAWSTransfer_serial/Server/VPCAddressAllocationIDs (185.57s) --- FAIL: TestAccAWSTransfer_serial/Server/VPC (58.73s) --- PASS: TestAccAWSTransfer_serial/Server/VPCEndpointID (106.22s) --- FAIL: TestAccAWSTransfer_serial/Server/VPCSecurityGroupIDs (60.69s) FAIL FAIL github.com/terraform-providers/terraform-provider-aws/aws 414.320s FAIL make: *** [testacc] Error 1 --- aws/resource_aws_transfer_server.go | 26 +++- aws/resource_aws_transfer_server_test.go | 184 ++++++++++++++++++++++- aws/resource_aws_transfer_test.go | 24 +-- 3 files changed, 214 insertions(+), 20 deletions(-) diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index 7d91952c85f3..f249bd117d1f 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -15,6 +15,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags" + ec2finder "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/ec2/finder" tftransfer "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/transfer" "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/transfer/finder" "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/transfer/waiter" @@ -83,6 +84,7 @@ func resourceAwsTransferServer() *schema.Resource { "security_group_ids": { Type: schema.TypeSet, Optional: true, + Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, ConflictsWith: []string{"endpoint_details.0.vpc_endpoint_id"}, }, @@ -317,7 +319,23 @@ func resourceAwsTransferServerRead(d *schema.ResourceData, meta interface{}) err d.Set("domain", output.Domain) d.Set("endpoint", meta.(*AWSClient).RegionalHostname(fmt.Sprintf("%s.server.transfer", d.Id()))) if output.EndpointDetails != nil { - if err := d.Set("endpoint_details", []interface{}{flattenTransferEndpointDetails(output.EndpointDetails)}); err != nil { + securityGroupIDs := make([]*string, 0) + + // Security Group IDs are not returned for VPC endpoints. + if aws.StringValue(output.EndpointType) == transfer.EndpointTypeVpc && len(output.EndpointDetails.SecurityGroupIds) == 0 { + vpcEndpointID := aws.StringValue(output.EndpointDetails.VpcEndpointId) + output, err := ec2finder.VpcEndpointByID(meta.(*AWSClient).ec2conn, vpcEndpointID) + + if err != nil { + return fmt.Errorf("error reading Transfer Server (%s) VPC Endpoint (%s): %w", d.Id(), vpcEndpointID, err) + } + + for _, group := range output.Groups { + securityGroupIDs = append(securityGroupIDs, group.GroupId) + } + } + + if err := d.Set("endpoint_details", []interface{}{flattenTransferEndpointDetails(output.EndpointDetails, securityGroupIDs)}); err != nil { return fmt.Errorf("error setting endpoint_details: %w", err) } } else { @@ -538,7 +556,7 @@ func expandTransferEndpointDetails(tfMap map[string]interface{}) *transfer.Endpo return apiObject } -func flattenTransferEndpointDetails(apiObject *transfer.EndpointDetails) map[string]interface{} { +func flattenTransferEndpointDetails(apiObject *transfer.EndpointDetails, securityGroupIDs []*string) map[string]interface{} { if apiObject == nil { return nil } @@ -549,8 +567,10 @@ func flattenTransferEndpointDetails(apiObject *transfer.EndpointDetails) map[str tfMap["address_allocation_ids"] = aws.StringValueSlice(v) } - if v := apiObject.SecurityGroupIds; v != nil { + if v := apiObject.SecurityGroupIds; len(v) > 0 { tfMap["security_group_ids"] = aws.StringValueSlice(v) + } else if len(securityGroupIDs) > 0 { + tfMap["security_group_ids"] = aws.StringValueSlice(securityGroupIDs) } if v := apiObject.SubnetIds; v != nil { diff --git a/aws/resource_aws_transfer_server_test.go b/aws/resource_aws_transfer_server_test.go index efd9601cd4ac..c023576ef251 100644 --- a/aws/resource_aws_transfer_server_test.go +++ b/aws/resource_aws_transfer_server_test.go @@ -227,10 +227,60 @@ func testAccAWSTransferServer_securityPolicy(t *testing.T) { } func testAccAWSTransferServer_vpc(t *testing.T) { + var conf transfer.DescribedServer + resourceName := "aws_transfer_server.test" + defaultSecurityGroupResourceName := "aws_default_security_group.test" + subnetResourceName := "aws_subnet.test" + vpcResourceName := "aws_vpc.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, + ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSTransferServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSTransferServerVpcConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"force_destroy"}, + }, + { + Config: testAccAWSTransferServerVpcUpdateConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, + }, + }) +} + +func testAccAWSTransferServer_vpcAddressAllocationIds(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" eip1ResourceName := "aws_eip.test.0" eip2ResourceName := "aws_eip.test.1" + defaultSecurityGroupResourceName := "aws_default_security_group.test" subnetResourceName := "aws_subnet.test" vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") @@ -242,13 +292,14 @@ func testAccAWSTransferServer_vpc(t *testing.T) { CheckDestroy: testAccCheckAWSTransferServerDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSTransferServerVpcNoSecurityGroupsConfig(rName), + Config: testAccAWSTransferServerVpcAddressAllocationIdsNoSecurityGroupsConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip1ResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), @@ -261,13 +312,14 @@ func testAccAWSTransferServer_vpc(t *testing.T) { ImportStateVerifyIgnore: []string{"force_destroy"}, }, { - Config: testAccAWSTransferServerVpcNoSecurityGroupsUpdateConfig(rName), + Config: testAccAWSTransferServerVpcAddressAllocationIdsNoSecurityGroupsUpdateConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip2ResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), @@ -277,6 +329,54 @@ func testAccAWSTransferServer_vpc(t *testing.T) { }) } +func testAccAWSTransferServer_vpcSecurityGroupIds(t *testing.T) { + var conf transfer.DescribedServer + resourceName := "aws_transfer_server.test" + securityGroup1ResourceName := "aws_security_group.test" + securityGroup2ResourceName := "aws_security_group.tes2" + vpcResourceName := "aws_vpc.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, + ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSTransferServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSTransferServerVpcSecurityGroupIdsConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", securityGroup1ResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"force_destroy"}, + }, + { + Config: testAccAWSTransferServerVpcSecurityGroupIdsUpdateConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", securityGroup2ResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, + }, + }) +} + // Reference: https://github.com/hashicorp/terraform-provider-aws/issues/16556 /* func testAccAWSTransferServer_updateEndpointType(t *testing.T) { @@ -649,6 +749,10 @@ resource "aws_security_group" "test" { Name = %[1]q } } + +resource "aws_default_security_group" "test" { + vpc_id = aws_vpc.test.id +} `, rName) } @@ -887,7 +991,36 @@ resource "aws_transfer_server" "test" { `, rName)) } -func testAccAWSTransferServerVpcNoSecurityGroupsConfig(rName string) string { +func testAccAWSTransferServerVpcConfig(rName string) string { + return composeConfig( + testAccAWSTransferServerConfigBaseVpc(rName), + ` +resource "aws_transfer_server" "test" { + endpoint_type = "VPC" + + endpoint_details { + vpc_id = aws_vpc.test.id + } +} +`) +} + +func testAccAWSTransferServerVpcUpdateConfig(rName string) string { + return composeConfig( + testAccAWSTransferServerConfigBaseVpc(rName), + ` +resource "aws_transfer_server" "test" { + endpoint_type = "VPC" + + endpoint_details { + subnet_ids = [aws_subnet.test.id] + vpc_id = aws_vpc.test.id + } +} +`) +} + +func testAccAWSTransferServerVpcAddressAllocationIdsNoSecurityGroupsConfig(rName string) string { return composeConfig( testAccAWSTransferServerConfigBaseVpc(rName), fmt.Sprintf(` @@ -913,7 +1046,7 @@ resource "aws_transfer_server" "test" { `, rName)) } -func testAccAWSTransferServerVpcNoSecurityGroupsUpdateConfig(rName string) string { +func testAccAWSTransferServerVpcAddressAllocationIdsNoSecurityGroupsUpdateConfig(rName string) string { return composeConfig( testAccAWSTransferServerConfigBaseVpc(rName), fmt.Sprintf(` @@ -939,6 +1072,45 @@ resource "aws_transfer_server" "test" { `, rName)) } +func testAccAWSTransferServerVpcSecurityGroupIdsConfig(rName string) string { + return composeConfig( + testAccAWSTransferServerConfigBaseVpc(rName), + ` +resource "aws_transfer_server" "test" { + endpoint_type = "VPC" + + endpoint_details { + security_group_ids = [aws_security_group.test.id] + vpc_id = aws_vpc.test.id + } +} +`) +} + +func testAccAWSTransferServerVpcSecurityGroupIdsUpdateConfig(rName string) string { + return composeConfig( + testAccAWSTransferServerConfigBaseVpc(rName), + fmt.Sprintf(` +resource "aws_security_group" "test2" { + name = "%[1]s-2" + vpc_id = aws_vpc.test.id + + tags = { + Name = "%[1]s-2" + } +} + +resource "aws_transfer_server" "test" { + endpoint_type = "VPC" + + endpoint_details { + security_group_ids = [aws_security_group.test2.id] + vpc_id = aws_vpc.test.id + } +} +`, rName)) +} + func testAccAWSTransferServerHostKeyConfig(hostKey string) string { return fmt.Sprintf(` resource "aws_transfer_server" "test" { diff --git a/aws/resource_aws_transfer_test.go b/aws/resource_aws_transfer_test.go index 49a5ef44dad2..17e3adde8b7e 100644 --- a/aws/resource_aws_transfer_test.go +++ b/aws/resource_aws_transfer_test.go @@ -7,17 +7,19 @@ import ( func TestAccAWSTransfer_serial(t *testing.T) { testCases := map[string]map[string]func(t *testing.T){ "Server": { - "basic": testAccAWSTransferServer_basic, - "disappears": testAccAWSTransferServer_disappears, - "APIGateway": testAccAWSTransferServer_apiGateway, - "APIGatewayForceDestroy": testAccAWSTransferServer_apiGateway_forceDestroy, - "Domain": testAccAWSTransferServer_domain, - "ForceDestroy": testAccAWSTransferServer_forceDestroy, - "HostKey": testAccAWSTransferServer_hostKey, - "Protocols": testAccAWSTransferServer_protocols, - "SecurityPolicy": testAccAWSTransferServer_securityPolicy, - "VPC": testAccAWSTransferServer_vpc, - "VPCEndpointID": testAccAWSTransferServer_vpcEndpointId, + "basic": testAccAWSTransferServer_basic, + "disappears": testAccAWSTransferServer_disappears, + "APIGateway": testAccAWSTransferServer_apiGateway, + "APIGatewayForceDestroy": testAccAWSTransferServer_apiGateway_forceDestroy, + "Domain": testAccAWSTransferServer_domain, + "ForceDestroy": testAccAWSTransferServer_forceDestroy, + "HostKey": testAccAWSTransferServer_hostKey, + "Protocols": testAccAWSTransferServer_protocols, + "SecurityPolicy": testAccAWSTransferServer_securityPolicy, + "VPC": testAccAWSTransferServer_vpc, + "VPCAddressAllocationIDs": testAccAWSTransferServer_vpcAddressAllocationIds, + "VPCEndpointID": testAccAWSTransferServer_vpcEndpointId, + "VPCSecurityGroupIDs": testAccAWSTransferServer_vpcSecurityGroupIds, }, "SSHKey": { "basic": testAccAWSTransferSshKey_basic, From fedf8cd136de3654d85341dbf3d6aff6b438e5cf Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 30 Jun 2021 12:17:38 -0400 Subject: [PATCH 32/45] r/aws_transfer_server: Additional tests. --- aws/resource_aws_transfer_server_test.go | 369 ++++++++++++++++++++++- aws/resource_aws_transfer_test.go | 28 +- 2 files changed, 377 insertions(+), 20 deletions(-) diff --git a/aws/resource_aws_transfer_server_test.go b/aws/resource_aws_transfer_server_test.go index c023576ef251..7067370b854e 100644 --- a/aws/resource_aws_transfer_server_test.go +++ b/aws/resource_aws_transfer_server_test.go @@ -245,10 +245,12 @@ func testAccAWSTransferServer_vpc(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, @@ -263,11 +265,13 @@ func testAccAWSTransferServer_vpc(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, @@ -292,16 +296,18 @@ func testAccAWSTransferServer_vpcAddressAllocationIds(t *testing.T) { CheckDestroy: testAccCheckAWSTransferServerDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSTransferServerVpcAddressAllocationIdsNoSecurityGroupsConfig(rName), + Config: testAccAWSTransferServerVpcAddressAllocationIdsConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip1ResourceName, "id"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, @@ -312,16 +318,18 @@ func testAccAWSTransferServer_vpcAddressAllocationIds(t *testing.T) { ImportStateVerifyIgnore: []string{"force_destroy"}, }, { - Config: testAccAWSTransferServerVpcAddressAllocationIdsNoSecurityGroupsUpdateConfig(rName), + Config: testAccAWSTransferServerVpcAddressAllocationIdsUpdateConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip2ResourceName, "id"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, @@ -333,7 +341,7 @@ func testAccAWSTransferServer_vpcSecurityGroupIds(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" securityGroup1ResourceName := "aws_security_group.test" - securityGroup2ResourceName := "aws_security_group.tes2" + securityGroup2ResourceName := "aws_security_group.test2" vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") @@ -348,10 +356,12 @@ func testAccAWSTransferServer_vpcSecurityGroupIds(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", securityGroup1ResourceName, "id"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, @@ -366,10 +376,12 @@ func testAccAWSTransferServer_vpcSecurityGroupIds(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", securityGroup2ResourceName, "id"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, @@ -377,11 +389,70 @@ func testAccAWSTransferServer_vpcSecurityGroupIds(t *testing.T) { }) } -// Reference: https://github.com/hashicorp/terraform-provider-aws/issues/16556 -/* -func testAccAWSTransferServer_updateEndpointType(t *testing.T) { +func testAccAWSTransferServer_vpcAddressAllocationIds_securityGroupIds(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" + eip1ResourceName := "aws_eip.test.0" + eip2ResourceName := "aws_eip.test.1" + securityGroup1ResourceName := "aws_security_group.test" + securityGroup2ResourceName := "aws_security_group.test2" + subnetResourceName := "aws_subnet.test" + vpcResourceName := "aws_vpc.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, + ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSTransferServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSTransferServerVpcAddressAllocationIdsSecurityGroupIdsConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip1ResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", securityGroup1ResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"force_destroy"}, + }, + { + Config: testAccAWSTransferServerVpcAddressAllocationIdsSecurityGroupIdsUpdateConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip2ResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", securityGroup2ResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, + }, + }) +} + +func testAccAWSTransferServer_updateEndpointType_publicToVpc(t *testing.T) { + var conf transfer.DescribedServer + resourceName := "aws_transfer_server.test" + defaultSecurityGroupResourceName := "aws_default_security_group.test" + vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") resource.Test(t, resource.TestCase{ @@ -403,8 +474,219 @@ func testAccAWSTransferServer_updateEndpointType(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"force_destroy"}, + }, + }, + }) +} + +func testAccAWSTransferServer_updateEndpointType_publicToVpc_addressAllocationIds(t *testing.T) { + var conf transfer.DescribedServer + resourceName := "aws_transfer_server.test" + eipResourceName := "aws_eip.test.0" + defaultSecurityGroupResourceName := "aws_default_security_group.test" + subnetResourceName := "aws_subnet.test" + vpcResourceName := "aws_vpc.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, + ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSTransferServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSTransferServerBasicConfig(), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "PUBLIC"), + ), + }, + { + Config: testAccAWSTransferServerVpcAddressAllocationIdsConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eipResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"force_destroy"}, + }, + }, + }) +} + +func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc(t *testing.T) { + var conf transfer.DescribedServer + resourceName := "aws_transfer_server.test" + defaultSecurityGroupResourceName := "aws_default_security_group.test" + vpcEndpointResourceName := "aws_vpc_endpoint.test" + vpcResourceName := "aws_vpc.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, + ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSTransferServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSTransferServerVpcEndpointConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC_ENDPOINT"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_endpoint_id", vpcEndpointResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.vpc_id", ""), + ), + }, + { + Config: testAccAWSTransferServerVpcConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"force_destroy"}, + }, + }, + }) +} + +func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_addressAllocationIds(t *testing.T) { + var conf transfer.DescribedServer + resourceName := "aws_transfer_server.test" + eipResourceName := "aws_eip.test.0" + defaultSecurityGroupResourceName := "aws_default_security_group.test" + subnetResourceName := "aws_subnet.test" + vpcEndpointResourceName := "aws_vpc_endpoint.test" + vpcResourceName := "aws_vpc.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, + ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSTransferServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSTransferServerVpcEndpointConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC_ENDPOINT"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_endpoint_id", vpcEndpointResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.vpc_id", ""), + ), + }, + { + Config: testAccAWSTransferServerVpcAddressAllocationIdsConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eipResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"force_destroy"}, + }, + }, + }) +} + +func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_securityGroupIds(t *testing.T) { + var conf transfer.DescribedServer + resourceName := "aws_transfer_server.test" + securityGroupResourceName := "aws_security_group.test" + vpcEndpointResourceName := "aws_vpc_endpoint.test" + vpcResourceName := "aws_vpc.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, + ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSTransferServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSTransferServerVpcEndpointConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC_ENDPOINT"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_endpoint_id", vpcEndpointResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.vpc_id", ""), + ), + }, + { + Config: testAccAWSTransferServerVpcSecurityGroupIdsConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", securityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, { @@ -416,7 +698,6 @@ func testAccAWSTransferServer_updateEndpointType(t *testing.T) { }, }) } -*/ func testAccAWSTransferServer_protocols(t *testing.T) { var s transfer.DescribedServer @@ -604,6 +885,7 @@ func testAccAWSTransferServer_hostKey(t *testing.T) { func testAccAWSTransferServer_vpcEndpointId(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" + vpcEndpointResourceName := "aws_vpc_endpoint.test" rName := acctest.RandomWithPrefix("tf-acc-test") if testAccGetPartition() == "aws-us-gov" { @@ -621,6 +903,12 @@ func testAccAWSTransferServer_vpcEndpointId(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC_ENDPOINT"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_endpoint_id", vpcEndpointResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.vpc_id", ""), ), }, { @@ -1020,7 +1308,59 @@ resource "aws_transfer_server" "test" { `) } -func testAccAWSTransferServerVpcAddressAllocationIdsNoSecurityGroupsConfig(rName string) string { +func testAccAWSTransferServerVpcAddressAllocationIdsConfig(rName string) string { + return composeConfig( + testAccAWSTransferServerConfigBaseVpc(rName), + fmt.Sprintf(` +resource "aws_eip" "test" { + count = 2 + + vpc = true + + tags = { + Name = %[1]q + } +} + +resource "aws_transfer_server" "test" { + endpoint_type = "VPC" + + endpoint_details { + address_allocation_ids = [aws_eip.test[0].id] + subnet_ids = [aws_subnet.test.id] + vpc_id = aws_vpc.test.id + } +} +`, rName)) +} + +func testAccAWSTransferServerVpcAddressAllocationIdsUpdateConfig(rName string) string { + return composeConfig( + testAccAWSTransferServerConfigBaseVpc(rName), + fmt.Sprintf(` +resource "aws_eip" "test" { + count = 2 + + vpc = true + + tags = { + Name = %[1]q + } +} + +resource "aws_transfer_server" "test" { + endpoint_type = "VPC" + + endpoint_details { + address_allocation_ids = [aws_eip.test[1].id] + subnet_ids = [aws_subnet.test.id] + vpc_id = aws_vpc.test.id + } +} +`, rName)) +} + +func testAccAWSTransferServerVpcAddressAllocationIdsSecurityGroupIdsConfig(rName string) string { return composeConfig( testAccAWSTransferServerConfigBaseVpc(rName), fmt.Sprintf(` @@ -1039,6 +1379,7 @@ resource "aws_transfer_server" "test" { endpoint_details { address_allocation_ids = [aws_eip.test[0].id] + security_group_ids = [aws_security_group.test.id] subnet_ids = [aws_subnet.test.id] vpc_id = aws_vpc.test.id } @@ -1046,10 +1387,19 @@ resource "aws_transfer_server" "test" { `, rName)) } -func testAccAWSTransferServerVpcAddressAllocationIdsNoSecurityGroupsUpdateConfig(rName string) string { +func testAccAWSTransferServerVpcAddressAllocationIdsSecurityGroupIdsUpdateConfig(rName string) string { return composeConfig( testAccAWSTransferServerConfigBaseVpc(rName), fmt.Sprintf(` +resource "aws_security_group" "test2" { + name = "%[1]s-2" + vpc_id = aws_vpc.test.id + + tags = { + Name = "%[1]s-2" + } +} + resource "aws_eip" "test" { count = 2 @@ -1065,6 +1415,7 @@ resource "aws_transfer_server" "test" { endpoint_details { address_allocation_ids = [aws_eip.test[1].id] + security_group_ids = [aws_security_group.test2.id] subnet_ids = [aws_subnet.test.id] vpc_id = aws_vpc.test.id } diff --git a/aws/resource_aws_transfer_test.go b/aws/resource_aws_transfer_test.go index 17e3adde8b7e..c076d6e4e199 100644 --- a/aws/resource_aws_transfer_test.go +++ b/aws/resource_aws_transfer_test.go @@ -7,19 +7,25 @@ import ( func TestAccAWSTransfer_serial(t *testing.T) { testCases := map[string]map[string]func(t *testing.T){ "Server": { - "basic": testAccAWSTransferServer_basic, - "disappears": testAccAWSTransferServer_disappears, - "APIGateway": testAccAWSTransferServer_apiGateway, - "APIGatewayForceDestroy": testAccAWSTransferServer_apiGateway_forceDestroy, - "Domain": testAccAWSTransferServer_domain, - "ForceDestroy": testAccAWSTransferServer_forceDestroy, - "HostKey": testAccAWSTransferServer_hostKey, - "Protocols": testAccAWSTransferServer_protocols, - "SecurityPolicy": testAccAWSTransferServer_securityPolicy, + "basic": testAccAWSTransferServer_basic, + "disappears": testAccAWSTransferServer_disappears, + "APIGateway": testAccAWSTransferServer_apiGateway, + "APIGatewayForceDestroy": testAccAWSTransferServer_apiGateway_forceDestroy, + "Domain": testAccAWSTransferServer_domain, + "ForceDestroy": testAccAWSTransferServer_forceDestroy, + "HostKey": testAccAWSTransferServer_hostKey, + "Protocols": testAccAWSTransferServer_protocols, + "SecurityPolicy": testAccAWSTransferServer_securityPolicy, + "UpdateEndpointTypePublicToVPC": testAccAWSTransferServer_updateEndpointType_publicToVpc, + "UpdateEndpointTypePublicToVPCAddressAllocationIDs": testAccAWSTransferServer_updateEndpointType_publicToVpc_addressAllocationIds, + "UpdateEndpointTypeVPCEndpointToVPC": testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc, + "UpdateEndpointTypeVPCEndpointToVPCAddressAllocationIDs": testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_addressAllocationIds, + "UpdateEndpointTypeVPCEndpointToVPCSecurityGroupIDs": testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_securityGroupIds, "VPC": testAccAWSTransferServer_vpc, "VPCAddressAllocationIDs": testAccAWSTransferServer_vpcAddressAllocationIds, - "VPCEndpointID": testAccAWSTransferServer_vpcEndpointId, - "VPCSecurityGroupIDs": testAccAWSTransferServer_vpcSecurityGroupIds, + "VPCAddressAllocationIDsSecurityGroupIDs": testAccAWSTransferServer_vpcAddressAllocationIds_securityGroupIds, + "VPCEndpointID": testAccAWSTransferServer_vpcEndpointId, + "VPCSecurityGroupIDs": testAccAWSTransferServer_vpcSecurityGroupIds, }, "SSHKey": { "basic": testAccAWSTransferSshKey_basic, From 5d26d2a81a5becf8ff722f9591c537e548124c9e Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 30 Jun 2021 16:04:03 -0400 Subject: [PATCH 33/45] r/aws_transfer_server: Use Amazon EC2 ModifyVpcEndpoint API to modify security_group_ids. --- aws/resource_aws_transfer_server.go | 145 ++++++++++++++++------- aws/resource_aws_transfer_server_test.go | 45 +++++++ aws/resource_aws_transfer_test.go | 11 +- 3 files changed, 152 insertions(+), 49 deletions(-) diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index f249bd117d1f..fc06e68e4624 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -7,6 +7,7 @@ import ( "time" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ec2" "github.com/aws/aws-sdk-go/service/transfer" "github.com/hashicorp/aws-sdk-go-base/tfawserr" multierror "github.com/hashicorp/go-multierror" @@ -16,6 +17,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags" ec2finder "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/ec2/finder" + ec2waiter "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/ec2/waiter" tftransfer "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/transfer" "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/transfer/finder" "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/transfer/waiter" @@ -186,7 +188,6 @@ func resourceAwsTransferServer() *schema.Resource { } func resourceAwsTransferServerCreate(d *schema.ResourceData, meta interface{}) error { - updateAfterCreate := false conn := meta.(*AWSClient).transferconn defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig tags := defaultTagsConfig.MergeTags(keyvaluetags.New(d.Get("tags").(map[string]interface{}))) @@ -201,15 +202,15 @@ func resourceAwsTransferServerCreate(d *schema.ResourceData, meta interface{}) e input.Domain = aws.String(v.(string)) } + var addressAllocationIDs []*string + if v, ok := d.GetOk("endpoint_details"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil { input.EndpointDetails = expandTransferEndpointDetails(v.([]interface{})[0].(map[string]interface{})) // Prevent the following error: InvalidRequestException: AddressAllocationIds cannot be set in CreateServer // Reference: https://docs.aws.amazon.com/transfer/latest/userguide/API_EndpointDetails.html#TransferFamily-Type-EndpointDetails-AddressAllocationIds - if input.EndpointDetails != nil && len(input.EndpointDetails.AddressAllocationIds) > 0 { - input.EndpointDetails.AddressAllocationIds = nil - updateAfterCreate = true - } + addressAllocationIDs = input.EndpointDetails.AddressAllocationIds + input.EndpointDetails.AddressAllocationIds = nil } if v, ok := d.GetOk("endpoint_type"); ok { @@ -271,18 +272,17 @@ func resourceAwsTransferServerCreate(d *schema.ResourceData, meta interface{}) e return fmt.Errorf("error waiting for Transfer Server (%s) to create: %w", d.Id(), err) } - if updateAfterCreate { + // AddressAllocationIds is only valid in the UpdateServer API. + if len(addressAllocationIDs) > 0 { if err := stopTransferServer(conn, d.Id(), d.Timeout(schema.TimeoutCreate)); err != nil { return err } - // TODO - // TODO You can edit the SecurityGroupIds property in the UpdateServer API only if you are changing the EndpointType from PUBLIC or VPC_ENDPOINT to VPC. To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 ModifyVpcEndpoint API. - // TODO - input := &transfer.UpdateServerInput{ - ServerId: aws.String(d.Id()), - EndpointDetails: expandTransferEndpointDetails(d.Get("endpoint_details").([]interface{})[0].(map[string]interface{})), + ServerId: aws.String(d.Id()), + EndpointDetails: &transfer.EndpointDetails{ + AddressAllocationIds: addressAllocationIDs, + }, } if err := updateTransferServer(conn, input); err != nil { @@ -376,18 +376,96 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e conn := meta.(*AWSClient).transferconn if d.HasChangesExcept("tags", "tags_all") { - stopFlag := false + //TODO var addressAllocationIDs []*string + var offlineUpdate bool input := &transfer.UpdateServerInput{ ServerId: aws.String(d.Id()), } - if d.HasChange("logging_role") { - input.LoggingRole = aws.String(d.Get("logging_role").(string)) + if d.HasChange("certificate") { + input.Certificate = aws.String(d.Get("certificate").(string)) } - if d.HasChange("security_policy_name") { - input.SecurityPolicyName = aws.String(d.Get("security_policy_name").(string)) + if d.HasChange("endpoint_details") { + var newEndpointTypeVpc bool + var oldEndpointTypeVpc bool + + if v, ok := d.GetOk("endpoint_details"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil { + input.EndpointDetails = expandTransferEndpointDetails(v.([]interface{})[0].(map[string]interface{})) + + old, new := d.GetChange("endpoint_type") + + if old, new := old.(string), new.(string); new != old && new == transfer.EndpointTypeVpc { + newEndpointTypeVpc = true + } else if new == old && new == transfer.EndpointTypeVpc { + newEndpointTypeVpc = true + oldEndpointTypeVpc = true + } + + if newEndpointTypeVpc && !oldEndpointTypeVpc { + // TODO ???? + // Prevent the following error: InvalidRequestException: Cannot specify AddressAllocationids when updating server to EndpointType: VPC + // addressAllocationIDs = input.EndpointDetails.AddressAllocationIds + // input.EndpointDetails.AddressAllocationIds = nil + + // Prevent the following error: InvalidRequestException: VPC Endpoint ID unsupported for EndpointType: VPC + input.EndpointDetails.VpcEndpointId = nil + } else if newEndpointTypeVpc && oldEndpointTypeVpc { + // Prevent the following error: InvalidRequestException: Server must be OFFLINE to change AddressAllocationIds + if d.HasChange("endpoint_details.0.address_allocation_ids") { + offlineUpdate = true + } + + // Prevent the following error: InvalidRequestException: Changing Security Group is not supported + input.EndpointDetails.SecurityGroupIds = nil + } + } + + // You can edit the SecurityGroupIds property in the UpdateServer API only if you are changing the EndpointType from PUBLIC or VPC_ENDPOINT to VPC. + // To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 ModifyVpcEndpoint API. + if d.HasChange("endpoint_details.0.security_group_ids") && newEndpointTypeVpc && oldEndpointTypeVpc { + conn := meta.(*AWSClient).ec2conn + + vpcEndpointID := d.Get("endpoint_details.0.vpc_endpoint_id").(string) + input := &ec2.ModifyVpcEndpointInput{ + VpcEndpointId: aws.String(vpcEndpointID), + } + + old, new := d.GetChange("endpoint_details.0.security_group_ids") + + if add := expandStringSet(new.(*schema.Set).Difference(old.(*schema.Set))); len(add) > 0 { + input.AddSecurityGroupIds = add + } + + if del := expandStringSet(old.(*schema.Set).Difference(new.(*schema.Set))); len(del) > 0 { + input.RemoveSecurityGroupIds = del + } + + log.Printf("[DEBUG] Updating VPC Endpoint: %s", input) + if _, err := conn.ModifyVpcEndpoint(input); err != nil { + return fmt.Errorf("error updating Transfer Server (%s) VPC Endpoint (%s): %w", d.Id(), vpcEndpointID, err) + } + + _, err := ec2waiter.VpcEndpointAvailable(conn, vpcEndpointID, d.Timeout(schema.TimeoutUpdate)) + + if err != nil { + return fmt.Errorf("error waiting for Transfer Server (%s) VPC Endpoint (%s) to become available: %w", d.Id(), vpcEndpointID, err) + } + } + } + + if d.HasChange("endpoint_type") { + input.EndpointType = aws.String(d.Get("endpoint_type").(string)) + + // Prevent the following error: InvalidRequestException: Server must be OFFLINE to change EndpointType + offlineUpdate = true + } + + if d.HasChange("host_key") { + if attr, ok := d.GetOk("host_key"); ok { + input.HostKey = aws.String(attr.(string)) + } } if d.HasChanges("invocation_role", "url") { @@ -404,40 +482,19 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e input.IdentityProviderDetails = identityProviderDetails } - if d.HasChange("endpoint_type") { - input.EndpointType = aws.String(d.Get("endpoint_type").(string)) - } - - if d.HasChange("certificate") { - input.Certificate = aws.String(d.Get("certificate").(string)) + if d.HasChange("logging_role") { + input.LoggingRole = aws.String(d.Get("logging_role").(string)) } if d.HasChange("protocols") { input.Protocols = expandStringSet(d.Get("protocols").(*schema.Set)) } - if d.HasChange("endpoint_details") { - if v, ok := d.GetOk("endpoint_details"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil { - input.EndpointDetails = expandTransferEndpointDetails(v.([]interface{})[0].(map[string]interface{})) - } - - // Prevent the following error: InvalidRequestException: Server must be OFFLINE to change AddressAllocationIds - if d.HasChange("endpoint_details.0.address_allocation_ids") { - stopFlag = true - } - - // TODO - // TODO You can edit the SecurityGroupIds property in the UpdateServer API only if you are changing the EndpointType from PUBLIC or VPC_ENDPOINT to VPC. To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 ModifyVpcEndpoint API. - // TODO - } - - if d.HasChange("host_key") { - if attr, ok := d.GetOk("host_key"); ok { - input.HostKey = aws.String(attr.(string)) - } + if d.HasChange("security_policy_name") { + input.SecurityPolicyName = aws.String(d.Get("security_policy_name").(string)) } - if stopFlag { + if offlineUpdate { if err := stopTransferServer(conn, d.Id(), d.Timeout(schema.TimeoutUpdate)); err != nil { return err } @@ -448,7 +505,7 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e return err } - if stopFlag { + if offlineUpdate { if err := startTransferServer(conn, d.Id(), d.Timeout(schema.TimeoutUpdate)); err != nil { return err } diff --git a/aws/resource_aws_transfer_server_test.go b/aws/resource_aws_transfer_server_test.go index 7067370b854e..c1226b6f0bca 100644 --- a/aws/resource_aws_transfer_server_test.go +++ b/aws/resource_aws_transfer_server_test.go @@ -699,6 +699,51 @@ func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_securityGroupI }) } +func testAccAWSTransferServer_updateEndpointType_vpcToPublic(t *testing.T) { + var conf transfer.DescribedServer + resourceName := "aws_transfer_server.test" + defaultSecurityGroupResourceName := "aws_default_security_group.test" + vpcResourceName := "aws_vpc.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPreCheckAWSTransfer(t) }, + ErrorCheck: testAccErrorCheck(t, transfer.EndpointsID), + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSTransferServerDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSTransferServerVpcConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, + { + Config: testAccAWSTransferServerBasicConfig(), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "PUBLIC"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"force_destroy"}, + }, + }, + }) +} + func testAccAWSTransferServer_protocols(t *testing.T) { var s transfer.DescribedServer var ca acmpca.CertificateAuthority diff --git a/aws/resource_aws_transfer_test.go b/aws/resource_aws_transfer_test.go index c076d6e4e199..a06c3fe02898 100644 --- a/aws/resource_aws_transfer_test.go +++ b/aws/resource_aws_transfer_test.go @@ -21,11 +21,12 @@ func TestAccAWSTransfer_serial(t *testing.T) { "UpdateEndpointTypeVPCEndpointToVPC": testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc, "UpdateEndpointTypeVPCEndpointToVPCAddressAllocationIDs": testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_addressAllocationIds, "UpdateEndpointTypeVPCEndpointToVPCSecurityGroupIDs": testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_securityGroupIds, - "VPC": testAccAWSTransferServer_vpc, - "VPCAddressAllocationIDs": testAccAWSTransferServer_vpcAddressAllocationIds, - "VPCAddressAllocationIDsSecurityGroupIDs": testAccAWSTransferServer_vpcAddressAllocationIds_securityGroupIds, - "VPCEndpointID": testAccAWSTransferServer_vpcEndpointId, - "VPCSecurityGroupIDs": testAccAWSTransferServer_vpcSecurityGroupIds, + "UpdateEndpointTypeVPCToPublic": testAccAWSTransferServer_updateEndpointType_vpcToPublic, + "VPC": testAccAWSTransferServer_vpc, + "VPCAddressAllocationIDs": testAccAWSTransferServer_vpcAddressAllocationIds, + "VPCAddressAllocationIDsSecurityGroupIDs": testAccAWSTransferServer_vpcAddressAllocationIds_securityGroupIds, + "VPCEndpointID": testAccAWSTransferServer_vpcEndpointId, + "VPCSecurityGroupIDs": testAccAWSTransferServer_vpcSecurityGroupIds, }, "SSHKey": { "basic": testAccAWSTransferSshKey_basic, From 41048b94230402c79f71b5e0abe785dd2755f15f Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 30 Jun 2021 16:36:14 -0400 Subject: [PATCH 34/45] Prevent 'severity:warning rule:aws-sdk-go-multiple-service-imports: Resources should not implement multiple AWS service functionality'. --- .semgrep.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.semgrep.yml b/.semgrep.yml index c9a41d64c4a4..575fc5949d21 100644 --- a/.semgrep.yml +++ b/.semgrep.yml @@ -22,6 +22,7 @@ rules: - aws/validators.go - aws/*wafregional*.go - aws/resource_aws_serverlessapplicationrepository_cloudformation_stack.go + - aws/resource_aws_transfer_server.go - aws/*_test.go - aws/internal/keyvaluetags/ - aws/internal/service/wafregional/ From d2d0ce509a3f0d097b5fb76893631fd90d6efd92 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 30 Jun 2021 17:01:01 -0400 Subject: [PATCH 35/45] Fix 'terrafmt' errors. --- aws/resource_aws_transfer_server_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws/resource_aws_transfer_server_test.go b/aws/resource_aws_transfer_server_test.go index c1226b6f0bca..6400e56f1ab1 100644 --- a/aws/resource_aws_transfer_server_test.go +++ b/aws/resource_aws_transfer_server_test.go @@ -1424,7 +1424,7 @@ resource "aws_transfer_server" "test" { endpoint_details { address_allocation_ids = [aws_eip.test[0].id] - security_group_ids = [aws_security_group.test.id] + security_group_ids = [aws_security_group.test.id] subnet_ids = [aws_subnet.test.id] vpc_id = aws_vpc.test.id } @@ -1460,7 +1460,7 @@ resource "aws_transfer_server" "test" { endpoint_details { address_allocation_ids = [aws_eip.test[1].id] - security_group_ids = [aws_security_group.test2.id] + security_group_ids = [aws_security_group.test2.id] subnet_ids = [aws_subnet.test.id] vpc_id = aws_vpc.test.id } From e7c7b312cd406a882266695a9caae88355874649 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 1 Jul 2021 08:56:11 -0400 Subject: [PATCH 36/45] r/aws_transfer_server: Add tests to set no VPC subnet IDs or security group IDs. --- aws/resource_aws_transfer_server.go | 21 +++++++++--- aws/resource_aws_transfer_server_test.go | 43 ++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 4 deletions(-) diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index fc06e68e4624..162533614f9e 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -376,7 +376,7 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e conn := meta.(*AWSClient).transferconn if d.HasChangesExcept("tags", "tags_all") { - //TODO var addressAllocationIDs []*string + var addressAllocationIDs []*string var offlineUpdate bool input := &transfer.UpdateServerInput{ @@ -404,10 +404,9 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e } if newEndpointTypeVpc && !oldEndpointTypeVpc { - // TODO ???? // Prevent the following error: InvalidRequestException: Cannot specify AddressAllocationids when updating server to EndpointType: VPC - // addressAllocationIDs = input.EndpointDetails.AddressAllocationIds - // input.EndpointDetails.AddressAllocationIds = nil + addressAllocationIDs = input.EndpointDetails.AddressAllocationIds + input.EndpointDetails.AddressAllocationIds = nil // Prevent the following error: InvalidRequestException: VPC Endpoint ID unsupported for EndpointType: VPC input.EndpointDetails.VpcEndpointId = nil @@ -505,6 +504,20 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e return err } + // Set any AddressAllocationIds if the server has updated endpoint type to VPC. + if len(addressAllocationIDs) > 0 { + input := &transfer.UpdateServerInput{ + ServerId: aws.String(d.Id()), + EndpointDetails: &transfer.EndpointDetails{ + AddressAllocationIds: addressAllocationIDs, + }, + } + + if err := updateTransferServer(conn, input); err != nil { + return err + } + } + if offlineUpdate { if err := startTransferServer(conn, d.Id(), d.Timeout(schema.TimeoutUpdate)); err != nil { return err diff --git a/aws/resource_aws_transfer_server_test.go b/aws/resource_aws_transfer_server_test.go index 6400e56f1ab1..be2668959b38 100644 --- a/aws/resource_aws_transfer_server_test.go +++ b/aws/resource_aws_transfer_server_test.go @@ -275,6 +275,20 @@ func testAccAWSTransferServer_vpc(t *testing.T) { resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, + { + Config: testAccAWSTransferServerVpcConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, }, }) } @@ -333,6 +347,20 @@ func testAccAWSTransferServer_vpcAddressAllocationIds(t *testing.T) { resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, + { + Config: testAccAWSTransferServerVpcConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, }, }) } @@ -342,6 +370,7 @@ func testAccAWSTransferServer_vpcSecurityGroupIds(t *testing.T) { resourceName := "aws_transfer_server.test" securityGroup1ResourceName := "aws_security_group.test" securityGroup2ResourceName := "aws_security_group.test2" + defaultSecurityGroupResourceName := "aws_default_security_group.test" vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") @@ -385,6 +414,20 @@ func testAccAWSTransferServer_vpcSecurityGroupIds(t *testing.T) { resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, + { + Config: testAccAWSTransferServerVpcConfig(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSTransferServerExists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), + resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), + resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), + resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + ), + }, }, }) } From d635b87ee9b04e94637eabd955ed2f9cce40eed4 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 1 Jul 2021 10:05:18 -0400 Subject: [PATCH 37/45] r/aws_vpc_endpoint: Ignore errors such as Error: error deleting EC2 VPC Endpoint (vpce-09a9ae6b78f2b0571): 1 error occurred: * vpce-09a9ae6b78f2b0571: InvalidVpcEndpoint.NotFound: The Vpc Endpoint Id 'vpce-09a9ae6b78f2b0571' does not exist --- aws/internal/service/ec2/errors.go | 4 +- aws/internal/service/ec2/errors_test.go | 133 ++++++++++++++++++++++++ aws/resource_aws_vpc_endpoint.go | 14 +-- 3 files changed, 141 insertions(+), 10 deletions(-) create mode 100644 aws/internal/service/ec2/errors_test.go diff --git a/aws/internal/service/ec2/errors.go b/aws/internal/service/ec2/errors.go index cbcac12e0975..e4c94a554084 100644 --- a/aws/internal/service/ec2/errors.go +++ b/aws/internal/service/ec2/errors.go @@ -4,6 +4,7 @@ import ( "fmt" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/ec2" multierror "github.com/hashicorp/go-multierror" ) @@ -69,6 +70,7 @@ const ( const ( ErrCodeInvalidVpcEndpointIdNotFound = "InvalidVpcEndpointId.NotFound" + ErrCodeInvalidVpcEndpointNotFound = "InvalidVpcEndpoint.NotFound" ErrCodeInvalidVpcEndpointServiceIdNotFound = "InvalidVpcEndpointServiceId.NotFound" ) @@ -86,7 +88,7 @@ func UnsuccessfulItemError(apiObject *ec2.UnsuccessfulItemError) error { return nil } - return fmt.Errorf("%s: %s", aws.StringValue(apiObject.Code), aws.StringValue(apiObject.Message)) + return awserr.New(aws.StringValue(apiObject.Code), aws.StringValue(apiObject.Message), nil) } func UnsuccessfulItemsError(apiObjects []*ec2.UnsuccessfulItem) error { diff --git a/aws/internal/service/ec2/errors_test.go b/aws/internal/service/ec2/errors_test.go new file mode 100644 index 000000000000..7bdc90fa31b5 --- /dev/null +++ b/aws/internal/service/ec2/errors_test.go @@ -0,0 +1,133 @@ +package ec2_test + +import ( + "testing" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ec2" + "github.com/hashicorp/aws-sdk-go-base/tfawserr" + tfec2 "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/ec2" +) + +func TestUnsuccessfulItemError(t *testing.T) { + unsuccessfulItemError := &ec2.UnsuccessfulItemError{ + Code: aws.String("test code"), + Message: aws.String("test message"), + } + + err := tfec2.UnsuccessfulItemError(unsuccessfulItemError) + + if !tfawserr.ErrCodeEquals(err, "test code") { + t.Errorf("tfawserr.ErrCodeEquals failed: %s", err) + } + + if !tfawserr.ErrMessageContains(err, "test code", "est mess") { + t.Errorf("tfawserr.ErrMessageContains failed: %s", err) + } +} + +func TestUnsuccessfulItemsError(t *testing.T) { + testCases := []struct { + Name string + Items []*ec2.UnsuccessfulItem + Expected bool + }{ + { + Name: "no items", + }, + { + Name: "one item no error", + Items: []*ec2.UnsuccessfulItem{ + { + ResourceId: aws.String("test resource"), + }, + }, + }, + { + Name: "one item", + Items: []*ec2.UnsuccessfulItem{ + { + Error: &ec2.UnsuccessfulItemError{ + Code: aws.String("test code"), + Message: aws.String("test message"), + }, + ResourceId: aws.String("test resource"), + }, + }, + Expected: true, + }, + { + Name: "two items, first no error", + Items: []*ec2.UnsuccessfulItem{ + { + ResourceId: aws.String("test resource 1"), + }, + { + Error: &ec2.UnsuccessfulItemError{ + Code: aws.String("test code"), + Message: aws.String("test message"), + }, + ResourceId: aws.String("test resource 2"), + }, + }, + Expected: true, + }, + { + Name: "two items, first not as expected", + Items: []*ec2.UnsuccessfulItem{ + { + Error: &ec2.UnsuccessfulItemError{ + Code: aws.String("not what is required"), + Message: aws.String("not what is wanted"), + }, + ResourceId: aws.String("test resource 1"), + }, + { + Error: &ec2.UnsuccessfulItemError{ + Code: aws.String("test code"), + Message: aws.String("test message"), + }, + ResourceId: aws.String("test resource 2"), + }, + }, + }, + { + Name: "two items, first as expected", + Items: []*ec2.UnsuccessfulItem{ + { + Error: &ec2.UnsuccessfulItemError{ + Code: aws.String("test code"), + Message: aws.String("test message"), + }, + ResourceId: aws.String("test resource 1"), + }, + { + Error: &ec2.UnsuccessfulItemError{ + Code: aws.String("not what is required"), + Message: aws.String("not what is wanted"), + }, + ResourceId: aws.String("test resource 2"), + }, + }, + Expected: true, + }, + } + + for _, testCase := range testCases { + t.Run(testCase.Name, func(t *testing.T) { + err := tfec2.UnsuccessfulItemsError(testCase.Items) + + got := tfawserr.ErrCodeEquals(err, "test code") + + if got != testCase.Expected { + t.Errorf("ErrCodeEquals got %t, expected %t", got, testCase.Expected) + } + + got = tfawserr.ErrMessageContains(err, "test code", "est mess") + + if got != testCase.Expected { + t.Errorf("ErrMessageContains got %t, expected %t", got, testCase.Expected) + } + }) + } +} diff --git a/aws/resource_aws_vpc_endpoint.go b/aws/resource_aws_vpc_endpoint.go index 0f372c3acf0f..8520c36a88ab 100644 --- a/aws/resource_aws_vpc_endpoint.go +++ b/aws/resource_aws_vpc_endpoint.go @@ -377,7 +377,11 @@ func resourceAwsVpcEndpointDelete(d *schema.ResourceData, meta interface{}) erro output, err := conn.DeleteVpcEndpoints(input) - if tfawserr.ErrCodeEquals(err, tfec2.ErrCodeInvalidVpcEndpointIdNotFound) { + if err == nil && output != nil { + err = tfec2.UnsuccessfulItemsError(output.Unsuccessful) + } + + if tfawserr.ErrCodeEquals(err, tfec2.ErrCodeInvalidVpcEndpointNotFound) { return nil } @@ -385,14 +389,6 @@ func resourceAwsVpcEndpointDelete(d *schema.ResourceData, meta interface{}) erro return fmt.Errorf("error deleting EC2 VPC Endpoint (%s): %w", d.Id(), err) } - if output != nil && len(output.Unsuccessful) > 0 { - err := tfec2.UnsuccessfulItemsError(output.Unsuccessful) - - if err != nil { - return fmt.Errorf("error deleting EC2 VPC Endpoint (%s): %w", d.Id(), err) - } - } - _, err = waiter.VpcEndpointDeleted(conn, d.Id(), d.Timeout(schema.TimeoutDelete)) if err != nil { From 725e40df6a2cbeeaf822f5398057acdc946a105a Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 2 Jul 2021 08:53:14 -0400 Subject: [PATCH 38/45] r/aws_transfer_server: Correct update to 0 subnet_ids. --- aws/resource_aws_transfer_server.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index 162533614f9e..201c2cf3fbb5 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -418,6 +418,11 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e // Prevent the following error: InvalidRequestException: Changing Security Group is not supported input.EndpointDetails.SecurityGroupIds = nil + + // Update to 0 SubnetIds. + if input.EndpointDetails.SubnetIds == nil { + input.EndpointDetails.SubnetIds = []*string{} + } } } From 549d814f47357d45b49f90183b80ce908308a18f Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 2 Jul 2021 08:54:00 -0400 Subject: [PATCH 39/45] r/aws_transfer_server: Cannot update to 0 security_group_ids (VPC Endpoint always requires at least 1). --- aws/resource_aws_transfer_server_test.go | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/aws/resource_aws_transfer_server_test.go b/aws/resource_aws_transfer_server_test.go index be2668959b38..1313d31210b4 100644 --- a/aws/resource_aws_transfer_server_test.go +++ b/aws/resource_aws_transfer_server_test.go @@ -414,20 +414,6 @@ func testAccAWSTransferServer_vpcSecurityGroupIds(t *testing.T) { resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, - { - Config: testAccAWSTransferServerVpcConfig(rName), - Check: resource.ComposeTestCheckFunc( - testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), - resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), - resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), - resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), - ), - }, }, }) } From fe8cda6d26fd9d73e6d98b7386f4bf708385e316 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 2 Jul 2021 09:40:05 -0400 Subject: [PATCH 40/45] r/aws_transfer_server: When updating endpoint_type to VPC, wait for newly provisioned VPC Endpoint to become available. --- aws/resource_aws_transfer_server.go | 41 ++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 12 deletions(-) diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index 201c2cf3fbb5..972412b495ba 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -376,6 +376,18 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e conn := meta.(*AWSClient).transferconn if d.HasChangesExcept("tags", "tags_all") { + var newEndpointTypeVpc bool + var oldEndpointTypeVpc bool + + old, new := d.GetChange("endpoint_type") + + if old, new := old.(string), new.(string); new != old && new == transfer.EndpointTypeVpc { + newEndpointTypeVpc = true + } else if new == old && new == transfer.EndpointTypeVpc { + newEndpointTypeVpc = true + oldEndpointTypeVpc = true + } + var addressAllocationIDs []*string var offlineUpdate bool @@ -388,21 +400,9 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e } if d.HasChange("endpoint_details") { - var newEndpointTypeVpc bool - var oldEndpointTypeVpc bool - if v, ok := d.GetOk("endpoint_details"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil { input.EndpointDetails = expandTransferEndpointDetails(v.([]interface{})[0].(map[string]interface{})) - old, new := d.GetChange("endpoint_type") - - if old, new := old.(string), new.(string); new != old && new == transfer.EndpointTypeVpc { - newEndpointTypeVpc = true - } else if new == old && new == transfer.EndpointTypeVpc { - newEndpointTypeVpc = true - oldEndpointTypeVpc = true - } - if newEndpointTypeVpc && !oldEndpointTypeVpc { // Prevent the following error: InvalidRequestException: Cannot specify AddressAllocationids when updating server to EndpointType: VPC addressAllocationIDs = input.EndpointDetails.AddressAllocationIds @@ -509,6 +509,23 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e return err } + if newEndpointTypeVpc && !oldEndpointTypeVpc { + // Wait for newly provisioned VPC Endpoint to become available. + output, err := finder.ServerByID(conn, d.Id()) + + if err != nil { + return fmt.Errorf("error reading Transfer Server (%s): %w", d.Id(), err) + } + + vpcEndpointID := aws.StringValue(output.EndpointDetails.VpcEndpointId) + + _, err = ec2waiter.VpcEndpointAvailable(meta.(*AWSClient).ec2conn, vpcEndpointID, d.Timeout(schema.TimeoutUpdate)) + + if err != nil { + return fmt.Errorf("error waiting for Transfer Server (%s) VPC Endpoint (%s) to become available: %w", d.Id(), vpcEndpointID, err) + } + } + // Set any AddressAllocationIds if the server has updated endpoint type to VPC. if len(addressAllocationIDs) > 0 { input := &transfer.UpdateServerInput{ From 7c0c8d049da5ea8b6071bbf53b2be1e1b07ccb08 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 2 Jul 2021 10:12:16 -0400 Subject: [PATCH 41/45] Fix rebase merge conflicts. --- .github/workflows/release.yml | 54 ----------------------------------- .goreleaser.yml | 2 +- 2 files changed, 1 insertion(+), 55 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5ed1b05a5020..90969c0596bd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,3 @@ -<<<<<<< HEAD name: Post Publish on: release: @@ -53,56 +52,3 @@ jobs: git add CHANGELOG.md git commit -m "Update CHANGELOG.md after ${{ github.event.release.tag_name }}" git push -======= -# This GitHub action can publish assets for release when a tag is created. -# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0). -# -# This uses an action (paultyng/ghaction-import-gpg) that assumes you set your -# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE` -# secret. If you would rather own your own GPG handling, please fork this action -# or use an alternative one for key handling. -# -# You will need to pass the `--batch` flag to `gpg` in your signing step -# in `goreleaser` to indicate this is being used in a non-interactive mode. -# -name: release -on: - push: - tags: - - 'v*' -jobs: - goreleaser: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v2 - - - name: Unshallow - run: git fetch --prune --unshallow - - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.14 - - - name: Import GPG key - id: import_gpg - # TODO: move this to HashiCorp namespace or find alternative that is just simple gpg commands - # see https://github.com/hashicorp/terraform-provider-scaffolding/issues/22 - uses: paultyng/ghaction-import-gpg@v2.1.0 - env: - # These secrets will need to be configured for the repository: - GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - PASSPHRASE: ${{ secrets.PASSPHRASE }} - - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v2 - with: - version: latest - args: release --rm-dist - env: - GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} - # GitHub sets this automatically - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ->>>>>>> 19bf7eb9c (Change) diff --git a/.goreleaser.yml b/.goreleaser.yml index 8d1a78155dd9..fe1eb97fe8c6 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -24,7 +24,7 @@ builds: - goarch: '386' goos: darwin ldflags: - - -s -w -X aws/version.ProviderVersion={{.Version}} + - -s -w -X version.ProviderVersion={{.Version}} mod_timestamp: '{{ .CommitTimestamp }}' changelog: skip: true From baffc397d24e7e132930046350a8b0548da685ae Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 2 Jul 2021 10:19:19 -0400 Subject: [PATCH 42/45] Call out use of EC2 DescribeVpcEndpoints/ModifyVpcEndpoint actions. --- website/docs/r/transfer_server.html.markdown | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/docs/r/transfer_server.html.markdown b/website/docs/r/transfer_server.html.markdown index 257f4703b11c..2b754ab8544e 100644 --- a/website/docs/r/transfer_server.html.markdown +++ b/website/docs/r/transfer_server.html.markdown @@ -10,6 +10,8 @@ description: |- Provides a AWS Transfer Server resource. +~> **NOTE on AWS IAM permissions:** If the `endpoint_type` is set to `VPC`, the `ec2:DescribeVpcEndpoints` and `ec2:ModifyVpcEndpoint` [actions](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions) are used. + ## Example Usage ### Basic @@ -124,7 +126,7 @@ In addition to all arguments above, the following attributes are exported: Transfer Servers can be imported using the `server id`, e.g. ``` -$ terraform import aws_transfer_server.bar s-12345678 +$ terraform import aws_transfer_server.example s-12345678 ``` Certain resource arguments, such as `host_key`, cannot be read via the API and imported into Terraform. Terraform will display a difference for these arguments the first run after import if declared in the Terraform configuration for an imported resource. From d6a8e5383b6d376448cba49cbc6bd2faeee750e2 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 2 Jul 2021 10:34:07 -0400 Subject: [PATCH 43/45] r/aws_transfer_server: Handle 'InvalidRequestException: AddressAllocationIds must be removed before SubnetIds can be modified'. --- aws/resource_aws_transfer_server.go | 37 +++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index 972412b495ba..c04b235b31bf 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -390,6 +390,7 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e var addressAllocationIDs []*string var offlineUpdate bool + var removeAddressAllocationIDs bool input := &transfer.UpdateServerInput{ ServerId: aws.String(d.Id()), @@ -416,6 +417,24 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e offlineUpdate = true } + // Update to 0 AddressAllocationIds. + if input.EndpointDetails.AddressAllocationIds == nil { + input.EndpointDetails.AddressAllocationIds = []*string{} + } + + // Prevent the following error: InvalidRequestException: AddressAllocationIds must be removed before SubnetIds can be modified + if d.HasChange("endpoint_details.0.subnet_ids") { + old, _ := d.GetChange("endpoint_details.0.address_allocation_ids") + + if old := old.(*schema.Set); old.Len() > 0 { + offlineUpdate = true + removeAddressAllocationIDs = true + + addressAllocationIDs = input.EndpointDetails.AddressAllocationIds + input.EndpointDetails.AddressAllocationIds = nil + } + } + // Prevent the following error: InvalidRequestException: Changing Security Group is not supported input.EndpointDetails.SecurityGroupIds = nil @@ -451,7 +470,7 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e return fmt.Errorf("error updating Transfer Server (%s) VPC Endpoint (%s): %w", d.Id(), vpcEndpointID, err) } - _, err := ec2waiter.VpcEndpointAvailable(conn, vpcEndpointID, d.Timeout(schema.TimeoutUpdate)) + _, err := ec2waiter.VpcEndpointAvailable(conn, vpcEndpointID, Ec2VpcEndpointCreationTimeout) if err != nil { return fmt.Errorf("error waiting for Transfer Server (%s) VPC Endpoint (%s) to become available: %w", d.Id(), vpcEndpointID, err) @@ -504,6 +523,20 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e } } + if removeAddressAllocationIDs { + input := &transfer.UpdateServerInput{ + ServerId: aws.String(d.Id()), + EndpointDetails: &transfer.EndpointDetails{ + AddressAllocationIds: []*string{}, + }, + } + + log.Printf("[DEBUG] Removing Transfer Server Address Allocation IDs: %s", input) + if err := updateTransferServer(conn, input); err != nil { + return err + } + } + log.Printf("[DEBUG] Updating Transfer Server: %s", input) if err := updateTransferServer(conn, input); err != nil { return err @@ -526,7 +559,6 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e } } - // Set any AddressAllocationIds if the server has updated endpoint type to VPC. if len(addressAllocationIDs) > 0 { input := &transfer.UpdateServerInput{ ServerId: aws.String(d.Id()), @@ -535,6 +567,7 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e }, } + log.Printf("[DEBUG] Adding Transfer Server Address Allocation IDs: %s", input) if err := updateTransferServer(conn, input); err != nil { return err } From f3cf2ce769dbfe49a939730b32d2e9f45abb3dd0 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 2 Jul 2021 12:32:56 -0400 Subject: [PATCH 44/45] r/aws_transfer_server: Simplify some acceptance tests. --- aws/resource_aws_transfer_server_test.go | 111 ++++------------------- 1 file changed, 18 insertions(+), 93 deletions(-) diff --git a/aws/resource_aws_transfer_server_test.go b/aws/resource_aws_transfer_server_test.go index 1313d31210b4..c1274b96ed90 100644 --- a/aws/resource_aws_transfer_server_test.go +++ b/aws/resource_aws_transfer_server_test.go @@ -244,7 +244,6 @@ func testAccAWSTransferServer_vpc(t *testing.T) { Config: testAccAWSTransferServerVpcConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), @@ -252,6 +251,7 @@ func testAccAWSTransferServer_vpc(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, { @@ -264,7 +264,6 @@ func testAccAWSTransferServer_vpc(t *testing.T) { Config: testAccAWSTransferServerVpcUpdateConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), @@ -273,13 +272,13 @@ func testAccAWSTransferServer_vpc(t *testing.T) { resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, { Config: testAccAWSTransferServerVpcConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), @@ -287,6 +286,7 @@ func testAccAWSTransferServer_vpc(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, }, @@ -313,7 +313,6 @@ func testAccAWSTransferServer_vpcAddressAllocationIds(t *testing.T) { Config: testAccAWSTransferServerVpcAddressAllocationIdsConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip1ResourceName, "id"), @@ -323,6 +322,7 @@ func testAccAWSTransferServer_vpcAddressAllocationIds(t *testing.T) { resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, { @@ -335,7 +335,6 @@ func testAccAWSTransferServer_vpcAddressAllocationIds(t *testing.T) { Config: testAccAWSTransferServerVpcAddressAllocationIdsUpdateConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip2ResourceName, "id"), @@ -345,13 +344,13 @@ func testAccAWSTransferServer_vpcAddressAllocationIds(t *testing.T) { resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, { Config: testAccAWSTransferServerVpcConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), @@ -359,6 +358,7 @@ func testAccAWSTransferServer_vpcAddressAllocationIds(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, }, @@ -370,7 +370,6 @@ func testAccAWSTransferServer_vpcSecurityGroupIds(t *testing.T) { resourceName := "aws_transfer_server.test" securityGroup1ResourceName := "aws_security_group.test" securityGroup2ResourceName := "aws_security_group.test2" - defaultSecurityGroupResourceName := "aws_default_security_group.test" vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") @@ -384,7 +383,6 @@ func testAccAWSTransferServer_vpcSecurityGroupIds(t *testing.T) { Config: testAccAWSTransferServerVpcSecurityGroupIdsConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), @@ -392,6 +390,7 @@ func testAccAWSTransferServer_vpcSecurityGroupIds(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, { @@ -404,7 +403,6 @@ func testAccAWSTransferServer_vpcSecurityGroupIds(t *testing.T) { Config: testAccAWSTransferServerVpcSecurityGroupIdsUpdateConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), @@ -412,6 +410,7 @@ func testAccAWSTransferServer_vpcSecurityGroupIds(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, }, @@ -439,7 +438,6 @@ func testAccAWSTransferServer_vpcAddressAllocationIds_securityGroupIds(t *testin Config: testAccAWSTransferServerVpcAddressAllocationIdsSecurityGroupIdsConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip1ResourceName, "id"), @@ -449,6 +447,7 @@ func testAccAWSTransferServer_vpcAddressAllocationIds_securityGroupIds(t *testin resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, { @@ -461,7 +460,6 @@ func testAccAWSTransferServer_vpcAddressAllocationIds_securityGroupIds(t *testin Config: testAccAWSTransferServerVpcAddressAllocationIdsSecurityGroupIdsUpdateConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eip2ResourceName, "id"), @@ -471,6 +469,7 @@ func testAccAWSTransferServer_vpcAddressAllocationIds_securityGroupIds(t *testin resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, }, @@ -480,8 +479,6 @@ func testAccAWSTransferServer_vpcAddressAllocationIds_securityGroupIds(t *testin func testAccAWSTransferServer_updateEndpointType_publicToVpc(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" - defaultSecurityGroupResourceName := "aws_default_security_group.test" - vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") resource.Test(t, resource.TestCase{ @@ -502,14 +499,8 @@ func testAccAWSTransferServer_updateEndpointType_publicToVpc(t *testing.T) { Config: testAccAWSTransferServerVpcConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), - resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), - resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), - resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, { @@ -525,10 +516,6 @@ func testAccAWSTransferServer_updateEndpointType_publicToVpc(t *testing.T) { func testAccAWSTransferServer_updateEndpointType_publicToVpc_addressAllocationIds(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" - eipResourceName := "aws_eip.test.0" - defaultSecurityGroupResourceName := "aws_default_security_group.test" - subnetResourceName := "aws_subnet.test" - vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") resource.Test(t, resource.TestCase{ @@ -549,16 +536,8 @@ func testAccAWSTransferServer_updateEndpointType_publicToVpc_addressAllocationId Config: testAccAWSTransferServerVpcAddressAllocationIdsConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), - resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eipResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), - resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), - resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), - resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), - resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, { @@ -574,9 +553,6 @@ func testAccAWSTransferServer_updateEndpointType_publicToVpc_addressAllocationId func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" - defaultSecurityGroupResourceName := "aws_default_security_group.test" - vpcEndpointResourceName := "aws_vpc_endpoint.test" - vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") resource.Test(t, resource.TestCase{ @@ -589,27 +565,16 @@ func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc(t *testing.T) Config: testAccAWSTransferServerVpcEndpointConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC_ENDPOINT"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "0"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), - resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_endpoint_id", vpcEndpointResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.vpc_id", ""), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC_ENDPOINT"), ), }, { Config: testAccAWSTransferServerVpcConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), - resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), - resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), - resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, { @@ -625,11 +590,6 @@ func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc(t *testing.T) func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_addressAllocationIds(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" - eipResourceName := "aws_eip.test.0" - defaultSecurityGroupResourceName := "aws_default_security_group.test" - subnetResourceName := "aws_subnet.test" - vpcEndpointResourceName := "aws_vpc_endpoint.test" - vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") resource.Test(t, resource.TestCase{ @@ -644,11 +604,6 @@ func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_addressAllocat testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC_ENDPOINT"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "0"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), - resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_endpoint_id", vpcEndpointResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.vpc_id", ""), ), }, { @@ -657,14 +612,6 @@ func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_addressAllocat testAccCheckAWSTransferServerExists(resourceName, &conf), resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "1"), - resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.address_allocation_ids.*", eipResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), - resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "1"), - resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.subnet_ids.*", subnetResourceName, "id"), - resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), - resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), ), }, { @@ -680,9 +627,6 @@ func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_addressAllocat func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_securityGroupIds(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" - securityGroupResourceName := "aws_security_group.test" - vpcEndpointResourceName := "aws_vpc_endpoint.test" - vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") resource.Test(t, resource.TestCase{ @@ -695,27 +639,16 @@ func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_securityGroupI Config: testAccAWSTransferServerVpcEndpointConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC_ENDPOINT"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "0"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), - resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_endpoint_id", vpcEndpointResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.vpc_id", ""), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC_ENDPOINT"), ), }, { Config: testAccAWSTransferServerVpcSecurityGroupIdsConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), - resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", securityGroupResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), - resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), - resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, { @@ -731,8 +664,6 @@ func testAccAWSTransferServer_updateEndpointType_vpcEndpointToVpc_securityGroupI func testAccAWSTransferServer_updateEndpointType_vpcToPublic(t *testing.T) { var conf transfer.DescribedServer resourceName := "aws_transfer_server.test" - defaultSecurityGroupResourceName := "aws_default_security_group.test" - vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") resource.Test(t, resource.TestCase{ @@ -745,14 +676,8 @@ func testAccAWSTransferServer_updateEndpointType_vpcToPublic(t *testing.T) { Config: testAccAWSTransferServerVpcConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "1"), - resource.TestCheckTypeSetElemAttrPair(resourceName, "endpoint_details.0.security_group_ids.*", defaultSecurityGroupResourceName, "id"), - resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), - resource.TestCheckResourceAttrSet(resourceName, "endpoint_details.0.vpc_endpoint_id"), - resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_id", vpcResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC"), ), }, { @@ -976,13 +901,13 @@ func testAccAWSTransferServer_vpcEndpointId(t *testing.T) { Config: testAccAWSTransferServerVpcEndpointConfig(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSTransferServerExists(resourceName, &conf), - resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC_ENDPOINT"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.#", "1"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.address_allocation_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.security_group_ids.#", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.subnet_ids.#", "0"), resource.TestCheckResourceAttrPair(resourceName, "endpoint_details.0.vpc_endpoint_id", vpcEndpointResourceName, "id"), resource.TestCheckResourceAttr(resourceName, "endpoint_details.0.vpc_id", ""), + resource.TestCheckResourceAttr(resourceName, "endpoint_type", "VPC_ENDPOINT"), ), }, { From 678491c778219987b09c555373d3a8809466aaa9 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 2 Jul 2021 15:32:32 -0400 Subject: [PATCH 45/45] Simplify acceptance test configurations. --- aws/resource_aws_transfer_server.go | 17 ------- aws/resource_aws_transfer_server_test.go | 63 ++++++------------------ 2 files changed, 16 insertions(+), 64 deletions(-) diff --git a/aws/resource_aws_transfer_server.go b/aws/resource_aws_transfer_server.go index c04b235b31bf..d388f43f5786 100644 --- a/aws/resource_aws_transfer_server.go +++ b/aws/resource_aws_transfer_server.go @@ -542,23 +542,6 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e return err } - if newEndpointTypeVpc && !oldEndpointTypeVpc { - // Wait for newly provisioned VPC Endpoint to become available. - output, err := finder.ServerByID(conn, d.Id()) - - if err != nil { - return fmt.Errorf("error reading Transfer Server (%s): %w", d.Id(), err) - } - - vpcEndpointID := aws.StringValue(output.EndpointDetails.VpcEndpointId) - - _, err = ec2waiter.VpcEndpointAvailable(meta.(*AWSClient).ec2conn, vpcEndpointID, d.Timeout(schema.TimeoutUpdate)) - - if err != nil { - return fmt.Errorf("error waiting for Transfer Server (%s) VPC Endpoint (%s) to become available: %w", d.Id(), vpcEndpointID, err) - } - } - if len(addressAllocationIDs) > 0 { input := &transfer.UpdateServerInput{ ServerId: aws.String(d.Id()), diff --git a/aws/resource_aws_transfer_server_test.go b/aws/resource_aws_transfer_server_test.go index c1274b96ed90..1bb9ab0d79aa 100644 --- a/aws/resource_aws_transfer_server_test.go +++ b/aws/resource_aws_transfer_server_test.go @@ -1040,6 +1040,16 @@ resource "aws_security_group" "test" { resource "aws_default_security_group" "test" { vpc_id = aws_vpc.test.id } + +resource "aws_eip" "test" { + count = 2 + + vpc = true + + tags = { + Name = %[1]q + } +} `, rName) } @@ -1310,17 +1320,7 @@ resource "aws_transfer_server" "test" { func testAccAWSTransferServerVpcAddressAllocationIdsConfig(rName string) string { return composeConfig( testAccAWSTransferServerConfigBaseVpc(rName), - fmt.Sprintf(` -resource "aws_eip" "test" { - count = 2 - - vpc = true - - tags = { - Name = %[1]q - } -} - + ` resource "aws_transfer_server" "test" { endpoint_type = "VPC" @@ -1330,23 +1330,13 @@ resource "aws_transfer_server" "test" { vpc_id = aws_vpc.test.id } } -`, rName)) +`) } func testAccAWSTransferServerVpcAddressAllocationIdsUpdateConfig(rName string) string { return composeConfig( testAccAWSTransferServerConfigBaseVpc(rName), - fmt.Sprintf(` -resource "aws_eip" "test" { - count = 2 - - vpc = true - - tags = { - Name = %[1]q - } -} - + ` resource "aws_transfer_server" "test" { endpoint_type = "VPC" @@ -1356,23 +1346,13 @@ resource "aws_transfer_server" "test" { vpc_id = aws_vpc.test.id } } -`, rName)) +`) } func testAccAWSTransferServerVpcAddressAllocationIdsSecurityGroupIdsConfig(rName string) string { return composeConfig( testAccAWSTransferServerConfigBaseVpc(rName), - fmt.Sprintf(` -resource "aws_eip" "test" { - count = 2 - - vpc = true - - tags = { - Name = %[1]q - } -} - + ` resource "aws_transfer_server" "test" { endpoint_type = "VPC" @@ -1383,7 +1363,7 @@ resource "aws_transfer_server" "test" { vpc_id = aws_vpc.test.id } } -`, rName)) +`) } func testAccAWSTransferServerVpcAddressAllocationIdsSecurityGroupIdsUpdateConfig(rName string) string { @@ -1398,17 +1378,6 @@ resource "aws_security_group" "test2" { Name = "%[1]s-2" } } - -resource "aws_eip" "test" { - count = 2 - - vpc = true - - tags = { - Name = %[1]q - } -} - resource "aws_transfer_server" "test" { endpoint_type = "VPC"