From cc7b134730f0de784c6297014455d8a8d696bf17 Mon Sep 17 00:00:00 2001 From: Gaylord Mazelier Date: Sat, 9 May 2020 17:42:26 +0200 Subject: [PATCH 01/13] New resource: aws_lakeformation_datalake_settings --- aws/provider.go | 1 + ...rce_aws_lakeformation_datalake_settings.go | 135 ++++++++++++++++++ ...ws_lakeformation_datalake_settings_test.go | 66 +++++++++ 3 files changed, 202 insertions(+) create mode 100644 aws/resource_aws_lakeformation_datalake_settings.go create mode 100644 aws/resource_aws_lakeformation_datalake_settings_test.go diff --git a/aws/provider.go b/aws/provider.go index b67cfbd35dc5..3442f0bba043 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -744,6 +744,7 @@ func Provider() *schema.Provider { "aws_kms_key": resourceAwsKmsKey(), "aws_kms_ciphertext": resourceAwsKmsCiphertext(), "aws_lakeformation_resource": resourceAwsLakeFormationResource(), + "aws_lakeformation_datalake_settings": resourceAwsLakeFormationDataLakeSettings(), "aws_lambda_alias": resourceAwsLambdaAlias(), "aws_lambda_code_signing_config": resourceAwsLambdaCodeSigningConfig(), "aws_lambda_event_source_mapping": resourceAwsLambdaEventSourceMapping(), diff --git a/aws/resource_aws_lakeformation_datalake_settings.go b/aws/resource_aws_lakeformation_datalake_settings.go new file mode 100644 index 000000000000..c708abcef59c --- /dev/null +++ b/aws/resource_aws_lakeformation_datalake_settings.go @@ -0,0 +1,135 @@ +package aws + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/lakeformation" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/helper/validation" +) + +func resourceAwsLakeFormationDataLakeSettings() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsLakeFormationDataLakeSettingsPut, + Update: resourceAwsLakeFormationDataLakeSettingsPut, + Read: resourceAwsLakeFormationDataLakeSettingsRead, + Delete: resourceAwsLakeFormationDataLakeSettingsReset, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "catalog_id": { + Type: schema.TypeString, + ForceNew: true, + Optional: true, + Computed: true, + }, + "admins": { + Type: schema.TypeList, + Required: true, + MinItems: 0, + MaxItems: 10, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.NoZeroValues, + }, + }, + }, + } +} + +func resourceAwsLakeFormationDataLakeSettingsPut(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).lakeformationconn + catalogId := createAwsDataCatalogId(d, meta.(*AWSClient).accountid) + + input := &lakeformation.PutDataLakeSettingsInput{ + CatalogId: aws.String(catalogId), + DataLakeSettings: &lakeformation.DataLakeSettings{ + DataLakeAdmins: expandAdmins(d), + }, + } + + _, err := conn.PutDataLakeSettings(input) + if err != nil { + return fmt.Errorf("Error updating DataLakeSettings: %s", err) + } + + d.SetId(fmt.Sprintf("lakeformation:settings:%s", catalogId)) + d.Set("catalog_id", catalogId) + + return resourceAwsLakeFormationDataLakeSettingsRead(d, meta) +} + +func resourceAwsLakeFormationDataLakeSettingsRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).lakeformationconn + catalogId := d.Get("catalog_id").(string) + + input := &lakeformation.GetDataLakeSettingsInput{ + CatalogId: aws.String(catalogId), + } + + out, err := conn.GetDataLakeSettings(input) + if err != nil { + return fmt.Errorf("Error reading DataLakeSettings: %s", err) + } + + d.Set("catalog_id", catalogId) + if err := d.Set("admins", flattenAdmins(out.DataLakeSettings.DataLakeAdmins)); err != nil { + return fmt.Errorf("Error setting admins from DataLakeSettings: %s", err) + } + // TODO: Add CreateDatabaseDefaultPermissions and CreateTableDefaultPermissions + + return nil +} + +func resourceAwsLakeFormationDataLakeSettingsReset(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).lakeformationconn + catalogId := d.Get("catalog_id").(string) + + input := &lakeformation.PutDataLakeSettingsInput{ + CatalogId: aws.String(catalogId), + DataLakeSettings: &lakeformation.DataLakeSettings{ + DataLakeAdmins: make([]*lakeformation.DataLakePrincipal, 0), + }, + } + + _, err := conn.PutDataLakeSettings(input) + if err != nil { + return fmt.Errorf("Error reseting DataLakeSettings: %s", err) + } + + return nil +} + +func createAwsDataCatalogId(d *schema.ResourceData, accountId string) (catalogId string) { + if inputCatalogId, ok := d.GetOkExists("catalog_id"); ok { + catalogId = inputCatalogId.(string) + } else { + catalogId = accountId + } + return +} + +func expandAdmins(d *schema.ResourceData) []*lakeformation.DataLakePrincipal { + xs := d.Get("admins") + ys := make([]*lakeformation.DataLakePrincipal, len(xs.([]interface{}))) + + for i, x := range xs.([]interface{}) { + ys[i] = &lakeformation.DataLakePrincipal{ + DataLakePrincipalIdentifier: aws.String(x.(string)), + } + } + + return ys +} + +func flattenAdmins(xs []*lakeformation.DataLakePrincipal) []string { + admins := make([]string, len(xs)) + for i, x := range xs { + admins[i] = aws.StringValue(x.DataLakePrincipalIdentifier) + } + + return admins +} diff --git a/aws/resource_aws_lakeformation_datalake_settings_test.go b/aws/resource_aws_lakeformation_datalake_settings_test.go new file mode 100644 index 000000000000..d2ac3b0c5382 --- /dev/null +++ b/aws/resource_aws_lakeformation_datalake_settings_test.go @@ -0,0 +1,66 @@ +package aws + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" +) + +func TestAccAWSLakeFormationDataLakeSettings_basic(t *testing.T) { + callerIdentityName := "data.aws_caller_identity.current" + resourceName := "aws_lakeformation_datalake_settings.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + // TODO: CheckDestroy: testAccCheckAWSLakeFormationDataLakeSettingsDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSLakeFormationDataLakeSettingsConfig_basic, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(callerIdentityName, "account_id", resourceName, "catalog_id"), + resource.TestCheckResourceAttr(resourceName, "admins.#", "1"), + resource.TestCheckResourceAttrPair(callerIdentityName, "arn", resourceName, "admins.0"), + ), + }, + }, + }) +} + +const testAccAWSLakeFormationDataLakeSettingsConfig_basic = ` +data "aws_caller_identity" "current" {} + +resource "aws_lakeformation_datalake_settings" "test" { + admins = ["${data.aws_caller_identity.current.arn}"] +} +` + +func TestAccAWSLakeFormationDataLakeSettings_withCatalogId(t *testing.T) { + callerIdentityName := "data.aws_caller_identity.current" + resourceName := "aws_lakeformation_datalake_settings.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + // TODO: CheckDestroy: testAccCheckAWSLakeFormationDataLakeSettingsDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSLakeFormationDataLakeSettingsConfig_withCatalogId, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(callerIdentityName, "account_id", resourceName, "catalog_id"), + resource.TestCheckResourceAttr(resourceName, "admins.#", "1"), + resource.TestCheckResourceAttrPair(callerIdentityName, "arn", resourceName, "admins.0"), + ), + }, + }, + }) +} + +const testAccAWSLakeFormationDataLakeSettingsConfig_withCatalogId = ` +data "aws_caller_identity" "current" {} + +resource "aws_lakeformation_datalake_settings" "test" { + catalog_id = "${data.aws_caller_identity.current.account_id}" + admins = ["${data.aws_caller_identity.current.arn}"] +} +` From 5220967ecdf02ef8f18988a24072a4559e833c67 Mon Sep 17 00:00:00 2001 From: Gaylord Mazelier Date: Sat, 9 May 2020 19:21:36 +0200 Subject: [PATCH 02/13] Add documentation --- ...eformation_datalake_settings.html.markdown | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 website/docs/r/lakeformation_datalake_settings.html.markdown diff --git a/website/docs/r/lakeformation_datalake_settings.html.markdown b/website/docs/r/lakeformation_datalake_settings.html.markdown new file mode 100644 index 000000000000..9bffac8da532 --- /dev/null +++ b/website/docs/r/lakeformation_datalake_settings.html.markdown @@ -0,0 +1,46 @@ +--- +subcategory: "LakeFormation" +layout: "aws" +page_title: "AWS: aws_lakeformation_datalake_settings" +description: |- + Manages the data lake settings for the current account +--- + +# Resource: aws_lakeformation_datalake_settings + +Manages the data lake settings for the current account. + +## Example Usage + +```hcl +data "aws_iam_user" "existing_user" { + user_name = "an_existing_user_name" +} + +data "aws_iam_role" "existing_role" { + name = "an_existing_role_name" +} + +resource "aws_lakeformation_datalake_settings" "example" { + admins = [ + "${aws_iam_user.existing_user.arn}", + "${aws_iam_user.existing_role.arn}", + ] +} +``` + +## Argument Reference + +The following arguments are required: + +* `admins` – (Required) A list of up to 10 AWS Lake Formation principals (users or roles). + +The following arguments are optional: + +* `catalog_id` – (Optional) The identifier for the Data Catalog. By default, the account ID. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `id` - Resource identifier with the pattern `lakeformation:settings:ACCOUNT_ID`. From c6edb39fe1095af816a32cc2733fdc4d42d56932 Mon Sep 17 00:00:00 2001 From: Gaylord Mazelier Date: Mon, 11 May 2020 09:48:05 +0200 Subject: [PATCH 03/13] Use Lake Formation official spelling --- website/docs/r/lakeformation_datalake_settings.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/lakeformation_datalake_settings.html.markdown b/website/docs/r/lakeformation_datalake_settings.html.markdown index 9bffac8da532..f3971da0eb37 100644 --- a/website/docs/r/lakeformation_datalake_settings.html.markdown +++ b/website/docs/r/lakeformation_datalake_settings.html.markdown @@ -1,5 +1,5 @@ --- -subcategory: "LakeFormation" +subcategory: "Lake Formation" layout: "aws" page_title: "AWS: aws_lakeformation_datalake_settings" description: |- From 33dba2974a55cddb403217f0e6de72b4066c6f51 Mon Sep 17 00:00:00 2001 From: Gaylord Mazelier Date: Wed, 27 May 2020 17:27:49 +0200 Subject: [PATCH 04/13] Remove redundant check --- go.mod | 1 + go.sum | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/go.mod b/go.mod index 597534f085fa..43cd6ff74afe 100644 --- a/go.mod +++ b/go.mod @@ -11,6 +11,7 @@ require ( github.com/hashicorp/go-hclog v0.10.0 // indirect github.com/hashicorp/go-multierror v1.1.0 github.com/hashicorp/go-version v1.2.1 + github.com/hashicorp/terraform-plugin-sdk v1.16.0 // indirect github.com/hashicorp/terraform-plugin-sdk/v2 v2.3.0 github.com/jen20/awspolicyequivalence v1.1.0 github.com/keybase/go-crypto v0.0.0-20161004153544-93f5b35093ba diff --git a/go.sum b/go.sum index 3a28bf9bdf20..f9fbbe068593 100644 --- a/go.sum +++ b/go.sum @@ -59,6 +59,8 @@ github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2 github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= +github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= @@ -162,6 +164,8 @@ github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= @@ -177,6 +181,7 @@ github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= github.com/hashicorp/go-getter v1.4.0/go.mod h1:7qxyCd8rBfcShwsvxgIguu4KbS3l8bUCwg2Umn7RjeY= +github.com/hashicorp/go-getter v1.4.2-0.20200106182914-9813cbd4eb02/go.mod h1:7qxyCd8rBfcShwsvxgIguu4KbS3l8bUCwg2Umn7RjeY= github.com/hashicorp/go-getter v1.5.0 h1:ciWJaeZWSMbc5OiLMpKp40MKFPqO44i0h3uyfXPBkkk= github.com/hashicorp/go-getter v1.5.0/go.mod h1:a7z7NPPfNQpJWcn4rSWFtdrSldqLdLPEF3d8nFMsSLM= github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= @@ -194,22 +199,34 @@ github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b github.com/hashicorp/go-uuid v1.0.1 h1:fv1ep09latC32wFoVwnqcnKJGnMSdBanPczbHAYm1BE= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI= github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f h1:UdxlrJz4JOnY8W+DbLISwf2B8WXEolNRA8BGCwI9jws= +github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= +github.com/hashicorp/hcl/v2 v2.0.0/go.mod h1:oVVDG71tEinNGYCxinCYadcmKU9bglqW9pV3txagJ90= github.com/hashicorp/hcl/v2 v2.3.0 h1:iRly8YaMwTBAKhn1Ybk7VSdzbnopghktCD031P8ggUE= github.com/hashicorp/hcl/v2 v2.3.0/go.mod h1:d+FwDBbOLvpAM3Z6J7gPj/VoAGkNe/gm352ZhjJ/Zv8= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= +github.com/hashicorp/terraform-config-inspect v0.0.0-20191115094559-17f92b0546e8 h1:+RyjwU+Gnd/aTJBPZVDNm903eXVjjqhbaR4Ypx3xYyY= +github.com/hashicorp/terraform-config-inspect v0.0.0-20191115094559-17f92b0546e8/go.mod h1:p+ivJws3dpqbp1iP84+npOyAmTTOLMgCzrXd3GSdn/A= github.com/hashicorp/terraform-exec v0.10.0 h1:3nh/1e3u9gYRUQGOKWp/8wPR7ABlL2F14sZMZBrp+dM= github.com/hashicorp/terraform-exec v0.10.0/go.mod h1:tOT8j1J8rP05bZBGWXfMyU3HkLi1LWyqL3Bzsc3CJjo= github.com/hashicorp/terraform-json v0.5.0 h1:7TV3/F3y7QVSuN4r9BEXqnWqrAyeOtON8f0wvREtyzs= github.com/hashicorp/terraform-json v0.5.0/go.mod h1:eAbqb4w0pSlRmdvl8fOyHAi/+8jnkVYN28gJkSJrLhU= github.com/hashicorp/terraform-plugin-go v0.1.0 h1:kyXZ0nkHxiRev/q18N40IbRRk4AV0zE/MDJkDM3u8dY= github.com/hashicorp/terraform-plugin-go v0.1.0/go.mod h1:10V6F3taeDWVAoLlkmArKttR3IULlRWFAGtQIQTIDr4= +github.com/hashicorp/terraform-plugin-sdk v1.16.0 h1:NrkXMRjHErUPPTHQkZ6JIn6bByiJzGnlJzH1rVdNEuE= +github.com/hashicorp/terraform-plugin-sdk v1.16.0/go.mod h1:5sVxrwW6/xzFhZyql+Q9zXCUEJaGWcBIxBbZFLpVXOI= github.com/hashicorp/terraform-plugin-sdk/v2 v2.3.0 h1:Egv+R1tOOjPNz643KBTx3tLT6RdFGGYJcZlyLvrPcEU= github.com/hashicorp/terraform-plugin-sdk/v2 v2.3.0/go.mod h1:+12dJQebYjuU/yiq94iZUPuC66abfRBrXdpVJia3ojk= +github.com/hashicorp/terraform-plugin-test/v2 v2.1.2 h1:p96IIn+XpvVjw7AtN8y9MKxn0x69S7wtbGf7JgDJoIk= +github.com/hashicorp/terraform-plugin-test/v2 v2.1.2/go.mod h1:jerO5mrd+jVNALy8aiq+VZOg/CR8T2T1QR3jd6JKGOI= +github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596 h1:hjyO2JsNZUKT1ym+FAdlBEkGPevazYsmVgIMw7dVELg= +github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= @@ -249,11 +266,13 @@ github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LE github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.7 h1:bQGKb3vps/j0E9GfJQ03JyhRuxsvdAanXlT9BTw3mdw= github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= @@ -262,6 +281,8 @@ github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Ky github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mitchellh/cli v1.1.1 h1:J64v/xD7Clql+JVKSvkYojLOXu1ibnY9ZjGLwSt/89w= github.com/mitchellh/cli v1.1.1/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= +github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ= +github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= @@ -293,6 +314,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= +github.com/posener/complete v1.2.1 h1:LrvDIY//XNo65Lq84G/akBuMGlawHvGBABv8f/ZN6DI= +github.com/posener/complete v1.2.1/go.mod h1:6gapUrK/U1TAN7ciCoNRIdVC5sbdBTUh1DKN0g6uH7E= github.com/pquerna/otp v1.3.0 h1:oJV/SkzR33anKXwQU3Of42rL4wbrffP4uvUf1SvS5Xs= github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -300,7 +323,10 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc= +github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= @@ -309,9 +335,11 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= +github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/ulikunitz/xz v0.5.8 h1:ERv8V6GKqVi23rgu5cj9pVfVzJbOqAY2Ntl88O6c2nQ= github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= +github.com/vmihailenco/msgpack v4.0.1+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70= @@ -319,9 +347,13 @@ github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0B github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/zclconf/go-cty v1.0.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= +github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= github.com/zclconf/go-cty v1.2.1 h1:vGMsygfmeCl4Xb6OA5U5XVAaQZ69FvoG7X2jUtQujb8= github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= +github.com/zclconf/go-cty-yaml v1.0.1 h1:up11wlgAaDvlAGENcFDnZgkn0qUJurso7k6EpURKNF8= +github.com/zclconf/go-cty-yaml v1.0.1/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -383,6 +415,7 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191009170851-d66e71096ffb/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= From 07aa5973365e49dde07d19290694cedd6858b474 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Tue, 15 Dec 2020 18:31:06 -0500 Subject: [PATCH 05/13] resource/lakeformation_data_lake_settings: Upgrade to plugin v2 --- aws/resource_aws_lakeformation_datalake_settings.go | 4 ++-- aws/resource_aws_lakeformation_datalake_settings_test.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/aws/resource_aws_lakeformation_datalake_settings.go b/aws/resource_aws_lakeformation_datalake_settings.go index c708abcef59c..2fe3f3cbff36 100644 --- a/aws/resource_aws_lakeformation_datalake_settings.go +++ b/aws/resource_aws_lakeformation_datalake_settings.go @@ -5,8 +5,8 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/lakeformation" - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/helper/validation" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) func resourceAwsLakeFormationDataLakeSettings() *schema.Resource { diff --git a/aws/resource_aws_lakeformation_datalake_settings_test.go b/aws/resource_aws_lakeformation_datalake_settings_test.go index d2ac3b0c5382..bdc3e3b9bf23 100644 --- a/aws/resource_aws_lakeformation_datalake_settings_test.go +++ b/aws/resource_aws_lakeformation_datalake_settings_test.go @@ -3,7 +3,7 @@ package aws import ( "testing" - "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" ) func TestAccAWSLakeFormationDataLakeSettings_basic(t *testing.T) { From 394016d330d8c30eb0647a1509f2b5ef80da95c6 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Tue, 15 Dec 2020 18:39:08 -0500 Subject: [PATCH 06/13] resource/lakeformation_data_lake_settings: Rename 'datalake' to 'data lake' --- aws/provider.go | 2 +- ...o => resource_aws_lakeformation_data_lake_settings.go} | 0 ...resource_aws_lakeformation_data_lake_settings_test.go} | 8 ++++---- ...own => lakeformation_data_lake_settings.html.markdown} | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) rename aws/{resource_aws_lakeformation_datalake_settings.go => resource_aws_lakeformation_data_lake_settings.go} (100%) rename aws/{resource_aws_lakeformation_datalake_settings_test.go => resource_aws_lakeformation_data_lake_settings_test.go} (89%) rename website/docs/r/{lakeformation_datalake_settings.html.markdown => lakeformation_data_lake_settings.html.markdown} (85%) diff --git a/aws/provider.go b/aws/provider.go index 3442f0bba043..88299f99f2f1 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -743,8 +743,8 @@ func Provider() *schema.Provider { "aws_kms_grant": resourceAwsKmsGrant(), "aws_kms_key": resourceAwsKmsKey(), "aws_kms_ciphertext": resourceAwsKmsCiphertext(), + "aws_lakeformation_data_lake_settings": resourceAwsLakeFormationDataLakeSettings(), "aws_lakeformation_resource": resourceAwsLakeFormationResource(), - "aws_lakeformation_datalake_settings": resourceAwsLakeFormationDataLakeSettings(), "aws_lambda_alias": resourceAwsLambdaAlias(), "aws_lambda_code_signing_config": resourceAwsLambdaCodeSigningConfig(), "aws_lambda_event_source_mapping": resourceAwsLambdaEventSourceMapping(), diff --git a/aws/resource_aws_lakeformation_datalake_settings.go b/aws/resource_aws_lakeformation_data_lake_settings.go similarity index 100% rename from aws/resource_aws_lakeformation_datalake_settings.go rename to aws/resource_aws_lakeformation_data_lake_settings.go diff --git a/aws/resource_aws_lakeformation_datalake_settings_test.go b/aws/resource_aws_lakeformation_data_lake_settings_test.go similarity index 89% rename from aws/resource_aws_lakeformation_datalake_settings_test.go rename to aws/resource_aws_lakeformation_data_lake_settings_test.go index bdc3e3b9bf23..e13ae09f8d20 100644 --- a/aws/resource_aws_lakeformation_datalake_settings_test.go +++ b/aws/resource_aws_lakeformation_data_lake_settings_test.go @@ -8,7 +8,7 @@ import ( func TestAccAWSLakeFormationDataLakeSettings_basic(t *testing.T) { callerIdentityName := "data.aws_caller_identity.current" - resourceName := "aws_lakeformation_datalake_settings.test" + resourceName := "aws_lakeformation_data_lake_settings.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -30,14 +30,14 @@ func TestAccAWSLakeFormationDataLakeSettings_basic(t *testing.T) { const testAccAWSLakeFormationDataLakeSettingsConfig_basic = ` data "aws_caller_identity" "current" {} -resource "aws_lakeformation_datalake_settings" "test" { +resource "aws_lakeformation_data_lake_settings" "test" { admins = ["${data.aws_caller_identity.current.arn}"] } ` func TestAccAWSLakeFormationDataLakeSettings_withCatalogId(t *testing.T) { callerIdentityName := "data.aws_caller_identity.current" - resourceName := "aws_lakeformation_datalake_settings.test" + resourceName := "aws_lakeformation_data_lake_settings.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -59,7 +59,7 @@ func TestAccAWSLakeFormationDataLakeSettings_withCatalogId(t *testing.T) { const testAccAWSLakeFormationDataLakeSettingsConfig_withCatalogId = ` data "aws_caller_identity" "current" {} -resource "aws_lakeformation_datalake_settings" "test" { +resource "aws_lakeformation_data_lake_settings" "test" { catalog_id = "${data.aws_caller_identity.current.account_id}" admins = ["${data.aws_caller_identity.current.arn}"] } diff --git a/website/docs/r/lakeformation_datalake_settings.html.markdown b/website/docs/r/lakeformation_data_lake_settings.html.markdown similarity index 85% rename from website/docs/r/lakeformation_datalake_settings.html.markdown rename to website/docs/r/lakeformation_data_lake_settings.html.markdown index f3971da0eb37..8717673330cd 100644 --- a/website/docs/r/lakeformation_datalake_settings.html.markdown +++ b/website/docs/r/lakeformation_data_lake_settings.html.markdown @@ -1,12 +1,12 @@ --- subcategory: "Lake Formation" layout: "aws" -page_title: "AWS: aws_lakeformation_datalake_settings" +page_title: "AWS: aws_lakeformation_data_lake_settings" description: |- Manages the data lake settings for the current account --- -# Resource: aws_lakeformation_datalake_settings +# Resource: aws_lakeformation_data_lake_settings Manages the data lake settings for the current account. @@ -21,7 +21,7 @@ data "aws_iam_role" "existing_role" { name = "an_existing_role_name" } -resource "aws_lakeformation_datalake_settings" "example" { +resource "aws_lakeformation_data_lake_settings" "example" { admins = [ "${aws_iam_user.existing_user.arn}", "${aws_iam_user.existing_role.arn}", From f6113ed0c964043d0620c676d5ec030b2e020baf Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Tue, 15 Dec 2020 18:43:45 -0500 Subject: [PATCH 07/13] resource/lakeformation_data_lake_settings: Remove go.mod, go.sum from PR --- go.mod | 1 - go.sum | 33 --------------------------------- 2 files changed, 34 deletions(-) diff --git a/go.mod b/go.mod index 43cd6ff74afe..597534f085fa 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,6 @@ require ( github.com/hashicorp/go-hclog v0.10.0 // indirect github.com/hashicorp/go-multierror v1.1.0 github.com/hashicorp/go-version v1.2.1 - github.com/hashicorp/terraform-plugin-sdk v1.16.0 // indirect github.com/hashicorp/terraform-plugin-sdk/v2 v2.3.0 github.com/jen20/awspolicyequivalence v1.1.0 github.com/keybase/go-crypto v0.0.0-20161004153544-93f5b35093ba diff --git a/go.sum b/go.sum index f9fbbe068593..3a28bf9bdf20 100644 --- a/go.sum +++ b/go.sum @@ -59,8 +59,6 @@ github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2 github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= -github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= @@ -164,8 +162,6 @@ github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= @@ -181,7 +177,6 @@ github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= github.com/hashicorp/go-getter v1.4.0/go.mod h1:7qxyCd8rBfcShwsvxgIguu4KbS3l8bUCwg2Umn7RjeY= -github.com/hashicorp/go-getter v1.4.2-0.20200106182914-9813cbd4eb02/go.mod h1:7qxyCd8rBfcShwsvxgIguu4KbS3l8bUCwg2Umn7RjeY= github.com/hashicorp/go-getter v1.5.0 h1:ciWJaeZWSMbc5OiLMpKp40MKFPqO44i0h3uyfXPBkkk= github.com/hashicorp/go-getter v1.5.0/go.mod h1:a7z7NPPfNQpJWcn4rSWFtdrSldqLdLPEF3d8nFMsSLM= github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= @@ -199,34 +194,22 @@ github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b github.com/hashicorp/go-uuid v1.0.1 h1:fv1ep09latC32wFoVwnqcnKJGnMSdBanPczbHAYm1BE= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI= github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f h1:UdxlrJz4JOnY8W+DbLISwf2B8WXEolNRA8BGCwI9jws= -github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= -github.com/hashicorp/hcl/v2 v2.0.0/go.mod h1:oVVDG71tEinNGYCxinCYadcmKU9bglqW9pV3txagJ90= github.com/hashicorp/hcl/v2 v2.3.0 h1:iRly8YaMwTBAKhn1Ybk7VSdzbnopghktCD031P8ggUE= github.com/hashicorp/hcl/v2 v2.3.0/go.mod h1:d+FwDBbOLvpAM3Z6J7gPj/VoAGkNe/gm352ZhjJ/Zv8= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/terraform-config-inspect v0.0.0-20191115094559-17f92b0546e8 h1:+RyjwU+Gnd/aTJBPZVDNm903eXVjjqhbaR4Ypx3xYyY= -github.com/hashicorp/terraform-config-inspect v0.0.0-20191115094559-17f92b0546e8/go.mod h1:p+ivJws3dpqbp1iP84+npOyAmTTOLMgCzrXd3GSdn/A= github.com/hashicorp/terraform-exec v0.10.0 h1:3nh/1e3u9gYRUQGOKWp/8wPR7ABlL2F14sZMZBrp+dM= github.com/hashicorp/terraform-exec v0.10.0/go.mod h1:tOT8j1J8rP05bZBGWXfMyU3HkLi1LWyqL3Bzsc3CJjo= github.com/hashicorp/terraform-json v0.5.0 h1:7TV3/F3y7QVSuN4r9BEXqnWqrAyeOtON8f0wvREtyzs= github.com/hashicorp/terraform-json v0.5.0/go.mod h1:eAbqb4w0pSlRmdvl8fOyHAi/+8jnkVYN28gJkSJrLhU= github.com/hashicorp/terraform-plugin-go v0.1.0 h1:kyXZ0nkHxiRev/q18N40IbRRk4AV0zE/MDJkDM3u8dY= github.com/hashicorp/terraform-plugin-go v0.1.0/go.mod h1:10V6F3taeDWVAoLlkmArKttR3IULlRWFAGtQIQTIDr4= -github.com/hashicorp/terraform-plugin-sdk v1.16.0 h1:NrkXMRjHErUPPTHQkZ6JIn6bByiJzGnlJzH1rVdNEuE= -github.com/hashicorp/terraform-plugin-sdk v1.16.0/go.mod h1:5sVxrwW6/xzFhZyql+Q9zXCUEJaGWcBIxBbZFLpVXOI= github.com/hashicorp/terraform-plugin-sdk/v2 v2.3.0 h1:Egv+R1tOOjPNz643KBTx3tLT6RdFGGYJcZlyLvrPcEU= github.com/hashicorp/terraform-plugin-sdk/v2 v2.3.0/go.mod h1:+12dJQebYjuU/yiq94iZUPuC66abfRBrXdpVJia3ojk= -github.com/hashicorp/terraform-plugin-test/v2 v2.1.2 h1:p96IIn+XpvVjw7AtN8y9MKxn0x69S7wtbGf7JgDJoIk= -github.com/hashicorp/terraform-plugin-test/v2 v2.1.2/go.mod h1:jerO5mrd+jVNALy8aiq+VZOg/CR8T2T1QR3jd6JKGOI= -github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596 h1:hjyO2JsNZUKT1ym+FAdlBEkGPevazYsmVgIMw7dVELg= -github.com/hashicorp/terraform-svchost v0.0.0-20191011084731-65d371908596/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= @@ -266,13 +249,11 @@ github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LE github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.7 h1:bQGKb3vps/j0E9GfJQ03JyhRuxsvdAanXlT9BTw3mdw= github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= @@ -281,8 +262,6 @@ github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Ky github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mitchellh/cli v1.1.1 h1:J64v/xD7Clql+JVKSvkYojLOXu1ibnY9ZjGLwSt/89w= github.com/mitchellh/cli v1.1.1/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= -github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ= -github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= @@ -314,8 +293,6 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/posener/complete v1.2.1 h1:LrvDIY//XNo65Lq84G/akBuMGlawHvGBABv8f/ZN6DI= -github.com/posener/complete v1.2.1/go.mod h1:6gapUrK/U1TAN7ciCoNRIdVC5sbdBTUh1DKN0g6uH7E= github.com/pquerna/otp v1.3.0 h1:oJV/SkzR33anKXwQU3Of42rL4wbrffP4uvUf1SvS5Xs= github.com/pquerna/otp v1.3.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -323,10 +300,7 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= @@ -335,11 +309,9 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= -github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/ulikunitz/xz v0.5.8 h1:ERv8V6GKqVi23rgu5cj9pVfVzJbOqAY2Ntl88O6c2nQ= github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= -github.com/vmihailenco/msgpack v4.0.1+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70= @@ -347,13 +319,9 @@ github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0B github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/zclconf/go-cty v1.0.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= -github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= github.com/zclconf/go-cty v1.2.1 h1:vGMsygfmeCl4Xb6OA5U5XVAaQZ69FvoG7X2jUtQujb8= github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= -github.com/zclconf/go-cty-yaml v1.0.1 h1:up11wlgAaDvlAGENcFDnZgkn0qUJurso7k6EpURKNF8= -github.com/zclconf/go-cty-yaml v1.0.1/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -415,7 +383,6 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191009170851-d66e71096ffb/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= From 2f34f0bfaf5fede3edfa012bf5627a34a8b3675d Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Wed, 16 Dec 2020 16:15:24 -0500 Subject: [PATCH 08/13] resource/lakeformation_data_lake_settings: Add arguments, tests --- ...ce_aws_lakeformation_data_lake_settings.go | 298 +++++++++++++++--- ...s_lakeformation_data_lake_settings_test.go | 167 ++++++++-- ...formation_data_lake_settings.html.markdown | 62 +++- 3 files changed, 435 insertions(+), 92 deletions(-) diff --git a/aws/resource_aws_lakeformation_data_lake_settings.go b/aws/resource_aws_lakeformation_data_lake_settings.go index 2fe3f3cbff36..7dbde07ffdd5 100644 --- a/aws/resource_aws_lakeformation_data_lake_settings.go +++ b/aws/resource_aws_lakeformation_data_lake_settings.go @@ -2,19 +2,22 @@ package aws import ( "fmt" + "log" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/lakeformation" + "github.com/hashicorp/aws-sdk-go-base/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/terraform-providers/terraform-provider-aws/aws/internal/hashcode" ) func resourceAwsLakeFormationDataLakeSettings() *schema.Resource { return &schema.Resource{ - Create: resourceAwsLakeFormationDataLakeSettingsPut, - Update: resourceAwsLakeFormationDataLakeSettingsPut, + Create: resourceAwsLakeFormationDataLakeSettingsCreate, + Update: resourceAwsLakeFormationDataLakeSettingsCreate, Read: resourceAwsLakeFormationDataLakeSettingsRead, - Delete: resourceAwsLakeFormationDataLakeSettingsReset, + Delete: resourceAwsLakeFormationDataLakeSettingsDelete, Importer: &schema.ResourceImporter{ State: schema.ImportStatePassthrough, }, @@ -22,114 +25,307 @@ func resourceAwsLakeFormationDataLakeSettings() *schema.Resource { Schema: map[string]*schema.Schema{ "catalog_id": { Type: schema.TypeString, + Computed: true, ForceNew: true, Optional: true, + }, + "create_database_default_permissions": { + Type: schema.TypeList, + Computed: true, + Optional: true, + MaxItems: 3, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "permissions": { + Type: schema.TypeSet, + Optional: true, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringInSlice(lakeformation.Permission_Values(), false), + }, + }, + "principal": { + Type: schema.TypeString, + Optional: true, + Computed: true, + //ValidateFunc: validateArn, + }, + }, + }, + }, + "create_table_default_permissions": { + Type: schema.TypeList, + Computed: true, + Optional: true, + MaxItems: 3, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "permissions": { + Type: schema.TypeSet, + Optional: true, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringInSlice(lakeformation.Permission_Values(), false), + }, + }, + "principal": { + Type: schema.TypeString, + Optional: true, + Computed: true, + //ValidateFunc: validateArn, + }, + }, + }, + }, + "data_lake_admins": { + Type: schema.TypeList, Computed: true, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validateArn, + }, }, - "admins": { + "trusted_resource_owners": { Type: schema.TypeList, - Required: true, - MinItems: 0, - MaxItems: 10, + Computed: true, + Optional: true, Elem: &schema.Schema{ Type: schema.TypeString, - ValidateFunc: validation.NoZeroValues, + ValidateFunc: validateAwsAccountId, }, }, }, } } -func resourceAwsLakeFormationDataLakeSettingsPut(d *schema.ResourceData, meta interface{}) error { +func resourceAwsLakeFormationDataLakeSettingsCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).lakeformationconn - catalogId := createAwsDataCatalogId(d, meta.(*AWSClient).accountid) - input := &lakeformation.PutDataLakeSettingsInput{ - CatalogId: aws.String(catalogId), - DataLakeSettings: &lakeformation.DataLakeSettings{ - DataLakeAdmins: expandAdmins(d), - }, + if err := resourceAwsLakeFormationDataLakeSettingsAdminUpdate(d, meta); err != nil { + return fmt.Errorf("error updating Lake Formation data lake admins: %w", err) } - _, err := conn.PutDataLakeSettings(input) + input := &lakeformation.PutDataLakeSettingsInput{} + + if v, ok := d.GetOk("catalog_id"); ok { + input.CatalogId = aws.String(v.(string)) + } + + settings := &lakeformation.DataLakeSettings{} + + if v, ok := d.GetOk("create_database_default_permissions"); ok { + settings.CreateDatabaseDefaultPermissions = expandDataLakeSettingsCreateDefaultPermissions(v.([]interface{})) + } + + if v, ok := d.GetOk("create_table_default_permissions"); ok { + settings.CreateTableDefaultPermissions = expandDataLakeSettingsCreateDefaultPermissions(v.([]interface{})) + } + + if v, ok := d.GetOk("data_lake_admins"); ok { + settings.DataLakeAdmins = expandDataLakeSettingsAdmins(v.([]interface{})) + } + + if v, ok := d.GetOk("trusted_resource_owners"); ok { + settings.TrustedResourceOwners = expandStringList(v.([]interface{})) + } + + input.DataLakeSettings = settings + output, err := conn.PutDataLakeSettings(input) + if err != nil { - return fmt.Errorf("Error updating DataLakeSettings: %s", err) + return fmt.Errorf("error creating Lake Formation data lake settings: %w", err) } - d.SetId(fmt.Sprintf("lakeformation:settings:%s", catalogId)) - d.Set("catalog_id", catalogId) + if output == nil { + return fmt.Errorf("error creating Lake Formation data lake settings: empty response") + } + + d.SetId(fmt.Sprintf("%d", hashcode.String(input.String()))) return resourceAwsLakeFormationDataLakeSettingsRead(d, meta) } func resourceAwsLakeFormationDataLakeSettingsRead(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).lakeformationconn - catalogId := d.Get("catalog_id").(string) - input := &lakeformation.GetDataLakeSettingsInput{ - CatalogId: aws.String(catalogId), + input := &lakeformation.GetDataLakeSettingsInput{} + + if v, ok := d.GetOk("catalog_id"); ok { + input.CatalogId = aws.String(v.(string)) + } + + output, err := conn.GetDataLakeSettings(input) + + if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeEntityNotFoundException) { + log.Printf("[WARN] Lake Formation data lake settings (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil } - out, err := conn.GetDataLakeSettings(input) if err != nil { - return fmt.Errorf("Error reading DataLakeSettings: %s", err) + return fmt.Errorf("error reading Lake Formation data lake settings (%s): %w", d.Id(), err) } - d.Set("catalog_id", catalogId) - if err := d.Set("admins", flattenAdmins(out.DataLakeSettings.DataLakeAdmins)); err != nil { - return fmt.Errorf("Error setting admins from DataLakeSettings: %s", err) + if output == nil || output.DataLakeSettings == nil { + return fmt.Errorf("error reading Lake Formation data lake settings (%s): empty response", d.Id()) } - // TODO: Add CreateDatabaseDefaultPermissions and CreateTableDefaultPermissions + + settings := output.DataLakeSettings + + if settings.CreateDatabaseDefaultPermissions != nil { + d.Set("create_database_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateDatabaseDefaultPermissions)) + } else { + d.Set("create_database_default_permissions", nil) + } + + if settings.CreateTableDefaultPermissions != nil { + d.Set("create_table_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateTableDefaultPermissions)) + } else { + d.Set("create_table_default_permissions", nil) + } + + d.Set("data_lake_admins", flattenDataLakeSettingsAdmins(settings.DataLakeAdmins)) + d.Set("trusted_resource_owners", flattenStringList(settings.TrustedResourceOwners)) return nil } -func resourceAwsLakeFormationDataLakeSettingsReset(d *schema.ResourceData, meta interface{}) error { +func resourceAwsLakeFormationDataLakeSettingsDelete(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).lakeformationconn - catalogId := d.Get("catalog_id").(string) input := &lakeformation.PutDataLakeSettingsInput{ - CatalogId: aws.String(catalogId), DataLakeSettings: &lakeformation.DataLakeSettings{ - DataLakeAdmins: make([]*lakeformation.DataLakePrincipal, 0), + CreateDatabaseDefaultPermissions: make([]*lakeformation.PrincipalPermissions, 0), + CreateTableDefaultPermissions: make([]*lakeformation.PrincipalPermissions, 0), + DataLakeAdmins: make([]*lakeformation.DataLakePrincipal, 0), + TrustedResourceOwners: make([]*string, 0), }, } + if v, ok := d.GetOk("catalog_id"); ok { + input.CatalogId = aws.String(v.(string)) + } + _, err := conn.PutDataLakeSettings(input) + + if tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeEntityNotFoundException) { + log.Printf("[WARN] Lake Formation data lake settings (%s) not found, removing from state", d.Id()) + return nil + } + if err != nil { - return fmt.Errorf("Error reseting DataLakeSettings: %s", err) + return fmt.Errorf("error deleting Lake Formation data lake settings (%s): %w", d.Id(), err) } return nil } -func createAwsDataCatalogId(d *schema.ResourceData, accountId string) (catalogId string) { - if inputCatalogId, ok := d.GetOkExists("catalog_id"); ok { - catalogId = inputCatalogId.(string) - } else { - catalogId = accountId +func resourceAwsLakeFormationDataLakeSettingsAdminUpdate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).lakeformationconn + + if v, ok := d.GetOk("data_lake_admins"); ok { + input := &lakeformation.PutDataLakeSettingsInput{} + + if v, ok := d.GetOk("catalog_id"); ok { + input.CatalogId = aws.String(v.(string)) + } + + settings := &lakeformation.DataLakeSettings{} + settings.DataLakeAdmins = expandDataLakeSettingsAdmins(v.([]interface{})) + + input.DataLakeSettings = settings + output, err := conn.PutDataLakeSettings(input) + + if err != nil { + return err + } + + if output == nil { + return fmt.Errorf("empty response") + } } - return + + return nil } -func expandAdmins(d *schema.ResourceData) []*lakeformation.DataLakePrincipal { - xs := d.Get("admins") - ys := make([]*lakeformation.DataLakePrincipal, len(xs.([]interface{}))) +func expandDataLakeSettingsCreateDefaultPermissions(tfMaps []interface{}) []*lakeformation.PrincipalPermissions { + apiObjects := make([]*lakeformation.PrincipalPermissions, 0, len(tfMaps)) + + for _, tfMap := range tfMaps { + apiObjects = append(apiObjects, expandDataLakeSettingsCreateDefaultPermission(tfMap.(map[string]interface{}))) + } + + return apiObjects +} - for i, x := range xs.([]interface{}) { - ys[i] = &lakeformation.DataLakePrincipal{ - DataLakePrincipalIdentifier: aws.String(x.(string)), +func expandDataLakeSettingsCreateDefaultPermission(tfMap map[string]interface{}) *lakeformation.PrincipalPermissions { + apiObject := &lakeformation.PrincipalPermissions{ + Permissions: expandStringSet(tfMap["permissions"].(*schema.Set)), + Principal: &lakeformation.DataLakePrincipal{ + DataLakePrincipalIdentifier: aws.String(tfMap["principal"].(string)), + }, + } + + return apiObject +} + +func flattenDataLakeSettingsCreateDefaultPermissions(apiObjects []*lakeformation.PrincipalPermissions) []map[string]interface{} { + tfMaps := make([]map[string]interface{}, len(apiObjects)) + if len(apiObjects) > 0 { + for i, v := range apiObjects { + tfMaps[i] = flattenDataLakeSettingsCreateDefaultPermission(v) } } - return ys + return tfMaps } -func flattenAdmins(xs []*lakeformation.DataLakePrincipal) []string { - admins := make([]string, len(xs)) - for i, x := range xs { - admins[i] = aws.StringValue(x.DataLakePrincipalIdentifier) +func flattenDataLakeSettingsCreateDefaultPermission(apiObject *lakeformation.PrincipalPermissions) map[string]interface{} { + tfMap := make(map[string]interface{}) + + if apiObject == nil { + return tfMap + } + + if apiObject.Permissions != nil { + tfMap["permissions"] = flattenStringSet(apiObject.Permissions) + } + + if v := aws.StringValue(apiObject.Principal.DataLakePrincipalIdentifier); v != "" { + tfMap["principal"] = v + } + + return tfMap +} + +func expandDataLakeSettingsAdmins(tfSlice []interface{}) []*lakeformation.DataLakePrincipal { + apiObjects := make([]*lakeformation.DataLakePrincipal, 0, len(tfSlice)) + + for _, tfItem := range tfSlice { + val, ok := tfItem.(string) + if ok && val != "" { + apiObjects = append(apiObjects, &lakeformation.DataLakePrincipal{ + DataLakePrincipalIdentifier: aws.String(tfItem.(string)), + }) + } + } + + return apiObjects +} + +func flattenDataLakeSettingsAdmins(apiObjects []*lakeformation.DataLakePrincipal) []interface{} { + if apiObjects == nil || len(apiObjects) == 0 { + return nil + } + + tfSlice := make([]interface{}, 0, len(apiObjects)) + + for _, apiObject := range apiObjects { + tfSlice = append(tfSlice, *apiObject.DataLakePrincipalIdentifier) } - return admins + return tfSlice } diff --git a/aws/resource_aws_lakeformation_data_lake_settings_test.go b/aws/resource_aws_lakeformation_data_lake_settings_test.go index e13ae09f8d20..dd32823a87dc 100644 --- a/aws/resource_aws_lakeformation_data_lake_settings_test.go +++ b/aws/resource_aws_lakeformation_data_lake_settings_test.go @@ -1,66 +1,183 @@ package aws import ( + "fmt" "testing" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/lakeformation" + "github.com/hashicorp/aws-sdk-go-base/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" ) -func TestAccAWSLakeFormationDataLakeSettings_basic(t *testing.T) { +func TestAccAWSLakeFormationDataLakeSettings_serial(t *testing.T) { + testCases := map[string]map[string]func(t *testing.T){ + "ResourcePolicy": { + "basic": testAccAWSLakeFormationDataLakeSettings_basic, + "disappears": testAccAWSLakeFormationDataLakeSettings_disappears, + "withoutCatalogId": testAccAWSLakeFormationDataLakeSettings_withoutCatalogId, + }, + } + + for group, m := range testCases { + m := m + t.Run(group, func(t *testing.T) { + for name, tc := range m { + tc := tc + t.Run(name, func(t *testing.T) { + tc(t) + }) + } + }) + } +} + +func testAccAWSLakeFormationDataLakeSettings_basic(t *testing.T) { callerIdentityName := "data.aws_caller_identity.current" resourceName := "aws_lakeformation_data_lake_settings.test" - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - // TODO: CheckDestroy: testAccCheckAWSLakeFormationDataLakeSettingsDestroy, + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPartitionHasServicePreCheck(lakeformation.EndpointsID, t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSLakeFormationDataLakeSettingsDestroy, Steps: []resource.TestStep{ { Config: testAccAWSLakeFormationDataLakeSettingsConfig_basic, Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttrPair(callerIdentityName, "account_id", resourceName, "catalog_id"), - resource.TestCheckResourceAttr(resourceName, "admins.#", "1"), - resource.TestCheckResourceAttrPair(callerIdentityName, "arn", resourceName, "admins.0"), + testAccCheckAWSLakeFormationDataLakeSettingsExists(resourceName), + resource.TestCheckResourceAttrPair(resourceName, "catalog_id", callerIdentityName, "account_id"), + resource.TestCheckResourceAttr(resourceName, "data_lake_admins.#", "1"), + resource.TestCheckResourceAttrPair(resourceName, "data_lake_admins.0", callerIdentityName, "arn"), ), }, }, }) } -const testAccAWSLakeFormationDataLakeSettingsConfig_basic = ` -data "aws_caller_identity" "current" {} +func testAccAWSLakeFormationDataLakeSettings_disappears(t *testing.T) { + resourceName := "aws_lakeformation_data_lake_settings.test" -resource "aws_lakeformation_data_lake_settings" "test" { - admins = ["${data.aws_caller_identity.current.arn}"] + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPartitionHasServicePreCheck(lakeformation.EndpointsID, t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSLakeFormationDataLakeSettingsDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSLakeFormationDataLakeSettingsConfig_basic, + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSLakeFormationDataLakeSettingsExists(resourceName), + testAccCheckResourceDisappears(testAccProvider, resourceAwsLakeFormationDataLakeSettings(), resourceName), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) } -` -func TestAccAWSLakeFormationDataLakeSettings_withCatalogId(t *testing.T) { +func testAccAWSLakeFormationDataLakeSettings_withoutCatalogId(t *testing.T) { callerIdentityName := "data.aws_caller_identity.current" resourceName := "aws_lakeformation_data_lake_settings.test" - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - // TODO: CheckDestroy: testAccCheckAWSLakeFormationDataLakeSettingsDestroy, + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSLakeFormationDataLakeSettingsDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSLakeFormationDataLakeSettingsConfig_withCatalogId, + Config: testAccAWSLakeFormationDataLakeSettingsConfig_withoutCatalogId, Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttrPair(callerIdentityName, "account_id", resourceName, "catalog_id"), - resource.TestCheckResourceAttr(resourceName, "admins.#", "1"), - resource.TestCheckResourceAttrPair(callerIdentityName, "arn", resourceName, "admins.0"), + testAccCheckAWSLakeFormationDataLakeSettingsExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "data_lake_admins.#", "1"), + resource.TestCheckResourceAttrPair(resourceName, "data_lake_admins.0", callerIdentityName, "arn"), ), }, }, }) } -const testAccAWSLakeFormationDataLakeSettingsConfig_withCatalogId = ` +func testAccCheckAWSLakeFormationDataLakeSettingsDestroy(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).lakeformationconn + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_lakeformation_data_lake_settings" { + continue + } + + input := &lakeformation.GetDataLakeSettingsInput{} + + if rs.Primary.Attributes["catalog_id"] != "" { + input.CatalogId = aws.String(rs.Primary.Attributes["catalog_id"]) + } + + output, err := conn.GetDataLakeSettings(input) + + if tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeEntityNotFoundException) { + continue + } + + if err != nil { + return fmt.Errorf("error getting Lake Formation data lake settings (%s): %w", rs.Primary.ID, err) + } + + if output != nil && output.DataLakeSettings != nil && len(output.DataLakeSettings.DataLakeAdmins) > 0 { + return fmt.Errorf("Lake Formation data lake admin(s) (%s) still exist", rs.Primary.ID) + } + } + + return nil +} + +func testAccCheckAWSLakeFormationDataLakeSettingsExists(resourceName string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("resource not found: %s", resourceName) + } + + conn := testAccProvider.Meta().(*AWSClient).lakeformationconn + + input := &lakeformation.GetDataLakeSettingsInput{} + + if rs.Primary.Attributes["catalog_id"] != "" { + input.CatalogId = aws.String(rs.Primary.Attributes["catalog_id"]) + } + + _, err := conn.GetDataLakeSettings(input) + + if err != nil { + return fmt.Errorf("error getting Lake Formation data lake settings (%s): %w", rs.Primary.ID, err) + } + + return nil + } +} + +const testAccAWSLakeFormationDataLakeSettingsConfig_basic = ` +data "aws_caller_identity" "current" {} + +resource "aws_lakeformation_data_lake_settings" "test" { + catalog_id = data.aws_caller_identity.current.account_id + + create_database_default_permissions { + principal = "IAM_ALLOWED_PRINCIPALS" + permissions = ["ALL"] + } + + create_table_default_permissions { + principal = "IAM_ALLOWED_PRINCIPALS" + permissions = ["ALL"] + } + + data_lake_admins = [data.aws_caller_identity.current.arn] + trusted_resource_owners = [data.aws_caller_identity.current.account_id] +} +` + +const testAccAWSLakeFormationDataLakeSettingsConfig_withoutCatalogId = ` data "aws_caller_identity" "current" {} resource "aws_lakeformation_data_lake_settings" "test" { - catalog_id = "${data.aws_caller_identity.current.account_id}" - admins = ["${data.aws_caller_identity.current.arn}"] + data_lake_admins = [data.aws_caller_identity.current.arn] } ` diff --git a/website/docs/r/lakeformation_data_lake_settings.html.markdown b/website/docs/r/lakeformation_data_lake_settings.html.markdown index 8717673330cd..bfde75c3c496 100644 --- a/website/docs/r/lakeformation_data_lake_settings.html.markdown +++ b/website/docs/r/lakeformation_data_lake_settings.html.markdown @@ -3,44 +3,74 @@ subcategory: "Lake Formation" layout: "aws" page_title: "AWS: aws_lakeformation_data_lake_settings" description: |- - Manages the data lake settings for the current account + Manages data lake administrators and default database and table permissions --- # Resource: aws_lakeformation_data_lake_settings -Manages the data lake settings for the current account. +Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions. ## Example Usage + +### Data Lake Admins + ```hcl -data "aws_iam_user" "existing_user" { - user_name = "an_existing_user_name" +resource "aws_iam_user" "test" { + name = "username" } -data "aws_iam_role" "existing_role" { - name = "an_existing_role_name" +resource "aws_iam_role" "test" { + name = "rolename" } resource "aws_lakeformation_data_lake_settings" "example" { - admins = [ - "${aws_iam_user.existing_user.arn}", - "${aws_iam_user.existing_role.arn}", - ] + data_lake_admins = [aws_iam_user.test.arn, aws_iam_role.test.arn] +} +``` + +### Create Default Permissions + +```hcl +resource "aws_lakeformation_data_lake_settings" "example" { + data_lake_admins = [aws_iam_user.test.arn, aws_iam_role.test.arn] + + create_database_default_permissions { + permissions = ["SELECT", "ALTER", "DROP"] + principal = aws_iam_user.test.arn + } + + create_table_default_permissions { + permissions = ["ALL"] + principal = aws_iam_role.test.arn + } } ``` ## Argument Reference -The following arguments are required: +The following arguments are optional: + +* `catalog_id` – (Optional) Identifier for the Data Catalog. By default, the account ID. +* `create_database_default_permissions` - (Optional) Up to three configuration blocks of principal permissions for default create database permissions. Detailed below. +* `create_table_default_permissions` - (Optional) Up to three configuration blocks of principal permissions for default create table permissions. Detailed below. +* `data_lake_admins` – (Optional) List of ARNs of AWS Lake Formation principals (IAM users or roles). +* `trusted_resource_owners` – (Optional) List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). -* `admins` – (Required) A list of up to 10 AWS Lake Formation principals (users or roles). +### create_database_default_permissions The following arguments are optional: -* `catalog_id` – (Optional) The identifier for the Data Catalog. By default, the account ID. +* `permissions` - (Optional) List of permissions that are granted to the principal. Valid values include `ALL`, `SELECT`, `ALTER`, `DROP`, `DELETE`, `INSERT`, `DESCRIBE`, `CREATE_DATABASE`, `CREATE_TABLE`, and `DATA_LOCATION_ACCESS`. +* `principal` - (Optional) Identifier for the Lake Formation principal. Supported principals are IAM users or IAM roles. -## Attributes Reference +### create_table_default_permissions -In addition to all arguments above, the following attributes are exported: +The following arguments are optional: + +* `permissions` - (Optional) List of permissions that are granted to the principal. Valid values include `ALL`, `SELECT`, `ALTER`, `DROP`, `DELETE`, `INSERT`, `DESCRIBE`, `CREATE_DATABASE`, `CREATE_TABLE`, and `DATA_LOCATION_ACCESS`. +* `principal` - (Optional) Identifier for the Lake Formation principal. Supported principals are IAM users or IAM roles. + +## Attributes Reference -* `id` - Resource identifier with the pattern `lakeformation:settings:ACCOUNT_ID`. +In addition to all arguments above, no attributes are exported. From ac91a5f637ba3535f6a2bdad4e096c7747cbe2fc Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Wed, 16 Dec 2020 16:34:23 -0500 Subject: [PATCH 09/13] resource/lakeformation_data_lake_settings: Fix linter issues, simplify --- ...ce_aws_lakeformation_data_lake_settings.go | 26 +++++++------------ ...s_lakeformation_data_lake_settings_test.go | 23 ++++++---------- 2 files changed, 17 insertions(+), 32 deletions(-) diff --git a/aws/resource_aws_lakeformation_data_lake_settings.go b/aws/resource_aws_lakeformation_data_lake_settings.go index 7dbde07ffdd5..bbc4d6265cf2 100644 --- a/aws/resource_aws_lakeformation_data_lake_settings.go +++ b/aws/resource_aws_lakeformation_data_lake_settings.go @@ -175,18 +175,8 @@ func resourceAwsLakeFormationDataLakeSettingsRead(d *schema.ResourceData, meta i settings := output.DataLakeSettings - if settings.CreateDatabaseDefaultPermissions != nil { - d.Set("create_database_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateDatabaseDefaultPermissions)) - } else { - d.Set("create_database_default_permissions", nil) - } - - if settings.CreateTableDefaultPermissions != nil { - d.Set("create_table_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateTableDefaultPermissions)) - } else { - d.Set("create_table_default_permissions", nil) - } - + d.Set("create_database_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateDatabaseDefaultPermissions)) + d.Set("create_table_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateTableDefaultPermissions)) d.Set("data_lake_admins", flattenDataLakeSettingsAdmins(settings.DataLakeAdmins)) d.Set("trusted_resource_owners", flattenStringList(settings.TrustedResourceOwners)) @@ -273,11 +263,13 @@ func expandDataLakeSettingsCreateDefaultPermission(tfMap map[string]interface{}) } func flattenDataLakeSettingsCreateDefaultPermissions(apiObjects []*lakeformation.PrincipalPermissions) []map[string]interface{} { + if apiObjects == nil { + return nil + } + tfMaps := make([]map[string]interface{}, len(apiObjects)) - if len(apiObjects) > 0 { - for i, v := range apiObjects { - tfMaps[i] = flattenDataLakeSettingsCreateDefaultPermission(v) - } + for i, v := range apiObjects { + tfMaps[i] = flattenDataLakeSettingsCreateDefaultPermission(v) } return tfMaps @@ -317,7 +309,7 @@ func expandDataLakeSettingsAdmins(tfSlice []interface{}) []*lakeformation.DataLa } func flattenDataLakeSettingsAdmins(apiObjects []*lakeformation.DataLakePrincipal) []interface{} { - if apiObjects == nil || len(apiObjects) == 0 { + if apiObjects == nil { return nil } diff --git a/aws/resource_aws_lakeformation_data_lake_settings_test.go b/aws/resource_aws_lakeformation_data_lake_settings_test.go index dd32823a87dc..6c2c358a5265 100644 --- a/aws/resource_aws_lakeformation_data_lake_settings_test.go +++ b/aws/resource_aws_lakeformation_data_lake_settings_test.go @@ -12,23 +12,16 @@ import ( ) func TestAccAWSLakeFormationDataLakeSettings_serial(t *testing.T) { - testCases := map[string]map[string]func(t *testing.T){ - "ResourcePolicy": { - "basic": testAccAWSLakeFormationDataLakeSettings_basic, - "disappears": testAccAWSLakeFormationDataLakeSettings_disappears, - "withoutCatalogId": testAccAWSLakeFormationDataLakeSettings_withoutCatalogId, - }, + testCases := map[string]func(t *testing.T){ + "basic": testAccAWSLakeFormationDataLakeSettings_basic, + "disappears": testAccAWSLakeFormationDataLakeSettings_disappears, + "withoutCatalogId": testAccAWSLakeFormationDataLakeSettings_withoutCatalogId, } - for group, m := range testCases { - m := m - t.Run(group, func(t *testing.T) { - for name, tc := range m { - tc := tc - t.Run(name, func(t *testing.T) { - tc(t) - }) - } + for name, tc := range testCases { + tc := tc + t.Run(name, func(t *testing.T) { + tc(t) }) } } From b33132751f2962ba5b257c3077714148a7ab724b Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Wed, 16 Dec 2020 16:59:08 -0500 Subject: [PATCH 10/13] resource/lakeformation_data_lake_settings: Add docs, validate function --- ...ource_aws_lakeformation_data_lake_settings.go | 16 ++++++++-------- ...akeformation_data_lake_settings.html.markdown | 15 ++++----------- 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/aws/resource_aws_lakeformation_data_lake_settings.go b/aws/resource_aws_lakeformation_data_lake_settings.go index bbc4d6265cf2..499ab50ca020 100644 --- a/aws/resource_aws_lakeformation_data_lake_settings.go +++ b/aws/resource_aws_lakeformation_data_lake_settings.go @@ -46,10 +46,10 @@ func resourceAwsLakeFormationDataLakeSettings() *schema.Resource { }, }, "principal": { - Type: schema.TypeString, - Optional: true, - Computed: true, - //ValidateFunc: validateArn, + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.NoZeroValues, // can be non-ARN, e.g. "IAM_ALLOWED_PRINCIPALS" }, }, }, @@ -71,10 +71,10 @@ func resourceAwsLakeFormationDataLakeSettings() *schema.Resource { }, }, "principal": { - Type: schema.TypeString, - Optional: true, - Computed: true, - //ValidateFunc: validateArn, + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.NoZeroValues, // can be non-ARN, e.g. "IAM_ALLOWED_PRINCIPALS" }, }, }, diff --git a/website/docs/r/lakeformation_data_lake_settings.html.markdown b/website/docs/r/lakeformation_data_lake_settings.html.markdown index bfde75c3c496..364c058b35fb 100644 --- a/website/docs/r/lakeformation_data_lake_settings.html.markdown +++ b/website/docs/r/lakeformation_data_lake_settings.html.markdown @@ -10,20 +10,13 @@ description: |- Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions. -## Example Usage +~> **NOTE:** Lake Formation introduces fine-grained access control for data in your data lake. In order to make Lake Formation backwards compatible with existing IAM and Glue permissions, AWS introduced the `IAMAllowedPrincipals` principal. For more details, see [Changing the Default Security Settings for Your Data Lake](https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html) and [Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model](https://docs.aws.amazon.com/lake-formation/latest/dg/upgrade-glue-lake-formation.html). +## Example Usage ### Data Lake Admins ```hcl -resource "aws_iam_user" "test" { - name = "username" -} - -resource "aws_iam_role" "test" { - name = "rolename" -} - resource "aws_lakeformation_data_lake_settings" "example" { data_lake_admins = [aws_iam_user.test.arn, aws_iam_role.test.arn] } @@ -62,14 +55,14 @@ The following arguments are optional: The following arguments are optional: * `permissions` - (Optional) List of permissions that are granted to the principal. Valid values include `ALL`, `SELECT`, `ALTER`, `DROP`, `DELETE`, `INSERT`, `DESCRIBE`, `CREATE_DATABASE`, `CREATE_TABLE`, and `DATA_LOCATION_ACCESS`. -* `principal` - (Optional) Identifier for the Lake Formation principal. Supported principals are IAM users or IAM roles. +* `principal` - (Optional) Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set `principal` to `IAM_ALLOWED_PRINCIPALS` and `permissions` to `["ALL"]`. ### create_table_default_permissions The following arguments are optional: * `permissions` - (Optional) List of permissions that are granted to the principal. Valid values include `ALL`, `SELECT`, `ALTER`, `DROP`, `DELETE`, `INSERT`, `DESCRIBE`, `CREATE_DATABASE`, `CREATE_TABLE`, and `DATA_LOCATION_ACCESS`. -* `principal` - (Optional) Identifier for the Lake Formation principal. Supported principals are IAM users or IAM roles. +* `principal` - (Optional) Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set `principal` to `IAM_ALLOWED_PRINCIPALS` and `permissions` to `["ALL"]`. ## Attributes Reference From 47891b573ed3368d991d1acb404e0fd51fe19af7 Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Wed, 16 Dec 2020 17:42:17 -0500 Subject: [PATCH 11/13] ds/lakeformat_data_lake_settings: New data source --- ...ce_aws_lakeformation_data_lake_settings.go | 106 ++++++++++++++++++ ...s_lakeformation_data_lake_settings_test.go | 56 +++++++++ aws/provider.go | 7 +- ...formation_data_lake_settings.html.markdown | 44 ++++++++ 4 files changed, 210 insertions(+), 3 deletions(-) create mode 100644 aws/data_source_aws_lakeformation_data_lake_settings.go create mode 100644 aws/data_source_aws_lakeformation_data_lake_settings_test.go create mode 100644 website/docs/d/lakeformation_data_lake_settings.html.markdown diff --git a/aws/data_source_aws_lakeformation_data_lake_settings.go b/aws/data_source_aws_lakeformation_data_lake_settings.go new file mode 100644 index 000000000000..e73e386507fe --- /dev/null +++ b/aws/data_source_aws_lakeformation_data_lake_settings.go @@ -0,0 +1,106 @@ +package aws + +import ( + "fmt" + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/lakeformation" + "github.com/hashicorp/aws-sdk-go-base/tfawserr" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/terraform-providers/terraform-provider-aws/aws/internal/hashcode" +) + +func dataSourceAwsLakeFormationDataLakeSettings() *schema.Resource { + return &schema.Resource{ + Read: dataSourceAwsLakeFormationDataLakeSettingsRead, + + Schema: map[string]*schema.Schema{ + "catalog_id": { + Type: schema.TypeString, + Optional: true, + }, + "create_database_default_permissions": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "permissions": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "principal": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + "create_table_default_permissions": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "permissions": { + Type: schema.TypeSet, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "principal": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + "data_lake_admins": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "trusted_resource_owners": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + } +} + +func dataSourceAwsLakeFormationDataLakeSettingsRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).lakeformationconn + + input := &lakeformation.GetDataLakeSettingsInput{} + + if v, ok := d.GetOk("catalog_id"); ok { + input.CatalogId = aws.String(v.(string)) + } + + output, err := conn.GetDataLakeSettings(input) + + if !d.IsNewResource() && tfawserr.ErrCodeEquals(err, lakeformation.ErrCodeEntityNotFoundException) { + log.Printf("[WARN] Lake Formation data lake settings (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + if err != nil { + return fmt.Errorf("error reading Lake Formation data lake settings (%s): %w", d.Id(), err) + } + + if output == nil || output.DataLakeSettings == nil { + return fmt.Errorf("error reading Lake Formation data lake settings (%s): empty response", d.Id()) + } + + settings := output.DataLakeSettings + + d.Set("create_database_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateDatabaseDefaultPermissions)) + d.Set("create_table_default_permissions", flattenDataLakeSettingsCreateDefaultPermissions(settings.CreateTableDefaultPermissions)) + d.Set("data_lake_admins", flattenDataLakeSettingsAdmins(settings.DataLakeAdmins)) + d.Set("trusted_resource_owners", flattenStringList(settings.TrustedResourceOwners)) + + d.SetId(fmt.Sprintf("%d", hashcode.String(input.String()))) + + return nil +} diff --git a/aws/data_source_aws_lakeformation_data_lake_settings_test.go b/aws/data_source_aws_lakeformation_data_lake_settings_test.go new file mode 100644 index 000000000000..61597552d582 --- /dev/null +++ b/aws/data_source_aws_lakeformation_data_lake_settings_test.go @@ -0,0 +1,56 @@ +package aws + +import ( + "testing" + + "github.com/aws/aws-sdk-go/service/lakeformation" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccAWSLakeFormationDataLakeSettingsDataSource_serial(t *testing.T) { + testCases := map[string]func(t *testing.T){ + "basic": testAccAWSLakeFormationDataLakeSettingsDataSource_basic, + // if more tests are added, they should be serial (data catalog is account-shared resource) + } + + for name, tc := range testCases { + tc := tc + t.Run(name, func(t *testing.T) { + tc(t) + }) + } +} + +func testAccAWSLakeFormationDataLakeSettingsDataSource_basic(t *testing.T) { + callerIdentityName := "data.aws_caller_identity.current" + resourceName := "data.aws_lakeformation_data_lake_settings.test" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t); testAccPartitionHasServicePreCheck(lakeformation.EndpointsID, t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSLakeFormationDataLakeSettingsDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSLakeFormationDataLakeSettingsDataSourceConfig_basic, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(resourceName, "catalog_id", callerIdentityName, "account_id"), + resource.TestCheckResourceAttr(resourceName, "data_lake_admins.#", "1"), + resource.TestCheckResourceAttrPair(resourceName, "data_lake_admins.0", callerIdentityName, "arn"), + ), + }, + }, + }) +} + +const testAccAWSLakeFormationDataLakeSettingsDataSourceConfig_basic = ` +data "aws_caller_identity" "current" {} + +resource "aws_lakeformation_data_lake_settings" "test" { + catalog_id = data.aws_caller_identity.current.account_id + data_lake_admins = [data.aws_caller_identity.current.arn] +} + +data "aws_lakeformation_data_lake_settings" "test" { + catalog_id = aws_lakeformation_data_lake_settings.test.catalog_id +} +` diff --git a/aws/provider.go b/aws/provider.go index 88299f99f2f1..9eb5c30013f0 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -271,11 +271,11 @@ func Provider() *schema.Provider { "aws_imagebuilder_image_pipeline": dataSourceAwsImageBuilderImagePipeline(), "aws_imagebuilder_image_recipe": dataSourceAwsImageBuilderImageRecipe(), "aws_imagebuilder_infrastructure_configuration": datasourceAwsImageBuilderInfrastructureConfiguration(), - "aws_internet_gateway": dataSourceAwsInternetGateway(), - "aws_iot_endpoint": dataSourceAwsIotEndpoint(), "aws_inspector_rules_packages": dataSourceAwsInspectorRulesPackages(), "aws_instance": dataSourceAwsInstance(), "aws_instances": dataSourceAwsInstances(), + "aws_internet_gateway": dataSourceAwsInternetGateway(), + "aws_iot_endpoint": dataSourceAwsIotEndpoint(), "aws_ip_ranges": dataSourceAwsIPRanges(), "aws_kinesis_stream": dataSourceAwsKinesisStream(), "aws_kms_alias": dataSourceAwsKmsAlias(), @@ -283,6 +283,7 @@ func Provider() *schema.Provider { "aws_kms_key": dataSourceAwsKmsKey(), "aws_kms_secret": dataSourceAwsKmsSecret(), "aws_kms_secrets": dataSourceAwsKmsSecrets(), + "aws_lakeformation_data_lake_settings": dataSourceAwsLakeFormationDataLakeSettings(), "aws_lambda_alias": dataSourceAwsLambdaAlias(), "aws_lambda_code_signing_config": dataSourceAwsLambdaCodeSigningConfig(), "aws_lambda_function": dataSourceAwsLambdaFunction(), @@ -290,8 +291,8 @@ func Provider() *schema.Provider { "aws_lambda_layer_version": dataSourceAwsLambdaLayerVersion(), "aws_launch_configuration": dataSourceAwsLaunchConfiguration(), "aws_launch_template": dataSourceAwsLaunchTemplate(), - "aws_lex_bot": dataSourceAwsLexBot(), "aws_lex_bot_alias": dataSourceAwsLexBotAlias(), + "aws_lex_bot": dataSourceAwsLexBot(), "aws_lex_intent": dataSourceAwsLexIntent(), "aws_lex_slot_type": dataSourceAwsLexSlotType(), "aws_mq_broker": dataSourceAwsMqBroker(), diff --git a/website/docs/d/lakeformation_data_lake_settings.html.markdown b/website/docs/d/lakeformation_data_lake_settings.html.markdown new file mode 100644 index 000000000000..7c0640a2a2a7 --- /dev/null +++ b/website/docs/d/lakeformation_data_lake_settings.html.markdown @@ -0,0 +1,44 @@ +--- +subcategory: "Lake Formation" +layout: "aws" +page_title: "AWS: aws_lakeformation_data_lake_settings" +description: |- + Get data lake administrators and default database and table permissions +--- + +# Data Source: aws_lakeformation_data_lake_settings + +Get Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions. + +## Example Usage + +```hcl +data "aws_lakeformation_data_lake_settings" "example" { + catalog_id = "14916253649" +} +``` + +## Argument Reference + +The following arguments are optional: + +* `catalog_id` – (Optional) Identifier for the Data Catalog. By default, the account ID. + +## Attributes Reference + +In addition to arguments above, the following attributes are exported. + +* `create_database_default_permissions` - Up to three configuration blocks of principal permissions for default create database permissions. Detailed below. +* `create_table_default_permissions` - Up to three configuration blocks of principal permissions for default create table permissions. Detailed below. +* `data_lake_admins` – List of ARNs of AWS Lake Formation principals (IAM users or roles). +* `trusted_resource_owners` – List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs). + +### create_database_default_permissions + +* `permissions` - List of permissions granted to the principal. Valid values include `ALL`, `SELECT`, `ALTER`, `DROP`, `DELETE`, `INSERT`, `DESCRIBE`, `CREATE_DATABASE`, `CREATE_TABLE`, and `DATA_LOCATION_ACCESS`. +* `principal` - Principal who is granted permissions. + +### create_table_default_permissions + +* `permissions` - List of permissions granted to the principal. Valid values include `ALL`, `SELECT`, `ALTER`, `DROP`, `DELETE`, `INSERT`, `DESCRIBE`, `CREATE_DATABASE`, `CREATE_TABLE`, and `DATA_LOCATION_ACCESS`. +* `principal` - Principal who is granted permissions. From acf8218e08aac8f7c87860dade633cc84462cf0d Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Wed, 16 Dec 2020 18:41:21 -0500 Subject: [PATCH 12/13] resource/lakeformation_data_lake_settings: Clean up before merge --- ...ce_aws_lakeformation_data_lake_settings.go | 3 +- ...ce_aws_lakeformation_data_lake_settings.go | 33 ------------------- docs/FAQ.md | 1 + docs/roadmaps/2020_August_to_October.md | 2 +- ...formation_data_lake_settings.html.markdown | 2 +- 5 files changed, 4 insertions(+), 37 deletions(-) diff --git a/aws/data_source_aws_lakeformation_data_lake_settings.go b/aws/data_source_aws_lakeformation_data_lake_settings.go index e73e386507fe..01e46336a6ad 100644 --- a/aws/data_source_aws_lakeformation_data_lake_settings.go +++ b/aws/data_source_aws_lakeformation_data_lake_settings.go @@ -76,6 +76,7 @@ func dataSourceAwsLakeFormationDataLakeSettingsRead(d *schema.ResourceData, meta if v, ok := d.GetOk("catalog_id"); ok { input.CatalogId = aws.String(v.(string)) } + d.SetId(fmt.Sprintf("%d", hashcode.String(input.String()))) output, err := conn.GetDataLakeSettings(input) @@ -100,7 +101,5 @@ func dataSourceAwsLakeFormationDataLakeSettingsRead(d *schema.ResourceData, meta d.Set("data_lake_admins", flattenDataLakeSettingsAdmins(settings.DataLakeAdmins)) d.Set("trusted_resource_owners", flattenStringList(settings.TrustedResourceOwners)) - d.SetId(fmt.Sprintf("%d", hashcode.String(input.String()))) - return nil } diff --git a/aws/resource_aws_lakeformation_data_lake_settings.go b/aws/resource_aws_lakeformation_data_lake_settings.go index 499ab50ca020..51463b4b756c 100644 --- a/aws/resource_aws_lakeformation_data_lake_settings.go +++ b/aws/resource_aws_lakeformation_data_lake_settings.go @@ -25,7 +25,6 @@ func resourceAwsLakeFormationDataLakeSettings() *schema.Resource { Schema: map[string]*schema.Schema{ "catalog_id": { Type: schema.TypeString, - Computed: true, ForceNew: true, Optional: true, }, @@ -104,10 +103,6 @@ func resourceAwsLakeFormationDataLakeSettings() *schema.Resource { func resourceAwsLakeFormationDataLakeSettingsCreate(d *schema.ResourceData, meta interface{}) error { conn := meta.(*AWSClient).lakeformationconn - if err := resourceAwsLakeFormationDataLakeSettingsAdminUpdate(d, meta); err != nil { - return fmt.Errorf("error updating Lake Formation data lake admins: %w", err) - } - input := &lakeformation.PutDataLakeSettingsInput{} if v, ok := d.GetOk("catalog_id"); ok { @@ -213,34 +208,6 @@ func resourceAwsLakeFormationDataLakeSettingsDelete(d *schema.ResourceData, meta return nil } -func resourceAwsLakeFormationDataLakeSettingsAdminUpdate(d *schema.ResourceData, meta interface{}) error { - conn := meta.(*AWSClient).lakeformationconn - - if v, ok := d.GetOk("data_lake_admins"); ok { - input := &lakeformation.PutDataLakeSettingsInput{} - - if v, ok := d.GetOk("catalog_id"); ok { - input.CatalogId = aws.String(v.(string)) - } - - settings := &lakeformation.DataLakeSettings{} - settings.DataLakeAdmins = expandDataLakeSettingsAdmins(v.([]interface{})) - - input.DataLakeSettings = settings - output, err := conn.PutDataLakeSettings(input) - - if err != nil { - return err - } - - if output == nil { - return fmt.Errorf("empty response") - } - } - - return nil -} - func expandDataLakeSettingsCreateDefaultPermissions(tfMaps []interface{}) []*lakeformation.PrincipalPermissions { apiObjects := make([]*lakeformation.PrincipalPermissions, 0, len(tfMaps)) diff --git a/docs/FAQ.md b/docs/FAQ.md index 04973301df12..84ed2d8762a0 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -10,6 +10,7 @@ The HashiCorp Terraform AWS provider team is : * Brian Flad, Engineering Lead - GitHub [@bflad](https://github.com/bflad) * Graham Davison, Engineer - GitHub [@gdavison](https://github.com/gdavison) * Angie Pinilla, Engineer - GitHub [@angie44](https://github.com/angie44) +* Dirk Avery (Federal), Engineer - GitHub [@YakDriver](https://github.com/yakdriver) * Bill Rich, Engineer - GitHub [@bill-rich](https://github.com/bill-rich) * Simon Davis, Engineering Manager - GitHub [@breathingdust](https://github.com/breathingdust) * Kerim Satirli, Developer Advocate - GitHub [@ksatirli](https://github.com/ksatirli) diff --git a/docs/roadmaps/2020_August_to_October.md b/docs/roadmaps/2020_August_to_October.md index 6ea8ac4413f9..7408976a71cd 100644 --- a/docs/roadmaps/2020_August_to_October.md +++ b/docs/roadmaps/2020_August_to_October.md @@ -54,7 +54,7 @@ Support for AWS Lake Formation will include: New Resource(s): - aws_lakeformation_resource -- aws_lakeformation_datalake_settings +- aws_lakeformation_data_lake_settings - aws_lakeformation_permissions ### AWS Serverless Application Repository diff --git a/website/docs/r/lakeformation_data_lake_settings.html.markdown b/website/docs/r/lakeformation_data_lake_settings.html.markdown index 364c058b35fb..6da510981c76 100644 --- a/website/docs/r/lakeformation_data_lake_settings.html.markdown +++ b/website/docs/r/lakeformation_data_lake_settings.html.markdown @@ -10,7 +10,7 @@ description: |- Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions. -~> **NOTE:** Lake Formation introduces fine-grained access control for data in your data lake. In order to make Lake Formation backwards compatible with existing IAM and Glue permissions, AWS introduced the `IAMAllowedPrincipals` principal. For more details, see [Changing the Default Security Settings for Your Data Lake](https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html) and [Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model](https://docs.aws.amazon.com/lake-formation/latest/dg/upgrade-glue-lake-formation.html). +~> **NOTE:** Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the `IAMAllowedPrincipals` principal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see [Changing the Default Security Settings for Your Data Lake](https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html) and [Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model](https://docs.aws.amazon.com/lake-formation/latest/dg/upgrade-glue-lake-formation.html). ## Example Usage From 5c97264aa12f8986e6424eaafa1026292402cdec Mon Sep 17 00:00:00 2001 From: Dirk Avery Date: Wed, 16 Dec 2020 18:46:33 -0500 Subject: [PATCH 13/13] Update with Lake Formation resource and settings --- CHANGELOG.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0383507a1868..45df5ab8e698 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,10 @@ FEATURES +* **New Data Source:** `aws_lakeformation_data_lake_settings` [GH-13250] * **New Resource:** `aws_codestarconnections_connection` [GH-15990] -* **New Resource:** `aws_lakeformation_resource` ([#13267](https://github.com/hashicorp/terraform-provider-aws/issues/13267)) +* **New Resource:** `aws_lakeformation_data_lake_settings` [GH-13250] +* **New Resource:** `aws_lakeformation_resource` [GH-13267] ENHANCEMENTS