Merge pull request #35098 from aristosvo/route53resolver/endpoint-pro…

…tocol `r/aws_route53_resolver_endpoint`: add `protocols`
hashicorp · Jan 3, 2024 · 8ed7b87 · 8ed7b87
2 parents 076ba95 + 0ec3dbc
commit 8ed7b87
Show file tree

Hide file tree

Showing 7 changed files with 60 additions and 8 deletions.
diff --git a/.changelog/35098.txt b/.changelog/35098.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/aws_route53_resolver_endpoint: Add `protocols` argument
+```
+
+```release-note:enhancement
+data-source/aws_route53_resolver_endpoint: Add `protocols` attribute
+```
diff --git a/internal/service/route53resolver/endpoint.go b/internal/service/route53resolver/endpoint.go
@@ -94,6 +94,17 @@ func ResourceEndpoint() *schema.Resource {
 				MaxItems: 64,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
+			"protocols": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Computed: true,
+				MinItems: 1,
+				MaxItems: 2,
+				Elem: &schema.Schema{
+					Type:         schema.TypeString,
+					ValidateFunc: validation.StringInSlice(route53resolver.Protocol_Values(), false),
+				},
+			},
 			names.AttrTags:    tftags.TagsSchema(),
 			names.AttrTagsAll: tftags.TagsSchemaComputed(),
 		},
@@ -123,6 +134,10 @@ func resourceEndpointCreate(ctx context.Context, d *schema.ResourceData, meta in
 		input.Name = aws.String(v.(string))
 	}
 
+	if v, ok := d.GetOk("protocols"); ok && v.(*schema.Set).Len() > 0 {
+		input.Protocols = flex.ExpandStringSet(v.(*schema.Set))
+	}
+
 	output, err := conn.CreateResolverEndpointWithContext(ctx, input)
 
 	if err != nil {
@@ -158,6 +173,7 @@ func resourceEndpointRead(ctx context.Context, d *schema.ResourceData, meta inte
 	d.Set("direction", ep.Direction)
 	d.Set("host_vpc_id", ep.HostVPCId)
 	d.Set("name", ep.Name)
+	d.Set("protocols", aws.StringValueSlice(ep.Protocols))
 	d.Set("security_group_ids", aws.StringValueSlice(ep.SecurityGroupIds))
 
 	ipAddresses, err := findResolverEndpointIPAddressesByID(ctx, conn, d.Id())
@@ -176,11 +192,20 @@ func resourceEndpointRead(ctx context.Context, d *schema.ResourceData, meta inte
 func resourceEndpointUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	conn := meta.(*conns.AWSClient).Route53ResolverConn(ctx)
 
-	if d.HasChange("name") {
-		_, err := conn.UpdateResolverEndpointWithContext(ctx, &route53resolver.UpdateResolverEndpointInput{
-			Name:               aws.String(d.Get("name").(string)),
+	if d.HasChanges("name", "protocols") {
+		input := &route53resolver.UpdateResolverEndpointInput{
 			ResolverEndpointId: aws.String(d.Id()),
-		})
+		}
+
+		if d.HasChange("name") {
+			input.Name = aws.String(d.Get("name").(string))
+		}
+
+		if d.HasChange("protocols") {
+			input.Protocols = flex.ExpandStringSet(d.Get("protocols").(*schema.Set))
+		}
+
+		_, err := conn.UpdateResolverEndpointWithContext(ctx, input)
 
 		if err != nil {
 			return diag.Errorf("updating Route53 Resolver Endpoint (%s): %s", d.Id(), err)
@@ -200,10 +225,12 @@ func resourceEndpointUpdate(ctx context.Context, d *schema.ResourceData, meta in
 
 		// Add new before deleting old so number of IP addresses doesn't drop below 2.
 		for _, v := range add {
-			_, err := conn.AssociateResolverEndpointIpAddressWithContext(ctx, &route53resolver.AssociateResolverEndpointIpAddressInput{
+			input := &route53resolver.AssociateResolverEndpointIpAddressInput{
 				IpAddress:          expandEndpointIPAddressUpdate(v),
 				ResolverEndpointId: aws.String(d.Id()),
-			})
+			}
+
+			_, err := conn.AssociateResolverEndpointIpAddressWithContext(ctx, input)
 
 			if err != nil {
 				return diag.Errorf("associating Route53 Resolver Endpoint (%s) IP address: %s", d.Id(), err)
@@ -215,10 +242,12 @@ func resourceEndpointUpdate(ctx context.Context, d *schema.ResourceData, meta in
 		}
 
 		for _, v := range del {
-			_, err := conn.DisassociateResolverEndpointIpAddressWithContext(ctx, &route53resolver.DisassociateResolverEndpointIpAddressInput{
+			input := &route53resolver.DisassociateResolverEndpointIpAddressInput{
 				IpAddress:          expandEndpointIPAddressUpdate(v),
 				ResolverEndpointId: aws.String(d.Id()),
-			})
+			}
+
+			_, err := conn.DisassociateResolverEndpointIpAddressWithContext(ctx, input)
 
 			if err != nil {
 				return diag.Errorf("disassociating Route53 Resolver Endpoint (%s) IP address: %s", d.Id(), err)

diff --git a/internal/service/route53resolver/endpoint_data_source.go b/internal/service/route53resolver/endpoint_data_source.go
@@ -54,6 +54,11 @@ func DataSourceEndpoint() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"protocols": {
+				Type:     schema.TypeSet,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Computed: true,
+			},
 			"resolver_endpoint_id": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -115,6 +120,7 @@ func dataSourceEndpointRead(ctx context.Context, d *schema.ResourceData, meta in
 	d.Set("arn", ep.Arn)
 	d.Set("direction", ep.Direction)
 	d.Set("name", ep.Name)
+	d.Set("protocols", aws.StringValueSlice(ep.Protocols))
 	d.Set("resolver_endpoint_id", ep.Id)
 	d.Set("status", ep.Status)
 	d.Set("vpc_id", ep.HostVPCId)

diff --git a/internal/service/route53resolver/endpoint_data_source_test.go b/internal/service/route53resolver/endpoint_data_source_test.go
@@ -31,6 +31,7 @@ func TestAccRoute53ResolverEndpointDataSource_basic(t *testing.T) {
 					resource.TestCheckResourceAttrPair(datasourceName, "id", resourceName, "id"),
 					resource.TestCheckResourceAttrPair(datasourceName, "ip_addresses.#", resourceName, "ip_address.#"),
 					resource.TestCheckResourceAttrPair(datasourceName, "name", resourceName, "name"),
+					resource.TestCheckResourceAttrPair(datasourceName, "protocols.#", resourceName, "protocols.#"),
 					resource.TestCheckResourceAttrPair(datasourceName, "resolver_endpoint_id", resourceName, "id"),
 					resource.TestCheckResourceAttrPair(datasourceName, "vpc_id", resourceName, "host_vpc_id"),
 				),

diff --git a/internal/service/route53resolver/endpoint_test.go b/internal/service/route53resolver/endpoint_test.go
@@ -40,6 +40,7 @@ func TestAccRoute53ResolverEndpoint_basic(t *testing.T) {
 					resource.TestCheckResourceAttrPair(resourceName, "host_vpc_id", vpcResourceName, "id"),
 					resource.TestCheckResourceAttr(resourceName, "ip_address.#", "3"),
 					resource.TestCheckResourceAttr(resourceName, "name", ""),
+					resource.TestCheckResourceAttr(resourceName, "protocols.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "security_group_ids.#", "2"),
 					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
 				),
@@ -144,6 +145,7 @@ func TestAccRoute53ResolverEndpoint_updateOutbound(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "direction", "OUTBOUND"),
 					resource.TestCheckResourceAttr(resourceName, "ip_address.#", "2"),
 					resource.TestCheckResourceAttr(resourceName, "name", initialName),
+					resource.TestCheckResourceAttr(resourceName, "protocols.#", "1"),
 				),
 			},
 			{
@@ -153,6 +155,7 @@ func TestAccRoute53ResolverEndpoint_updateOutbound(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "direction", "OUTBOUND"),
 					resource.TestCheckResourceAttr(resourceName, "ip_address.#", "3"),
 					resource.TestCheckResourceAttr(resourceName, "name", updatedName),
+					resource.TestCheckResourceAttr(resourceName, "protocols.#", "2"),
 				),
 			},
 		},
@@ -377,6 +380,8 @@ resource "aws_route53_resolver_endpoint" "test" {
   ip_address {
     subnet_id = aws_subnet.test[0].id
   }
+
+  protocols = ["Do53", "DoH"]
 }
 `, name))
 }
diff --git a/website/docs/d/route53_resolver_endpoint.html.markdown b/website/docs/d/route53_resolver_endpoint.html.markdown
@@ -41,6 +41,7 @@ In addition to all arguments above, the following attributes are exported:
 * `arn` - Computed ARN of the Route53 Resolver Endpoint.
 * `direction` - Direction of the queries to or from the Resolver Endpoint .
 * `ip_addresses` - List of IPaddresses that have been associated with the Resolver Endpoint.
+* `protocols` - The protocols used by Resolver endpoint.
 * `status` - Current status of the Resolver Endpoint.
 * `vpc_id` - ID of the Host VPC that the Resolver Endpoint resides in.
 

diff --git a/website/docs/r/route53_resolver_endpoint.html.markdown b/website/docs/r/route53_resolver_endpoint.html.markdown
@@ -31,6 +31,8 @@ resource "aws_route53_resolver_endpoint" "foo" {
     ip        = "10.0.64.4"
   }
 
+  protocols = ["Do53", "DoH"]
+
   tags = {
     Environment = "Prod"
   }
@@ -48,6 +50,7 @@ or `OUTBOUND` (resolver forwards DNS queries from the DNS service for a VPC to y
 to your network (for outbound endpoints) or on the way from your network to your VPCs (for inbound endpoints). Described below.
 * `security_group_ids` - (Required) The ID of one or more security groups that you want to use to control access to this VPC.
 * `name` - (Optional) The friendly name of the Route 53 Resolver endpoint.
+* `protocols` - (Optional) The protocols you want to use for the Route 53 Resolver endpoint. Valid values: `DoH`, `Do53`, `DoH-FIPS`.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 
 The `ip_address` object supports the following: