From 82f01361b30a19faa5fba43076ac0829f4ae242e Mon Sep 17 00:00:00 2001 From: Jason Valdron Date: Tue, 7 Sep 2021 11:01:38 -0300 Subject: [PATCH 1/7] Add support to pull DNS IP addresses for shared AD --- aws/data_source_aws_directory_service_directory.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/aws/data_source_aws_directory_service_directory.go b/aws/data_source_aws_directory_service_directory.go index 8cd92cb946e..044d5bceb5b 100644 --- a/aws/data_source_aws_directory_service_directory.go +++ b/aws/data_source_aws_directory_service_directory.go @@ -158,6 +158,8 @@ func dataSourceAwsDirectoryServiceDirectoryRead(d *schema.ResourceData, meta int var addresses []interface{} if aws.StringValue(dir.Type) == directoryservice.DirectoryTypeAdconnector { addresses = flattenStringList(dir.ConnectSettings.ConnectIps) + } else if aws.StringValue(dir.Type) == directoryservice.DirectoryTypeSharedMicrosoftAd { + addresses = flattenStringList(dir.OwnerDirectoryDescription.DnsIpAddrs) } else { addresses = flattenStringList(dir.DnsIpAddrs) } From 8c796bfea52b3b2c47645d2b4d3e83e67814cebc Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 5 Aug 2022 11:04:52 -0400 Subject: [PATCH 2/7] Revert "Merge remote-tracking branch 'origin/master' into b/shared-ad-dns" This reverts commit ec6d6daddba8d3a1f83ee12527b9fdd8c88ca3c9, reversing changes made to 82f01361b30a19faa5fba43076ac0829f4ae242e. --- website/docs/r/autoscaling_group.html.markdown | 2 +- website/docs/r/launch_template.html.markdown | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/r/autoscaling_group.html.markdown b/website/docs/r/autoscaling_group.html.markdown index 4a64a7e02d3..c0b27ff3f81 100644 --- a/website/docs/r/autoscaling_group.html.markdown +++ b/website/docs/r/autoscaling_group.html.markdown @@ -393,7 +393,7 @@ Note that if you suspend either the `Launch` or `Terminate` process types, it ca Auto Scaling Group will not select instances with this setting for termination during scale in events. * `service_linked_role_arn` (Optional) The ARN of the service-linked role that the ASG will use to call other AWS services -* `max_instance_lifetime` (Optional) The maximum amount of time, in seconds, that an instance can be in service. Values must be either equal to 0 or between 86400 and 31536000 seconds (inclusive). A value of 0 is used to remove a previously set value. +* `max_instance_lifetime` (Optional) The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 604800 and 31536000 seconds. * `instance_refresh` - (Optional) If this block is configured, start an [Instance Refresh](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) when this Auto Scaling Group is updated. Defined [below](#instance_refresh). diff --git a/website/docs/r/launch_template.html.markdown b/website/docs/r/launch_template.html.markdown index dffb4ec4719..ba9db388e52 100644 --- a/website/docs/r/launch_template.html.markdown +++ b/website/docs/r/launch_template.html.markdown @@ -271,7 +271,7 @@ The metadata options for the instances. The `metadata_options` block supports the following: -* `http_endpoint` - (Required) Whether the metadata service is available. Can be `"enabled"` or `"disabled"`. +* `http_endpoint` - (Optional) Whether the metadata service is available. Can be `"enabled"` or `"disabled"`. (Default: `"enabled"`). * `http_tokens` - (Optional) Whether or not the metadata service requires session tokens, also referred to as _Instance Metadata Service Version 2 (IMDSv2)_. Can be `"optional"` or `"required"`. (Default: `"optional"`). * `http_put_response_hop_limit` - (Optional) The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Can be an integer from `1` to `64`. (Default: `1`). From 6661ed8d4b2eee5a78b5a3cead7a6667320a4d97 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 5 Aug 2022 11:05:06 -0400 Subject: [PATCH 3/7] Revert "Add support to pull DNS IP addresses for shared AD" This reverts commit 82f01361b30a19faa5fba43076ac0829f4ae242e. --- aws/data_source_aws_directory_service_directory.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/aws/data_source_aws_directory_service_directory.go b/aws/data_source_aws_directory_service_directory.go index 044d5bceb5b..8cd92cb946e 100644 --- a/aws/data_source_aws_directory_service_directory.go +++ b/aws/data_source_aws_directory_service_directory.go @@ -158,8 +158,6 @@ func dataSourceAwsDirectoryServiceDirectoryRead(d *schema.ResourceData, meta int var addresses []interface{} if aws.StringValue(dir.Type) == directoryservice.DirectoryTypeAdconnector { addresses = flattenStringList(dir.ConnectSettings.ConnectIps) - } else if aws.StringValue(dir.Type) == directoryservice.DirectoryTypeSharedMicrosoftAd { - addresses = flattenStringList(dir.OwnerDirectoryDescription.DnsIpAddrs) } else { addresses = flattenStringList(dir.DnsIpAddrs) } From 7259517687a87b8560cbd8a78708d189d0a861d0 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 5 Aug 2022 11:55:58 -0400 Subject: [PATCH 4/7] d/aws_directory_service_directory: Set 'dns_ip_addresses' to the owner directory's DNS IP addresses for SharedMicrosoftAD directories. --- .changelog/20819.txt | 3 ++ internal/service/ds/directory_data_source.go | 2 ++ .../service/ds/directory_data_source_test.go | 35 +++++++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 .changelog/20819.txt diff --git a/.changelog/20819.txt b/.changelog/20819.txt new file mode 100644 index 00000000000..40b4e61e5d3 --- /dev/null +++ b/.changelog/20819.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +data-source/aws_directory_service_directory: Set `dns_ip_addresses` to the owner directory's DNS IP addresses for SharedMicrosoftAD directories +``` \ No newline at end of file diff --git a/internal/service/ds/directory_data_source.go b/internal/service/ds/directory_data_source.go index 303ff84cdc9..75ffddeb4e7 100644 --- a/internal/service/ds/directory_data_source.go +++ b/internal/service/ds/directory_data_source.go @@ -151,6 +151,8 @@ func dataSourceDirectoryRead(d *schema.ResourceData, meta interface{}) error { d.Set("description", dir.Description) if aws.StringValue(dir.Type) == directoryservice.DirectoryTypeAdconnector { d.Set("dns_ip_addresses", aws.StringValueSlice(dir.ConnectSettings.ConnectIps)) + } else if aws.StringValue(dir.Type) == directoryservice.DirectoryTypeSharedMicrosoftAd { + d.Set("dns_ip_addresses", aws.StringValueSlice(dir.OwnerDirectoryDescription.DnsIpAddrs)) } else { d.Set("dns_ip_addresses", aws.StringValueSlice(dir.DnsIpAddrs)) } diff --git a/internal/service/ds/directory_data_source_test.go b/internal/service/ds/directory_data_source_test.go index 99e5875a924..49aff72ad8a 100644 --- a/internal/service/ds/directory_data_source_test.go +++ b/internal/service/ds/directory_data_source_test.go @@ -133,6 +133,33 @@ func TestAccDSDirectoryDataSource_connector(t *testing.T) { }) } +func TestAccDSDirectoryDataSource_sharedMicrosoftAD(t *testing.T) { + resourceName := "aws_directory_service_shared_directory.test" + dataSourceName := "data.aws_directory_service_directory.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + domainName := acctest.RandomDomainName() + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(t) + acctest.PreCheckDirectoryService(t) + acctest.PreCheckAlternateAccount(t) + }, + ErrorCheck: acctest.ErrorCheck(t, directoryservice.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5FactoriesAlternate(t), + Steps: []resource.TestStep{ + { + Config: testAccDirectoryDataSourceConfig_sharedMicrosoftAD(rName, domainName), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttrPair(resourceName, "dns_ip_addresses.#", dataSourceName, "dns_ip_addresses.#"), + resource.TestCheckResourceAttrPair(resourceName, "shared_directory_id", dataSourceName, "directory_id"), + resource.TestCheckResourceAttrPair(resourceName, "type", dataSourceName, "type"), + ), + }, + }, + }) +} + func testAccDirectoryDataSourceConfig_simpleAD(rName, alias, domain string) string { return acctest.ConfigCompose(acctest.ConfigVPCWithSubnets(rName, 2), fmt.Sprintf(` data "aws_directory_service_directory" "test" { @@ -215,3 +242,11 @@ resource "aws_directory_service_directory" "base" { } `, domain)) } + +func testAccDirectoryDataSourceConfig_sharedMicrosoftAD(rName, domain string) string { + return acctest.ConfigCompose(testAccSharedDirectoryConfig_basic(rName, domain), ` +data "aws_directory_service_directory" "test" { + directory_id = aws_directory_service_shared_directory.test.shared_directory_id +} +`) +} From 9a368f26ceae1c1fa186c105231b008da966d768 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 5 Aug 2022 13:13:52 -0400 Subject: [PATCH 5/7] d/aws_directory_service_directory: Prevent crash when attempting to set 'security_group_id' for SharedMicrosoftAD directories. --- internal/service/ds/directory_data_source.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/internal/service/ds/directory_data_source.go b/internal/service/ds/directory_data_source.go index 75ffddeb4e7..84a0f397553 100644 --- a/internal/service/ds/directory_data_source.go +++ b/internal/service/ds/directory_data_source.go @@ -161,8 +161,10 @@ func dataSourceDirectoryRead(d *schema.ResourceData, meta interface{}) error { d.Set("name", dir.Name) if aws.StringValue(dir.Type) == directoryservice.DirectoryTypeAdconnector { d.Set("security_group_id", dir.ConnectSettings.SecurityGroupId) - } else { + } else if dir.VpcSettings != nil { d.Set("security_group_id", dir.VpcSettings.SecurityGroupId) + } else { + d.Set("security_group_id", nil) } d.Set("short_name", dir.ShortName) d.Set("size", dir.Size) From b01a2054b786abe007f0fc4d87bb6e10fb7087bb Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 5 Aug 2022 13:21:44 -0400 Subject: [PATCH 6/7] d/aws_directory_service_directory: Read the directory in the context of the account that a directory is shared with. --- internal/service/ds/directory_data_source_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/internal/service/ds/directory_data_source_test.go b/internal/service/ds/directory_data_source_test.go index 49aff72ad8a..7b80e645ca9 100644 --- a/internal/service/ds/directory_data_source_test.go +++ b/internal/service/ds/directory_data_source_test.go @@ -246,6 +246,8 @@ resource "aws_directory_service_directory" "base" { func testAccDirectoryDataSourceConfig_sharedMicrosoftAD(rName, domain string) string { return acctest.ConfigCompose(testAccSharedDirectoryConfig_basic(rName, domain), ` data "aws_directory_service_directory" "test" { + provider = "awsalternate" + directory_id = aws_directory_service_shared_directory.test.shared_directory_id } `) From a0495c22aea787e037c497d882c1945e9a1a9367 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 5 Aug 2022 16:50:36 -0400 Subject: [PATCH 7/7] d/aws_directory_service_directory: Shared directory must be accepted for 'OwnerDirectoryDescription' to be populated. --- internal/service/ds/directory_data_source_test.go | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/internal/service/ds/directory_data_source_test.go b/internal/service/ds/directory_data_source_test.go index 7b80e645ca9..b5cb8319997 100644 --- a/internal/service/ds/directory_data_source_test.go +++ b/internal/service/ds/directory_data_source_test.go @@ -134,7 +134,7 @@ func TestAccDSDirectoryDataSource_connector(t *testing.T) { } func TestAccDSDirectoryDataSource_sharedMicrosoftAD(t *testing.T) { - resourceName := "aws_directory_service_shared_directory.test" + resourceName := "aws_directory_service_directory.test" dataSourceName := "data.aws_directory_service_directory.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) domainName := acctest.RandomDomainName() @@ -152,8 +152,7 @@ func TestAccDSDirectoryDataSource_sharedMicrosoftAD(t *testing.T) { Config: testAccDirectoryDataSourceConfig_sharedMicrosoftAD(rName, domainName), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttrPair(resourceName, "dns_ip_addresses.#", dataSourceName, "dns_ip_addresses.#"), - resource.TestCheckResourceAttrPair(resourceName, "shared_directory_id", dataSourceName, "directory_id"), - resource.TestCheckResourceAttrPair(resourceName, "type", dataSourceName, "type"), + resource.TestCheckResourceAttr(dataSourceName, "type", "SharedMicrosoftAD"), ), }, }, @@ -245,10 +244,16 @@ resource "aws_directory_service_directory" "base" { func testAccDirectoryDataSourceConfig_sharedMicrosoftAD(rName, domain string) string { return acctest.ConfigCompose(testAccSharedDirectoryConfig_basic(rName, domain), ` +resource "aws_directory_service_shared_directory_accepter" "test" { + provider = "awsalternate" + + shared_directory_id = aws_directory_service_shared_directory.test.shared_directory_id +} + data "aws_directory_service_directory" "test" { provider = "awsalternate" - directory_id = aws_directory_service_shared_directory.test.shared_directory_id + directory_id = aws_directory_service_shared_directory_accepter.test.shared_directory_id } `) }