diff --git a/.changelog/32661.txt b/.changelog/32661.txt new file mode 100644 index 000000000000..ac2688ed5a05 --- /dev/null +++ b/.changelog/32661.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_sagemaker_domain: Fix validation on `s3_kms_key_id` in `sharing_settings` and `kms_key_id` +``` \ No newline at end of file diff --git a/internal/service/sagemaker/domain.go b/internal/service/sagemaker/domain.go index f7662ceb829b..f5eb713be8f3 100644 --- a/internal/service/sagemaker/domain.go +++ b/internal/service/sagemaker/domain.go @@ -512,9 +512,8 @@ func ResourceDomain() *schema.Resource { ValidateFunc: validation.StringInSlice(sagemaker.NotebookOutputOption_Values(), false), }, "s3_kms_key_id": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: verify.ValidARN, + Type: schema.TypeString, + Optional: true, }, "s3_output_path": { Type: schema.TypeString, @@ -650,10 +649,9 @@ func ResourceDomain() *schema.Resource { Computed: true, }, "kms_key_id": { - Type: schema.TypeString, - ForceNew: true, - Optional: true, - ValidateFunc: verify.ValidARN, + Type: schema.TypeString, + ForceNew: true, + Optional: true, }, "retention_policy": { Type: schema.TypeList, diff --git a/internal/service/sagemaker/domain_test.go b/internal/service/sagemaker/domain_test.go index c437f332f04c..0231849d3648 100644 --- a/internal/service/sagemaker/domain_test.go +++ b/internal/service/sagemaker/domain_test.go @@ -116,7 +116,7 @@ func testAccDomain_kms(t *testing.T) { Config: testAccDomainConfig_kms(rName), Check: resource.ComposeTestCheckFunc( testAccCheckDomainExists(ctx, resourceName, &domain), - resource.TestCheckResourceAttrPair(resourceName, "kms_key_id", "aws_kms_key.test", "arn"), + resource.TestCheckResourceAttrPair(resourceName, "kms_key_id", "aws_kms_key.test", "key_id"), ), }, { @@ -233,7 +233,7 @@ func testAccDomain_sharingSettings(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "default_user_settings.#", "1"), resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.sharing_settings.#", "1"), resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.sharing_settings.0.notebook_output_option", "Allowed"), - resource.TestCheckResourceAttrPair(resourceName, "default_user_settings.0.sharing_settings.0.s3_kms_key_id", "aws_kms_key.test", "arn"), + resource.TestCheckResourceAttrPair(resourceName, "default_user_settings.0.sharing_settings.0.s3_kms_key_id", "aws_kms_key.test", "key_id"), resource.TestCheckResourceAttrSet(resourceName, "default_user_settings.0.sharing_settings.0.s3_output_path"), ), }, @@ -751,7 +751,7 @@ func testAccDomain_defaultUserSettingsUpdated(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "default_user_settings.#", "1"), resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.sharing_settings.#", "1"), resource.TestCheckResourceAttr(resourceName, "default_user_settings.0.sharing_settings.0.notebook_output_option", "Allowed"), - resource.TestCheckResourceAttrPair(resourceName, "default_user_settings.0.sharing_settings.0.s3_kms_key_id", "aws_kms_key.test", "arn"), + resource.TestCheckResourceAttrPair(resourceName, "default_user_settings.0.sharing_settings.0.s3_kms_key_id", "aws_kms_key.test", "key_id"), resource.TestCheckResourceAttrSet(resourceName, "default_user_settings.0.sharing_settings.0.s3_output_path"), ), }, @@ -954,7 +954,7 @@ resource "aws_sagemaker_domain" "test" { auth_mode = "IAM" vpc_id = aws_vpc.test.id subnet_ids = aws_subnet.test[*].id - kms_key_id = aws_kms_key.test.arn + kms_key_id = aws_kms_key.test.key_id default_user_settings { execution_role = aws_iam_role.test.arn @@ -1098,7 +1098,7 @@ resource "aws_sagemaker_domain" "test" { sharing_settings { notebook_output_option = "Allowed" - s3_kms_key_id = aws_kms_key.test.arn + s3_kms_key_id = aws_kms_key.test.key_id s3_output_path = "s3://${aws_s3_bucket.test.bucket}/sharing" } }