New Resource: aws_cloudtrail_event_data_store #22490

bschaatsbergen · 2022-01-09T21:44:10Z

Community Note

Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Output from acceptance testing:

$ make testacc TESTS=TestAccEventDataStore PKG=cloudtrail
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/cloudtrail/... -v -count 1 -parallel 20 -run='TestAccEventDataStore'  -timeout 180m
=== RUN   TestAccEventDataStore_basic
=== PAUSE TestAccEventDataStore_basic
=== RUN   TestAccEventDataStore_disappears
=== PAUSE TestAccEventDataStore_disappears
=== RUN   TestAccEventDataStore_multi_region_enabled
=== PAUSE TestAccEventDataStore_multi_region_enabled
=== RUN   TestAccEventDataStore_advanced_event_selector
=== PAUSE TestAccEventDataStore_advanced_event_selector
=== CONT  TestAccEventDataStore_basic
=== CONT  TestAccEventDataStore_multi_region_enabled
=== CONT  TestAccEventDataStore_advanced_event_selector
=== CONT  TestAccEventDataStore_disappears
--- PASS: TestAccEventDataStore_disappears (17.64s)
--- PASS: TestAccEventDataStore_multi_region_enabled (21.19s)
--- PASS: TestAccEventDataStore_basic (22.35s)
--- PASS: TestAccEventDataStore_advanced_event_selector (24.41s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/cloudtrail 24.473s

…event data store

github-actions

Welcome @bschaatsbergen 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTING guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

NathanGitgit

Great initiative, I'm looking forward to keep track of this draft PR.

internal/provider/provider.go

…EventDataStoreUpdate`

…ate of the resource

bschaatsbergen · 2022-01-25T22:22:16Z

Hey @ewbankkit,

The event data store CRUD seems to work, there's just something wrong with the advanced_event_selector.

By default the SDK implicitly sets it to 'capture all management events'. Because this is not reflected in the resource when declaring it, it does end up in the state, but the subsequent plan or apply will again try to delete the advanced_event_selector that's set by the default behaviour.

  # aws_cloudtrail_event_data_store.main will be updated in-place
  ~ resource "aws_cloudtrail_event_data_store" "main" {
        id                             = "arn:aws:cloudtrail:eu-central-1:123456789010:eventdatastore/4481b52a-4892-4c3e-a2b0-b4ec4e40368d"
        name                           = "tf-test-store-7"
      ~ tags                           = {
          + "Name" = "tf-test-store-7"
        }
      ~ tags_all                       = {
          + "Name" = "tf-test-store-7"
        }
        # (5 unchanged attributes hidden)

      - advanced_event_selector {
          - name = "Default management events" -> null

          - field_selector {
              - ends_with       = [] -> null
              - equals          = [
                  - "Management",
                ] -> null
              - field           = "eventCategory" -> null
              - not_ends_with   = [] -> null
              - not_equals      = [] -> null
              - not_starts_with = [] -> null
              - starts_with     = [] -> null
            }
        }
    }


Plan: 0 to add, 1 to change, 0 to destroy.

Could you advice me on how to tackle this please?

ewbankkit · 2022-01-26T12:26:40Z

@bschaatsbergen Try marking advanced_event_selector (and its nested attributes) as Computed together with Optional.

bschaatsbergen · 2022-01-26T12:33:18Z

Thanks @ewbankkit. I noticed that if you remove one of the operators (equals, not equals, etc) and only set the field in the field_selector the API returns a 400 (which is apparently retryable by looking at the SDK) and it stays on Creating.. or Modifying.... It should throw an error as a operator is always required in combination with a field (from what I can see).

---[ REQUEST POST-SIGN ]-----------------------------
POST / HTTP/1.1
Host: cloudtrail.eu-central-1.amazonaws.com
User-Agent: APN/1.0 HashiCorp/1.0 Terraform/1.1.3 (+https://www.terraform.io) terraform-provider-aws/dev (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.42.38 (go1.17.6; linux; amd64)
Content-Length: 254
Authorization: AWS4-HMAC-SHA256 Credential=AKIKEXAMPLEW/20220126/eu-central-1/cloudtrail/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-target, Signature=d47ab6235d3c3b48c058d4ec0fe037d7fa87130ebd7f9dacb0e0d1EXAMPLE
Content-Type: application/x-amz-json-1.1
X-Amz-Date: 20220126T123506Z
X-Amz-Target: com.amazonaws.cloudtrail.v20131101.CloudTrail_20131101.UpdateEventDataStore
Accept-Encoding: gzip

{"AdvancedEventSelectors":[{"FieldSelectors":[{"Field":"eventCategory"}],"Name":"Log Delete* events for S3 buckets"}],"EventDataStore":"arn:aws:cloudtrail:eu-central-1:1234556788:eventdatastore/4521dbaf-be02-462b-ae48-14cf09EXAMPLE","RetentionPeriod":8}
-----------------------------------------------------: timestamp=2022-01-26T13:35:06.718+0100
2022-01-26T13:35:06.849+0100 [INFO]  provider.terraform-provider-aws: 2022/01/26 13:35:06 [DEBUG] [aws-sdk-go] DEBUG: Response cloudtrail/UpdateEventDataStore Details:
---[ RESPONSE ]--------------------------------------
HTTP/1.1 400 
Connection: close
Content-Length: 58
Content-Type: application/x-amz-json-1.1
Date: Wed, 26 Jan 2022 12:35:06 GMT
X-Amzn-Requestid: 9e8123f4-8ca6-4374-bc53-2d7ffcEXAMPLE


-----------------------------------------------------: timestamp=2022-01-26T13:35:06.849+0100
2022-01-26T13:35:06.849+0100 [INFO]  provider.terraform-provider-aws: 2022/01/26 13:35:06 [DEBUG] [aws-sdk-go] {"__type":"ThrottlingException","message":"Rate exceeded"}: timestamp=2022-01-26T13:35:06.849+0100
2022-01-26T13:35:06.849+0100 [INFO]  provider.terraform-provider-aws: 2022/01/26 13:35:06 [DEBUG] [aws-sdk-go] DEBUG: Validate Response cloudtrail/UpdateEventDataStore failed, attempt 1/25, error ThrottlingException: Rate exceeded
        status code: 400

continues retrying...

…tes) as Computed together with Optional

…pdate`

…DING_DELETION' state

…ibutes Reference` section and `Import` section

bschaatsbergen · 2022-02-07T23:12:09Z

Done @ewbankkit, besides the previous comment (which seems related to the AWS API) and that I'm unable to test the organization_enabled, everything is tested and seems to work 👍

…signatures (hashicorp#15090).

…dated_timestamp'.

Acceptance test output: % make testacc TESTS=TestAccEventDataStore_basic PKG=cloudtrail ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./internal/service/cloudtrail/... -v -count 1 -parallel 20 -run='TestAccEventDataStore_basic' -timeout 180m === RUN TestAccEventDataStore_basic === PAUSE TestAccEventDataStore_basic === CONT TestAccEventDataStore_basic --- PASS: TestAccEventDataStore_basic (22.33s) PASS ok github.com/hashicorp/terraform-provider-aws/internal/service/cloudtrail 27.974s

Acceptance test output: % make testacc TESTS=TestAccEventDataStore_options PKG=cloudtrail ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./internal/service/cloudtrail/... -v -count 1 -parallel 20 -run='TestAccEventDataStore_options' -timeout 180m === RUN TestAccEventDataStore_options === PAUSE TestAccEventDataStore_options === CONT TestAccEventDataStore_options --- PASS: TestAccEventDataStore_options (35.91s) PASS ok github.com/hashicorp/terraform-provider-aws/internal/service/cloudtrail 41.731s

Acceptance test output: % make testacc TESTS=TestAccEventDataStore_tags PKG=cloudtrail ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./internal/service/cloudtrail/... -v -count 1 -parallel 20 -run='TestAccEventDataStore_tags' -timeout 180m === RUN TestAccEventDataStore_tags === PAUSE TestAccEventDataStore_tags === CONT TestAccEventDataStore_tags --- PASS: TestAccEventDataStore_tags (40.99s) PASS ok github.com/hashicorp/terraform-provider-aws/internal/service/cloudtrail 44.986s

ewbankkit

LGTM 🚀.

Commercial

% make testacc TESTS=TestAccEventDataStore_ PKG=cloudtrail 
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/cloudtrail/... -v -count 1 -parallel 20 -run='TestAccEventDataStore_'  -timeout 180m
=== RUN   TestAccEventDataStore_basic
=== PAUSE TestAccEventDataStore_basic
=== RUN   TestAccEventDataStore_disappears
=== PAUSE TestAccEventDataStore_disappears
=== RUN   TestAccEventDataStore_tags
=== PAUSE TestAccEventDataStore_tags
=== RUN   TestAccEventDataStore_options
=== PAUSE TestAccEventDataStore_options
=== RUN   TestAccEventDataStore_advancedEventSelector
=== PAUSE TestAccEventDataStore_advancedEventSelector
=== CONT  TestAccEventDataStore_basic
=== CONT  TestAccEventDataStore_options
=== CONT  TestAccEventDataStore_advancedEventSelector
=== CONT  TestAccEventDataStore_disappears
=== CONT  TestAccEventDataStore_tags
=== CONT  TestAccEventDataStore_options
    acctest.go:701: this AWS account must be the management account of an AWS Organization
--- SKIP: TestAccEventDataStore_options (1.25s)
--- PASS: TestAccEventDataStore_disappears (16.09s)
--- PASS: TestAccEventDataStore_basic (20.89s)
--- PASS: TestAccEventDataStore_advancedEventSelector (24.49s)
--- PASS: TestAccEventDataStore_tags (41.64s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/cloudtrail	45.575s

GovCloud

% make testacc TESTS=TestAccEventDataStore_ PKG=cloudtrail
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/cloudtrail/... -v -count 1 -parallel 20 -run='TestAccEventDataStore_'  -timeout 180m
=== RUN   TestAccEventDataStore_basic
=== PAUSE TestAccEventDataStore_basic
=== RUN   TestAccEventDataStore_disappears
=== PAUSE TestAccEventDataStore_disappears
=== RUN   TestAccEventDataStore_tags
=== PAUSE TestAccEventDataStore_tags
=== RUN   TestAccEventDataStore_options
=== PAUSE TestAccEventDataStore_options
=== RUN   TestAccEventDataStore_advancedEventSelector
=== PAUSE TestAccEventDataStore_advancedEventSelector
=== CONT  TestAccEventDataStore_basic
=== CONT  TestAccEventDataStore_options
=== CONT  TestAccEventDataStore_disappears
=== CONT  TestAccEventDataStore_tags
=== CONT  TestAccEventDataStore_advancedEventSelector
=== CONT  TestAccEventDataStore_disappears
    acctest.go:1008: skipping test for aws-us-gov/us-gov-west-1: Error running apply: exit status 1
        
        Error: error creating CloudTrail Event Data Store (tf-acc-test-8727672389834937490): UnsupportedOperationException: The operation requested is not supported in the region.
        
          with aws_cloudtrail_event_data_store.test,
          on terraform_plugin_test.tf line 2, in resource "aws_cloudtrail_event_data_store" "test":
           2: resource "aws_cloudtrail_event_data_store" "test" {
        
=== CONT  TestAccEventDataStore_basic
    acctest.go:1008: skipping test for aws-us-gov/us-gov-west-1: Error running apply: exit status 1
        
        Error: error creating CloudTrail Event Data Store (tf-acc-test-3181324507280160273): UnsupportedOperationException: The operation requested is not supported in the region.
        
          with aws_cloudtrail_event_data_store.test,
          on terraform_plugin_test.tf line 2, in resource "aws_cloudtrail_event_data_store" "test":
           2: resource "aws_cloudtrail_event_data_store" "test" {
        
=== CONT  TestAccEventDataStore_advancedEventSelector
    acctest.go:1008: skipping test for aws-us-gov/us-gov-west-1: Error running apply: exit status 1
        
        Error: error creating CloudTrail Event Data Store (tf-acc-test-6934047121505972719): UnsupportedOperationException: The operation requested is not supported in the region.
        
          with aws_cloudtrail_event_data_store.test,
          on terraform_plugin_test.tf line 2, in resource "aws_cloudtrail_event_data_store" "test":
           2: resource "aws_cloudtrail_event_data_store" "test" {
        
=== CONT  TestAccEventDataStore_options
    acctest.go:1008: skipping test for aws-us-gov/us-gov-west-1: Error running apply: exit status 1
        
        Error: error creating CloudTrail Event Data Store (tf-acc-test-1237862277570900657): UnsupportedOperationException: The operation requested is not supported in the region.
        
          with aws_cloudtrail_event_data_store.test,
          on terraform_plugin_test.tf line 2, in resource "aws_cloudtrail_event_data_store" "test":
           2: resource "aws_cloudtrail_event_data_store" "test" {
        
=== CONT  TestAccEventDataStore_tags
    acctest.go:1008: skipping test for aws-us-gov/us-gov-west-1: Error running apply: exit status 1
        
        Error: error creating CloudTrail Event Data Store (tf-acc-test-6132664734702259425): UnsupportedOperationException: The operation requested is not supported in the region.
        
          with aws_cloudtrail_event_data_store.test,
          on terraform_plugin_test.tf line 2, in resource "aws_cloudtrail_event_data_store" "test":
           2: resource "aws_cloudtrail_event_data_store" "test" {
        
--- SKIP: TestAccEventDataStore_disappears (9.13s)
--- SKIP: TestAccEventDataStore_advancedEventSelector (9.19s)
--- SKIP: TestAccEventDataStore_options (9.21s)
--- SKIP: TestAccEventDataStore_basic (9.21s)
--- SKIP: TestAccEventDataStore_tags (9.22s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/cloudtrail	12.617s

ewbankkit · 2022-02-15T18:50:18Z

@bschaatsbergen Thanks for the contribution 🎉 👏.
Overall the contribution was great.
I made a few mainly cosmetic changes and fixed some bugs in the resource Update functionality that additional tests uncovered.

bschaatsbergen · 2022-02-15T19:03:52Z

@ewbankkit. that's great to hear and for sure more contributions will follow. Thanks for adding the touch-ups!

…NotFound. Acceptance test output: % make testacc TESTS=TestAccEventDataStore_ PKG=cloudtrail ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./internal/service/cloudtrail/... -v -count 1 -parallel 20 -run='TestAccEventDataStore_' -timeout 180m === RUN TestAccEventDataStore_basic === PAUSE TestAccEventDataStore_basic === RUN TestAccEventDataStore_disappears === PAUSE TestAccEventDataStore_disappears === RUN TestAccEventDataStore_tags === PAUSE TestAccEventDataStore_tags === RUN TestAccEventDataStore_options === PAUSE TestAccEventDataStore_options === RUN TestAccEventDataStore_advancedEventSelector === PAUSE TestAccEventDataStore_advancedEventSelector === CONT TestAccEventDataStore_basic === CONT TestAccEventDataStore_options === CONT TestAccEventDataStore_tags === CONT TestAccEventDataStore_disappears === CONT TestAccEventDataStore_advancedEventSelector === CONT TestAccEventDataStore_options acctest.go:701: this AWS account must be the management account of an AWS Organization --- SKIP: TestAccEventDataStore_options (1.09s) --- PASS: TestAccEventDataStore_disappears (21.03s) --- PASS: TestAccEventDataStore_advancedEventSelector (28.89s) --- PASS: TestAccEventDataStore_tags (49.38s) --- PASS: TestAccEventDataStore_basic (71.26s) PASS ok github.com/hashicorp/terraform-provider-aws/internal/service/cloudtrail 77.703s

…shim/v2/tfawserr'.

github-actions · 2022-05-14T02:41:54Z

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

bschaatsbergen added 3 commits January 9, 2022 22:09

cloudtrail-lake: Add lake to resource provider

54f1939

cloudtrail-lake: Create status.go, find.go and wait.go for the …

5c0490e

…event data store

cloudtrail-lake: Init of cloudtrail_lake.go

48f4488

cloudtrail-lake: Fix typo in wait

14635fd

github-actions bot reviewed Jan 9, 2022

View reviewed changes

cloudformation-lake: Fix duplicate conditional

9c15902

NathanGitgit reviewed Jan 9, 2022

View reviewed changes

ewbankkit reviewed Jan 10, 2022

View reviewed changes

internal/provider/provider.go Outdated Show resolved Hide resolved

bschaatsbergen changed the title ~~[WIP] New Resource: aws_cloudtrail_lake~~ [WIP] New Resource: aws_cloudtrail_event_data_store Jan 11, 2022

bschaatsbergen added 2 commits January 11, 2022 19:44

cloudtrail-lake: Rename to CloudTrail Event Data Store

09267c5

cloudtrail-lake: Update timeouts

f2fe67d

justinretzolk added new-resource Introduces a new resource. and removed needs-triage Waiting for first response or review from a maintainer. labels Jan 11, 2022

bschaatsbergen and others added 6 commits January 14, 2022 22:39

cloudtrail-lake: Implement resourceEventDataStoreRead and `resource…

76024ad

…EventDataStoreUpdate`

cloudtrail-lake: Add input.AdvancedEventSelectors on Create and Upd…

4e45df7

…ate of the resource

cloudtrail-lake: Create 22490.txt

e25bb90

Merge branch 'main' into r/cloudtrail-lake

8ce8a5f

cloudtrail-lake: fix a bug on the schema and change the status variables

dbf09bd

cloudtrail-lake: set input values in input block

7f61985

cloudtrail-lake: mark advanced_event_selector (and its nested attribu…

550fd9d

…tes) as Computed together with Optional

bschaatsbergen mentioned this pull request Jan 26, 2022

Omitting a operator in the AdvancedEventSelector.FieldSelector seems to be allowed but API throws a 400 followed by a 500 aws/aws-sdk-go#4260

Closed

bschaatsbergen added 2 commits January 26, 2022 21:54

cloudtrail-lake: add input validation to the `resourceEventDataStoreU…

265bfb5

…pdate`

cloudtrail-lake: WIP on cloudtrail_event_data_store doc

2241622

github-actions bot added the documentation Introduces or discusses updates to documentation. label Jan 27, 2022

cloudtrail-lake: add tests

2d45163

github-actions bot added the tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. label Feb 4, 2022

bschaatsbergen added 4 commits February 5, 2022 01:28

cloudtrail-lake: add TestAccEventDataStore_disappears

7ba8874

cloudtrail-lake: remove eventDataStore from state when it's in a 'PEN…

6d64e74

…DING_DELETION' state

cloudtrail-lake: Add Data Event Logging section with example, `Attr…

7930e58

…ibutes Reference` section and `Import` section

cloudtrail-lake: Update data event logging example

cdaa6ec

bschaatsbergen marked this pull request as ready for review February 5, 2022 23:37

bschaatsbergen mentioned this pull request Feb 5, 2022

Support AWS CloudTrail Lake #22434

Closed

bschaatsbergen changed the title ~~[WIP] New Resource: aws_cloudtrail_event_data_store~~ New Resource: aws_cloudtrail_event_data_store Feb 5, 2022

ewbankkit added 7 commits February 15, 2022 11:49

r/aws_cloudtrail_event_data_store: Use 'WithoutTimeout' CRUD handler …

9638789

…signatures (hashicorp#15090).

r/aws_cloudtrail_event_data_store: Remove 'created_timestamp' and 'up…

f0dad53

…dated_timestamp'.

Minor documentation corrections.

5307c6c

r/aws_cloudtrail_event_data_store: Alphabetize attributes.

2d385b0

ewbankkit approved these changes Feb 15, 2022

View reviewed changes

ewbankkit added 4 commits February 15, 2022 14:06

Merge branch 'main' into tmp-pr22490

19e9098

Import 'tfawserr' from 'github.com/hashicorp/aws-sdk-go-base/v2/awsv1…

cce08f1

…shim/v2/tfawserr'.

Fix website terrafmt errors.

54b5824

ewbankkit merged commit a65002b into hashicorp:main Feb 15, 2022

bschaatsbergen deleted the r/cloudtrail-lake branch February 15, 2022 20:31

ewbankkit added this to the v4.2.0 milestone Feb 23, 2022

github-actions bot locked as resolved and limited conversation to collaborators May 14, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New Resource: aws_cloudtrail_event_data_store #22490

New Resource: aws_cloudtrail_event_data_store #22490

bschaatsbergen commented Jan 9, 2022 •

edited

Loading

github-actions bot left a comment

NathanGitgit left a comment •

edited

Loading

bschaatsbergen commented Jan 25, 2022 •

edited

Loading

ewbankkit commented Jan 26, 2022

bschaatsbergen commented Jan 26, 2022 •

edited

Loading

bschaatsbergen commented Feb 7, 2022

ewbankkit left a comment

ewbankkit commented Feb 15, 2022

bschaatsbergen commented Feb 15, 2022

github-actions bot commented May 14, 2022

New Resource: aws_cloudtrail_event_data_store #22490

New Resource: aws_cloudtrail_event_data_store #22490

Conversation

bschaatsbergen commented Jan 9, 2022 • edited Loading

Community Note

github-actions bot left a comment

Choose a reason for hiding this comment

NathanGitgit left a comment • edited Loading

Choose a reason for hiding this comment

bschaatsbergen commented Jan 25, 2022 • edited Loading

ewbankkit commented Jan 26, 2022

bschaatsbergen commented Jan 26, 2022 • edited Loading

bschaatsbergen commented Feb 7, 2022

ewbankkit left a comment

Choose a reason for hiding this comment

Commercial

GovCloud

ewbankkit commented Feb 15, 2022

bschaatsbergen commented Feb 15, 2022

github-actions bot commented May 14, 2022

bschaatsbergen commented Jan 9, 2022 •

edited

Loading

NathanGitgit left a comment •

edited

Loading

bschaatsbergen commented Jan 25, 2022 •

edited

Loading

bschaatsbergen commented Jan 26, 2022 •

edited

Loading