From c4236539e7897feab0d949153a5124c8f3a8b3dd Mon Sep 17 00:00:00 2001
From: exoego <ytatsuno.jp@gmail.com>
Date: Fri, 16 Jun 2023 13:34:39 +0900
Subject: [PATCH 1/7] Update doc

---
 website/docs/d/memorydb_user.html.markdown | 4 ++--
 website/docs/r/memorydb_user.html.markdown | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/website/docs/d/memorydb_user.html.markdown b/website/docs/d/memorydb_user.html.markdown
index 8dc389c27980..2b0fc81e292a 100644
--- a/website/docs/d/memorydb_user.html.markdown
+++ b/website/docs/d/memorydb_user.html.markdown
@@ -32,7 +32,7 @@ In addition, the following attributes are exported:
 * `access_string` - Access permissions string used for this user.
 * `arn` - ARN of the user.
 * `authentication_mode` - Denotes the user's authentication properties.
-    * `password_count` - The number of passwords belonging to the user.
-    * `type` - Whether the user requires a password to authenticate.
+    * `password_count` - (Optional) The number of passwords belonging to the user if `type` is set to `password`. Otherwise
+    * `type` - Specifies the authentication type.
 * `minimum_engine_version` - The minimum engine version supported for the user.
 * `tags` - Map of tags assigned to the subnet group.
diff --git a/website/docs/r/memorydb_user.html.markdown b/website/docs/r/memorydb_user.html.markdown
index dccef6364419..b8c5e304fdd7 100644
--- a/website/docs/r/memorydb_user.html.markdown
+++ b/website/docs/r/memorydb_user.html.markdown
@@ -47,8 +47,8 @@ The following arguments are optional:
 
 ### authentication_mode Configuration Block
 
-* `passwords` - (Required) The set of passwords used for authentication. You can create up to two passwords for each user.
-* `type` - (Required) Indicates whether the user requires a password to authenticate. Must be set to `password`.
+* `passwords` - (Optional) The set of passwords used for authentication if `type` is set to `password`. You can create up to two passwords for each user.
+* `type` - (Required) Specifies the authentication type. Possible options are: `password` or `iam`.
 
 ## Attributes Reference
 

From a76f3b234b33511cf3a3656cfdfd3f47918bf5d3 Mon Sep 17 00:00:00 2001
From: exoego <ytatsuno.jp@gmail.com>
Date: Fri, 16 Jun 2023 14:08:52 +0900
Subject: [PATCH 2/7] Implement

---
 internal/service/memorydb/user.go             | 39 +++++++++-----
 .../service/memorydb/user_data_source_test.go | 49 +++++++++++++++++
 internal/service/memorydb/user_test.go        | 54 +++++++++++++++++++
 3 files changed, 130 insertions(+), 12 deletions(-)

diff --git a/internal/service/memorydb/user.go b/internal/service/memorydb/user.go
index 0f4e8b4bdaf6..7290d18e1e3c 100644
--- a/internal/service/memorydb/user.go
+++ b/internal/service/memorydb/user.go
@@ -50,7 +50,7 @@ func ResourceUser() *schema.Resource {
 					Schema: map[string]*schema.Schema{
 						"passwords": {
 							Type:     schema.TypeSet,
-							Required: true,
+							Optional: true,
 							MinItems: 1,
 							MaxItems: 2,
 							Elem: &schema.Schema{
@@ -94,12 +94,12 @@ func resourceUserCreate(ctx context.Context, d *schema.ResourceData, meta interf
 	userName := d.Get("user_name").(string)
 	input := &memorydb.CreateUserInput{
 		AccessString: aws.String(d.Get("access_string").(string)),
-		AuthenticationMode: &memorydb.AuthenticationMode{
-			Passwords: flex.ExpandStringSet(d.Get("authentication_mode.0.passwords").(*schema.Set)),
-			Type:      aws.String(d.Get("authentication_mode.0.type").(string)),
-		},
-		Tags:     getTagsIn(ctx),
-		UserName: aws.String(userName),
+		Tags:         getTagsIn(ctx),
+		UserName:     aws.String(userName),
+	}
+
+	if v, ok := d.GetOk("authentication_mode"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil {
+		input.AuthenticationMode = expandAuthenticationMode(v.([]interface{})[0].(map[string]interface{}))
 	}
 
 	_, err := conn.CreateUserWithContext(ctx, input)
@@ -161,11 +161,8 @@ func resourceUserUpdate(ctx context.Context, d *schema.ResourceData, meta interf
 			input.AccessString = aws.String(d.Get("access_string").(string))
 		}
 
-		if d.HasChange("authentication_mode") {
-			input.AuthenticationMode = &memorydb.AuthenticationMode{
-				Passwords: flex.ExpandStringSet(d.Get("authentication_mode.0.passwords").(*schema.Set)),
-				Type:      aws.String(d.Get("authentication_mode.0.type").(string)),
-			}
+		if v, ok := d.GetOk("authentication_mode"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil {
+			input.AuthenticationMode = expandAuthenticationMode(v.([]interface{})[0].(map[string]interface{}))
 		}
 
 		_, err := conn.UpdateUserWithContext(ctx, input)
@@ -204,3 +201,21 @@ func resourceUserDelete(ctx context.Context, d *schema.ResourceData, meta interf
 
 	return nil
 }
+
+func expandAuthenticationMode(tfMap map[string]interface{}) *memorydb.AuthenticationMode {
+	if tfMap == nil {
+		return nil
+	}
+
+	apiObject := &memorydb.AuthenticationMode{}
+
+	if v, ok := tfMap["passwords"].(*schema.Set); ok && v.Len() > 0 {
+		apiObject.Passwords = flex.ExpandStringSet(v)
+	}
+
+	if v, ok := tfMap["type"].(string); ok && v != "" {
+		apiObject.Type = aws.String(v)
+	}
+
+	return apiObject
+}
diff --git a/internal/service/memorydb/user_data_source_test.go b/internal/service/memorydb/user_data_source_test.go
index d0fca9c8cab3..5a303e38d77c 100644
--- a/internal/service/memorydb/user_data_source_test.go
+++ b/internal/service/memorydb/user_data_source_test.go
@@ -38,6 +38,34 @@ func TestAccMemoryDBUserDataSource_basic(t *testing.T) {
 	})
 }
 
+func TestAccMemoryDBUserDataSource_iam(t *testing.T) {
+	ctx := acctest.Context(t)
+	rName := "tf-test-" + sdkacctest.RandString(8)
+	resourceName := "aws_memorydb_user.test"
+	dataSourceName := "data.aws_memorydb_user.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheck(t) },
+		ErrorCheck:               acctest.ErrorCheck(t, memorydb.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccUserDataSourceConfig_iam(rName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttrPair(dataSourceName, "access_string", resourceName, "access_string"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "arn", resourceName, "arn"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "authentication_mode.0.type", resourceName, "authentication_mode.0.type"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "authentication_mode.0.password_count", resourceName, "authentication_mode.0.password_count"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "minimum_engine_version", resourceName, "minimum_engine_version"),
+					resource.TestCheckResourceAttr(dataSourceName, "tags.%", "1"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "tags.Test", resourceName, "tags.Test"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "user_name", resourceName, "user_name"),
+				),
+			},
+		},
+	})
+}
+
 func testAccUserDataSourceConfig_basic(rName string) string {
 	return fmt.Sprintf(`
 resource "aws_memorydb_user" "test" {
@@ -59,3 +87,24 @@ data "aws_memorydb_user" "test" {
 }
 `, rName)
 }
+
+func testAccUserDataSourceConfig_iam(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_memorydb_user" "test" {
+  access_string = "on ~* &* +@all"
+  user_name     = %[1]q
+
+  authentication_mode {
+    type = "iam"
+  }
+
+  tags = {
+    Test = "test"
+  }
+}
+
+data "aws_memorydb_user" "test" {
+  user_name = aws_memorydb_user.test.user_name
+}
+`, rName)
+}
diff --git a/internal/service/memorydb/user_test.go b/internal/service/memorydb/user_test.go
index eb122ad42c4d..61fe9129c9bd 100644
--- a/internal/service/memorydb/user_test.go
+++ b/internal/service/memorydb/user_test.go
@@ -52,6 +52,43 @@ func TestAccMemoryDBUser_basic(t *testing.T) {
 	})
 }
 
+func TestAccMemoryDBUser_iam_auth_mode(t *testing.T) {
+	ctx := acctest.Context(t)
+	rName := "tf-test-" + sdkacctest.RandString(8)
+	resourceName := "aws_memorydb_user.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheck(t) },
+		ErrorCheck:               acctest.ErrorCheck(t, memorydb.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckUserDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccUserConfigWithIAMAuthMode_basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckUserExists(ctx, resourceName),
+					resource.TestCheckResourceAttr(resourceName, "access_string", "on ~* &* +@all"),
+					acctest.CheckResourceAttrRegionalARN(resourceName, "arn", "memorydb", "user/"+rName),
+					resource.TestCheckResourceAttr(resourceName, "authentication_mode.0.type", "iam"),
+					resource.TestCheckResourceAttr(resourceName, "authentication_mode.0.password_count", "0"),
+					resource.TestCheckResourceAttrSet(resourceName, "minimum_engine_version"),
+					resource.TestCheckResourceAttr(resourceName, "user_name", rName),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
+					resource.TestCheckResourceAttr(resourceName, "tags.Test", "test"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					"authentication_mode.0.passwords",
+				},
+			},
+		},
+	})
+}
+
 func TestAccMemoryDBUser_disappears(t *testing.T) {
 	ctx := acctest.Context(t)
 	rName := "tf-test-" + sdkacctest.RandString(8)
@@ -273,6 +310,23 @@ resource "aws_memorydb_user" "test" {
 `, rName)
 }
 
+func testAccUserConfigWithIAMAuthMode_basic(rName string) string {
+	return fmt.Sprintf(`
+resource "aws_memorydb_user" "test" {
+  access_string = "on ~* &* +@all"
+  user_name     = %[1]q
+
+  authentication_mode {
+    type = "iam"
+  }
+
+  tags = {
+    Test = "test"
+  }
+}
+`, rName)
+}
+
 func testAccUserConfig_accessString(rName, accessString string) string {
 	return fmt.Sprintf(`
 resource "aws_memorydb_user" "test" {

From 7339445bf40758ce30444ef29d67de69d936e031 Mon Sep 17 00:00:00 2001
From: exoego <ytatsuno.jp@gmail.com>
Date: Sat, 17 Jun 2023 08:46:10 +0900
Subject: [PATCH 3/7] Add changelog

---
 .changelog/32027.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/32027.txt

diff --git a/.changelog/32027.txt b/.changelog/32027.txt
new file mode 100644
index 000000000000..d8b6b7317d73
--- /dev/null
+++ b/.changelog/32027.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_memorydb_user: Support IAM authentication mode
+```
\ No newline at end of file

From cc48ff20abc6dd39b19147ef5360dd39ab05a299 Mon Sep 17 00:00:00 2001
From: exoego <ytatsuno.jp@gmail.com>
Date: Tue, 26 Mar 2024 15:38:52 +0900
Subject: [PATCH 4/7] fix semantic conflict

---
 internal/service/memorydb/user_data_source_test.go | 2 +-
 internal/service/memorydb/user_test.go             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/service/memorydb/user_data_source_test.go b/internal/service/memorydb/user_data_source_test.go
index 96bd399ad8d6..e3b2a5f48738 100644
--- a/internal/service/memorydb/user_data_source_test.go
+++ b/internal/service/memorydb/user_data_source_test.go
@@ -49,7 +49,7 @@ func TestAccMemoryDBUserDataSource_iam(t *testing.T) {
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheck(t) },
-		ErrorCheck:               acctest.ErrorCheck(t, memorydb.EndpointsID),
+		ErrorCheck:               acctest.ErrorCheck(t, names.MemoryDBServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 		Steps: []resource.TestStep{
 			{
diff --git a/internal/service/memorydb/user_test.go b/internal/service/memorydb/user_test.go
index 956d68324281..01f5d36f9fc7 100644
--- a/internal/service/memorydb/user_test.go
+++ b/internal/service/memorydb/user_test.go
@@ -62,7 +62,7 @@ func TestAccMemoryDBUser_iam_auth_mode(t *testing.T) {
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheck(t) },
-		ErrorCheck:               acctest.ErrorCheck(t, memorydb.EndpointsID),
+		ErrorCheck:               acctest.ErrorCheck(t, names.MemoryDBServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 		CheckDestroy:             testAccCheckUserDestroy(ctx),
 		Steps: []resource.TestStep{

From 179071758b623453d76bac9e3ba55a1425d8f77e Mon Sep 17 00:00:00 2001
From: Jared Baker <jared.baker@hashicorp.com>
Date: Thu, 25 Apr 2024 15:02:11 -0400
Subject: [PATCH 5/7] [r|d]/aws_memorydb_user(doc): tidy up

---
 website/docs/d/memorydb_user.html.markdown |  8 ++++----
 website/docs/r/memorydb_user.html.markdown | 12 ++++++------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/website/docs/d/memorydb_user.html.markdown b/website/docs/d/memorydb_user.html.markdown
index 109b1e818480..d48455d3ddea 100644
--- a/website/docs/d/memorydb_user.html.markdown
+++ b/website/docs/d/memorydb_user.html.markdown
@@ -32,7 +32,7 @@ This data source exports the following attributes in addition to the arguments a
 * `access_string` - Access permissions string used for this user.
 * `arn` - ARN of the user.
 * `authentication_mode` - Denotes the user's authentication properties.
-    * `password_count` - (Optional) The number of passwords belonging to the user if `type` is set to `password`. Otherwise
-    * `type` - Specifies the authentication type.
-* `minimum_engine_version` - The minimum engine version supported for the user.
-* `tags` - Map of tags assigned to the subnet group.
+    * `password_count` - (Optional) Number of passwords belonging to the user if `type` is set to `password`.
+    * `type` - Type of authentication configured.
+* `minimum_engine_version` - Minimum engine version supported for the user.
+* `tags` - Map of tags assigned to the user.
diff --git a/website/docs/r/memorydb_user.html.markdown b/website/docs/r/memorydb_user.html.markdown
index 43b0d3495f51..d3af6428b260 100644
--- a/website/docs/r/memorydb_user.html.markdown
+++ b/website/docs/r/memorydb_user.html.markdown
@@ -37,7 +37,7 @@ resource "aws_memorydb_user" "example" {
 
 The following arguments are required:
 
-* `access_string` - (Required) The access permissions string used for this user.
+* `access_string` - (Required) Access permissions string used for this user.
 * `authentication_mode` - (Required) Denotes the user's authentication properties. Detailed below.
 * `user_name` - (Required, Forces new resource) Name of the MemoryDB user. Up to 40 characters.
 
@@ -47,18 +47,18 @@ The following arguments are optional:
 
 ### authentication_mode Configuration Block
 
-* `passwords` - (Optional) The set of passwords used for authentication if `type` is set to `password`. You can create up to two passwords for each user.
-* `type` - (Required) Specifies the authentication type. Possible options are: `password` or `iam`.
+* `passwords` - (Optional) Set of passwords used for authentication if `type` is set to `password`. You can create up to two passwords for each user.
+* `type` - (Required) Specifies the authentication type. Valid values are: `password` or `iam`.
 
 ## Attribute Reference
 
 This resource exports the following attributes in addition to the arguments above:
 
 * `id` - Same as `user_name`.
-* `arn` - The ARN of the user.
-* `minimum_engine_version` - The minimum engine version supported for the user.
+* `arn` - ARN of the user.
+* `minimum_engine_version` - Minimum engine version supported for the user.
 * `authentication_mode` configuration block
-    * `password_count` - The number of passwords belonging to the user.
+    * `password_count` - Number of passwords belonging to the user if `type` is set to `password`.
 * `tags_all` - A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block).
 
 ## Import

From bc3f21b1db61606e429fe6d287ef87675735120c Mon Sep 17 00:00:00 2001
From: Jared Baker <jared.baker@hashicorp.com>
Date: Thu, 25 Apr 2024 15:13:34 -0400
Subject: [PATCH 6/7] [r|d]/aws_memorydb_user(test): adjust iam
 authentication_mode tests

Simplifies the configuration by removing tags (tested in other
configurations) and applies consistent naming to both tests and
associated configurations.

```console
% make testacc PKG=memorydb TESTS="TestAccMemoryDBUser|TestAccMemoryDBUserDataSource"
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.2 test ./internal/service/memorydb/... -v -count 1 -parallel 20 -run='TestAccMemoryDBUser|TestAccMemoryDBUserDataSource'  -timeout 360m

--- PASS: TestAccMemoryDBUser_tags (45.96s)
--- PASS: TestAccMemoryDBUserDataSource_authenticationModeIAM (49.38s)
--- PASS: TestAccMemoryDBUserDataSource_basic (49.38s)
--- PASS: TestAccMemoryDBUser_basic (52.16s)
--- PASS: TestAccMemoryDBUser_authenticationModeIAM (52.20s)
--- PASS: TestAccMemoryDBUser_disappears (58.02s)
--- PASS: TestAccMemoryDBUser_update_accessString (105.60s)
--- PASS: TestAccMemoryDBUser_update_passwords (173.49s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/memorydb   178.422s
```
---
 internal/service/memorydb/user_data_source_test.go | 12 +++---------
 internal/service/memorydb/user_test.go             | 12 +++---------
 2 files changed, 6 insertions(+), 18 deletions(-)

diff --git a/internal/service/memorydb/user_data_source_test.go b/internal/service/memorydb/user_data_source_test.go
index e3b2a5f48738..b11a9d4de6bf 100644
--- a/internal/service/memorydb/user_data_source_test.go
+++ b/internal/service/memorydb/user_data_source_test.go
@@ -41,7 +41,7 @@ func TestAccMemoryDBUserDataSource_basic(t *testing.T) {
 	})
 }
 
-func TestAccMemoryDBUserDataSource_iam(t *testing.T) {
+func TestAccMemoryDBUserDataSource_authenticationModeIAM(t *testing.T) {
 	ctx := acctest.Context(t)
 	rName := "tf-test-" + sdkacctest.RandString(8)
 	resourceName := "aws_memorydb_user.test"
@@ -53,15 +53,13 @@ func TestAccMemoryDBUserDataSource_iam(t *testing.T) {
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccUserDataSourceConfig_iam(rName),
+				Config: testAccUserDataSourceConfig_authenticationModeIAM(rName),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttrPair(dataSourceName, "access_string", resourceName, "access_string"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "arn", resourceName, "arn"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "authentication_mode.0.type", resourceName, "authentication_mode.0.type"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "authentication_mode.0.password_count", resourceName, "authentication_mode.0.password_count"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "minimum_engine_version", resourceName, "minimum_engine_version"),
-					resource.TestCheckResourceAttr(dataSourceName, "tags.%", "1"),
-					resource.TestCheckResourceAttrPair(dataSourceName, "tags.Test", resourceName, "tags.Test"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "user_name", resourceName, "user_name"),
 				),
 			},
@@ -91,7 +89,7 @@ data "aws_memorydb_user" "test" {
 `, rName)
 }
 
-func testAccUserDataSourceConfig_iam(rName string) string {
+func testAccUserDataSourceConfig_authenticationModeIAM(rName string) string {
 	return fmt.Sprintf(`
 resource "aws_memorydb_user" "test" {
   access_string = "on ~* &* +@all"
@@ -100,10 +98,6 @@ resource "aws_memorydb_user" "test" {
   authentication_mode {
     type = "iam"
   }
-
-  tags = {
-    Test = "test"
-  }
 }
 
 data "aws_memorydb_user" "test" {
diff --git a/internal/service/memorydb/user_test.go b/internal/service/memorydb/user_test.go
index 01f5d36f9fc7..7dac2652cf3b 100644
--- a/internal/service/memorydb/user_test.go
+++ b/internal/service/memorydb/user_test.go
@@ -55,7 +55,7 @@ func TestAccMemoryDBUser_basic(t *testing.T) {
 	})
 }
 
-func TestAccMemoryDBUser_iam_auth_mode(t *testing.T) {
+func TestAccMemoryDBUser_authenticationModeIAM(t *testing.T) {
 	ctx := acctest.Context(t)
 	rName := "tf-test-" + sdkacctest.RandString(8)
 	resourceName := "aws_memorydb_user.test"
@@ -67,7 +67,7 @@ func TestAccMemoryDBUser_iam_auth_mode(t *testing.T) {
 		CheckDestroy:             testAccCheckUserDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccUserConfigWithIAMAuthMode_basic(rName),
+				Config: testAccUserConfig_authenticationModeIAM(rName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckUserExists(ctx, resourceName),
 					resource.TestCheckResourceAttr(resourceName, "access_string", "on ~* &* +@all"),
@@ -76,8 +76,6 @@ func TestAccMemoryDBUser_iam_auth_mode(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "authentication_mode.0.password_count", "0"),
 					resource.TestCheckResourceAttrSet(resourceName, "minimum_engine_version"),
 					resource.TestCheckResourceAttr(resourceName, "user_name", rName),
-					resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
-					resource.TestCheckResourceAttr(resourceName, "tags.Test", "test"),
 				),
 			},
 			{
@@ -313,7 +311,7 @@ resource "aws_memorydb_user" "test" {
 `, rName)
 }
 
-func testAccUserConfigWithIAMAuthMode_basic(rName string) string {
+func testAccUserConfig_authenticationModeIAM(rName string) string {
 	return fmt.Sprintf(`
 resource "aws_memorydb_user" "test" {
   access_string = "on ~* &* +@all"
@@ -322,10 +320,6 @@ resource "aws_memorydb_user" "test" {
   authentication_mode {
     type = "iam"
   }
-
-  tags = {
-    Test = "test"
-  }
 }
 `, rName)
 }

From a407a62fb8350f8b9cc99a86698fa952ce6811e4 Mon Sep 17 00:00:00 2001
From: Jared Baker <jared.baker@hashicorp.com>
Date: Thu, 25 Apr 2024 15:17:09 -0400
Subject: [PATCH 7/7] d/aws_memorydb_user(doc): fix copypasta

---
 website/docs/d/memorydb_user.html.markdown | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/website/docs/d/memorydb_user.html.markdown b/website/docs/d/memorydb_user.html.markdown
index d48455d3ddea..0656d5023b88 100644
--- a/website/docs/d/memorydb_user.html.markdown
+++ b/website/docs/d/memorydb_user.html.markdown
@@ -32,7 +32,7 @@ This data source exports the following attributes in addition to the arguments a
 * `access_string` - Access permissions string used for this user.
 * `arn` - ARN of the user.
 * `authentication_mode` - Denotes the user's authentication properties.
-    * `password_count` - (Optional) Number of passwords belonging to the user if `type` is set to `password`.
+    * `password_count` - Number of passwords belonging to the user if `type` is set to `password`.
     * `type` - Type of authentication configured.
 * `minimum_engine_version` - Minimum engine version supported for the user.
 * `tags` - Map of tags assigned to the user.