Initial add of MSK resources

[jrefi]

Fixes #6653

Changes proposed in this pull request:

• Add aws_msk_cluster resource to support Managed Streams for Kafka.

TODO:

• Bubble up cluster connection info to output
• [x ] Flesh out acceptance tests
• Handle resource updates (currently not supported in MSK API)

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccAWSMskCluster'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -parallel 20 -run=TestAccAWSMskCluster -timeout 120m
?   	github.com/terraform-providers/terraform-provider-aws	[no test files]
=== RUN   TestAccAWSMskClusterDataSource
=== PAUSE TestAccAWSMskClusterDataSource
=== RUN   TestAccAWSMskCluster_basic
=== PAUSE TestAccAWSMskCluster_basic
=== RUN   TestAccAWSMskCluster_encryptAtRest
=== PAUSE TestAccAWSMskCluster_encryptAtRest
=== RUN   TestAccAWSMskCluster_brokerMonitoring
=== PAUSE TestAccAWSMskCluster_brokerMonitoring
=== CONT  TestAccAWSMskClusterDataSource
=== CONT  TestAccAWSMskCluster_brokerMonitoring
=== CONT  TestAccAWSMskCluster_encryptAtRest
=== CONT  TestAccAWSMskCluster_basic
--- PASS: TestAccAWSMskCluster_brokerMonitoring (912.39s)
--- PASS: TestAccAWSMskClusterDataSource (917.71s)
--- PASS: TestAccAWSMskCluster_basic (922.73s)
--- PASS: TestAccAWSMskCluster_encryptAtRest (1005.67s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	1005.689s

Example Resource configuration:

resource "aws_msk_cluster" "test_cluster" {
	name = "terraform-msk-test-%d"
	broker_count = 3
	broker_instance_type = "kafka.m5.large"
	broker_volume_size = 10
	broker_security_groups =["${aws_security_group.test_sg_a.id}"]
	client_subnets = ["${aws_subnet.test_subnet_a.id}", "${aws_subnet.test_subnet_b.id}", "${aws_subnet.test_subnet_c.id}"]
}

[bflad]

Related: #6655

[tomelliff]

Overall looks good to me, particularly for a first contribution but there's a few things I picked up on in a short review.

[tomelliff]

If the API doesn't provide update calls then you need to ditch this and just use ForceNew on everything for now. If AWS eventually adds updating a MSK cluster then someone will be able to update this resource to support updates.

As an example, here's the ECS task definition resource before tagging was added (making it no longer just an immutable resource): https://github.com/terraform-providers/terraform-provider-aws/blob/f7c0899ca731c70659eb6b8e40ea520d095ffb1c/aws/resource_aws_ecs_task_definition.go

[tomelliff]

You're missing a test for this.

[jrefi]

Not sure what this actually does or how to test it. Didnt see an example elsewhere in the codebase.

[random1st]

@tomelliff there is only this issue before merging to master?

[tomelliff]

You've used encrypt_rest_key in the schema here but set this to encrypt_rest_arn which is what you're using elsewhere. Personally I find the encryptRestArn to be slightly confusing without any mention that it's the KMS key ARN and had to check the source to see that that was the case so I'd switch everything over to encrypt_rest_key or some variant on that.

Also it might help to add an acceptance test for this data source even if you are just exercising the same method as the read on the resource just to catch mistakes in the schema like this.

[jrefi]

@tomelliff Thanks for the feedback. As this is my first contribution, I'm still trying to figure out how the whole system works. Your comments are very helpful.

I am a little ignorant about how ForceNew works. Is the user warned before action is taken? I'm concerned about the possibility of data loss occurring if the user changes something minor on their cluster.

[tomelliff]

The plan will show a +- against the resource to show that it needs to be destroyed and recreated. There is also a (forces new resource) against any changing attributes that cause Terraform to force a rebuild and it's a very common pattern across a wide set of resources so shouldn't come across as a surprise to the user.

Of course if you set everything as ForceNew and build it you should be able to see the results for yourself.

[random1st]

required

[random1st]

@tomelliff there is only this issue before merging to master?

[gavinmbell]

👍 this would be a great thing to have. I fully support this endeavor as I have a project coming on line that would be able to leverage this immediately.

[kesensoy]

@gavinmbell I agree, we need to find out how we can encourage the final reviews (like from @mrf and @tomelliff) before this becomes a dead PR. I've also tried posting in the IRC room to no avail.

[landondao1]

+1 This is a really great feature. After AWS went live with MSK, I was pretty excited. I'm an SUPER excited to see this get implemented into terraform to make automated deployments work with MSK.

[bflad]

Hi @jrefi 👋 Thanks for submitting this. Please see the below initial feedback and let us know if you have any questions or do not have time to implement the items.

[bflad]

There are some additional configuration steps required to support customizing service endpoints. We have opted to allow customizing all endpoints (#8096) so this change should be removed from this pull request. 👍

[bflad]

As noted above, this change should be removed from this pull request.

[bflad]

Optional: true should be removed/replaced with only Computed: true for this and all the below attributes since they are not configurable to influence the data source lookup.

[bflad]

Data source testing should preferably use resource.TestCheckResourceAttrPair() to ensure values match between the resource and data source, e.g.

Suggested change

	resource.TestCheckResourceAttrSet("data.aws_msk_cluster.test_cluster", "arn"),
	resource.TestCheckResourceAttrPair("data.aws_msk_cluster.test_cluster", "arn", "aws_msk_cluster.test_cluster", "arn"),

This should be done for all data source attribute checks.

[bflad]

The acceptance testing framework for the provider runs in us-west-2 by default:

https://github.com/terraform-providers/terraform-provider-aws/blob/ffa6d70f31746ea626abe6a7d3a4398a9a77e4ef/aws/provider_test.go#L180-L186

Hardcoded availability zones should instead be replaced with the aws_availability_zones data source.

[bflad]

This documentation page is missing a sidebar link in a new MSK Resources section of website/aws.erb

[bflad]

Data source attributes can easily become out of sync with their resource counterpart since they require a separate schema definition and appropriate d.Set() calls. We prefer to list out the attributes separately.

[bflad]

This argument is missing documentation.

[bflad]

This resource does not implement the Update function so this should be removed.

[bflad]

Documentation for the customizable timeouts is missing:

Suggested change

	## Timeouts
	`aws_msk_cluster` provides the following [Timeouts](/docs/configuration/resources.html#timeouts) configuration options:
	* `create` - (Default `60m`) How long to wait for cluster creation.
	* `delete` - (Default `120m`) How long to wait for cluster deletion.

[kesensoy]

@bflad thank you for the review! I would undertake a lot of the simple fixes myself but I don't want to mess anything up without go knowledge or a working testing env. I'll see if @jrefi still wants to take this one across the finish line!

[dthtvwls]

@jrefi If you are low on time/resources, please let me know I would be happy to take a handoff from you and address feedback myself.

[jrefi]

@dthtvwls Thanks. Yeah, actually my organization has decided that MSK is not yet a viable option for us and thus this is no longer a priority. If you don't mind cleaning the PR up, I would greatly appreciate it.

[kesensoy]

@dthtvwls Please let us know if you will be able to get this merged, else I will continue to search for more contributors! If anyone wants to be reminded of how much people are eagerly awaiting this feature, it is the second most 'reacted to' issue on the platform right now :) #6653

[dthtvwls]

@kesensoy I will certainly do what I can. I am working through @bflad's feedback on my own fork. Not really sure of the preferred way to handle the changes here though. Should I create a new PR? If anyone can say, please do, thanks.

[bflad]

@dthtvwls a new PR is totally fine (preserving the previous authors commits where possible) 👍

[dthtvwls]

@bflad I just left a review. One more question before I make the new PR. Thanks

[dthtvwls]

Please see #8357 which now supersedes this request.

[bflad]

We just merged in #8635 which will release with version 2.12.0 of the Terraform AWS Provider. Thanks @jrefi and @dthtvwls for your efforts here!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!