Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't send empty kms_arn in glue_security_configuration if mode is DISABLED #13618

Merged
merged 2 commits into from
Oct 21, 2020
Merged

Don't send empty kms_arn in glue_security_configuration if mode is DISABLED #13618

merged 2 commits into from
Oct 21, 2020

Conversation

AndresCidoncha
Copy link
Contributor

@AndresCidoncha AndresCidoncha commented Jun 4, 2020

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #13620

Release note for CHANGELOG:

NONE

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccAWSGlueSecurityConfiguration_Basic'

...

* If logs and/or bookmark encryption are DISABLED, don't send these fields empty to the API call
@AndresCidoncha AndresCidoncha requested a review from a team June 4, 2020 20:22
@ghost ghost added size/XS Managed by automation to categorize the size of a PR. service/glue Issues and PRs that pertain to the glue service. needs-triage Waiting for first response or review from a maintainer. labels Jun 4, 2020
@AndresCidoncha AndresCidoncha changed the title Don't send empty kms_arn in glue_securityconfiguration if mode isDISABLED Don't send empty kms_arn in glue_securityconfiguration if mode is DISABLED Jun 4, 2020
@AndresCidoncha AndresCidoncha changed the title Don't send empty kms_arn in glue_securityconfiguration if mode is DISABLED Don't send empty kms_arn in glue_security_configuration if mode is DISABLED Jun 4, 2020
@DrFaust92 DrFaust92 added bug Addresses a defect in current functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels Aug 29, 2020
@DrFaust92
Copy link
Collaborator

Hey @AndresCidoncha, can you also add an acceptance test to verify the use case?

@AndresCidoncha
Copy link
Contributor Author

Hey @AndresCidoncha, can you also add an acceptance test to verify the use case?

Hey @DrFaust92 , I wanted to do a new test but I found a problem: The empty configuration is already tested in TestAccAWSGlueSecurityConfiguration_Basic but the TestCheckResourceAttr method only accepts a string for the comparation value and it's currently using an empty string, so I can't check if the assigned value is nil instead of a empty string.

There's a way to validate the fields sent in the request to AWS?

Copy link
Collaborator

@DrFaust92 DrFaust92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comment, lets just run the basic test and ill verify all other. Looks good to me.

@@ -214,7 +214,9 @@ func expandGlueCloudWatchEncryption(l []interface{}) *glue.CloudWatchEncryption
}

if v, ok := m["kms_key_arn"]; ok {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets remove the extra if by doing this:

if v, ok := m["kms_key_arn"]; ok  && v.(string) != "" {

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@@ -248,7 +250,9 @@ func expandGlueJobBookmarksEncryption(l []interface{}) *glue.JobBookmarksEncrypt
}

if v, ok := m["kms_key_arn"]; ok {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@DrFaust92 DrFaust92 self-assigned this Oct 20, 2020
Copy link
Collaborator

@DrFaust92 DrFaust92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

--- PASS: TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSES3 (46.12s)
--- PASS: TestAccAWSGlueSecurityConfiguration_Basic (46.38s)
--- PASS: TestAccAWSGlueSecurityConfiguration_CloudWatchEncryption_CloudWatchEncryptionMode_SSEKMS (61.96s)
--- PASS: TestAccAWSGlueSecurityConfiguration_JobBookmarksEncryption_JobBookmarksEncryptionMode_CSEKMS (61.98s)
--- PASS: TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSEKMS (63.91s)

@breathingdust
Copy link
Member

LGTM 🚀 Thanks @AndresCidoncha!

Verified Acceptance Tests in Commercial (us-west-2)

make testacc TEST=./aws TESTARGS='-run=TestAccAWSGlueSecurityConfiguration_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSGlueSecurityConfiguration_ -timeout 120m
=== RUN   TestAccAWSGlueSecurityConfiguration_Basic
=== PAUSE TestAccAWSGlueSecurityConfiguration_Basic
=== RUN   TestAccAWSGlueSecurityConfiguration_CloudWatchEncryption_CloudWatchEncryptionMode_SSEKMS
=== PAUSE TestAccAWSGlueSecurityConfiguration_CloudWatchEncryption_CloudWatchEncryptionMode_SSEKMS
=== RUN   TestAccAWSGlueSecurityConfiguration_JobBookmarksEncryption_JobBookmarksEncryptionMode_CSEKMS
=== PAUSE TestAccAWSGlueSecurityConfiguration_JobBookmarksEncryption_JobBookmarksEncryptionMode_CSEKMS
=== RUN   TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSEKMS
=== PAUSE TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSEKMS
=== RUN   TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSES3
=== PAUSE TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSES3
=== CONT  TestAccAWSGlueSecurityConfiguration_Basic
=== CONT  TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSEKMS
=== CONT  TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSES3
=== CONT  TestAccAWSGlueSecurityConfiguration_JobBookmarksEncryption_JobBookmarksEncryptionMode_CSEKMS
=== CONT  TestAccAWSGlueSecurityConfiguration_CloudWatchEncryption_CloudWatchEncryptionMode_SSEKMS
--- PASS: TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSES3 (18.15s)
--- PASS: TestAccAWSGlueSecurityConfiguration_Basic (18.20s)
--- PASS: TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSEKMS (19.85s)
--- PASS: TestAccAWSGlueSecurityConfiguration_CloudWatchEncryption_CloudWatchEncryptionMode_SSEKMS (20.19s)
--- PASS: TestAccAWSGlueSecurityConfiguration_JobBookmarksEncryption_JobBookmarksEncryptionMode_CSEKMS (20.21s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	21.582s

Verified Acceptance Tests in GovCloud (us-gov-west-1)

make testacc TEST=./aws TESTARGS='-run=TestAccAWSGlueSecurityConfiguration_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSGlueSecurityConfiguration_ -timeout 120m
=== RUN   TestAccAWSGlueSecurityConfiguration_Basic
=== PAUSE TestAccAWSGlueSecurityConfiguration_Basic
=== RUN   TestAccAWSGlueSecurityConfiguration_CloudWatchEncryption_CloudWatchEncryptionMode_SSEKMS
=== PAUSE TestAccAWSGlueSecurityConfiguration_CloudWatchEncryption_CloudWatchEncryptionMode_SSEKMS
=== RUN   TestAccAWSGlueSecurityConfiguration_JobBookmarksEncryption_JobBookmarksEncryptionMode_CSEKMS
=== PAUSE TestAccAWSGlueSecurityConfiguration_JobBookmarksEncryption_JobBookmarksEncryptionMode_CSEKMS
=== RUN   TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSEKMS
=== PAUSE TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSEKMS
=== RUN   TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSES3
=== PAUSE TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSES3
=== CONT  TestAccAWSGlueSecurityConfiguration_Basic
=== CONT  TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSEKMS
=== CONT  TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSES3
=== CONT  TestAccAWSGlueSecurityConfiguration_CloudWatchEncryption_CloudWatchEncryptionMode_SSEKMS
=== CONT  TestAccAWSGlueSecurityConfiguration_JobBookmarksEncryption_JobBookmarksEncryptionMode_CSEKMS
--- PASS: TestAccAWSGlueSecurityConfiguration_Basic (13.44s)
--- PASS: TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSES3 (13.49s)
--- PASS: TestAccAWSGlueSecurityConfiguration_JobBookmarksEncryption_JobBookmarksEncryptionMode_CSEKMS (15.47s)
--- PASS: TestAccAWSGlueSecurityConfiguration_S3Encryption_S3EncryptionMode_SSEKMS (15.68s)
--- PASS: TestAccAWSGlueSecurityConfiguration_CloudWatchEncryption_CloudWatchEncryptionMode_SSEKMS (15.80s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	17.126s

@breathingdust breathingdust added this to the v3.12.0 milestone Oct 21, 2020
@breathingdust breathingdust merged commit dbb0115 into hashicorp:master Oct 21, 2020
breathingdust added a commit that referenced this pull request Oct 21, 2020
@ghost
Copy link

ghost commented Oct 22, 2020

This has been released in version 3.12.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Nov 20, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Nov 20, 2020
@DrFaust92 DrFaust92 removed their assignment Jun 6, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Addresses a defect in current functionality. service/glue Issues and PRs that pertain to the glue service. size/XS Managed by automation to categorize the size of a PR.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

aws_glue_security_configuration send empty kms_arn in DISABLED configs
3 participants