From 872dc531e0893d3792ff8a22fe35c98833d7393a Mon Sep 17 00:00:00 2001 From: Angie Pinilla Date: Fri, 7 Aug 2020 12:56:50 -0400 Subject: [PATCH] remove auth error handling for non-s3-import or snapshots --- aws/resource_aws_rds_cluster.go | 14 ++++---------- aws/resource_aws_rds_cluster_test.go | 7 ++++--- website/docs/r/rds_cluster.html.markdown | 4 ++-- 3 files changed, 10 insertions(+), 15 deletions(-) diff --git a/aws/resource_aws_rds_cluster.go b/aws/resource_aws_rds_cluster.go index a7cc90d5abf..a0ef77e9625 100644 --- a/aws/resource_aws_rds_cluster.go +++ b/aws/resource_aws_rds_cluster.go @@ -660,16 +660,6 @@ func resourceAwsRDSClusterCreate(d *schema.ResourceData, meta interface{}) error } else { - if _, ok := d.GetOk("global_cluster_identifier"); !ok { - if _, ok := d.GetOk("master_password"); !ok { - return fmt.Errorf(`provider.aws: aws_db_instance: %s: "master_password": required field is not set`, d.Get("database_name").(string)) - } - - if _, ok := d.GetOk("master_username"); !ok { - return fmt.Errorf(`provider.aws: aws_db_instance: %s: "master_username": required field is not set`, d.Get("database_name").(string)) - } - } - createOpts := &rds.CreateDBClusterInput{ CopyTagsToSnapshot: aws.Bool(d.Get("copy_tags_to_snapshot").(bool)), DBClusterIdentifier: aws.String(identifier), @@ -680,6 +670,10 @@ func resourceAwsRDSClusterCreate(d *schema.ResourceData, meta interface{}) error Tags: tags, } + // Note: Username and password credentials are required and valid + // unless the cluster is a read-replica. This also applies to clusters + // within a global cluster. Providing a password and/or username for + // a replica will result in an InvalidParameterValue error. if v, ok := d.GetOk("master_password"); ok && v.(string) != "" { createOpts.MasterUserPassword = aws.String(v.(string)) } diff --git a/aws/resource_aws_rds_cluster_test.go b/aws/resource_aws_rds_cluster_test.go index ca9831bd48b..604f806745d 100644 --- a/aws/resource_aws_rds_cluster_test.go +++ b/aws/resource_aws_rds_cluster_test.go @@ -380,8 +380,9 @@ func TestAccAWSRDSCluster_takeFinalSnapshot(t *testing.T) { }) } -/// This is a regression test to make sure that we always cover the scenario as hightlighted in -/// https://github.com/hashicorp/terraform/issues/11568 +// This is a regression test to make sure that we always cover the scenario as highlighted in +// https://github.com/hashicorp/terraform/issues/11568 +// Expected error updated to match API response func TestAccAWSRDSCluster_missingUserNameCausesError(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -390,7 +391,7 @@ func TestAccAWSRDSCluster_missingUserNameCausesError(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccAWSClusterConfigWithoutUserNameAndPassword(acctest.RandInt()), - ExpectError: regexp.MustCompile(`required field is not set`), + ExpectError: regexp.MustCompile(`InvalidParameterValue: The parameter MasterUsername must be provided`), }, }, }) diff --git a/website/docs/r/rds_cluster.html.markdown b/website/docs/r/rds_cluster.html.markdown index 339a8cff947..1dfe8ee7070 100644 --- a/website/docs/r/rds_cluster.html.markdown +++ b/website/docs/r/rds_cluster.html.markdown @@ -118,8 +118,8 @@ The following arguments are supported: * `iam_database_authentication_enabled` - (Optional) Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. Please see [AWS Documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) for availability and limitations. * `iam_roles` - (Optional) A List of ARNs for the IAM roles to associate to the RDS Cluster. * `kms_key_id` - (Optional) The ARN for the KMS encryption key. When specifying `kms_key_id`, `storage_encrypted` needs to be set to true. -* `master_password` - (Required unless a `snapshot_identifier` or `global_cluster_identifier` is provided) Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Please refer to the [RDS Naming Constraints][5] -* `master_username` - (Required unless a `snapshot_identifier` or `global_cluster_identifier` is provided) Username for the master DB user. Please refer to the [RDS Naming Constraints][5]. This argument does not support in-place updates and cannot be changed during a restore from snapshot. +* `master_password` - (Required unless a `snapshot_identifier` or `replication_source_identifier` is provided or unless a `global_cluster_identifier` is provided when the cluster is the "secondary" cluster of a global database) Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Please refer to the [RDS Naming Constraints][5] +* `master_username` - (Required unless a `snapshot_identifier` or `replication_source_identifier` is provided or unless a `global_cluster_identifier` is provided when the cluster is the "secondary" cluster of a global database) Username for the master DB user. Please refer to the [RDS Naming Constraints][5]. This argument does not support in-place updates and cannot be changed during a restore from snapshot. * `port` - (Optional) The port on which the DB accepts connections * `preferred_backup_window` - (Optional) The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC. Default: A 30-minute window selected at random from an 8-hour block of time per region. e.g. 04:00-09:00 * `preferred_maintenance_window` - (Optional) The weekly time range during which system maintenance can occur, in (UTC) e.g. wed:04:00-wed:04:30