From 19c69bf537771f4ce0eb9c8ae039d96606c297ec Mon Sep 17 00:00:00 2001 From: Adrian Johnson Date: Mon, 23 Sep 2024 09:55:38 -0500 Subject: [PATCH 1/4] aws_db_instance: add domain parameters to read replica create --- internal/service/rds/instance.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/internal/service/rds/instance.go b/internal/service/rds/instance.go index 695fb78bed9..05ee564ab4f 100644 --- a/internal/service/rds/instance.go +++ b/internal/service/rds/instance.go @@ -789,6 +789,30 @@ func resourceInstanceCreate(ctx context.Context, d *schema.ResourceData, meta in input.DedicatedLogVolume = aws.Bool(v.(bool)) } + if v, ok := d.GetOk(names.AttrDomain); ok { + input.Domain = aws.String(v.(string)) + } + + if v, ok := d.GetOk("domain_auth_secret_arn"); ok { + input.DomainAuthSecretArn = aws.String(v.(string)) + } + + if v, ok := d.GetOk("domain_dns_ips"); ok && len(v.([]interface{})) > 0 { + input.DomainDnsIps = flex.ExpandStringValueList(v.([]interface{})) + } + + if v, ok := d.GetOk("domain_fqdn"); ok { + input.DomainFqdn = aws.String(v.(string)) + } + + if v, ok := d.GetOk("domain_iam_role_name"); ok { + input.DomainIAMRoleName = aws.String(v.(string)) + } + + if v, ok := d.GetOk("domain_ou"); ok { + input.DomainOu = aws.String(v.(string)) + } + if v, ok := d.GetOk("enabled_cloudwatch_logs_exports"); ok && v.(*schema.Set).Len() > 0 { input.EnableCloudwatchLogsExports = flex.ExpandStringValueSet(v.(*schema.Set)) } From 6f2e2de010581956b3cbf592621527cd346586a9 Mon Sep 17 00:00:00 2001 From: Adrian Johnson Date: Mon, 23 Sep 2024 12:33:03 -0500 Subject: [PATCH 2/4] aws_db_instance: add test --- internal/service/rds/instance_test.go | 80 +++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/internal/service/rds/instance_test.go b/internal/service/rds/instance_test.go index c780335622c..50f25707504 100644 --- a/internal/service/rds/instance_test.go +++ b/internal/service/rds/instance_test.go @@ -2374,6 +2374,51 @@ func TestAccRDSInstance_ReplicateSourceDB_CrossRegion_characterSet(t *testing.T) }) } +func TestAccRDSInstance_ReplicateSourceDB_mssqlDomain(t *testing.T) { + ctx := acctest.Context(t) + if testing.Short() { + t.Skip("skipping long-running test in short mode") + } + + var dbInstance, sourceDbInstance types.DBInstance + + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + sourceResourceName := "aws_db_instance.source" + resourceName := "aws_db_instance.test" + + domain := acctest.RandomDomain().String() + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, names.RDSServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckDBInstanceDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccInstanceConfig_ReplicateSourceDB_mssqlDomain(rName, domain), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckDBInstanceExists(ctx, sourceResourceName, &sourceDbInstance), + testAccCheckDBInstanceExists(ctx, resourceName, &dbInstance), + resource.TestCheckResourceAttr(resourceName, names.AttrIdentifier, rName), + testAccCheckInstanceReplicaAttributes(&sourceDbInstance, &dbInstance), + resource.TestCheckResourceAttrPair(resourceName, "replicate_source_db", sourceResourceName, names.AttrIdentifier), + resource.TestCheckResourceAttrPair(resourceName, names.AttrUsername, sourceResourceName, names.AttrUsername), + resource.TestCheckResourceAttrPair(resourceName, names.AttrDomain, sourceResourceName, names.AttrDomain), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{ + names.AttrApplyImmediately, + names.AttrPassword, + }, + }, + }, + }) +} + func TestAccRDSInstance_s3Import(t *testing.T) { acctest.Skip(t, "RestoreDBInstanceFromS3 cannot restore from MySQL version 5.6") @@ -9214,6 +9259,41 @@ resource "aws_db_instance" "test" { `, rName, tfrds.InstanceEngineMySQL, mainInstanceClasses)) } +func testAccInstanceConfig_ReplicateSourceDB_mssqlDomain(rName, domain string) string { + return acctest.ConfigCompose( + testAccInstanceConfig_baseMSSQLDomain(rName, domain), + fmt.Sprintf(` +resource "aws_db_instance" "source" { + allocated_storage = 20 + backup_retention_period = 1 + db_subnet_group_name = aws_db_subnet_group.test.name + engine = data.aws_rds_orderable_db_instance.test.engine + engine_version = data.aws_rds_orderable_db_instance.test.engine_version + identifier = "%[1]s-source" + instance_class = data.aws_rds_orderable_db_instance.test.instance_class + skip_final_snapshot = true + password = "avoid-plaintext-passwords" + username = "tfacctest" + vpc_security_group_ids = [aws_security_group.test.id] + + domain = aws_directory_service_directory.directory.id + domain_iam_role_name = aws_iam_role.role.name +} + +resource "aws_db_instance" "test" { + identifier = %[1]q + instance_class = aws_db_instance.source.instance_class + replicate_source_db = aws_db_instance.source.identifier + db_subnet_group_name = aws_db_subnet_group.test.name + vpc_security_group_ids = [aws_security_group.test.id] + skip_final_snapshot = true + + domain = aws_directory_service_directory.directory.id + domain_iam_role_name = aws_iam_role.role.name +} +`, rName)) +} + // When testing needs to distinguish a second region and second account in the same region // e.g. cross-region functionality with RAM shared subnets func testAccAlternateAccountAndAlternateRegionProviderConfig() string { From ad56d29e82de45711b378bfbbe9126161b90576f Mon Sep 17 00:00:00 2001 From: Adrian Johnson Date: Mon, 23 Sep 2024 19:09:46 -0500 Subject: [PATCH 3/4] aws_db_instance: add test --- internal/service/rds/instance_test.go | 59 +++++++++++++++++++++++---- 1 file changed, 51 insertions(+), 8 deletions(-) diff --git a/internal/service/rds/instance_test.go b/internal/service/rds/instance_test.go index 50f25707504..6ce06a5a73f 100644 --- a/internal/service/rds/instance_test.go +++ b/internal/service/rds/instance_test.go @@ -6752,6 +6752,9 @@ func testAccInstanceConfig_orderableClassSQLServerExGP3() string { func testAccInstanceConfig_orderableClassSQLServerSe() string { return testAccInstanceConfig_orderableClass(tfrds.InstanceEngineSQLServerStandard, "license-included", "standard") } +func testAccInstanceConfig_orderableClassSQLServerEE() string { + return testAccInstanceConfig_orderableClass(tfrds.InstanceEngineSQLServerEnterprise, "license-included", "standard") +} func testAccInstanceConfig_orderableClassCustomSQLServerWeb() string { return testAccInstanceConfig_orderableClass("custom-sqlserver-web", "", "gp2") @@ -9259,9 +9262,50 @@ resource "aws_db_instance" "test" { `, rName, tfrds.InstanceEngineMySQL, mainInstanceClasses)) } +func testAccInstanceConfig_baseMSSQLEnterpriseDomain(rName, domain string) string { + return acctest.ConfigCompose( + testAccInstanceConfig_orderableClassSQLServerEE(), + testAccInstanceConfig_baseVPC(rName), + testAccInstanceConfig_ServiceRole(rName), + fmt.Sprintf(` +resource "aws_security_group" "test" { + name = %[1]q + vpc_id = aws_vpc.test.id + + tags = { + Name = %[1]q + } +} + +resource "aws_security_group_rule" "test" { + type = "egress" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + + security_group_id = aws_security_group.test.id +} + +resource "aws_directory_service_directory" "directory" { + name = %[2]q + password = "SuperSecretPassw0rd" + type = "MicrosoftAD" + edition = "Standard" + + vpc_settings { + vpc_id = aws_vpc.test.id + subnet_ids = aws_subnet.test[*].id + } +} + +data "aws_partition" "current" {} +`, rName, domain)) +} + func testAccInstanceConfig_ReplicateSourceDB_mssqlDomain(rName, domain string) string { return acctest.ConfigCompose( - testAccInstanceConfig_baseMSSQLDomain(rName, domain), + testAccInstanceConfig_baseMSSQLEnterpriseDomain(rName, domain), fmt.Sprintf(` resource "aws_db_instance" "source" { allocated_storage = 20 @@ -9271,22 +9315,21 @@ resource "aws_db_instance" "source" { engine_version = data.aws_rds_orderable_db_instance.test.engine_version identifier = "%[1]s-source" instance_class = data.aws_rds_orderable_db_instance.test.instance_class + license_model = "license-included" skip_final_snapshot = true password = "avoid-plaintext-passwords" username = "tfacctest" - vpc_security_group_ids = [aws_security_group.test.id] domain = aws_directory_service_directory.directory.id domain_iam_role_name = aws_iam_role.role.name } resource "aws_db_instance" "test" { - identifier = %[1]q - instance_class = aws_db_instance.source.instance_class - replicate_source_db = aws_db_instance.source.identifier - db_subnet_group_name = aws_db_subnet_group.test.name - vpc_security_group_ids = [aws_security_group.test.id] - skip_final_snapshot = true + identifier = %[1]q + instance_class = aws_db_instance.source.instance_class + replicate_source_db = aws_db_instance.source.identifier + license_model = "license-included" + skip_final_snapshot = true domain = aws_directory_service_directory.directory.id domain_iam_role_name = aws_iam_role.role.name From 3397c86c251195721f91bdaa0603dc91733e23ad Mon Sep 17 00:00:00 2001 From: Adrian Johnson Date: Mon, 23 Sep 2024 19:12:32 -0500 Subject: [PATCH 4/4] add CHANGELOG entry --- .changelog/39448.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/39448.txt diff --git a/.changelog/39448.txt b/.changelog/39448.txt new file mode 100644 index 00000000000..d11b5c590b8 --- /dev/null +++ b/.changelog/39448.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_db_instance: Allow replica database to be added to domain on create +``` \ No newline at end of file