Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Performance Insights configuration for aws_db_instance #6453

Merged
merged 1 commit into from
May 23, 2019
Merged

Performance Insights configuration for aws_db_instance #6453

merged 1 commit into from
May 23, 2019

Conversation

msvab
Copy link
Contributor

@msvab msvab commented Nov 13, 2018

Fixes #5259

Changes proposed in this pull request:

  • Add performance_insights_enabled to aws_db_instance
  • Add performance_insights_kms_key_id to aws_db_instance
  • Add performance_insights_retention_period to aws_db_instance

Output from acceptance testing:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSRDSDBInstance_withPerformanceInsights'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -parallel 20 -run=TestAccAWSRDSDBInstance_withPerformanceInsights -timeout 120m
=== RUN   TestAccAWSRDSDBInstance_withPerformanceInsights
=== PAUSE TestAccAWSRDSDBInstance_withPerformanceInsights
=== CONT  TestAccAWSRDSDBInstance_withPerformanceInsights
--- PASS: TestAccAWSRDSDBInstance_withPerformanceInsights (596.38s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	596.419s

@ghost ghost added size/M Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. service/rds Issues and PRs that pertain to the rds service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Nov 13, 2018
@bflad bflad added the enhancement Requests to existing resources that expand the functionality or scope. label Nov 15, 2018
@kais58
Copy link

kais58 commented Nov 19, 2018

Any update on when this will be merged/release?

@jalev
Copy link

jalev commented Nov 29, 2018

👍

bflad
bflad reviewed Dec 2, 2018
View reviewed changes
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @msvab 👋 Thanks so much for submitting this. I left some initial comments below. Some of these review items were missed in the aws_rds_cluster_instance resource implementation and I have a hunch that the testing updates will tease out a few additional issues (similar to #3015).

Please let us know if you have any questions or do not have time to implement the feedback.

aws/resource_aws_db_instance.go Outdated Show resolved Hide resolved
aws/resource_aws_db_instance.go Show resolved Hide resolved
aws/resource_aws_db_instance.go Show resolved Hide resolved
aws/resource_aws_db_instance_test.go Outdated Show resolved Hide resolved
aws/resource_aws_db_instance_test.go Outdated Show resolved Hide resolved
aws/resource_aws_db_instance_test.go Outdated
CheckDestroy: testAccCheckAWSClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSDBInstancePerformanceInsights(acctest.RandInt()),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This random integer should be moved under the function signature so it can be consistent across multiple TestStep, e.g.

rInt := acctest.RandInt()
// ...
Config: testAccAWSDBInstancePerformanceInsights(rInt, ...)

aws/resource_aws_db_instance_test.go Show resolved Hide resolved
website/docs/r/db_instance.html.markdown Outdated Show resolved Hide resolved
website/docs/r/db_instance.html.markdown Outdated Show resolved Hide resolved
website/docs/r/db_instance.html.markdown Outdated Show resolved Hide resolved
@bflad bflad added the waiting-response Maintainers are waiting on response from community or contributor. label Dec 2, 2018
@ghost ghost added size/L Managed by automation to categorize the size of a PR. and removed size/M Managed by automation to categorize the size of a PR. labels Dec 6, 2018
@msvab
Copy link
Contributor Author

msvab commented Dec 6, 2018

Thanks for the detailed feedback, I've implemented all the changes. Let me know if you need any more changes to be done!

@ghost ghost removed the waiting-response Maintainers are waiting on response from community or contributor. label Dec 6, 2018
@jrobison-sb
Copy link
Contributor

Any update on if the above changes will be accepted? We'd love to use this once it get released.

@bflad bflad self-requested a review December 20, 2018 01:35
@bflad bflad added this to the v1.53.0 milestone Dec 20, 2018
bflad
bflad reviewed Dec 20, 2018
View reviewed changes
Copy link
Contributor

@bflad bflad left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi again @msvab 👋 I noticed one of the feedback items wasn't commented on or resolved (regarding moving the random integer to be consistent across all test steps so it does not recreate the database instances each step). Playing with the acceptance testing to ensure we cover various update scenarios and address that issue, I ran into issues with disabling PI.

For example, having PI enabled on an instance then disabling it by removing the three performance_insights_* arguments in the configuration, generated the following error:

--- FAIL: TestAccAWSRDSDBInstance_PerformanceInsightsEnabled (528.04s)
    testing.go:538: Step 2 error: Error applying: 1 error occurred:
          * aws_db_instance.bar: 1 error occurred:
          * aws_db_instance.bar: Error modifying DB Instance tf-db-test-2613321838204137906: InvalidParameterValue: Invalid Performance Insights retention period. Valid values are: [7, 731]
          status code: 400, request id: f840f143-1b34-472e-944a-cfb2e1122af9

Its submitting this to ModifyDBInstance, which is invalid according to the RDS API:

2018/12/19 21:44:34 [DEBUG] DB Instance Modification request: {
  ApplyImmediately: false,
  DBInstanceIdentifier: "tf-db-test-2613321838204137906",
  EnablePerformanceInsights: false,
  PerformanceInsightsKMSKeyId: "",
  PerformanceInsightsRetentionPeriod: 0
}

Here's the updated acceptance test and configuration I was working with:

func TestAccAWSRDSDBInstance_PerformanceInsightsEnabled(t *testing.T) {
  var v rds.DBInstance
  rInt := acctest.RandInt()
  resourceName := "aws_db_instance.bar"

  resource.ParallelTest(t, resource.TestCase{
    PreCheck:     func() { testAccPreCheck(t) },
    Providers:    testAccProviders,
    CheckDestroy: testAccCheckAWSClusterDestroy,
    Steps: []resource.TestStep{
      {
        Config: testAccAWSDBInstanceConfigPerformanceInsightsEnabled(rInt, 7),
        Check: resource.ComposeTestCheckFunc(
          testAccCheckAWSDBInstanceExists(resourceName, &v),
          testAccCheckAWSDBInstanceAttributes(&v),
          resource.TestCheckResourceAttr(resourceName, "performance_insights_enabled", "true"),
          resource.TestCheckResourceAttrPair(resourceName, "performance_insights_kms_key_id", "aws_kms_key.foo", "arn"),
          resource.TestCheckResourceAttr(resourceName, "performance_insights_retention_period", "7"),
        ),
      },
      {
        ResourceName:      resourceName,
        ImportState:       true,
        ImportStateVerify: true,
        ImportStateVerifyIgnore: []string{
          "password",
          "skip_final_snapshot",
          "final_snapshot_identifier",
        },
      },
      // Test disabling Performance Insights via update
      {
        Config: testAccAWSDBInstanceConfigPerformanceInsightsDisabled(rInt),
        Check: resource.ComposeTestCheckFunc(
          testAccCheckAWSDBInstanceExists(resourceName, &v),
          testAccCheckAWSDBInstanceAttributes(&v),
          resource.TestCheckResourceAttr(resourceName, "performance_insights_enabled", "false"),
          resource.TestCheckResourceAttr(resourceName, "performance_insights_kms_key_id", ""),
          resource.TestCheckResourceAttr(resourceName, "performance_insights_retention_period", "0"),
        ),
      },
      // Test enabling Performance Insights via update
      {
        Config: testAccAWSDBInstanceConfigPerformanceInsightsEnabled(rInt, 7),
        Check: resource.ComposeTestCheckFunc(
          testAccCheckAWSDBInstanceExists(resourceName, &v),
          testAccCheckAWSDBInstanceAttributes(&v),
          resource.TestCheckResourceAttr(resourceName, "performance_insights_enabled", "true"),
          resource.TestCheckResourceAttrPair(resourceName, "performance_insights_kms_key_id", "aws_kms_key.foo", "arn"),
          resource.TestCheckResourceAttr(resourceName, "performance_insights_retention_period", "7"),
        ),
      },
      // Test updating only Performance Insights retention period via update
      {
        Config: testAccAWSDBInstanceConfigPerformanceInsightsEnabled(rInt, 731),
        Check: resource.ComposeTestCheckFunc(
          testAccCheckAWSDBInstanceExists(resourceName, &v),
          testAccCheckAWSDBInstanceAttributes(&v),
          resource.TestCheckResourceAttr(resourceName, "performance_insights_enabled", "true"),
          resource.TestCheckResourceAttrPair(resourceName, "performance_insights_kms_key_id", "aws_kms_key.foo", "arn"),
          resource.TestCheckResourceAttr(resourceName, "performance_insights_retention_period", "731"),
        ),
      },
    },
  })
}

func testAccAWSDBInstanceConfigPerformanceInsightsDisabled(n int) string {
  return fmt.Sprintf(`
resource "aws_db_instance" "bar" {
  allocated_storage       = 5
  backup_retention_period = 0
  engine                  = "mysql"
  engine_version          = "5.6.41"
  identifier              = "tf-db-test-%d"
  instance_class          = "db.m3.medium"
  name                    = "mydb"
  password                = "mustbeeightcharaters"
  skip_final_snapshot     = true
  username                = "foo"
}
`, n)
}

func testAccAWSDBInstanceConfigPerformanceInsightsEnabled(n, piRetentionPeriod int) string {
  return fmt.Sprintf(`

resource "aws_kms_key" "foo" {
    description = "Terraform acc test %d"
    policy = <<POLICY
{
  "Version": "2012-10-17",
  "Id": "kms-tf-1",
  "Statement": [
    {
      "Sid": "Enable IAM User Permissions",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "kms:*",
      "Resource": "*"
    }
  ]
}
POLICY
}

resource "aws_db_instance" "bar" {
  engine                                = "mysql"
  engine_version                        = "5.6.41"
  identifier                            = "tf-db-test-%d"
  instance_class                        = "db.m3.medium"
  allocated_storage                     = 5
  backup_retention_period               = 0
  name                                  = "mydb"
  username                              = "foo"
  password                              = "mustbeeightcharaters"
  skip_final_snapshot                   = true
  performance_insights_enabled          = true
  performance_insights_kms_key_id       = "${aws_kms_key.foo.arn}"
  performance_insights_retention_period = %d
}
`, n, n, piRetentionPeriod)
}

This logic here in resourceAwsDbInstanceUpdate() needs to be updated to properly handle disabling PI:

  if d.HasChange("performance_insights_enabled") {
    d.SetPartial("performance_insights_enabled")
    req.EnablePerformanceInsights = aws.Bool(d.Get("performance_insights_enabled").(bool))
    requestUpdate = true
  }

  if d.HasChange("performance_insights_kms_key_id") {
    d.SetPartial("performance_insights_kms_key_id")
    req.PerformanceInsightsKMSKeyId = aws.String(d.Get("performance_insights_kms_key_id").(string))
    requestUpdate = true
  }

  if d.HasChange("performance_insights_retention_period") {
    d.SetPartial("performance_insights_retention_period")
    req.PerformanceInsightsRetentionPeriod = aws.Int64(int64(d.Get("performance_insights_retention_period").(int)))
    requestUpdate = true
  }

To send the PerformanceInsightsKMSKeyId and PerformanceInsightsRetentionPeriod only when PI is enabled. Maybe something like this:

// NOTE: Unverified and may require additional changes
  if d.HasChange("performance_insights_enabled") {
    d.SetPartial("performance_insights_enabled")
    req.EnablePerformanceInsights = aws.Bool(d.Get("performance_insights_enabled").(bool))
    requestUpdate = true
  }

  if d.Get("performance_insights_enabled").(bool) && d.HasChange("performance_insights_kms_key_id") {
    d.SetPartial("performance_insights_kms_key_id")
    req.PerformanceInsightsKMSKeyId = aws.String(d.Get("performance_insights_kms_key_id").(string))
    requestUpdate = true
  }

  if d.Get("performance_insights_enabled").(bool) && d.HasChange("performance_insights_retention_period") {
    d.SetPartial("performance_insights_retention_period")
    req.PerformanceInsightsRetentionPeriod = aws.Int64(int64(d.Get("performance_insights_retention_period").(int)))
    requestUpdate = true
  }

There may be other issues too with updates which is why I added the other update test steps above. We should probably also add acceptance testing to check for errors updating the KMS key, like #3015 from aws_rds_cluster, since I would guess the ModifyDBCluster and ModifyDBInstance API calls likely behave similarly.

Please let us know if you have time to perform these fixes or have any questions, thanks.

aws/resource_aws_db_instance.go
@@ -571,6 +588,18 @@ func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error
requiresModifyDbInstance = true
}

if attr, ok := d.GetOk("performance_insights_enabled"); ok {
opts.EnablePerformanceInsights = aws.Bool(attr.(bool))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should have an acceptance test added to ensure its functionality and prevent regressions, e.g. something similar to:

func TestAccAWSDBInstance_ReplicateSourceDb_PerformanceInsightsEnabled(t *testing.T) {
	var dbInstance, sourceDbInstance rds.DBInstance

	rName := acctest.RandomWithPrefix("tf-acc-test")
	kmsKeyResourceName := "aws_kms_key.test"
	sourceResourceName := "aws_db_instance.source"
	resourceName := "aws_db_instance.test"

	resource.ParallelTest(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckAWSDBInstanceDestroy,
		Steps: []resource.TestStep{
			{
				Config: testAccAWSDBInstanceConfig_ReplicateSourceDb_PerformanceInsightsEnabled(rName),
				Check: resource.ComposeTestCheckFunc(
					testAccCheckAWSDBInstanceExists(sourceResourceName, &sourceDbInstance),
					testAccCheckAWSDBInstanceExists(resourceName, &dbInstance),
					testAccCheckAWSDBInstanceReplicaAttributes(&sourceDbInstance, &dbInstance),
					resource.TestCheckResourceAttr(resourceName, "performance_insights_enabled", "true"),
					resource.TestCheckResourceAttrPair(resourceName, "performance_insights_kms_key_id", kmsKeyResourceName, "arn"),
					resource.TestCheckResourceAttr(resourceName, "performance_insights_retention_period", "7"),
				),
			},
		},
	})
}

func testAccAWSDBInstanceConfig_ReplicateSourceDb_PerformanceInsightsEnabled(rName string) string {
	return fmt.Sprintf(`
resource "aws_kms_key" "test" {
  description = "Terraform acc test"
  policy      = <<POLICY
{
  "Version": "2012-10-17",
  "Id": "kms-tf-1",
  "Statement": [
    {
      "Sid": "Enable IAM User Permissions",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "kms:*",
      "Resource": "*"
    }
  ]
}
POLICY
}

resource "aws_db_instance" "source" {
  allocated_storage       = 5
  backup_retention_period = 1
  engine                  = "mysql"
  engine_version          = "5.6.41"
  identifier              = "%s-source"
  instance_class          = "db.m3.medium"
  password                = "avoid-plaintext-passwords"
  username                = "tfacctest"
  skip_final_snapshot     = true
}

resource "aws_db_instance" "test" {
  identifier                            = %q
  instance_class                        = "${aws_db_instance.source.instance_class}"
  performance_insights_enabled          = true
  performance_insights_kms_key_id       = "${aws_kms_key.test.arn}"
  performance_insights_retention_period = 7
  replicate_source_db                   = "${aws_db_instance.source.id}"
  skip_final_snapshot                   = true
}
`, rName, rName)
}

aws/resource_aws_db_instance.go
@@ -422,6 +422,23 @@ func resourceAwsDbInstance() *schema.Resource {
Optional: true,
},

"performance_insights_enabled": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This attribute (along with the other performance_insights_* attributes) are not currently handled during the RestoreDBInstanceFromDBSnapshot creation flow so attempting to creating a configuration with PI enabled and snapshot_identifier will require two applies of the configuration to converge.

While RestoreDBInstanceFromDBSnapshot does not directly support setting EnablePerformanceInsights, PerformanceInsightsKmsKeyId, and PerformanceInsightsRetentionPeriod, we have a framework in place to handle this situation by calling ModifyDBInstance immediately after restore, e.g.

// Provided as an example of this logic so similar logic can be added near it
		if attr, ok := d.GetOk("backup_window"); ok {
			modifyDbInstanceInput.PreferredBackupWindow = aws.String(attr.(string))
			requiresModifyDbInstance = true
		}

This should have an acceptance test added to ensure its functionality and prevent regressions, e.g. something similar to:

func TestAccAWSDBInstance_SnapshotIdentifier_PerformanceInsightsEnabled(t *testing.T) {
	var dbInstance, sourceDbInstance rds.DBInstance
	var dbSnapshot rds.DBSnapshot

	rName := acctest.RandomWithPrefix("tf-acc-test")
	kmsKeyResourceName := "aws_kms_key.test"
	sourceDbResourceName := "aws_db_instance.source"
	snapshotResourceName := "aws_db_snapshot.test"
	resourceName := "aws_db_instance.test"

	resource.ParallelTest(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckAWSDBInstanceDestroy,
		Steps: []resource.TestStep{
			{
				Config: testAccAWSDBInstanceConfig_SnapshotIdentifier_PerformanceInsightsEnabled(rName),
				Check: resource.ComposeTestCheckFunc(
					testAccCheckAWSDBInstanceExists(sourceDbResourceName, &sourceDbInstance),
					testAccCheckDbSnapshotExists(snapshotResourceName, &dbSnapshot),
					testAccCheckAWSDBInstanceExists(resourceName, &dbInstance),
					resource.TestCheckResourceAttr(resourceName, "performance_insights_enabled", "true"),
					resource.TestCheckResourceAttrPair(resourceName, "performance_insights_kms_key_id", kmsKeyResourceName, "arn"),
					resource.TestCheckResourceAttr(resourceName, "performance_insights_retention_period", "7"),
				),
			},
		},
	})
}

func testAccAWSDBInstanceConfig_SnapshotIdentifier_PerformanceInsightsEnabled(rName string) string {
	return fmt.Sprintf(`
resource "aws_kms_key" "test" {
  description = "Terraform acc test"
  policy      = <<POLICY
{
  "Version": "2012-10-17",
  "Id": "kms-tf-1",
  "Statement": [
    {
      "Sid": "Enable IAM User Permissions",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "kms:*",
      "Resource": "*"
    }
  ]
}
POLICY
}

resource "aws_db_instance" "source" {
  allocated_storage   = 5
  engine              = "mysql"
  engine_version      = "5.6.41"
  identifier          = "%s-source"
  instance_class      = "db.m3.medium"
  password            = "avoid-plaintext-passwords"
  username            = "tfacctest"
  skip_final_snapshot = true
}

resource "aws_db_snapshot" "test" {
  db_instance_identifier = "${aws_db_instance.source.id}"
  db_snapshot_identifier = %q
}

resource "aws_db_instance" "test" {
  identifier                            = %q
  instance_class                        = "${aws_db_instance.source.instance_class}"
  performance_insights_enabled          = true
  performance_insights_kms_key_id       = "${aws_kms_key.test.arn}"
  performance_insights_retention_period = 7
  snapshot_identifier                   = "${aws_db_snapshot.test.id}"
  skip_final_snapshot                   = true
}
`, rName, rName, rName)
}

@bflad bflad removed this from the v1.53.0 milestone Dec 20, 2018
@bflad bflad added the waiting-response Maintainers are waiting on response from community or contributor. label Dec 20, 2018
@ghost ghost added size/XL Managed by automation to categorize the size of a PR. and removed size/L Managed by automation to categorize the size of a PR. labels Jan 9, 2019
@msvab
Copy link
Contributor Author

msvab commented Jan 9, 2019
edited
Loading

Hi @bflad, I've added the extra tests and tried to address the rest of the feedback, but I got a bit stuck and I'm not sure I can finish this on my own since I lack the knowledge of your testing framework.

So once PI is enabled, the KMS Key cannot ever be changed. Even if you disable it and query the API, it will return the key in the response, then if you enable it, it will be enabled with the original key. So once KMS Key is set, you can only update performance_insights_enabled or performance_insights_retention_period. I've updated the tests to describe these scenarios, but failed to make it work. Currently the test fails with

=== RUN   TestAccAWSRDSDBInstance_withPerformanceInsights
=== PAUSE TestAccAWSRDSDBInstance_withPerformanceInsights
=== CONT  TestAccAWSRDSDBInstance_withPerformanceInsights
--- FAIL: TestAccAWSRDSDBInstance_withPerformanceInsights (665.50s)
    testing.go:538: Step 1 error: After applying this step, the plan was not empty:
        
        DIFF:
        
        UPDATE: aws_db_instance.bar
          performance_insights_kms_key_id: "arn:aws:kms:eu-central-1:624670762265:key/bf1ee5ca-2491-47e8-8e88-db54a051d5d5" => ""
        
        STATE:
        
        aws_db_instance.bar:
          ID = tf-db-test-7067100361891765948
          provider = provider.aws
          address = tf-db-test-7067100361891765948.cekwdbllig4s.eu-central-1.rds.amazonaws.com
          allocated_storage = 5
          arn = arn:aws:rds:eu-central-1:624670762265:db:tf-db-test-7067100361891765948
          auto_minor_version_upgrade = true
          availability_zone = eu-central-1a
          backup_retention_period = 0
          backup_window = 20:24-20:54
          ca_cert_identifier = rds-ca-2015
          copy_tags_to_snapshot = false
          db_subnet_group_name = default
          deletion_protection = false
          domain = 
          domain_iam_role_name = 
          enabled_cloudwatch_logs_exports.# = 0
          endpoint = tf-db-test-7067100361891765948.cekwdbllig4s.eu-central-1.rds.amazonaws.com:3306
          engine = mysql
          engine_version = 5.6.41
          hosted_zone_id = Z1RLNUO7B9Q6NB
          iam_database_authentication_enabled = false
          identifier = tf-db-test-7067100361891765948
          instance_class = db.m3.medium
          iops = 0
          kms_key_id = 
          license_model = general-public-license
          maintenance_window = wed:01:33-wed:02:03
          monitoring_interval = 0
          multi_az = false
          name = mydb
          option_group_name = default:mysql-5-6
          parameter_group_name = default.mysql5.6
          password = mustbeeightcharaters
          performance_insights_enabled = false
          performance_insights_kms_key_id = arn:aws:kms:eu-central-1:624670762265:key/bf1ee5ca-2491-47e8-8e88-db54a051d5d5
          performance_insights_retention_period = 0
          port = 3306
          publicly_accessible = false
          replicas.# = 0
          replicate_source_db = 
          resource_id = db-IXOXIOGYPQOQ2APEYIY5HDYLUM
          security_group_names.# = 0
          skip_final_snapshot = true
          status = available
          storage_encrypted = false
          storage_type = gp2
          tags.% = 0
          timezone = 
          username = foo
          vpc_security_group_ids.# = 1
          vpc_security_group_ids.1630437501 = sg-40f0442d
        aws_kms_key.foo:
          ID = bf1ee5ca-2491-47e8-8e88-db54a051d5d5
          provider = provider.aws
          arn = arn:aws:kms:eu-central-1:624670762265:key/bf1ee5ca-2491-47e8-8e88-db54a051d5d5
          description = Terraform acc test 7067100361891765948
          enable_key_rotation = false
          is_enabled = true
          key_id = bf1ee5ca-2491-47e8-8e88-db54a051d5d5
          key_usage = ENCRYPT_DECRYPT
          policy = {"Id":"kms-tf-1","Statement":[{"Action":"kms:*","Effect":"Allow","Principal":{"AWS":"*"},"Resource":"*","Sid":"Enable IAM User Permissions"}],"Version":"2012-10-17"}
          tags.% = 0
FAIL
FAIL	github.com/terraform-providers/terraform-provider-aws/aws	665.548s
make: *** [testacc] Error 1```

@ghost ghost removed the waiting-response Maintainers are waiting on response from community or contributor. label Jan 9, 2019
@sheyd sheyd mentioned this pull request Jan 17, 2019
Closed
@analytically
Copy link

FYI https://aws.amazon.com/about-aws/whats-new/2019/02/performance-insights-supports-T2-and-T3/

@Sytten
Copy link

Sytten commented Apr 20, 2019

Any ETA for a merge?

@debu99 debu99 mentioned this pull request May 10, 2019
Closed
@RossHammer
Copy link

@msvab I looked at your PR and found there were different things that needed changing to get the tests passing. It seems there are a couple things that are misconfigured to get it working, here is the diff I found that gets everything operating nicely.

--- a/aws/resource_aws_db_instance.go
+++ b/aws/resource_aws_db_instance.go
@@ -433,11 +433,13 @@ func resourceAwsDbInstance() *schema.Resource {
 			"performance_insights_kms_key_id": {
 				Type:         schema.TypeString,
 				Optional:     true,
+				Computed:     true,
 				ValidateFunc: validateArn,
 			},
 
 			"performance_insights_retention_period": {
 				Type:     schema.TypeInt,
+				Computed: true,
 				Optional: true,
 			},
 
@@ -1550,7 +1552,7 @@ func resourceAwsDbInstanceUpdate(d *schema.ResourceData, meta interface{}) error
 		requestUpdate = true
 	}
 
-	if d.Get("performance_insights_enabled").(bool) && d.HasChange("performance_insights_kms_key_id") {
+	if d.Get("performance_insights_enabled").(bool) && (d.HasChange("performance_insights_kms_key_id") || d.HasChange("performance_insights_enabled")) {
 		d.SetPartial("performance_insights_kms_key_id")
 		req.PerformanceInsightsKMSKeyId = aws.String(d.Get("performance_insights_kms_key_id").(string))
 		requestUpdate = true

@msvab
Copy link
Contributor Author

msvab commented May 22, 2019

Thanks @RossHammer! I've updated the code and the tests are passing now.

@bflad bflad added this to the v2.12.0 milestone May 23, 2019
bflad
bflad approved these changes May 23, 2019
View reviewed changes
Copy link
Contributor

@bflad bflad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much, @msvab 🚀

Output from acceptance testing (test failures unrelated):

--- FAIL: TestAccAWSDBInstance_optionGroup (8.87s)
--- PASS: TestAccAWSDBInstance_IsAlreadyBeingDeleted (326.60s)
--- PASS: TestAccAWSDBInstance_iamAuth (366.55s)
--- PASS: TestAccAWSDBInstance_namePrefix (368.12s)
--- PASS: TestAccAWSDBInstance_basic (397.41s)
--- PASS: TestAccAWSDBInstance_DeletionProtection (462.26s)
--- PASS: TestAccAWSDBInstance_generatedName (487.97s)
--- PASS: TestAccAWSDBInstance_kmsKey (507.14s)
--- FAIL: TestAccAWSDBInstance_ReplicateSourceDb_AutoMinorVersionUpgrade (787.57s)
--- PASS: TestAccAWSDBInstance_FinalSnapshotIdentifier_SkipFinalSnapshot (810.11s)
--- PASS: TestAccAWSDBInstance_subnetGroup (841.48s)
--- PASS: TestAccAWSDBInstance_FinalSnapshotIdentifier (862.22s)
--- FAIL: TestAccAWSDBInstance_S3Import (649.43s)
--- PASS: TestAccAWSDBInstance_ReplicateSourceDb_MaintenanceWindow (1155.60s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier (806.14s)
--- PASS: TestAccAWSDBInstance_ReplicateSourceDb (1357.50s)
--- PASS: TestAccAWSDBInstance_ReplicateSourceDb_AllocatedStorage (1569.63s)
--- PASS: TestAccAWSDBInstance_ReplicateSourceDb_BackupWindow (1631.75s)
--- PASS: TestAccAWSDBInstance_ReplicateSourceDb_Monitoring (1695.58s)
--- PASS: TestAccAWSDBInstance_ReplicateSourceDb_IamDatabaseAuthenticationEnabled (1703.77s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_Io1Storage (1240.15s)
--- PASS: TestAccAWSDBInstance_ReplicateSourceDb_AvailabilityZone (1756.74s)
--- PASS: TestAccAWSDBInstance_ReplicateSourceDb_VpcSecurityGroupIds (1417.22s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_AllocatedStorage (1402.69s)
--- PASS: TestAccAWSDBInstance_ReplicateSourceDb_Port (1557.03s)
--- PASS: TestAccAWSDBInstance_ReplicateSourceDb_BackupRetentionPeriod (1953.97s)
--- PASS: TestAccAWSDBInstance_ReplicateSourceDb_ParameterGroupName (1662.77s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_AvailabilityZone (1187.13s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_AutoMinorVersionUpgrade (1211.61s)
--- PASS: TestAccAWSDBInstance_ReplicateSourceDb_MultiAZ (2058.88s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_BackupRetentionPeriod (1483.63s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_IamDatabaseAuthenticationEnabled (1080.36s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_DeletionProtection (1256.33s)
--- PASS: TestAccAWSDBInstance_portUpdate (487.46s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_BackupWindow (1445.03s)
--- PASS: TestAccAWSDBInstance_separate_iops_update (589.04s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_MaintenanceWindow (1190.17s)
--- PASS: TestAccAWSDBInstance_enhancedMonitoring (669.59s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_BackupRetentionPeriod_Unset (1844.67s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_Monitoring (1173.41s)
--- PASS: TestAccAWSDBInstance_MinorVersion (412.52s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_ParameterGroupName (1142.40s)
--- PASS: TestAccAWSDBInstance_cloudwatchLogsExportConfiguration (396.58s)
--- PASS: TestAccAWSDBInstance_ec2Classic (417.22s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_Port (1201.76s)
--- PASS: TestAccAWSDBInstance_diffSuppressInitialState (544.77s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_VpcSecurityGroupIds (1203.34s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_Tags (1304.12s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_VpcSecurityGroupIds_Tags (1193.58s)
--- PASS: TestAccAWSDBInstance_EnabledCloudwatchLogsExports_Postgresql (494.06s)
--- PASS: TestAccAWSDBInstance_EnabledCloudwatchLogsExports_Oracle (664.57s)
--- PASS: TestAccAWSDBInstance_cloudwatchLogsExportConfigurationUpdate (756.27s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_MultiAZ (1784.66s)
--- PASS: TestAccAWSDBInstance_MSSQL_TZ (1712.39s)
--- PASS: TestAccAWSRDSDBInstance_withPerformanceInsights (1063.00s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_PerformanceInsightsEnabled (1373.20s)
--- PASS: TestAccAWSDBInstance_ReplicateSourceDb_PerformanceInsightsEnabled (1436.25s)
--- PASS: TestAccAWSDBInstance_MySQL_SnapshotRestoreWithEngineVersion (1906.22s)
--- PASS: TestAccAWSDBInstance_MSSQL_DomainSnapshotRestore (3093.27s)
--- PASS: TestAccAWSDBInstance_MSSQL_Domain (3344.62s)
--- PASS: TestAccAWSDBInstance_SnapshotIdentifier_MultiAZ_SQLServer (4817.70s)

@bflad bflad merged commit 3f15860 into hashicorp:master May 23, 2019
bflad added a commit that referenced this pull request May 23, 2019
@bflad
Update CHANGELOG for #6453
64cfd13
@bflad
Copy link
Contributor

bflad commented May 24, 2019

This has been released in version 2.12.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@jrobison-sb jrobison-sb mentioned this pull request May 28, 2019
Closed
@mattyait mattyait mentioned this pull request Jul 17, 2019
Closed
@ghost
Copy link

ghost commented Mar 29, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 29, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bflad bflad bflad approved these changes

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. service/rds Issues and PRs that pertain to the rds service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v2.12.0
Development

Successfully merging this pull request may close these issues.

Support performance insights on PostgreSQL RDS (non-aurora)
8 participants
@msvab @kais58 @jalev @jrobison-sb @analytically @Sytten @RossHammer @bflad