provider/aws: Add support for `kms_key_id` to `aws_db_instance` (#6651)
As requested in #4822, add support for a KMS Key ID (ARN) for Db Instance ``` make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDBInstance_kmsKey' 2>~/tf.log ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /vendor/) TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDBInstance_kmsKey -timeout 120m === RUN TestAccAWSDBInstance_basic --- PASS: TestAccAWSDBInstance_basic (587.37s) === RUN TestAccAWSDBInstance_kmsKey --- PASS: TestAccAWSDBInstance_kmsKey (625.31s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 1212.684s ```
This commit is contained in:
parent
2047da21d5
commit
cf37c3adaa
|
@ -289,6 +289,13 @@ func resourceAwsDbInstance() *schema.Resource {
|
|||
Computed: true,
|
||||
},
|
||||
|
||||
"kms_key_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Computed: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"tags": tagsSchema(),
|
||||
},
|
||||
}
|
||||
|
@ -396,6 +403,7 @@ func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error
|
|||
|
||||
if attr, ok := d.GetOk("option_group_name"); ok {
|
||||
opts.OptionGroupName = aws.String(attr.(string))
|
||||
|
||||
}
|
||||
|
||||
if attr, ok := d.GetOk("port"); ok {
|
||||
|
@ -492,6 +500,7 @@ func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error
|
|||
opts.BackupRetentionPeriod = aws.Int64(int64(attr.(int)))
|
||||
if attr, ok := d.GetOk("multi_az"); ok {
|
||||
opts.MultiAZ = aws.Bool(attr.(bool))
|
||||
|
||||
}
|
||||
|
||||
if attr, ok := d.GetOk("maintenance_window"); ok {
|
||||
|
@ -560,6 +569,10 @@ func resourceAwsDbInstanceCreate(d *schema.ResourceData, meta interface{}) error
|
|||
opts.OptionGroupName = aws.String(attr.(string))
|
||||
}
|
||||
|
||||
if attr, ok := d.GetOk("kms_key_id"); ok {
|
||||
opts.KmsKeyId = aws.String(attr.(string))
|
||||
}
|
||||
|
||||
log.Printf("[DEBUG] DB Instance create configuration: %#v", opts)
|
||||
var err error
|
||||
err = resource.Retry(5*time.Minute, func() *resource.RetryError {
|
||||
|
@ -632,6 +645,7 @@ func resourceAwsDbInstanceRead(d *schema.ResourceData, meta interface{}) error {
|
|||
d.Set("maintenance_window", v.PreferredMaintenanceWindow)
|
||||
d.Set("publicly_accessible", v.PubliclyAccessible)
|
||||
d.Set("multi_az", v.MultiAZ)
|
||||
d.Set("kms_key_id", v.KmsKeyId)
|
||||
if v.DBSubnetGroup != nil {
|
||||
d.Set("db_subnet_group_name", v.DBSubnetGroup.DBSubnetGroupName)
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@ package aws
|
|||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
"math/rand"
|
||||
|
@ -51,6 +52,31 @@ func TestAccAWSDBInstance_basic(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
func TestAccAWSDBInstance_kmsKey(t *testing.T) {
|
||||
var v rds.DBInstance
|
||||
keyRegex := regexp.MustCompile("^arn:aws:kms:")
|
||||
|
||||
ri := rand.New(rand.NewSource(time.Now().UnixNano())).Int()
|
||||
config := fmt.Sprintf(testAccAWSDBInstanceConfigKmsKeyId, ri)
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckAWSDBInstanceDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: config,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckAWSDBInstanceExists("aws_db_instance.bar", &v),
|
||||
testAccCheckAWSDBInstanceAttributes(&v),
|
||||
resource.TestMatchResourceAttr(
|
||||
"aws_db_instance.bar", "kms_key_id", keyRegex),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccAWSDBInstance_optionGroup(t *testing.T) {
|
||||
var v rds.DBInstance
|
||||
|
||||
|
@ -404,6 +430,51 @@ resource "aws_db_instance" "bar" {
|
|||
parameter_group_name = "default.mysql5.6"
|
||||
}`
|
||||
|
||||
var testAccAWSDBInstanceConfigKmsKeyId = `
|
||||
resource "aws_kms_key" "foo" {
|
||||
description = "Terraform acc test %s"
|
||||
policy = <<POLICY
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Id": "kms-tf-1",
|
||||
"Statement": [
|
||||
{
|
||||
"Sid": "Enable IAM User Permissions",
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"AWS": "*"
|
||||
},
|
||||
"Action": "kms:*",
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
POLICY
|
||||
}
|
||||
|
||||
resource "aws_db_instance" "bar" {
|
||||
allocated_storage = 10
|
||||
engine = "MySQL"
|
||||
engine_version = "5.6.21"
|
||||
instance_class = "db.m3.medium"
|
||||
name = "baz"
|
||||
password = "barbarbarbar"
|
||||
username = "foo"
|
||||
|
||||
|
||||
# Maintenance Window is stored in lower case in the API, though not strictly
|
||||
# documented. Terraform will downcase this to match (as opposed to throw a
|
||||
# validation error).
|
||||
maintenance_window = "Fri:09:00-Fri:09:30"
|
||||
|
||||
backup_retention_period = 0
|
||||
storage_encrypted = true
|
||||
kms_key_id = "${aws_kms_key.foo.arn}"
|
||||
|
||||
parameter_group_name = "default.mysql5.6"
|
||||
}
|
||||
`
|
||||
|
||||
var testAccAWSDBInstanceConfigWithOptionGroup = fmt.Sprintf(`
|
||||
|
||||
resource "aws_db_option_group" "bar" {
|
||||
|
|
|
@ -102,6 +102,7 @@ database, and to use this value as the source database. This correlates to the
|
|||
enhanced monitoring metrics to CloudWatch Logs. You can find more information on the [AWS Documentation](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.html)
|
||||
what IAM permissions are needed to allow Enhanced Monitoring for RDS Instances.
|
||||
* `monitoring_interval` - (Optional) The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60.
|
||||
* `kms_key_id` - (Optional) The ARN for the KMS encryption key.
|
||||
* `tags` - (Optional) A mapping of tags to assign to the resource.
|
||||
|
||||
~> **NOTE:** Removing the `replicate_source_db` attribute from an existing RDS
|
||||
|
|
Loading…
Reference in New Issue