Merge pull request #8 from terraform-providers/master

merge
DrFaust92 · Nov 4, 2019 · e5b7302 · e5b7302
2 parents 653c81e + b2763b0
commit e5b7302
Show file tree

Hide file tree

Showing 31 changed files with 1,109 additions and 98 deletions.
diff --git a/.hashibot.hcl b/.hashibot.hcl
@@ -295,6 +295,12 @@ behavior "regexp_issue_labeler_v2" "service_labels" {
     "service/iot" = [
       "aws_iot_",
     ],
+    "service/iotanalytics" = [
+      "aws_iotanalytics_",
+    ],
+    "service/iotevents" = [
+      "aws_iotevents_",
+    ],
     "service/kafka" = [
       "aws_msk_",
     ],
@@ -867,6 +873,14 @@ behavior "pull_request_path_labeler" "service_labels" {
       "**/*_iot_*",
       "**/iot_*"
     ]
+    "service/iotanalytics" = [
+      "**/*_iotanalytics_*",
+      "**/iotanalytics_*"
+    ]
+    "service/iotevents" = [
+      "**/*_iotevents_*",
+      "**/iotevents_*"
+    ]
     "service/kafka" = [
       "**/*_msk_*",
       "**/msk_*",

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,16 +15,22 @@ ENHANCEMENTS:
 * data-source/aws_db_instance: Add `tags` attribute [GH-10550]
 * data-source/aws_vpc_endpoint: Add `filter` and `tags` arguments [GH-10503]
 * provider: Add `ignore_tag_prefixes` and `ignore_tags` arguments (in public preview, see note above) [GH-10418]
+* resource/aws_api_gateway_api_key: Add `tags` argument and `arn` attribute [GH-10568]
+* resource/aws_api_gateway_client_certificate: Add `tags` argument and `arn` attribute [GH-10569]
+* resource/aws_api_gateway_domain_name: Add `tags` argument and `arn` attribute [GH-10567]
+* resource/aws_api_gateway_vpc_link: Add `tags` argument and `arn` attribute [GH-10561]
 * resource/aws_db_cluster_snapshot: Add `tags` argument [GH-10488]
 * resource/aws_mq_broker: Support in-place `security_groups` updates [GH-10442]
 * resource/aws_storagegateway_cached_iscsi_volume: Add `tags` argument [GH-10613]
 * resource/aws_storagegateway_gateway: Add `tags` argument [GH-10588]
+* resource/aws_storagegateway_nfs_file_share: Add `tags` argument [GH-10722]
 * resource/aws_subnet: Support provider-wide ignore tags (in public preview, see note above) [GH-10418]
 * resource/aws_vpc: Support provider-wide ignore tags (in public preview, see note above) [GH-10418]
 * resource/aws_waf_rate_based_rule: Add `tags` argument and `arn` attribute [GH-10479]
 
 BUG FIXES:
 
+* data-source/aws_route53_resolver_rule: Do not retrieve tags for rules shared with the AWS account that owns the data source [GH-10348]
 * resource/aws_api_gateway_authorizer: Set `authorizer_result_ttl_in_seconds` argument default to 300 to match API default which properly allows setting to 0 for disabling caching [GH-9605]
 * resource/aws_autoscaling_group: Batch ELB attachments and detachments by 10 to prevent API and rate limiting errors [GH-10445]
 * resource/aws_s3_bucket_public_access_block: Remove from Terraform state when S3 Bucket is already destroyed [GH-10534]

diff --git a/aws/data_source_aws_acmpca_certificate_authority.go b/aws/data_source_aws_acmpca_certificate_authority.go
@@ -7,6 +7,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/acmpca"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
 )
 
 func dataSourceAwsAcmpcaCertificateAuthority() *schema.Resource {
@@ -161,12 +162,13 @@ func dataSourceAwsAcmpcaCertificateAuthorityRead(d *schema.ResourceData, meta in
 		d.Set("certificate_signing_request", getCertificateAuthorityCsrOutput.Csr)
 	}
 
-	tags, err := listAcmpcaTags(conn, certificateAuthorityArn)
+	tags, err := keyvaluetags.AcmpcaListTags(conn, certificateAuthorityArn)
+
 	if err != nil {
-		return fmt.Errorf("error reading ACMPCA Certificate Authority %q tags: %s", certificateAuthorityArn, err)
+		return fmt.Errorf("error listing tags for ACMPCA Certificate Authority (%s): %s", certificateAuthorityArn, err)
 	}
 
-	if err := d.Set("tags", tagsToMapACMPCA(tags)); err != nil {
+	if err := d.Set("tags", tags.IgnoreAws().Map()); err != nil {
 		return fmt.Errorf("error setting tags: %s", err)
 	}
 

diff --git a/aws/data_source_aws_rds_cluster.go b/aws/data_source_aws_rds_cluster.go
@@ -8,6 +8,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/rds"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
 )
 
 func dataSourceAwsRdsCluster() *schema.Resource {
@@ -201,7 +202,8 @@ func dataSourceAwsRdsClusterRead(d *schema.ResourceData, meta interface{}) error
 		return fmt.Errorf("error setting availability_zones: %s", err)
 	}
 
-	d.Set("arn", dbc.DBClusterArn)
+	arn := dbc.DBClusterArn
+	d.Set("arn", arn)
 	d.Set("backtrack_window", int(aws.Int64Value(dbc.BacktrackWindow)))
 	d.Set("backup_retention_period", dbc.BackupRetentionPeriod)
 	d.Set("cluster_identifier", dbc.DBClusterIdentifier)
@@ -263,9 +265,14 @@ func dataSourceAwsRdsClusterRead(d *schema.ResourceData, meta interface{}) error
 		return fmt.Errorf("error setting vpc_security_group_ids: %s", err)
 	}
 
-	// Fetch and save tags
-	if err := saveTagsRDS(conn, d, aws.StringValue(dbc.DBClusterArn)); err != nil {
-		log.Printf("[WARN] Failed to save tags for RDS Cluster (%s): %s", aws.StringValue(dbc.DBClusterIdentifier), err)
+	tags, err := keyvaluetags.RdsListTags(conn, *arn)
+
+	if err != nil {
+		return fmt.Errorf("error listing tags for RDS Cluster (%s): %s", *arn, err)
+	}
+
+	if err := d.Set("tags", tags.IgnoreAws().Map()); err != nil {
+		return fmt.Errorf("error setting tags: %s", err)
 	}
 
 	return nil

diff --git a/aws/data_source_aws_route53_resolver_rule.go b/aws/data_source_aws_route53_resolver_rule.go
@@ -125,9 +125,13 @@ func dataSourceAwsRoute53ResolverRuleRead(d *schema.ResourceData, meta interface
 	d.Set("resolver_endpoint_id", rule.ResolverEndpointId)
 	d.Set("resolver_rule_id", rule.Id)
 	d.Set("rule_type", rule.RuleType)
-	d.Set("share_status", rule.ShareStatus)
-	if err := getTagsRoute53Resolver(conn, d); err != nil {
-		return fmt.Errorf("error reading Route 53 Resolver rule (%s) tags: %s", d.Id(), err)
+	shareStatus := aws.StringValue(rule.ShareStatus)
+	d.Set("share_status", shareStatus)
+	// https://github.com/terraform-providers/terraform-provider-aws/issues/10211
+	if shareStatus != route53resolver.ShareStatusSharedWithMe {
+		if err := getTagsRoute53Resolver(conn, d); err != nil {
+			return fmt.Errorf("error reading Route 53 Resolver rule (%s) tags: %s", d.Id(), err)
+		}
 	}
 
 	return nil

diff --git a/aws/data_source_aws_route53_resolver_rule_test.go b/aws/data_source_aws_route53_resolver_rule_test.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 )
 
 func TestAccDataSourceAwsRoute53ResolverRule_basic(t *testing.T) {
@@ -91,6 +92,78 @@ func TestAccDataSourceAwsRoute53ResolverRule_ResolverEndpointIdWithTags(t *testi
 	})
 }
 
+func TestAccDataSourceAwsRoute53ResolverRule_SharedByMe(t *testing.T) {
+	var providers []*schema.Provider
+	rName := fmt.Sprintf("tf-testacc-r53-resolver-%s", acctest.RandStringFromCharSet(8, acctest.CharSetAlphaNum))
+	resourceName := "aws_route53_resolver_rule.example"
+	ds1ResourceName := "data.aws_route53_resolver_rule.by_resolver_endpoint_id"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			testAccAlternateAccountPreCheck(t)
+			testAccPreCheckAWSRoute53Resolver(t)
+		},
+		ProviderFactories: testAccProviderFactories(&providers),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAwsRoute53ResolverRule_sharedByMe(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "id", resourceName, "id"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "arn", resourceName, "arn"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "domain_name", resourceName, "domain_name"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "name", resourceName, "name"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "owner_id", resourceName, "owner_id"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "resolver_endpoint_id", resourceName, "resolver_endpoint_id"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "resolver_rule_id", resourceName, "id"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "rule_type", resourceName, "rule_type"),
+					resource.TestCheckResourceAttr(ds1ResourceName, "share_status", "SHARED_BY_ME"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "tags.%", resourceName, "tags.%"),
+					resource.TestCheckResourceAttr(ds1ResourceName, "tags.%", "2"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "tags.Key1", resourceName, "tags.Key1"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "tags.Key2", resourceName, "tags.Key2"),
+				),
+				ExpectNonEmptyPlan: true,
+			},
+		},
+	})
+}
+
+func TestAccDataSourceAwsRoute53ResolverRule_SharedWithMe(t *testing.T) {
+	var providers []*schema.Provider
+	rName := fmt.Sprintf("tf-testacc-r53-resolver-%s", acctest.RandStringFromCharSet(8, acctest.CharSetAlphaNum))
+	resourceName := "aws_route53_resolver_rule.example"
+	ds1ResourceName := "data.aws_route53_resolver_rule.by_resolver_endpoint_id"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			testAccAlternateAccountPreCheck(t)
+			testAccPreCheckAWSRoute53Resolver(t)
+		},
+		ProviderFactories: testAccProviderFactories(&providers),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceAwsRoute53ResolverRule_sharedWithMe(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "id", resourceName, "id"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "arn", resourceName, "arn"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "domain_name", resourceName, "domain_name"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "name", resourceName, "name"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "owner_id", resourceName, "owner_id"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "resolver_endpoint_id", resourceName, "resolver_endpoint_id"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "resolver_rule_id", resourceName, "id"),
+					resource.TestCheckResourceAttrPair(ds1ResourceName, "rule_type", resourceName, "rule_type"),
+					resource.TestCheckResourceAttr(ds1ResourceName, "share_status", "SHARED_WITH_ME"),
+					// Tags cannot be retrieved for rules shared with us.
+					resource.TestCheckResourceAttr(ds1ResourceName, "tags.%", "0"),
+				),
+				ExpectNonEmptyPlan: true,
+			},
+		},
+	})
+}
+
 func testAccDataSourceAwsRoute53ResolverRule_basic(rName string) string {
 	return fmt.Sprintf(`
 resource "aws_route53_resolver_rule" "example" {
@@ -138,3 +211,93 @@ data "aws_route53_resolver_rule" "by_resolver_endpoint_id" {
 }
 `, rName)
 }
+
+func testAccDataSourceAwsRoute53ResolverRule_sharedByMe(rName string) string {
+	return testAccAlternateAccountProviderConfig() + testAccRoute53ResolverRuleConfig_resolverEndpoint(rName) + fmt.Sprintf(`
+resource "aws_route53_resolver_rule" "example" {
+  domain_name = "%[1]s.example.com"
+  rule_type   = "FORWARD"
+  name        = %[1]q
+
+  resolver_endpoint_id = "${aws_route53_resolver_endpoint.bar.id}"
+
+  target_ip {
+    ip = "192.0.2.7"
+  }
+
+  tags = {
+    "Key1" = "Value1"
+    "Key2" = "Value2"
+  }
+}
+
+resource "aws_ram_resource_share" "test" {
+  name                      = %[1]q
+  allow_external_principals = true
+}
+
+resource "aws_ram_resource_association" "test" {
+  resource_arn       = "${aws_route53_resolver_rule.example.arn}"
+  resource_share_arn = "${aws_ram_resource_share.test.arn}"
+}
+
+data "aws_organizations_organization" "test" {}
+
+resource "aws_ram_principal_association" "test" {
+  principal          = "${data.aws_organizations_organization.test.arn}"
+  resource_share_arn = "${aws_ram_resource_share.test.arn}"
+}
+
+data "aws_route53_resolver_rule" "by_resolver_endpoint_id" {
+  resolver_endpoint_id = "${aws_route53_resolver_rule.example.resolver_endpoint_id}"
+
+  depends_on = ["aws_ram_resource_association.test", "aws_ram_principal_association.test"]
+}
+`, rName)
+}
+
+func testAccDataSourceAwsRoute53ResolverRule_sharedWithMe(rName string) string {
+	return testAccAlternateAccountProviderConfig() + testAccRoute53ResolverRuleConfig_resolverEndpoint(rName) + fmt.Sprintf(`
+resource "aws_route53_resolver_rule" "example" {
+  domain_name = "%[1]s.example.com"
+  rule_type   = "FORWARD"
+  name        = %[1]q
+
+  resolver_endpoint_id = "${aws_route53_resolver_endpoint.bar.id}"
+
+  target_ip {
+    ip = "192.0.2.7"
+  }
+
+  tags = {
+    "Key1" = "Value1"
+    "Key2" = "Value2"
+  }
+}
+
+resource "aws_ram_resource_share" "test" {
+  name                      = %[1]q
+  allow_external_principals = true
+}
+
+resource "aws_ram_resource_association" "test" {
+  resource_arn       = "${aws_route53_resolver_rule.example.arn}"
+  resource_share_arn = "${aws_ram_resource_share.test.arn}"
+}
+
+data "aws_organizations_organization" "test" {}
+
+resource "aws_ram_principal_association" "test" {
+  principal          = "${data.aws_organizations_organization.test.arn}"
+  resource_share_arn = "${aws_ram_resource_share.test.arn}"
+}
+
+data "aws_route53_resolver_rule" "by_resolver_endpoint_id" {
+  provider = "aws.alternate"
+
+  resolver_endpoint_id = "${aws_route53_resolver_rule.example.resolver_endpoint_id}"
+
+  depends_on = ["aws_ram_resource_association.test", "aws_ram_principal_association.test"]
+}
+`, rName)
+}