Merge pull request #15375 from DrFaust92/r/transfer_server_security_p…

…olicy

r/transfer_server - add `security_policy_name` and refactor tests

.changelog/15375.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_transfer_server: Add `security_policy_name` argument
+```

aws/resource_aws_transfer_server.go

@@ -36,14 +36,10 @@ func resourceAwsTransferServer() *schema.Resource {
 			},
 
 			"endpoint_type": {
-				Type:     schema.TypeString,
-				Optional: true,
-				Default:  transfer.EndpointTypePublic,
-				ValidateFunc: validation.StringInSlice([]string{
-					transfer.EndpointTypePublic,
-					transfer.EndpointTypeVpc,
-					transfer.EndpointTypeVpcEndpoint,
-				}, false),
+				Type:         schema.TypeString,
+				Optional:     true,
+				Default:      transfer.EndpointTypePublic,
+				ValidateFunc: validation.StringInSlice(transfer.EndpointType_Values(), false),
 			},
 
 			"endpoint_details": {
@@ -106,14 +102,11 @@ func resourceAwsTransferServer() *schema.Resource {
 			},
 
 			"identity_provider_type": {
-				Type:     schema.TypeString,
-				Optional: true,
-				ForceNew: true,
-				Default:  transfer.IdentityProviderTypeServiceManaged,
-				ValidateFunc: validation.StringInSlice([]string{
-					transfer.IdentityProviderTypeServiceManaged,
-					transfer.IdentityProviderTypeApiGateway,
-				}, false),
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				Default:      transfer.IdentityProviderTypeServiceManaged,
+				ValidateFunc: validation.StringInSlice(transfer.IdentityProviderType_Values(), false),
 			},
 
 			"logging_role": {
@@ -127,6 +120,16 @@ func resourceAwsTransferServer() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
+			"security_policy_name": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Default:  "TransferSecurityPolicy-2018-11",
+				ValidateFunc: validation.StringInSlice([]string{
+					"TransferSecurityPolicy-2018-11",
+					"TransferSecurityPolicy-2020-06",
+					"TransferSecurityPolicy-FIPS-2020-06",
+				}, false),
+			},
 
 			"tags": tagsSchema(),
 
@@ -173,6 +176,10 @@ func resourceAwsTransferServerCreate(d *schema.ResourceData, meta interface{}) e
 		createOpts.EndpointType = aws.String(attr.(string))
 	}
 
+	if attr, ok := d.GetOk("security_policy_name"); ok {
+		createOpts.SecurityPolicyName = aws.String(attr.(string))
+	}
+
 	if attr, ok := d.GetOk("endpoint_details"); ok {
 		createOpts.EndpointDetails = expandTransferServerEndpointDetails(attr.([]interface{}))
 
@@ -294,6 +301,7 @@ func resourceAwsTransferServerRead(d *schema.ResourceData, meta interface{}) err
 	d.Set("identity_provider_type", resp.Server.IdentityProviderType)
 	d.Set("logging_role", resp.Server.LoggingRole)
 	d.Set("host_key_fingerprint", resp.Server.HostKeyFingerprint)
+	d.Set("security_policy_name", resp.Server.SecurityPolicyName)
 
 	tags := keyvaluetags.TransferKeyValueTags(resp.Server.Tags).IgnoreAws().IgnoreConfig(ignoreTagsConfig)
 
@@ -321,6 +329,11 @@ func resourceAwsTransferServerUpdate(d *schema.ResourceData, meta interface{}) e
 		updateOpts.LoggingRole = aws.String(d.Get("logging_role").(string))
 	}
 
+	if d.HasChange("security_policy_name") {
+		updateFlag = true
+		updateOpts.SecurityPolicyName = aws.String(d.Get("security_policy_name").(string))
+	}
+
 	if d.HasChanges("invocation_role", "url") {
 		identityProviderDetails := &transfer.IdentityProviderDetails{}
 		updateFlag = true