diff --git a/aws/resource_aws_db_instance.go b/aws/resource_aws_db_instance.go index a90bfd17550..ed933173ce1 100644 --- a/aws/resource_aws_db_instance.go +++ b/aws/resource_aws_db_instance.go @@ -38,7 +38,7 @@ func resourceAwsDbInstance() *schema.Resource { Timeouts: &schema.ResourceTimeout{ Create: schema.DefaultTimeout(40 * time.Minute), Update: schema.DefaultTimeout(80 * time.Minute), - Delete: schema.DefaultTimeout(40 * time.Minute), + Delete: schema.DefaultTimeout(60 * time.Minute), }, Schema: map[string]*schema.Schema{ diff --git a/aws/resource_aws_db_instance_test.go b/aws/resource_aws_db_instance_test.go index 8e1e0fb4730..56af0288ec5 100644 --- a/aws/resource_aws_db_instance_test.go +++ b/aws/resource_aws_db_instance_test.go @@ -1110,9 +1110,9 @@ func TestAccAWSDBInstance_ReplicateSourceDb_CACertificateIdentifier(t *testing.T var dbInstance, sourceDbInstance rds.DBInstance rName := acctest.RandomWithPrefix("tf-acc-test") - caName := "rds-ca-2019" sourceResourceName := "aws_db_instance.source" resourceName := "aws_db_instance.test" + dataSourceName := "data.aws_rds_certificate.latest" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -1120,13 +1120,13 @@ func TestAccAWSDBInstance_ReplicateSourceDb_CACertificateIdentifier(t *testing.T CheckDestroy: testAccCheckAWSDBInstanceDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSDBInstanceConfig_ReplicateSourceDb_CACertificateIdentifier(rName, caName), + Config: testAccAWSDBInstanceConfig_ReplicateSourceDb_CACertificateIdentifier(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSDBInstanceExists(sourceResourceName, &sourceDbInstance), testAccCheckAWSDBInstanceExists(resourceName, &dbInstance), testAccCheckAWSDBInstanceReplicaAttributes(&sourceDbInstance, &dbInstance), - resource.TestCheckResourceAttr(sourceResourceName, "ca_cert_identifier", caName), - resource.TestCheckResourceAttr(resourceName, "ca_cert_identifier", caName), + resource.TestCheckResourceAttrPair(sourceResourceName, "ca_cert_identifier", dataSourceName, "id"), + resource.TestCheckResourceAttrPair(resourceName, "ca_cert_identifier", dataSourceName, "id"), ), }, }, @@ -2975,7 +2975,7 @@ func TestAccAWSDBInstance_CACertificateIdentifier(t *testing.T) { var dbInstance rds.DBInstance resourceName := "aws_db_instance.bar" - cacID := "rds-ca-2019" + dataSourceName := "data.aws_rds_certificate.latest" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -2983,10 +2983,10 @@ func TestAccAWSDBInstance_CACertificateIdentifier(t *testing.T) { CheckDestroy: testAccCheckAWSDBInstanceDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSDBInstanceConfig_WithCACertificateIdentifier(cacID), + Config: testAccAWSDBInstanceConfig_WithCACertificateIdentifier(), Check: resource.ComposeTestCheckFunc( testAccCheckAWSDBInstanceExists(resourceName, &dbInstance), - resource.TestCheckResourceAttr(resourceName, "ca_cert_identifier", cacID), + resource.TestCheckResourceAttrPair(resourceName, "ca_cert_identifier", dataSourceName, "id"), ), }, }, @@ -3129,12 +3129,16 @@ resource "aws_db_instance" "bar" { `, rInt) } -func testAccAWSDBInstanceConfig_WithCACertificateIdentifier(cacID string) string { +func testAccAWSDBInstanceConfig_WithCACertificateIdentifier() string { return composeConfig(testAccAWSDBInstanceConfig_orderableClassMysql(), fmt.Sprintf(` +data "aws_rds_certificate" "latest" { + latest_valid_till = true +} + resource "aws_db_instance" "bar" { allocated_storage = 10 apply_immediately = true - ca_cert_identifier = %q + ca_cert_identifier = data.aws_rds_certificate.latest.id engine = data.aws_rds_orderable_db_instance.test.engine instance_class = data.aws_rds_orderable_db_instance.test.instance_class name = "baz" @@ -3142,7 +3146,7 @@ resource "aws_db_instance" "bar" { skip_final_snapshot = true username = "foo" } -`, cacID)) +`)) } func testAccAWSDBInstanceConfig_WithOptionGroup(rName string) string { @@ -3239,6 +3243,8 @@ resource "aws_s3_bucket_object" "xtrabackup_db" { etag = filemd5("./testdata/mysql-5-6-xtrabackup.tar.gz") } +data "aws_partition" "current" {} + resource "aws_iam_role" "rds_s3_access_role" { name = "%[3]s-role" @@ -3250,7 +3256,7 @@ resource "aws_iam_role" "rds_s3_access_role" { "Sid": "", "Effect": "Allow", "Principal": { - "Service": "rds.amazonaws.com" + "Service": "rds.${data.aws_partition.current.dns_suffix}" }, "Action": "sts:AssumeRole" } @@ -3399,8 +3405,7 @@ resource "aws_db_instance" "snapshot" { func testAccAWSDbInstanceConfig_MonitoringInterval(rName string, monitoringInterval int) string { return fmt.Sprintf(` -data "aws_partition" "current" { -} +data "aws_partition" "current" {} resource "aws_iam_role" "test" { name = %[1]q @@ -3413,7 +3418,7 @@ resource "aws_iam_role" "test" { "Sid": "", "Effect": "Allow", "Principal": { - "Service": "monitoring.rds.amazonaws.com" + "Service": "monitoring.rds.${data.aws_partition.current.dns_suffix}" }, "Action": "sts:AssumeRole" } @@ -3491,8 +3496,7 @@ resource "aws_db_instance" "test" { func testAccAWSDbInstanceConfig_MonitoringRoleArn(rName string) string { return fmt.Sprintf(` -data "aws_partition" "current" { -} +data "aws_partition" "current" {} resource "aws_iam_role" "test" { name = %[1]q @@ -3505,7 +3509,7 @@ resource "aws_iam_role" "test" { "Sid": "", "Effect": "Allow", "Principal": { - "Service": "monitoring.rds.amazonaws.com" + "Service": "monitoring.rds.${data.aws_partition.current.dns_suffix}" }, "Action": "sts:AssumeRole" } @@ -4047,6 +4051,8 @@ resource "aws_directory_service_directory" "bar" { } } +data "aws_partition" "current" {} + resource "aws_iam_role" "role" { name = "tf-acc-db-instance-mssql-domain-role-%[1]d" @@ -4057,7 +4063,7 @@ resource "aws_iam_role" "role" { { "Action": "sts:AssumeRole", "Principal": { - "Service": "rds.amazonaws.com" + "Service": "rds.${data.aws_partition.current.dns_suffix}" }, "Effect": "Allow", "Sid": "" @@ -4069,7 +4075,7 @@ EOF resource "aws_iam_role_policy_attachment" "attatch-policy" { role = aws_iam_role.role.name - policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess" + policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess" } `, rInt)) } @@ -4176,6 +4182,8 @@ resource "aws_directory_service_directory" "bar" { } } +data "aws_partition" "current" {} + resource "aws_iam_role" "role" { name = "tf-acc-db-instance-mssql-domain-role-%[1]d" @@ -4186,7 +4194,7 @@ resource "aws_iam_role" "role" { { "Action": "sts:AssumeRole", "Principal": { - "Service": "rds.amazonaws.com" + "Service": "rds.${data.aws_partition.current.dns_suffix}" }, "Effect": "Allow", "Sid": "" @@ -4198,7 +4206,7 @@ EOF resource "aws_iam_role_policy_attachment" "attatch-policy" { role = aws_iam_role.role.name - policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess" + policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess" } `, rInt)) } @@ -4309,6 +4317,8 @@ resource "aws_directory_service_directory" "foo" { } } +data "aws_partition" "current" {} + resource "aws_iam_role" "role" { name = "tf-acc-db-instance-mssql-domain-role-%[1]d" @@ -4319,7 +4329,7 @@ resource "aws_iam_role" "role" { { "Action": "sts:AssumeRole", "Principal": { - "Service": "rds.amazonaws.com" + "Service": "rds.${data.aws_partition.current.dns_suffix}" }, "Effect": "Allow", "Sid": "" @@ -4331,7 +4341,7 @@ EOF resource "aws_iam_role_policy_attachment" "attatch-policy" { role = aws_iam_role.role.name - policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess" + policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess" } `, rInt)) } @@ -5673,8 +5683,7 @@ resource "aws_db_instance" "test" { func testAccAWSDBInstanceConfig_ReplicateSourceDb_Monitoring(rName string, monitoringInterval int) string { return composeConfig(testAccAWSDBInstanceConfig_orderableClassMysql(), fmt.Sprintf(` -data "aws_partition" "current" { -} +data "aws_partition" "current" {} resource "aws_iam_role" "test" { name = %[1]q @@ -5687,7 +5696,7 @@ resource "aws_iam_role" "test" { "Sid": "", "Effect": "Allow", "Principal": { - "Service": "monitoring.rds.amazonaws.com" + "Service": "monitoring.rds.${data.aws_partition.current.dns_suffix}" }, "Action": "sts:AssumeRole" } @@ -5835,8 +5844,12 @@ resource "aws_db_instance" "test" { `, rName)) } -func testAccAWSDBInstanceConfig_ReplicateSourceDb_CACertificateIdentifier(rName string, caName string) string { +func testAccAWSDBInstanceConfig_ReplicateSourceDb_CACertificateIdentifier(rName string) string { return composeConfig(testAccAWSDBInstanceConfig_orderableClassMysql(), fmt.Sprintf(` +data "aws_rds_certificate" "latest" { + latest_valid_till = true +} + resource "aws_db_instance" "source" { allocated_storage = 5 backup_retention_period = 1 @@ -5845,7 +5858,7 @@ resource "aws_db_instance" "source" { instance_class = data.aws_rds_orderable_db_instance.test.instance_class password = "avoid-plaintext-passwords" username = "tfacctest" - ca_cert_identifier = %[2]q + ca_cert_identifier = data.aws_rds_certificate.latest.id skip_final_snapshot = true } @@ -5853,10 +5866,10 @@ resource "aws_db_instance" "test" { identifier = %[1]q instance_class = aws_db_instance.source.instance_class replicate_source_db = aws_db_instance.source.id - ca_cert_identifier = %[2]q + ca_cert_identifier = data.aws_rds_certificate.latest.id skip_final_snapshot = true } -`, rName, caName)) +`, rName)) } func testAccAWSDBInstanceConfig_SnapshotIdentifier(rName string) string { @@ -6472,8 +6485,7 @@ resource "aws_db_instance" "test" { func testAccAWSDBInstanceConfig_SnapshotIdentifier_Monitoring(rName string, monitoringInterval int) string { return composeConfig(testAccAWSDBInstanceConfig_orderableClassMariadb(), fmt.Sprintf(` -data "aws_partition" "current" { -} +data "aws_partition" "current" {} resource "aws_iam_role" "test" { name = %[1]q @@ -6486,7 +6498,7 @@ resource "aws_iam_role" "test" { "Sid": "", "Effect": "Allow", "Principal": { - "Service": "monitoring.rds.amazonaws.com" + "Service": "monitoring.rds.${data.aws_partition.current.dns_suffix}" }, "Action": "sts:AssumeRole" } diff --git a/aws/resource_aws_db_option_group_test.go b/aws/resource_aws_db_option_group_test.go index a7b9d506e09..12f70cec257 100644 --- a/aws/resource_aws_db_option_group_test.go +++ b/aws/resource_aws_db_option_group_test.go @@ -360,14 +360,14 @@ func TestAccAWSDBOptionGroup_OracleOptionsUpdate(t *testing.T) { CheckDestroy: testAccCheckAWSDBOptionGroupDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSDBOptionGroupOracleEEOptionSettings(rName, "12.1.0.4.v1"), + Config: testAccAWSDBOptionGroupOracleEEOptionSettings(rName, "13.2.0.0.v2"), Check: resource.ComposeTestCheckFunc( testAccCheckAWSDBOptionGroupExists("aws_db_option_group.bar", &v), resource.TestCheckResourceAttr( "aws_db_option_group.bar", "name", rName), resource.TestCheckResourceAttr( "aws_db_option_group.bar", "option.#", "1"), - testAccCheckAWSDBOptionGroupOptionVersionAttribute(&v, "12.1.0.4.v1"), + testAccCheckAWSDBOptionGroupOptionVersionAttribute(&v, "13.2.0.0.v2"), ), }, { @@ -378,14 +378,14 @@ func TestAccAWSDBOptionGroup_OracleOptionsUpdate(t *testing.T) { ImportStateVerifyIgnore: []string{"name_prefix", "option"}, }, { - Config: testAccAWSDBOptionGroupOracleEEOptionSettings(rName, "12.1.0.5.v1"), + Config: testAccAWSDBOptionGroupOracleEEOptionSettings(rName, "13.3.0.0.v2"), Check: resource.ComposeTestCheckFunc( testAccCheckAWSDBOptionGroupExists("aws_db_option_group.bar", &v), resource.TestCheckResourceAttr( "aws_db_option_group.bar", "name", rName), resource.TestCheckResourceAttr( "aws_db_option_group.bar", "option.#", "1"), - testAccCheckAWSDBOptionGroupOptionVersionAttribute(&v, "12.1.0.5.v1"), + testAccCheckAWSDBOptionGroupOptionVersionAttribute(&v, "13.3.0.0.v2"), ), }, }, @@ -568,7 +568,7 @@ func testAccCheckAWSDBOptionGroupOptionSettingsIAMRole(optionGroup *rds.OptionGr } settingValue := aws.StringValue(optionGroup.Options[0].OptionSettings[0].Value) - iamArnRegExp := regexp.MustCompile(`^arn:aws:iam::\d{12}:role/.+`) + iamArnRegExp := regexp.MustCompile(fmt.Sprintf(`^arn:%s:iam::\d{12}:role/.+`, testAccGetPartition())) if !iamArnRegExp.MatchString(settingValue) { return fmt.Errorf("Expected option setting to be a valid IAM role but received %s", settingValue) } @@ -733,24 +733,26 @@ resource "aws_db_option_group" "bar" { func testAccAWSDBOptionGroupOptionSettingsIAMRole(r string) string { return fmt.Sprintf(` +data "aws_partition" "current" {} + data "aws_iam_policy_document" "rds_assume_role" { statement { actions = ["sts:AssumeRole"] principals { type = "Service" - identifiers = ["rds.amazonaws.com"] + identifiers = ["rds.${data.aws_partition.current.dns_suffix}"] } } } resource "aws_iam_role" "sql_server_backup" { - name = "rds-backup-%s" + name = "rds-backup-%[1]s" assume_role_policy = data.aws_iam_policy_document.rds_assume_role.json } resource "aws_db_option_group" "bar" { - name = "%s" + name = "%[1]s" option_group_description = "Test option group for terraform" engine_name = "sqlserver-ex" major_engine_version = "14.00" @@ -764,7 +766,7 @@ resource "aws_db_option_group" "bar" { } } } -`, r, r) +`, r) } func testAccAWSDBOptionGroupOptionSettings_update(r string) string { diff --git a/aws/resource_aws_db_security_group_test.go b/aws/resource_aws_db_security_group_test.go index d82871b1e5b..119e54de222 100644 --- a/aws/resource_aws_db_security_group_test.go +++ b/aws/resource_aws_db_security_group_test.go @@ -21,6 +21,7 @@ func TestAccAWSDBSecurityGroup_basic(t *testing.T) { oldvar := os.Getenv("AWS_DEFAULT_REGION") os.Setenv("AWS_DEFAULT_REGION", "us-east-1") defer os.Setenv("AWS_DEFAULT_REGION", oldvar) + resourceName := "aws_db_security_group.test" rName := fmt.Sprintf("tf-acc-%s", acctest.RandString(5)) diff --git a/aws/resource_aws_rds_cluster_instance_test.go b/aws/resource_aws_rds_cluster_instance_test.go index a316c2a5d49..e55611268e0 100644 --- a/aws/resource_aws_rds_cluster_instance_test.go +++ b/aws/resource_aws_rds_cluster_instance_test.go @@ -858,6 +858,7 @@ func TestAccAWSRDSClusterInstance_CACertificateIdentifier(t *testing.T) { var dbInstance rds.DBInstance rName := acctest.RandomWithPrefix("tf-acc-test") resourceName := "aws_rds_cluster_instance.test" + dataSourceName := "data.aws_rds_certificate.latest" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -865,10 +866,10 @@ func TestAccAWSRDSClusterInstance_CACertificateIdentifier(t *testing.T) { CheckDestroy: testAccCheckAWSClusterDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSRDSClusterInstanceConfig_CACertificateIdentifier(rName, "rds-ca-2019"), + Config: testAccAWSRDSClusterInstanceConfig_CACertificateIdentifier(rName), Check: resource.ComposeTestCheckFunc( testAccCheckAWSClusterInstanceExists(resourceName, &dbInstance), - resource.TestCheckResourceAttr(resourceName, "ca_cert_identifier", "rds-ca-2019"), + resource.TestCheckResourceAttrPair(resourceName, "ca_cert_identifier", dataSourceName, "id"), ), }, { @@ -1640,7 +1641,7 @@ resource "aws_rds_cluster_instance" "cluster_instances" { `, n, f)) } -func testAccAWSRDSClusterInstanceConfig_CACertificateIdentifier(rName string, caCertificateIdentifier string) string { +func testAccAWSRDSClusterInstanceConfig_CACertificateIdentifier(rName string) string { return fmt.Sprintf(` resource "aws_rds_cluster" "test" { cluster_identifier = %[1]q @@ -1655,12 +1656,16 @@ data "aws_rds_orderable_db_instance" "test" { preferred_instance_classes = ["db.t3.small", "db.t2.small", "db.t3.medium"] } +data "aws_rds_certificate" "latest" { + latest_valid_till = true +} + resource "aws_rds_cluster_instance" "test" { apply_immediately = true cluster_identifier = aws_rds_cluster.test.id identifier = %[1]q instance_class = data.aws_rds_orderable_db_instance.test.instance_class - ca_cert_identifier = %[2]q + ca_cert_identifier = data.aws_rds_certificate.latest.id } -`, rName, caCertificateIdentifier) +`, rName) } diff --git a/website/docs/r/db_instance.html.markdown b/website/docs/r/db_instance.html.markdown index 9ea37c9d2df..0a973fbd8ed 100644 --- a/website/docs/r/db_instance.html.markdown +++ b/website/docs/r/db_instance.html.markdown @@ -239,7 +239,7 @@ This will not recreate the resource if the S3 object changes in some way. It's - `create` - (Default `40 minutes`) Used for Creating Instances, Replicas, and restoring from Snapshots. - `update` - (Default `80 minutes`) Used for Database modifications. -- `delete` - (Default `40 minutes`) Used for destroying databases. This includes +- `delete` - (Default `60 minutes`) Used for destroying databases. This includes the time required to take snapshots. [1]: