Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

r/aws_verifiedaccess_instance_logging_configuration #33864

Merged
merged 16 commits into from
Oct 11, 2023
Merged

r/aws_verifiedaccess_instance_logging_configuration #33864

merged 16 commits into from
Oct 11, 2023

Conversation

GlennChia
Copy link
Collaborator

@GlennChia GlennChia commented Oct 10, 2023
edited
Loading

Description

New resource: aws_verifiedaccess_instance_logging_configuration

Relations

Relates #29689

References

Output from Acceptance Testing

% make testacc TESTARGS='-run=TestAccVerifiedAccessInstanceLoggingConfiguration' PKG=ec2 ACCTEST_PARALLELISM=5
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 5  -run=TestAccVerifiedAccessInstanceLoggingConfiguration -timeout 360m
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsIncludeTrustContext
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsIncludeTrustContext
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsLogVersion
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsLogVersion
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogs
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogs
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsKinesisDataFirehose
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsKinesisDataFirehose
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsS3
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsS3
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogsKinesisDataFirehoseS3
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogsKinesisDataFirehoseS3
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_disappears
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_disappears
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsIncludeTrustContext
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsS3
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogs
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsKinesisDataFirehose
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsLogVersion
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsIncludeTrustContext (74.22s)
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogsKinesisDataFirehoseS3
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsLogVersion (75.46s)
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_disappears
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogs (76.73s)
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsS3 (92.69s)
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_disappears (33.08s)
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsKinesisDataFirehose (285.04s)
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogsKinesisDataFirehoseS3 (311.02s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/ec2        385.347s

...

Additional information

Default values per Instance

When Verified Access Instances are created, they come with a logging configuration with the following default values

{
    "LoggingConfigurations": [
        {
            "VerifiedAccessInstanceId": "vai-1234567890abcdef0",
            "AccessLogs": {
                "S3": {
                    "Enabled": false
                },
                "CloudWatchLogs": {
                    "Enabled": false
                },
                "KinesisDataFirehose": {
                    "Enabled": false
                },
                "LogVersion": "ocsf-1.0.0-rc.2",
                "IncludeTrustContext": false
            }
        }
    ]
}

Hence, when the aws_verifiedaccess_instance_logging_configuration resource is deleted, it should reset the logging configuration to the above

Value for bucket_owner

When S3 Logging configuration is set without a bucket_owner, the API will compute a value and return it. This presents issues when the S3 block is removed in Terraform. Removing it sets enabled to false but because there is still a bucket_owner value, the API returns an error The parameter AccessLogs.S3.BucketOwner cannot be used when AccessLogs.S3.Enabled is false

Hence, the expands function checks if enabled is first set to true before passing the value of bucket_owner. If enabled is false none of the other values matter and should not be passed to the API.

Value for ClientToken

ClientToken uses uuid, err := uuid.GenerateUUID() and aws.String(uuid) instead of aws.String(id.UniqueId()), because of Regex Validation on ClientToken specifically for the ModifyVerifiedAccessInstanceLoggingConfiguration API.

@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added size/XL Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. generators Relates to code generators. service/verifiedaccess Issues and PRs that pertain to the verifiedaccess service. labels Oct 10, 2023
@terraform-aws-provider terraform-aws-provider bot added needs-triage Waiting for first response or review from a maintainer. partner Contribution from a partner. labels Oct 10, 2023
@GlennChia GlennChia force-pushed the f-aws_verifiedaccess_instance_logging_configuration branch from f6eb067 to ee62d68 Compare October 10, 2023 14:33
@GlennChia GlennChia force-pushed the f-aws_verifiedaccess_instance_logging_configuration branch from ee62d68 to 95b4d19 Compare October 10, 2023 14:54
@ewbankkit ewbankkit added new-resource Introduces a new resource. and removed needs-triage Waiting for first response or review from a maintainer. labels Oct 11, 2023
@ewbankkit ewbankkit self-assigned this Oct 11, 2023
@terraform-aws-provider terraform-aws-provider bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Oct 11, 2023
ewbankkit
ewbankkit approved these changes Oct 11, 2023
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccVerifiedAccessInstanceLoggingConfiguration_' PKG=ec2 ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 2  -run=TestAccVerifiedAccessInstanceLoggingConfiguration_ -timeout 360m
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsIncludeTrustContext
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsIncludeTrustContext
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsLogVersion
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsLogVersion
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogs
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogs
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsKinesisDataFirehose
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsKinesisDataFirehose
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsS3
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsS3
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogsKinesisDataFirehoseS3
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogsKinesisDataFirehoseS3
=== RUN   TestAccVerifiedAccessInstanceLoggingConfiguration_disappears
=== PAUSE TestAccVerifiedAccessInstanceLoggingConfiguration_disappears
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsIncludeTrustContext
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsS3
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsIncludeTrustContext (51.94s)
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_disappears
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsS3 (60.81s)
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogs
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_disappears (24.77s)
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsKinesisDataFirehose
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogs (45.39s)
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogsKinesisDataFirehoseS3
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsKinesisDataFirehose (151.93s)
=== CONT  TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsLogVersion
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsLogVersion (50.41s)
--- PASS: TestAccVerifiedAccessInstanceLoggingConfiguration_accessLogsCloudWatchLogsKinesisDataFirehoseS3 (211.80s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	323.603s

@ewbankkit
Copy link
Contributor

@GlennChia Thanks for the contribution 🎉 👏.

@ewbankkit ewbankkit merged commit 51d8f74 into hashicorp:main Oct 11, 2023
@github-actions github-actions bot added this to the v5.21.0 milestone Oct 11, 2023
@github-actions
Copy link

This functionality has been released in v5.21.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@GlennChia GlennChia deleted the f-aws_verifiedaccess_instance_logging_configuration branch November 1, 2023 01:15
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 1, 2023

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 1, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees

@ewbankkit ewbankkit

Labels
documentation Introduces or discusses updates to documentation. generators Relates to code generators. new-resource Introduces a new resource. partner Contribution from a partner. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. service/verifiedaccess Issues and PRs that pertain to the verifiedaccess service. size/XL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v5.21.0
Development

Successfully merging this pull request may close these issues.
2 participants
@GlennChia @ewbankkit