From a48af8f9d66b5a6f30049dff337845191533457b Mon Sep 17 00:00:00 2001
From: Alex Pilon <apilon@hashicorp.com>
Date: Mon, 13 Jul 2020 22:10:05 -0400
Subject: [PATCH 1/5] Fix schema set errors

---
 aws/data_source_aws_lb.go                |  5 +++++
 aws/resource_aws_api_gateway_resource.go |  1 -
 aws/resource_aws_elasticsearch_domain.go | 10 ++++++++--
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/aws/data_source_aws_lb.go b/aws/data_source_aws_lb.go
index 6f5b35b448a9..f4e50c734f62 100644
--- a/aws/data_source_aws_lb.go
+++ b/aws/data_source_aws_lb.go
@@ -97,6 +97,11 @@ func dataSourceAwsLb() *schema.Resource {
 				Computed: true,
 			},
 
+			"enable_http2": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+
 			"idle_timeout": {
 				Type:     schema.TypeInt,
 				Computed: true,
diff --git a/aws/resource_aws_api_gateway_resource.go b/aws/resource_aws_api_gateway_resource.go
index e6961e9949a1..c44b09e0f533 100644
--- a/aws/resource_aws_api_gateway_resource.go
+++ b/aws/resource_aws_api_gateway_resource.go
@@ -25,7 +25,6 @@ func resourceAwsApiGatewayResource() *schema.Resource {
 				}
 				restApiID := idParts[0]
 				resourceID := idParts[1]
-				d.Set("request_validator_id", resourceID)
 				d.Set("rest_api_id", restApiID)
 				d.SetId(resourceID)
 				return []*schema.ResourceData{d}, nil
diff --git a/aws/resource_aws_elasticsearch_domain.go b/aws/resource_aws_elasticsearch_domain.go
index 18b2a5dffcf7..87ab5ec71e46 100644
--- a/aws/resource_aws_elasticsearch_domain.go
+++ b/aws/resource_aws_elasticsearch_domain.go
@@ -713,8 +713,14 @@ func resourceAwsElasticSearchDomainRead(d *schema.ResourceData, meta interface{}
 	// because DescribeElasticsearchDomainConfig does not return MasterUserOptions
 	if ds.AdvancedSecurityOptions != nil {
 		if _, ok := d.GetOk("advanced_security_options"); ok {
-			d.Set("advanced_security_options.0.enabled", ds.AdvancedSecurityOptions.Enabled)
-			d.Set("advanced_security_options.0.internal_user_database_enabled", ds.AdvancedSecurityOptions.InternalUserDatabaseEnabled)
+			if err := d.Set("advanced_security_options", []interface{}{
+				map[string]interface{}{
+					"enabled":                        ds.AdvancedSecurityOptions.Enabled,
+					"internal_user_database_enabled": ds.AdvancedSecurityOptions.InternalUserDatabaseEnabled,
+				},
+			}); err != nil {
+				return fmt.Errorf("error setting advanced_security_options: %w", err)
+			}
 		} else {
 			if err := d.Set("advanced_security_options", flattenAdvancedSecurityOptions(ds.AdvancedSecurityOptions)); err != nil {
 				return fmt.Errorf("error setting advanced_security_options: %w", err)

From e8e87f8dcb1a6daaab0abb666b72d84d2a6d3293 Mon Sep 17 00:00:00 2001
From: Alex Pilon <apilon@hashicorp.com>
Date: Wed, 15 Jul 2020 18:00:18 -0400
Subject: [PATCH 2/5] Fix wrong attribute

---
 aws/resource_aws_spot_instance_request.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/aws/resource_aws_spot_instance_request.go b/aws/resource_aws_spot_instance_request.go
index 94feefd17769..ad913180e214 100644
--- a/aws/resource_aws_spot_instance_request.go
+++ b/aws/resource_aws_spot_instance_request.go
@@ -349,7 +349,7 @@ func readInstance(d *schema.ResourceData, meta interface{}) error {
 			for _, ni := range instance.NetworkInterfaces {
 				if *ni.Attachment.DeviceIndex == 0 {
 					d.Set("subnet_id", ni.SubnetId)
-					d.Set("network_interface_id", ni.NetworkInterfaceId)
+					d.Set("primary_network_interface_id", ni.NetworkInterfaceId)
 					d.Set("associate_public_ip_address", ni.Association != nil)
 					d.Set("ipv6_address_count", len(ni.Ipv6Addresses))
 
@@ -360,7 +360,7 @@ func readInstance(d *schema.ResourceData, meta interface{}) error {
 			}
 		} else {
 			d.Set("subnet_id", instance.SubnetId)
-			d.Set("network_interface_id", "")
+			d.Set("primary_network_interface_id", "")
 		}
 
 		if err := d.Set("ipv6_addresses", ipv6Addresses); err != nil {

From 0c7936d2c10d4560a6a8ca9e259a911d006795f4 Mon Sep 17 00:00:00 2001
From: Alex Pilon <apilon@hashicorp.com>
Date: Wed, 15 Jul 2020 20:35:16 -0400
Subject: [PATCH 3/5] Fix type

---
 aws/resource_aws_lb_cookie_stickiness_policy.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/aws/resource_aws_lb_cookie_stickiness_policy.go b/aws/resource_aws_lb_cookie_stickiness_policy.go
index 77fad73af6f1..a50ba3550ba8 100644
--- a/aws/resource_aws_lb_cookie_stickiness_policy.go
+++ b/aws/resource_aws_lb_cookie_stickiness_policy.go
@@ -138,7 +138,11 @@ func resourceAwsLBCookieStickinessPolicyRead(d *schema.ResourceData, meta interf
 
 	d.Set("name", policyName)
 	d.Set("load_balancer", lbName)
-	d.Set("lb_port", lbPort)
+	lbPortInt, err := strconv.Atoi(lbPort)
+	if err != nil {
+		return err
+	}
+	d.Set("lb_port", lbPortInt)
 
 	return nil
 }

From e46502fa435548a255d81118c22271d2cb2527a2 Mon Sep 17 00:00:00 2001
From: Alex Pilon <apilon@hashicorp.com>
Date: Wed, 15 Jul 2020 21:41:38 -0400
Subject: [PATCH 4/5] Flatten ssm parameters

---
 aws/resource_aws_ssm_association.go |  5 ++++-
 aws/structure.go                    | 14 ++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/aws/resource_aws_ssm_association.go b/aws/resource_aws_ssm_association.go
index f1bef11c91b9..7065b409f123 100644
--- a/aws/resource_aws_ssm_association.go
+++ b/aws/resource_aws_ssm_association.go
@@ -218,7 +218,6 @@ func resourceAwsSsmAssociationRead(d *schema.ResourceData, meta interface{}) err
 	d.Set("association_name", association.AssociationName)
 	d.Set("instance_id", association.InstanceId)
 	d.Set("name", association.Name)
-	d.Set("parameters", association.Parameters)
 	d.Set("association_id", association.AssociationId)
 	d.Set("schedule_expression", association.ScheduleExpression)
 	d.Set("document_version", association.DocumentVersion)
@@ -227,6 +226,10 @@ func resourceAwsSsmAssociationRead(d *schema.ResourceData, meta interface{}) err
 	d.Set("max_errors", association.MaxErrors)
 	d.Set("automation_target_parameter_name", association.AutomationTargetParameterName)
 
+	if err := d.Set("parameters", flattenAwsSsmParameters(association.Parameters)); err != nil {
+		return err
+	}
+
 	if err := d.Set("targets", flattenAwsSsmTargets(association.Targets)); err != nil {
 		return fmt.Errorf("Error setting targets error: %#v", err)
 	}
diff --git a/aws/structure.go b/aws/structure.go
index b3870b868c51..4acd6c15d8a1 100644
--- a/aws/structure.go
+++ b/aws/structure.go
@@ -3262,6 +3262,20 @@ func expandAwsSsmTargets(in []interface{}) []*ssm.Target {
 	return targets
 }
 
+func flattenAwsSsmParameters(parameters map[string][]*string) map[string]string {
+	result := make(map[string]string)
+	for p, values := range parameters {
+		var vs []string
+		for _, vPtr := range values {
+			if v := aws.StringValue(vPtr); v != "" {
+				vs = append(vs, v)
+			}
+		}
+		result[p] = strings.Join(vs, ",")
+	}
+	return result
+}
+
 func flattenAwsSsmTargets(targets []*ssm.Target) []map[string]interface{} {
 	if len(targets) == 0 {
 		return nil

From 957982ad1258efaaa7e836affb271417a1832c0b Mon Sep 17 00:00:00 2001
From: angie pinilla <angelinepinilla@gmail.com>
Date: Thu, 16 Jul 2020 13:06:26 -0400
Subject: [PATCH 5/5] resource/elasticsearch_domain: update method to set
 advanced_security_options  (#14198)

* set advanced security options only if enabled

* refactor and set values depending on enabled field
---
 aws/elasticsearch_domain_structure.go    | 34 +++++++++++++++++++++---
 aws/resource_aws_elasticsearch_domain.go | 27 +++++++++----------
 2 files changed, 43 insertions(+), 18 deletions(-)

diff --git a/aws/elasticsearch_domain_structure.go b/aws/elasticsearch_domain_structure.go
index fe256aec57a4..426b7c8f50c8 100644
--- a/aws/elasticsearch_domain_structure.go
+++ b/aws/elasticsearch_domain_structure.go
@@ -3,6 +3,7 @@ package aws
 import (
 	"github.com/aws/aws-sdk-go/aws"
 	elasticsearch "github.com/aws/aws-sdk-go/service/elasticsearchservice"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 )
 
 func expandAdvancedSecurityOptions(m []interface{}) *elasticsearch.AdvancedSecurityOptionsInput {
@@ -48,10 +49,37 @@ func flattenAdvancedSecurityOptions(advancedSecurityOptions *elasticsearch.Advan
 		return []map[string]interface{}{}
 	}
 
-	m := map[string]interface{}{
-		"enabled":                        aws.BoolValue(advancedSecurityOptions.Enabled),
-		"internal_user_database_enabled": aws.BoolValue(advancedSecurityOptions.InternalUserDatabaseEnabled),
+	m := map[string]interface{}{}
+	m["enabled"] = aws.BoolValue(advancedSecurityOptions.Enabled)
+	if aws.BoolValue(advancedSecurityOptions.Enabled) {
+		m["internal_user_database_enabled"] = aws.BoolValue(advancedSecurityOptions.InternalUserDatabaseEnabled)
 	}
 
 	return []map[string]interface{}{m}
 }
+
+func getMasterUserOptions(d *schema.ResourceData) []interface{} {
+	if v, ok := d.GetOk("advanced_security_options"); ok {
+		options := v.([]interface{})
+		if len(options) > 0 && options[0] != nil {
+			m := options[0].(map[string]interface{})
+			if opts, ok := m["master_user_options"]; ok {
+				return opts.([]interface{})
+			}
+		}
+	}
+	return []interface{}{}
+}
+
+func getUserDBEnabled(d *schema.ResourceData) bool {
+	if v, ok := d.GetOk("advanced_security_options"); ok {
+		options := v.([]interface{})
+		if len(options) > 0 && options[0] != nil {
+			m := options[0].(map[string]interface{})
+			if enabled, ok := m["internal_user_database_enabled"]; ok {
+				return enabled.(bool)
+			}
+		}
+	}
+	return false
+}
diff --git a/aws/resource_aws_elasticsearch_domain.go b/aws/resource_aws_elasticsearch_domain.go
index 87ab5ec71e46..ec9fb1afcb43 100644
--- a/aws/resource_aws_elasticsearch_domain.go
+++ b/aws/resource_aws_elasticsearch_domain.go
@@ -709,22 +709,19 @@ func resourceAwsElasticSearchDomainRead(d *schema.ResourceData, meta interface{}
 		return err
 	}
 
-	// Use AdvancedSecurityOptions from resource if possible
-	// because DescribeElasticsearchDomainConfig does not return MasterUserOptions
+	// Populate AdvancedSecurityOptions with values returned from
+	// DescribeElasticsearchDomainConfig, if enabled, else use
+	// values from resource; additionally, append MasterUserOptions
+	// from resource as they are not returned from the API
 	if ds.AdvancedSecurityOptions != nil {
-		if _, ok := d.GetOk("advanced_security_options"); ok {
-			if err := d.Set("advanced_security_options", []interface{}{
-				map[string]interface{}{
-					"enabled":                        ds.AdvancedSecurityOptions.Enabled,
-					"internal_user_database_enabled": ds.AdvancedSecurityOptions.InternalUserDatabaseEnabled,
-				},
-			}); err != nil {
-				return fmt.Errorf("error setting advanced_security_options: %w", err)
-			}
-		} else {
-			if err := d.Set("advanced_security_options", flattenAdvancedSecurityOptions(ds.AdvancedSecurityOptions)); err != nil {
-				return fmt.Errorf("error setting advanced_security_options: %w", err)
-			}
+		advSecOpts := flattenAdvancedSecurityOptions(ds.AdvancedSecurityOptions)
+		if !aws.BoolValue(ds.AdvancedSecurityOptions.Enabled) {
+			advSecOpts[0]["internal_user_database_enabled"] = getUserDBEnabled(d)
+		}
+		advSecOpts[0]["master_user_options"] = getMasterUserOptions(d)
+
+		if err := d.Set("advanced_security_options", advSecOpts); err != nil {
+			return fmt.Errorf("error setting advanced_security_options: %w", err)
 		}
 	}