-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dynamodb/table_replica: Fix creation error when KMS #29102
Merged
Merged
Changes from all commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
bba2b93
dynamodb/table_replica: Fix creation error when KMS
YakDriver e5b8e7d
Add changelog
YakDriver ac8d206
Fix bugs to allow updates of CMK and PITR when CMK set
YakDriver e8d6f09
Update tests to cover what was broken
YakDriver d3f402d
Remove unnecessary change
YakDriver b5de36d
Remove unused
YakDriver 5fafa15
kms: Add default key by region finder
YakDriver 05729bc
dcos/dynamodb_table: Clarify kms_key_arn
YakDriver fef7275
docs/dynamodb_table_replica: Clarify kms_key_arn with defaults
YakDriver 9725b66
dynamodb/table_replica: Add tests for default keys
YakDriver 34b76a7
dynamodb/table: Add tests for default KMS keys, diffs
YakDriver 4b76251
dynamodb/table: Fix perpetual diffs with default keys
YakDriver ce215f9
dynamodb/table_replica: Improve default key handling
YakDriver b727762
Update changelog
YakDriver 39c0c2e
dynamodb/table: Check diffs for #25812
YakDriver fa65b51
Update changelog
YakDriver 4a4154b
Lint
YakDriver File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
```release-note:bug | ||
resource/aws_dynamodb_table: Fix to allow updating of `replica.*.point_in_time_recovery` when a `replica` has `kms_key_arn` set | ||
``` | ||
|
||
```release-note:bug | ||
resource/aws_dynamodb_table: Fix to allow updating of `replica.*.kms_key_arn` | ||
``` | ||
|
||
```release-note:bug | ||
resource/aws_dynamodb_table: Fix perpetual diffs when using default AWS-managed keys | ||
``` | ||
|
||
```release-note:note | ||
resource/aws_dynamodb_table: Updating `replica.*.kms_key_arn` or `replica.*.point_in_time_recovery`, when the `replica`'s `kms_key_arn` is set, requires recreating the replica. | ||
``` | ||
|
||
```release-note:note | ||
resource/aws_dynamodb_table_replica: Updating `kms_key_arn` forces replacement of the replica now as required to re-encrypt the replica | ||
``` | ||
|
||
```release-note:note | ||
resource/aws_dynamodb_table: In the past, in certain situations, `server_side_encryption.0.kms_key_arn` or `replica.*.kms_key_arn` could be populated with the default DynamoDB key `alias/aws/dynamodb`. This was an error because it would then be sent back to AWS and should not be. | ||
``` | ||
|
||
```release-note:note | ||
resource/aws_dynamodb_table: In the past, in certain situations, `kms_key_arn` could be populated with the default DynamoDB key `alias/aws/dynamodb`. This was an error because it would then be sent back to AWS and should not be. | ||
``` | ||
|
||
```release-note:note | ||
resource/aws_dynamodb_table_replica: Updating `kms_key_arn` forces replacement of the replica now as required to re-encrypt the replica | ||
``` | ||
|
||
```release-note:bug | ||
resource/aws_dynamodb_table_replica: Fix to allow updating of `kms_key_arn` | ||
``` | ||
|
||
```release-note:bug | ||
resource/aws_dynamodb_table_replica: Fix to allow creation of the replica without errors when `kms_key_arn` is set | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi! I'm using a default KMS key on DynamoDB, and recently I updated my AWS provider to include this change. However, I'm now seeing that Terraform keeps planning to delete/recreate my replica because it thinks the
kms_key_arn
is not set (and wants to set it to the default KMS key ARN). Could this change be related to that?