Merge tag 'v3.19.0'

coveooss · Dec 2, 2020 · 3494a53 · 3494a53
2 parents e1fbfb5 + 8d85407
commit 3494a53
Show file tree

Hide file tree

Showing 103 changed files with 3,381 additions and 3,874 deletions.
diff --git a/.hashibot.hcl b/.hashibot.hcl
@@ -514,6 +514,9 @@ behavior "regexp_issue_labeler_v2" "service_labels" {
     "service/securityhub" = [
       "aws_securityhub_",
     ],
+    "service/serverlessapplicationrepository" = [
+      "aws_serverlessapplicationrepository_",
+    ],
     "service/servicecatalog" = [
       "aws_servicecatalog_",
     ],
@@ -1389,6 +1392,11 @@ behavior "pull_request_path_labeler" "service_labels" {
       "**/*_securityhub_*",
       "**/securityhub_*"
     ]
+    "service/serverlessapplicationrepository" = [
+      "aws/internal/service/serverlessapplicationrepository/**/*",
+      "**/*_serverlessapplicationrepository_*",
+      "**/serverlessapplicationrepository_*"
+    ]
     "service/servicecatalog" = [
       "aws/internal/service/servicecatalog/**/*",
       "**/*_servicecatalog_*",

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,25 @@
+## 3.19.0 (December 01, 2020)
+
+FEATURES
+
+* **New Data Source:** `aws_glue_registry` ([#16418](https://github.com/hashicorp/terraform-provider-aws/issues/16418))
+
+ENHANCEMENTS
+
+* resource/aws_apigatewayv2_domain_name: Add `mutual_tls_authentication` attribute to support mutual TLS authentication ([#15249](https://github.com/hashicorp/terraform-provider-aws/issues/15249))
+* resource/aws_appmesh_virtual_gateway: Add `listener.connection_pool` attribute ([#16168](https://github.com/hashicorp/terraform-provider-aws/issues/16168))
+* data-source/aws_eks_cluster: add `kubernetes_network_config` attribute ([#15518](https://github.com/hashicorp/terraform-provider-aws/issues/15518))
+* resource/aws_storagegateway_smb_file_share - add support for `notification_policy` and `access_based_enumeration`. ([#16414](https://github.com/hashicorp/terraform-provider-aws/issues/16414))
+* resource/aws_storagegateway_smb_file_share - add plan time validation to `invalid_user_list` and `valid_user_list`. ([#16414](https://github.com/hashicorp/terraform-provider-aws/issues/16414))
+* resource/aws_cognito_user_pool: add support for account recovery setting. ([#12444](https://github.com/hashicorp/terraform-provider-aws/issues/12444))
+* resource/aws_eks_cluster: add `kubernetes_network_config` argument ([#15518](https://github.com/hashicorp/terraform-provider-aws/issues/15518))
+* resource/aws_eks_node_group: Add `capacity_type` argument and support multiple `instance_types` (Support Spot Node Groups) ([#16510](https://github.com/hashicorp/terraform-provider-aws/issues/16510))
+* resource/aws_lambda_function: Add support for Container Images ([#16512](https://github.com/hashicorp/terraform-provider-aws/issues/16512))
+
+BUG FIXES
+
+* resource/aws_fsx_windows_file_system: Prevent potential panics, unexpected errors, and use correct operation timeout on update ([#16488](https://github.com/hashicorp/terraform-provider-aws/issues/16488))
+
 ## 3.18.0 (November 25, 2020)
 
 FEATURES

diff --git a/aws/data_source_aws_eks_cluster.go b/aws/data_source_aws_eks_cluster.go
@@ -66,6 +66,18 @@ func dataSourceAwsEksCluster() *schema.Resource {
 					},
 				},
 			},
+			"kubernetes_network_config": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"service_ipv4_cidr": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
 			"name": {
 				Type:         schema.TypeString,
 				Required:     true,
@@ -184,5 +196,9 @@ func dataSourceAwsEksClusterRead(d *schema.ResourceData, meta interface{}) error
 		return fmt.Errorf("error setting vpc_config: %s", err)
 	}
 
+	if err := d.Set("kubernetes_network_config", flattenEksNetworkConfig(cluster.KubernetesNetworkConfig)); err != nil {
+		return fmt.Errorf("error setting kubernetes_network_config: %w", err)
+	}
+
 	return nil
 }
diff --git a/aws/data_source_aws_eks_cluster_test.go b/aws/data_source_aws_eks_cluster_test.go
@@ -7,7 +7,6 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
-	"github.com/terraform-providers/terraform-provider-aws/aws/internal/tfawsresource"
 )
 
 func TestAccAWSEksClusterDataSource_basic(t *testing.T) {
@@ -28,12 +27,14 @@ func TestAccAWSEksClusterDataSource_basic(t *testing.T) {
 					resource.TestCheckResourceAttrPair(resourceName, "certificate_authority.0.data", dataSourceResourceName, "certificate_authority.0.data"),
 					resource.TestCheckResourceAttrPair(resourceName, "created_at", dataSourceResourceName, "created_at"),
 					resource.TestCheckResourceAttr(dataSourceResourceName, "enabled_cluster_log_types.#", "2"),
-					tfawsresource.TestCheckTypeSetElemAttr(dataSourceResourceName, "enabled_cluster_log_types.*", "api"),
-					tfawsresource.TestCheckTypeSetElemAttr(dataSourceResourceName, "enabled_cluster_log_types.*", "audit"),
+					resource.TestCheckTypeSetElemAttr(dataSourceResourceName, "enabled_cluster_log_types.*", "api"),
+					resource.TestCheckTypeSetElemAttr(dataSourceResourceName, "enabled_cluster_log_types.*", "audit"),
 					resource.TestCheckResourceAttrPair(resourceName, "endpoint", dataSourceResourceName, "endpoint"),
 					resource.TestCheckResourceAttrPair(resourceName, "identity.#", dataSourceResourceName, "identity.#"),
 					resource.TestCheckResourceAttrPair(resourceName, "identity.0.oidc.#", dataSourceResourceName, "identity.0.oidc.#"),
 					resource.TestCheckResourceAttrPair(resourceName, "identity.0.oidc.0.issuer", dataSourceResourceName, "identity.0.oidc.0.issuer"),
+					resource.TestCheckResourceAttrPair(resourceName, "kubernetes_network_config.#", dataSourceResourceName, "kubernetes_network_config.#"),
+					resource.TestCheckResourceAttrPair(resourceName, "kubernetes_network_config.0.service_ipv4_cidr", dataSourceResourceName, "kubernetes_network_config.0.service_ipv4_cidr"),
 					resource.TestMatchResourceAttr(dataSourceResourceName, "platform_version", regexp.MustCompile(`^eks\.\d+$`)),
 					resource.TestCheckResourceAttrPair(resourceName, "role_arn", dataSourceResourceName, "role_arn"),
 					resource.TestCheckResourceAttrPair(resourceName, "status", dataSourceResourceName, "status"),

diff --git a/aws/data_source_aws_route53_resolver_rules_test.go b/aws/data_source_aws_route53_resolver_rules_test.go
@@ -6,7 +6,6 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
-	"github.com/terraform-providers/terraform-provider-aws/aws/internal/tfawsresource"
 )
 
 func TestAccDataSourceAwsRoute53ResolverRules_basic(t *testing.T) {
@@ -20,7 +19,7 @@ func TestAccDataSourceAwsRoute53ResolverRules_basic(t *testing.T) {
 				Config: testAccDataSourceAwsRoute53ResolverRules_basic,
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(dsResourceName, "resolver_rule_ids.#", "1"),
-					tfawsresource.TestCheckTypeSetElemAttr(dsResourceName, "resolver_rule_ids.*", "rslvr-autodefined-rr-internet-resolver"),
+					resource.TestCheckTypeSetElemAttr(dsResourceName, "resolver_rule_ids.*", "rslvr-autodefined-rr-internet-resolver"),
 				),
 			},
 		},

diff --git a/aws/data_source_aws_serverlessapplicationrepository_application_test.go b/aws/data_source_aws_serverlessapplicationrepository_application_test.go
@@ -7,7 +7,6 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
-	"github.com/terraform-providers/terraform-provider-aws/aws/internal/tfawsresource"
 )
 
 func TestAccDataSourceAwsServerlessApplicationRepositoryApplication_Basic(t *testing.T) {
@@ -67,8 +66,8 @@ func TestAccDataSourceAwsServerlessApplicationRepositoryApplication_Versioned(t
 					resource.TestCheckResourceAttrSet(datasourceName, "source_code_url"),
 					resource.TestCheckResourceAttrSet(datasourceName, "template_url"),
 					resource.TestCheckResourceAttr(datasourceName, "required_capabilities.#", "2"),
-					tfawsresource.TestCheckTypeSetElemAttr(datasourceName, "required_capabilities.*", "CAPABILITY_IAM"),
-					tfawsresource.TestCheckTypeSetElemAttr(datasourceName, "required_capabilities.*", "CAPABILITY_RESOURCE_POLICY"),
+					resource.TestCheckTypeSetElemAttr(datasourceName, "required_capabilities.*", "CAPABILITY_IAM"),
+					resource.TestCheckTypeSetElemAttr(datasourceName, "required_capabilities.*", "CAPABILITY_RESOURCE_POLICY"),
 				),
 			},
 			{

diff --git a/aws/fsx.go b/aws/fsx.go
@@ -48,7 +48,7 @@ func refreshFsxFileSystemLifecycle(conn *fsx.FSx, id string) resource.StateRefre
 	}
 }
 
-func refreshFsxFileSystemLifecycleOptimizing(conn *fsx.FSx, id string) resource.StateRefreshFunc {
+func refreshFsxFileSystemAdministrativeActionsStatusFileSystemUpdate(conn *fsx.FSx, id string) resource.StateRefreshFunc {
 	return func() (interface{}, string, error) {
 		filesystem, err := describeFsxFileSystem(conn, id)
 
@@ -64,7 +64,17 @@ func refreshFsxFileSystemLifecycleOptimizing(conn *fsx.FSx, id string) resource.
 			return nil, "", nil
 		}
 
-		return filesystem, aws.StringValue(filesystem.AdministrativeActions[0].Status), nil
+		for _, administrativeAction := range filesystem.AdministrativeActions {
+			if administrativeAction == nil {
+				continue
+			}
+
+			if aws.StringValue(administrativeAction.AdministrativeActionType) == fsx.AdministrativeActionTypeFileSystemUpdate {
+				return filesystem, aws.StringValue(administrativeAction.Status), nil
+			}
+		}
+
+		return filesystem, fsx.StatusCompleted, nil
 	}
 }
 
@@ -110,14 +120,17 @@ func waitForFsxFileSystemUpdate(conn *fsx.FSx, id string, timeout time.Duration)
 	return err
 }
 
-func waitForFsxFileSystemUpdateOptimizing(conn *fsx.FSx, id string, timeout time.Duration) error {
+func waitForFsxFileSystemUpdateAdministrativeActionsStatusFileSystemUpdate(conn *fsx.FSx, id string, timeout time.Duration) error {
 	stateConf := &resource.StateChangeConf{
-		Pending: []string{fsx.StatusInProgress},
+		Pending: []string{
+			fsx.StatusInProgress,
+			fsx.StatusPending,
+		},
 		Target: []string{
 			fsx.StatusCompleted,
 			fsx.StatusUpdatedOptimizing,
 		},
-		Refresh: refreshFsxFileSystemLifecycleOptimizing(conn, id),
+		Refresh: refreshFsxFileSystemAdministrativeActionsStatusFileSystemUpdate(conn, id),
 		Timeout: timeout,
 		Delay:   30 * time.Second,
 	}

diff --git a/aws/internal/service/glue/finder/finder.go b/aws/internal/service/glue/finder/finder.go
@@ -0,0 +1,20 @@
+package finder
+
+import (
+	"github.com/aws/aws-sdk-go/service/glue"
+	tfglue "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/glue"
+)
+
+// RegistryByID returns the Registry corresponding to the specified ID.
+func RegistryByID(conn *glue.Glue, id string) (*glue.GetRegistryOutput, error) {
+	input := &glue.GetRegistryInput{
+		RegistryId: tfglue.CreateAwsGlueRegistryID(id),
+	}
+
+	output, err := conn.GetRegistry(input)
+	if err != nil {
+		return nil, err
+	}
+
+	return output, nil
+}
diff --git a/aws/internal/service/glue/id.go b/aws/internal/service/glue/id.go
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/glue"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
@@ -30,3 +32,9 @@ func stringifyAwsGluePartition(partValues *schema.Set) string {
 
 	return vals
 }
+
+func CreateAwsGlueRegistryID(id string) *glue.RegistryId {
+	return &glue.RegistryId{
+		RegistryArn: aws.String(id),
+	}
+}
diff --git a/aws/internal/service/glue/waiter/status.go b/aws/internal/service/glue/waiter/status.go
@@ -7,10 +7,12 @@ import (
 	"github.com/aws/aws-sdk-go/service/glue"
 	"github.com/hashicorp/aws-sdk-go-base/tfawserr"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/glue/finder"
 )
 
 const (
 	MLTransformStatusUnknown = "Unknown"
+	RegistryStatusUnknown    = "Unknown"
 	TriggerStatusUnknown     = "Unknown"
 )
 
@@ -35,6 +37,22 @@ func MLTransformStatus(conn *glue.Glue, transformId string) resource.StateRefres
 	}
 }
 
+// RegistryStatus fetches the Registry and its Status
+func RegistryStatus(conn *glue.Glue, id string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		output, err := finder.RegistryByID(conn, id)
+		if err != nil {
+			return nil, RegistryStatusUnknown, err
+		}
+
+		if output == nil {
+			return output, RegistryStatusUnknown, nil
+		}
+
+		return output, aws.StringValue(output.Status), nil
+	}
+}
+
 // TriggerStatus fetches the Trigger and its Status
 func TriggerStatus(conn *glue.Glue, triggerName string) resource.StateRefreshFunc {
 	return func() (interface{}, string, error) {

diff --git a/aws/internal/service/glue/waiter/waiter.go b/aws/internal/service/glue/waiter/waiter.go
@@ -10,6 +10,7 @@ import (
 const (
 	// Maximum amount of time to wait for an Operation to return Deleted
 	MLTransformDeleteTimeout = 2 * time.Minute
+	RegistryDeleteTimeout    = 2 * time.Minute
 	TriggerCreateTimeout     = 2 * time.Minute
 	TriggerDeleteTimeout     = 2 * time.Minute
 )
@@ -32,6 +33,24 @@ func MLTransformDeleted(conn *glue.Glue, transformId string) (*glue.GetMLTransfo
 	return nil, err
 }
 
+// RegistryDeleted waits for a Registry to return Deleted
+func RegistryDeleted(conn *glue.Glue, registryID string) (*glue.GetRegistryOutput, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{glue.RegistryStatusDeleting},
+		Target:  []string{},
+		Refresh: RegistryStatus(conn, registryID),
+		Timeout: RegistryDeleteTimeout,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if output, ok := outputRaw.(*glue.GetRegistryOutput); ok {
+		return output, err
+	}
+
+	return nil, err
+}
+
 // TriggerCreated waits for a Trigger to return Created
 func TriggerCreated(conn *glue.Glue, triggerName string) (*glue.GetTriggerOutput, error) {
 	stateConf := &resource.StateChangeConf{

diff --git a/aws/internal/service/storagegateway/waiter/status.go b/aws/internal/service/storagegateway/waiter/status.go
@@ -15,6 +15,8 @@ const (
 	StoredIscsiVolumeStatusUnknown  = "Unknown"
 	NfsFileShareStatusNotFound      = "NotFound"
 	NfsFileShareStatusUnknown       = "Unknown"
+	SmbFileShareStatusNotFound      = "NotFound"
+	SmbFileShareStatusUnknown       = "Unknown"
 )
 
 // StoredIscsiVolumeStatus fetches the Volume and its Status
@@ -67,3 +69,28 @@ func NfsFileShareStatus(conn *storagegateway.StorageGateway, fileShareArn string
 		return fileshare, aws.StringValue(fileshare.FileShareStatus), nil
 	}
 }
+
+func SmbFileShareStatus(conn *storagegateway.StorageGateway, fileShareArn string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		input := &storagegateway.DescribeSMBFileSharesInput{
+			FileShareARNList: []*string{aws.String(fileShareArn)},
+		}
+
+		log.Printf("[DEBUG] Reading Storage Gateway SMB File Share: %s", input)
+		output, err := conn.DescribeSMBFileShares(input)
+		if err != nil {
+			if tfawserr.ErrMessageContains(err, storagegateway.ErrCodeInvalidGatewayRequestException, "The specified file share was not found.") {
+				return nil, SmbFileShareStatusNotFound, nil
+			}
+			return nil, SmbFileShareStatusUnknown, fmt.Errorf("error reading Storage Gateway SMB File Share: %w", err)
+		}
+
+		if output == nil || len(output.SMBFileShareInfoList) == 0 || output.SMBFileShareInfoList[0] == nil {
+			return nil, SmbFileShareStatusNotFound, nil
+		}
+
+		fileshare := output.SMBFileShareInfoList[0]
+
+		return fileshare, aws.StringValue(fileshare.FileShareStatus), nil
+	}
+}
diff --git a/aws/internal/service/storagegateway/waiter/waiter.go b/aws/internal/service/storagegateway/waiter/waiter.go
@@ -11,6 +11,8 @@ const (
 	StoredIscsiVolumeAvailableTimeout = 5 * time.Minute
 	NfsFileShareAvailableDelay        = 5 * time.Second
 	NfsFileShareDeletedDelay          = 5 * time.Second
+	SmbFileShareAvailableDelay        = 5 * time.Second
+	SmbFileShareDeletedDelay          = 5 * time.Second
 )
 
 // StoredIscsiVolumeAvailable waits for a StoredIscsiVolume to return Available
@@ -68,3 +70,41 @@ func NfsFileShareDeleted(conn *storagegateway.StorageGateway, fileShareArn strin
 
 	return nil, err
 }
+
+// SmbFileShareAvailable waits for a SMB File Share to return Available
+func SmbFileShareAvailable(conn *storagegateway.StorageGateway, fileShareArn string, timeout time.Duration) (*storagegateway.SMBFileShareInfo, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending: []string{"CREATING", "UPDATING"},
+		Target:  []string{"AVAILABLE"},
+		Refresh: SmbFileShareStatus(conn, fileShareArn),
+		Timeout: timeout,
+		Delay:   SmbFileShareAvailableDelay,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if output, ok := outputRaw.(*storagegateway.SMBFileShareInfo); ok {
+		return output, err
+	}
+
+	return nil, err
+}
+
+func SmbFileShareDeleted(conn *storagegateway.StorageGateway, fileShareArn string, timeout time.Duration) (*storagegateway.SMBFileShareInfo, error) {
+	stateConf := &resource.StateChangeConf{
+		Pending:        []string{"AVAILABLE", "DELETING", "FORCE_DELETING"},
+		Target:         []string{},
+		Refresh:        SmbFileShareStatus(conn, fileShareArn),
+		Timeout:        timeout,
+		Delay:          SmbFileShareDeletedDelay,
+		NotFoundChecks: 1,
+	}
+
+	outputRaw, err := stateConf.WaitForState()
+
+	if output, ok := outputRaw.(*storagegateway.SMBFileShareInfo); ok {
+		return output, err
+	}
+
+	return nil, err
+}