Merge pull request hashicorp#37056 from dstrates/feat/single-scram-se…

…cret-association feat: add support for single scram secret association
opentofu · Dec 11, 2024 · 759eabf · 759eabf
2 parents 73b6d66 + 8875e63
commit 759eabf
Show file tree

Hide file tree

Showing 9 changed files with 482 additions and 45 deletions.
diff --git a/.changelog/37056.txt b/.changelog/37056.txt
@@ -0,0 +1,3 @@
+```release-note:new-resource
+aws_msk_single_scram_secret_association
+```
diff --git a/internal/service/kafka/exports_test.go b/internal/service/kafka/exports_test.go
@@ -5,19 +5,21 @@ package kafka
 
 // Exports for use in tests only.
 var (
-	ResourceCluster                = resourceCluster
-	ResourceClusterPolicy          = resourceClusterPolicy
-	ResourceConfiguration          = resourceConfiguration
-	ResourceReplicator             = resourceReplicator
-	ResourceSCRAMSecretAssociation = resourceSCRAMSecretAssociation
-	ResourceServerlessCluster      = resourceServerlessCluster
-	ResourceVPCConnection          = resourceVPCConnection
+	ResourceCluster                      = resourceCluster
+	ResourceClusterPolicy                = resourceClusterPolicy
+	ResourceConfiguration                = resourceConfiguration
+	ResourceReplicator                   = resourceReplicator
+	ResourceSCRAMSecretAssociation       = resourceSCRAMSecretAssociation
+	ResourceSingleSCRAMSecretAssociation = newSingleSCRAMSecretAssociationResource
+	ResourceServerlessCluster            = resourceServerlessCluster
+	ResourceVPCConnection                = resourceVPCConnection
 
-	FindClusterByARN             = findClusterByARN
-	FindClusterPolicyByARN       = findClusterPolicyByARN
-	FindConfigurationByARN       = findConfigurationByARN
-	FindReplicatorByARN          = findReplicatorByARN
-	FindSCRAMSecretsByClusterARN = findSCRAMSecretsByClusterARN
-	FindServerlessClusterByARN   = findServerlessClusterByARN
-	FindVPCConnectionByARN       = findVPCConnectionByARN
+	FindClusterByARN                             = findClusterByARN
+	FindClusterPolicyByARN                       = findClusterPolicyByARN
+	FindConfigurationByARN                       = findConfigurationByARN
+	FindReplicatorByARN                          = findReplicatorByARN
+	FindSCRAMSecretAssociation                   = findSCRAMSecretAssociation
+	FindSingleSCRAMSecretAssociationByTwoPartKey = findSingleSCRAMSecretAssociationByTwoPartKey
+	FindServerlessClusterByARN                   = findServerlessClusterByARN
+	FindVPCConnectionByARN                       = findVPCConnectionByARN
 )
diff --git a/internal/service/kafka/scram_secret_association.go b/internal/service/kafka/scram_secret_association.go
@@ -28,7 +28,7 @@ const (
 	scramSecretBatchSize = 10
 )
 
-// @SDKResource("aws_msk_scram_secret_association", name="SCRAM Secret Association)
+// @SDKResource("aws_msk_scram_secret_association", name="SCRAM Secret Association")
 func resourceSCRAMSecretAssociation() *schema.Resource {
 	return &schema.Resource{
 		CreateWithoutTimeout: resourceSCRAMSecretAssociationCreate,
@@ -78,7 +78,7 @@ func resourceSCRAMSecretAssociationRead(ctx context.Context, d *schema.ResourceD
 	var diags diag.Diagnostics
 	conn := meta.(*conns.AWSClient).KafkaClient(ctx)
 
-	scramSecrets, err := findSCRAMSecretsByClusterARN(ctx, conn, d.Id())
+	scramSecrets, err := findSCRAMSecretAssociation(ctx, conn, d.Id())
 
 	if !d.IsNewResource() && tfresource.NotFound(err) {
 		log.Printf("[WARN] MSK SCRAM Secret Association (%s) not found, removing from state", d.Id())
@@ -135,10 +135,29 @@ func resourceSCRAMSecretAssociationDelete(ctx context.Context, d *schema.Resourc
 	return diags
 }
 
+func findSCRAMSecretAssociation(ctx context.Context, conn *kafka.Client, clusterARN string) ([]string, error) {
+	output, err := findSCRAMSecretsByClusterARN(ctx, conn, clusterARN)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if len(output) == 0 {
+		return nil, tfresource.NewEmptyResultError(nil)
+	}
+
+	return output, nil
+}
+
 func findSCRAMSecretsByClusterARN(ctx context.Context, conn *kafka.Client, clusterARN string) ([]string, error) {
 	input := &kafka.ListScramSecretsInput{
 		ClusterArn: aws.String(clusterARN),
 	}
+
+	return findSCRAMSecrets(ctx, conn, input)
+}
+
+func findSCRAMSecrets(ctx context.Context, conn *kafka.Client, input *kafka.ListScramSecretsInput) ([]string, error) {
 	var output []string
 
 	pages := kafka.NewListScramSecretsPaginator(conn, input)

diff --git a/internal/service/kafka/scram_secret_association_test.go b/internal/service/kafka/scram_secret_association_test.go
@@ -18,7 +18,7 @@ import (
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
-func TestAccKafkaScramSecretAssociation_basic(t *testing.T) {
+func TestAccKafkaSCRAMSecretAssociation_basic(t *testing.T) {
 	ctx := acctest.Context(t)
 	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
 	resourceName := "aws_msk_scram_secret_association.test"
@@ -29,12 +29,12 @@ func TestAccKafkaScramSecretAssociation_basic(t *testing.T) {
 		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) },
 		ErrorCheck:               acctest.ErrorCheck(t, names.KafkaServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
-		CheckDestroy:             testAccCheckScramSecretAssociationDestroy(ctx),
+		CheckDestroy:             testAccCheckSCRAMSecretAssociationDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccScramSecretAssociationConfig_basic(rName, 1),
+				Config: testAccSCRAMSecretAssociationConfig_basic(rName, 1),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckScramSecretAssociationExists(ctx, resourceName),
+					testAccCheckSCRAMSecretAssociationExists(ctx, resourceName),
 					resource.TestCheckResourceAttrPair(resourceName, "cluster_arn", clusterResourceName, names.AttrARN),
 					resource.TestCheckResourceAttr(resourceName, "secret_arn_list.#", "1"),
 					resource.TestCheckTypeSetElemAttrPair(resourceName, "secret_arn_list.*", secretResourceName, names.AttrARN),
@@ -49,7 +49,7 @@ func TestAccKafkaScramSecretAssociation_basic(t *testing.T) {
 	})
 }
 
-func TestAccKafkaScramSecretAssociation_update(t *testing.T) {
+func TestAccKafkaSCRAMSecretAssociation_update(t *testing.T) {
 	ctx := acctest.Context(t)
 	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
 	resourceName := "aws_msk_scram_secret_association.test"
@@ -61,28 +61,28 @@ func TestAccKafkaScramSecretAssociation_update(t *testing.T) {
 		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) },
 		ErrorCheck:               acctest.ErrorCheck(t, names.KafkaServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
-		CheckDestroy:             testAccCheckScramSecretAssociationDestroy(ctx),
+		CheckDestroy:             testAccCheckSCRAMSecretAssociationDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccScramSecretAssociationConfig_basic(rName, 1),
+				Config: testAccSCRAMSecretAssociationConfig_basic(rName, 1),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckScramSecretAssociationExists(ctx, resourceName),
+					testAccCheckSCRAMSecretAssociationExists(ctx, resourceName),
 				),
 			},
 			{
-				Config: testAccScramSecretAssociationConfig_basic(rName, 3),
+				Config: testAccSCRAMSecretAssociationConfig_basic(rName, 3),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckScramSecretAssociationExists(ctx, resourceName),
+					testAccCheckSCRAMSecretAssociationExists(ctx, resourceName),
 					resource.TestCheckResourceAttr(resourceName, "secret_arn_list.#", "3"),
 					resource.TestCheckTypeSetElemAttrPair(resourceName, "secret_arn_list.*", secretResourceName, names.AttrARN),
 					resource.TestCheckTypeSetElemAttrPair(resourceName, "secret_arn_list.*", secretResourceName2, names.AttrARN),
 					resource.TestCheckTypeSetElemAttrPair(resourceName, "secret_arn_list.*", secretResourceName3, names.AttrARN),
 				),
 			},
 			{
-				Config: testAccScramSecretAssociationConfig_basic(rName, 2),
+				Config: testAccSCRAMSecretAssociationConfig_basic(rName, 2),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckScramSecretAssociationExists(ctx, resourceName),
+					testAccCheckSCRAMSecretAssociationExists(ctx, resourceName),
 					resource.TestCheckResourceAttr(resourceName, "secret_arn_list.#", "2"),
 					resource.TestCheckTypeSetElemAttrPair(resourceName, "secret_arn_list.*", secretResourceName, names.AttrARN),
 					resource.TestCheckTypeSetElemAttrPair(resourceName, "secret_arn_list.*", secretResourceName2, names.AttrARN),
@@ -97,7 +97,7 @@ func TestAccKafkaScramSecretAssociation_update(t *testing.T) {
 	})
 }
 
-func TestAccKafkaScramSecretAssociation_disappears(t *testing.T) {
+func TestAccKafkaSCRAMSecretAssociation_disappears(t *testing.T) {
 	ctx := acctest.Context(t)
 	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
 	resourceName := "aws_msk_scram_secret_association.test"
@@ -106,12 +106,12 @@ func TestAccKafkaScramSecretAssociation_disappears(t *testing.T) {
 		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) },
 		ErrorCheck:               acctest.ErrorCheck(t, names.KafkaServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
-		CheckDestroy:             testAccCheckScramSecretAssociationDestroy(ctx),
+		CheckDestroy:             testAccCheckSCRAMSecretAssociationDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccScramSecretAssociationConfig_basic(rName, 1),
+				Config: testAccSCRAMSecretAssociationConfig_basic(rName, 1),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckScramSecretAssociationExists(ctx, resourceName),
+					testAccCheckSCRAMSecretAssociationExists(ctx, resourceName),
 					acctest.CheckResourceDisappears(ctx, acctest.Provider, tfkafka.ResourceSCRAMSecretAssociation(), resourceName),
 				),
 				ExpectNonEmptyPlan: true,
@@ -120,7 +120,7 @@ func TestAccKafkaScramSecretAssociation_disappears(t *testing.T) {
 	})
 }
 
-func TestAccKafkaScramSecretAssociation_Disappears_cluster(t *testing.T) {
+func TestAccKafkaSCRAMSecretAssociation_Disappears_cluster(t *testing.T) {
 	ctx := acctest.Context(t)
 	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
 	resourceName := "aws_msk_scram_secret_association.test"
@@ -130,12 +130,12 @@ func TestAccKafkaScramSecretAssociation_Disappears_cluster(t *testing.T) {
 		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) },
 		ErrorCheck:               acctest.ErrorCheck(t, names.KafkaServiceID),
 		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
-		CheckDestroy:             testAccCheckScramSecretAssociationDestroy(ctx),
+		CheckDestroy:             testAccCheckSCRAMSecretAssociationDestroy(ctx),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccScramSecretAssociationConfig_basic(rName, 1),
+				Config: testAccSCRAMSecretAssociationConfig_basic(rName, 1),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckScramSecretAssociationExists(ctx, resourceName),
+					testAccCheckSCRAMSecretAssociationExists(ctx, resourceName),
 					acctest.CheckResourceDisappears(ctx, acctest.Provider, tfkafka.ResourceCluster(), clusterResourceName),
 				),
 				ExpectNonEmptyPlan: true,
@@ -144,7 +144,7 @@ func TestAccKafkaScramSecretAssociation_Disappears_cluster(t *testing.T) {
 	})
 }
 
-func testAccCheckScramSecretAssociationDestroy(ctx context.Context) resource.TestCheckFunc {
+func testAccCheckSCRAMSecretAssociationDestroy(ctx context.Context) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		for _, rs := range s.RootModule().Resources {
 			if rs.Type != "aws_msk_scram_secret_association" {
@@ -153,7 +153,7 @@ func testAccCheckScramSecretAssociationDestroy(ctx context.Context) resource.Tes
 
 			conn := acctest.Provider.Meta().(*conns.AWSClient).KafkaClient(ctx)
 
-			_, err := tfkafka.FindSCRAMSecretsByClusterARN(ctx, conn, rs.Primary.ID)
+			_, err := tfkafka.FindSCRAMSecretAssociation(ctx, conn, rs.Primary.ID)
 
 			if tfresource.NotFound(err) {
 				continue
@@ -163,14 +163,14 @@ func testAccCheckScramSecretAssociationDestroy(ctx context.Context) resource.Tes
 				return err
 			}
 
-			return fmt.Errorf("MSK Cluster %s still exists", rs.Primary.ID)
+			return fmt.Errorf("MSK SCRAM Secret Association %s still exists", rs.Primary.ID)
 		}
 
 		return nil
 	}
 }
 
-func testAccCheckScramSecretAssociationExists(ctx context.Context, n string) resource.TestCheckFunc {
+func testAccCheckSCRAMSecretAssociationExists(ctx context.Context, n string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
 		if !ok {
@@ -179,13 +179,13 @@ func testAccCheckScramSecretAssociationExists(ctx context.Context, n string) res
 
 		conn := acctest.Provider.Meta().(*conns.AWSClient).KafkaClient(ctx)
 
-		_, err := tfkafka.FindSCRAMSecretsByClusterARN(ctx, conn, rs.Primary.ID)
+		_, err := tfkafka.FindSCRAMSecretAssociation(ctx, conn, rs.Primary.ID)
 
 		return err
 	}
 }
 
-func testAccScramSecretAssociationConfig_base(rName string, count int) string {
+func testAccSCRAMSecretAssociationConfig_base(rName string, count int) string {
 	return acctest.ConfigCompose(testAccClusterConfig_base(rName), fmt.Sprintf(`
 data "aws_partition" "current" {}
 
@@ -251,8 +251,8 @@ POLICY
 `, rName, count))
 }
 
-func testAccScramSecretAssociationConfig_basic(rName string, count int) string {
-	return acctest.ConfigCompose(testAccScramSecretAssociationConfig_base(rName, count), `
+func testAccSCRAMSecretAssociationConfig_basic(rName string, count int) string {
+	return acctest.ConfigCompose(testAccSCRAMSecretAssociationConfig_base(rName, count), `
 resource "aws_msk_scram_secret_association" "test" {
   cluster_arn     = aws_msk_cluster.test.arn
   secret_arn_list = aws_secretsmanager_secret.test[*].arn

diff --git a/internal/service/kafka/service_package_gen.go b/internal/service/kafka/service_package_gen.go