Skip to content

r/aws_docdb_cluster: add support for manage_master_user_password argument #42563

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
May 12, 2025
Merged

r/aws_docdb_cluster: add support for manage_master_user_password argument #42563

merged 12 commits into from
May 12, 2025

Conversation

badmintoncryer
Copy link
Contributor

@badmintoncryer badmintoncryer commented May 10, 2025
edited
Loading

Description

This PR adds support for the manage_master_user_password argument to the aws_docdb_cluster resource, allowing users to manage their DocumentDB master user password through AWS Secrets Manager rather than storing it as plaintext in Terraform state.

  • Added the manage_master_user_password boolean parameter to the resource schema (defaults to false)
  • Added a computed master_user_secret attribute that returns information about the secret in Secrets Manager when enabled
  • Updated validation logic to make master_password optional when manage_master_user_password is set to true

Relations

Closes #41115

References

Output from Acceptance Testing

make testacc TESTS=TestAccDocDBCluster_manageMasterUserPassword PKG=docdb
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.8 test ./internal/service/docdb/... -v -count 1 -parallel 20 -run='TestAccDocDBCluster_manageMasterUserPassword'  -timeout 360m -vet=off
2025/05/10 22:58:35 Initializing Terraform AWS Provider...
=== RUN   TestAccDocDBCluster_manageMasterUserPassword
=== PAUSE TestAccDocDBCluster_manageMasterUserPassword
=== CONT  TestAccDocDBCluster_manageMasterUserPassword
--- PASS: TestAccDocDBCluster_manageMasterUserPassword (176.32s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/docdb  183.811s

@badmintoncryer badmintoncryer requested a review from a team as a code owner May 10, 2025 14:20
@github-actions GitHub Actions
Copy link

Community Guidelines

This comment is added to every new Pull Request to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

  • Please vote on this Pull Request by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
  • Please see our prioritization guide for additional information on how the maintainers handle prioritization.
  • Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Pull Request and do not help prioritize the request.

Pull Request Authors

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions GitHub Actions
Copy link

github-actions bot commented May 10, 2025
edited
Loading

✅ Thank you for correcting the previously detected issues! The maintainers appreciate your efforts to make the review process as smooth as possible.

@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/docdb Issues and PRs that pertain to the docdb service. size/M Managed by automation to categorize the size of a PR. labels May 10, 2025
@badmintoncryer badmintoncryer changed the title Manage master user password r/aws_docdb_cluster: add support for mange_master_user_password argument May 10, 2025
@ewbankkit ewbankkit added enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels May 11, 2025
@ewbankkit ewbankkit self-assigned this May 11, 2025
@github-actions github-actions bot added size/L Managed by automation to categorize the size of a PR. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. and removed size/M Managed by automation to categorize the size of a PR. labels May 11, 2025
ewbankkit
ewbankkit previously approved these changes May 11, 2025
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% ACCTEST_TIMEOUT=720m make testacc TESTARGS='-run=TestAccDocDBCluster_' PKG=docdb ACCTEST_PARALLELISM=3
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.8 test ./internal/service/docdb/... -v -count 1 -parallel 3  -run=TestAccDocDBCluster_ -timeout 720m -vet=off
2025/05/11 17:16:37 Initializing Terraform AWS Provider...
=== RUN   TestAccDocDBCluster_basic
=== PAUSE TestAccDocDBCluster_basic
=== RUN   TestAccDocDBCluster_disappears
=== PAUSE TestAccDocDBCluster_disappears
=== RUN   TestAccDocDBCluster_identifierGenerated
=== PAUSE TestAccDocDBCluster_identifierGenerated
=== RUN   TestAccDocDBCluster_identifierPrefix
=== PAUSE TestAccDocDBCluster_identifierPrefix
=== RUN   TestAccDocDBCluster_tags
=== PAUSE TestAccDocDBCluster_tags
=== RUN   TestAccDocDBCluster_takeFinalSnapshot
=== PAUSE TestAccDocDBCluster_takeFinalSnapshot
=== RUN   TestAccDocDBCluster_missingUserNameCausesError
=== PAUSE TestAccDocDBCluster_missingUserNameCausesError
=== RUN   TestAccDocDBCluster_updateCloudWatchLogsExports
=== PAUSE TestAccDocDBCluster_updateCloudWatchLogsExports
=== RUN   TestAccDocDBCluster_kmsKey
=== PAUSE TestAccDocDBCluster_kmsKey
=== RUN   TestAccDocDBCluster_encrypted
=== PAUSE TestAccDocDBCluster_encrypted
=== RUN   TestAccDocDBCluster_backupsUpdate
=== PAUSE TestAccDocDBCluster_backupsUpdate
=== RUN   TestAccDocDBCluster_pointInTimeRestore
=== PAUSE TestAccDocDBCluster_pointInTimeRestore
=== RUN   TestAccDocDBCluster_port
=== PAUSE TestAccDocDBCluster_port
=== RUN   TestAccDocDBCluster_deleteProtection
=== PAUSE TestAccDocDBCluster_deleteProtection
=== RUN   TestAccDocDBCluster_GlobalClusterIdentifier
=== PAUSE TestAccDocDBCluster_GlobalClusterIdentifier
=== RUN   TestAccDocDBCluster_GlobalClusterIdentifier_Add
=== PAUSE TestAccDocDBCluster_GlobalClusterIdentifier_Add
=== RUN   TestAccDocDBCluster_GlobalClusterIdentifier_Remove
=== PAUSE TestAccDocDBCluster_GlobalClusterIdentifier_Remove
=== RUN   TestAccDocDBCluster_GlobalClusterIdentifier_Update
=== PAUSE TestAccDocDBCluster_GlobalClusterIdentifier_Update
=== RUN   TestAccDocDBCluster_GlobalClusterIdentifier_PrimarySecondaryClusters
=== PAUSE TestAccDocDBCluster_GlobalClusterIdentifier_PrimarySecondaryClusters
=== RUN   TestAccDocDBCluster_updateEngineMajorVersion
    cluster_test.go:805: Amazon DocumentDB has identified an issue and is temporarily disallowing major version upgrades (MVU) in all regions.
--- SKIP: TestAccDocDBCluster_updateEngineMajorVersion (0.00s)
=== RUN   TestAccDocDBCluster_storageType
=== PAUSE TestAccDocDBCluster_storageType
=== RUN   TestAccDocDBCluster_passwordWriteOnly
=== PAUSE TestAccDocDBCluster_passwordWriteOnly
=== RUN   TestAccDocDBCluster_manageMasterUserPassword
=== PAUSE TestAccDocDBCluster_manageMasterUserPassword
=== CONT  TestAccDocDBCluster_basic
=== CONT  TestAccDocDBCluster_pointInTimeRestore
=== CONT  TestAccDocDBCluster_missingUserNameCausesError
--- PASS: TestAccDocDBCluster_missingUserNameCausesError (6.29s)
=== CONT  TestAccDocDBCluster_backupsUpdate
--- PASS: TestAccDocDBCluster_basic (119.60s)
=== CONT  TestAccDocDBCluster_encrypted
--- PASS: TestAccDocDBCluster_backupsUpdate (148.17s)
=== CONT  TestAccDocDBCluster_updateCloudWatchLogsExports
--- PASS: TestAccDocDBCluster_encrypted (107.58s)
=== CONT  TestAccDocDBCluster_identifierPrefix
--- PASS: TestAccDocDBCluster_updateCloudWatchLogsExports (148.79s)
=== CONT  TestAccDocDBCluster_takeFinalSnapshot
--- PASS: TestAccDocDBCluster_identifierPrefix (96.41s)
=== CONT  TestAccDocDBCluster_tags
--- PASS: TestAccDocDBCluster_pointInTimeRestore (336.28s)
=== CONT  TestAccDocDBCluster_GlobalClusterIdentifier_Update
--- PASS: TestAccDocDBCluster_tags (123.66s)
=== CONT  TestAccDocDBCluster_manageMasterUserPassword
--- PASS: TestAccDocDBCluster_GlobalClusterIdentifier_Update (125.73s)
=== CONT  TestAccDocDBCluster_passwordWriteOnly
    cluster_test.go:936: Terraform CLI version 1.10.4 is below minimum version 1.11.0: skipping test
--- SKIP: TestAccDocDBCluster_passwordWriteOnly (0.08s)
=== CONT  TestAccDocDBCluster_storageType
--- PASS: TestAccDocDBCluster_manageMasterUserPassword (161.17s)
=== CONT  TestAccDocDBCluster_GlobalClusterIdentifier_PrimarySecondaryClusters
--- PASS: TestAccDocDBCluster_takeFinalSnapshot (270.73s)
=== CONT  TestAccDocDBCluster_identifierGenerated
--- PASS: TestAccDocDBCluster_storageType (199.12s)
=== CONT  TestAccDocDBCluster_disappears
--- PASS: TestAccDocDBCluster_identifierGenerated (116.43s)
=== CONT  TestAccDocDBCluster_GlobalClusterIdentifier
--- PASS: TestAccDocDBCluster_disappears (106.00s)
=== CONT  TestAccDocDBCluster_GlobalClusterIdentifier_Remove
--- PASS: TestAccDocDBCluster_GlobalClusterIdentifier (108.78s)
=== CONT  TestAccDocDBCluster_GlobalClusterIdentifier_Add
--- PASS: TestAccDocDBCluster_GlobalClusterIdentifier_Add (123.78s)
=== CONT  TestAccDocDBCluster_kmsKey
--- PASS: TestAccDocDBCluster_kmsKey (126.24s)
=== CONT  TestAccDocDBCluster_deleteProtection
=== NAME  TestAccDocDBCluster_GlobalClusterIdentifier_Remove
    cluster_test.go:691: Step 3/3 error: Error running apply: exit status 1
        
        Error: deleting DocumentDB Global Cluster (tf-acc-test-3973061279176917188): operation error DocDB: DeleteGlobalCluster, https response error StatusCode: 400, RequestID: 997c2629-e26f-4752-9921-0885ad06645d, InvalidGlobalClusterStateFault: Global Cluster arn:aws:rds::187416307283:global-cluster:tf-acc-test-3973061279176917188 is not empty
        
--- FAIL: TestAccDocDBCluster_GlobalClusterIdentifier_Remove (403.87s)
=== CONT  TestAccDocDBCluster_port
--- PASS: TestAccDocDBCluster_deleteProtection (233.47s)
--- PASS: TestAccDocDBCluster_port (220.35s)
--- PASS: TestAccDocDBCluster_GlobalClusterIdentifier_PrimarySecondaryClusters (2051.96s)
FAIL
FAIL	github.com/hashicorp/terraform-provider-aws/internal/service/docdb	2571.428s
FAIL
make: *** [testacc] Error 1

Failure is unrelated to this change and is occurring in CI.

@badmintoncryer badmintoncryer changed the title r/aws_docdb_cluster: add support for mange_master_user_password argument r/aws_docdb_cluster: add support for manage_master_user_password argument May 12, 2025
@badmintoncryer
Copy link
Contributor Author

@ewbankkit Thank you for your review and I apologize for the many inadequacies in formatting and notation of constants. I will be careful to address these issues in other PRs.

ewbankkit
ewbankkit approved these changes May 12, 2025
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% ACCTEST_TIMEOUT=720m make testacc TESTARGS='-run=TestAccDocDBCluster_manageMasterUserPassword\|TestAccDocDBCluster_basic' PKG=docdb
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.23.8 test ./internal/service/docdb/... -v -count 1 -parallel 20  -run=TestAccDocDBCluster_manageMasterUserPassword\|TestAccDocDBCluster_basic -timeout 720m -vet=off
2025/05/12 09:07:14 Initializing Terraform AWS Provider...
=== RUN   TestAccDocDBCluster_basic
=== PAUSE TestAccDocDBCluster_basic
=== RUN   TestAccDocDBCluster_manageMasterUserPassword
=== PAUSE TestAccDocDBCluster_manageMasterUserPassword
=== CONT  TestAccDocDBCluster_basic
=== CONT  TestAccDocDBCluster_manageMasterUserPassword
--- PASS: TestAccDocDBCluster_basic (110.44s)
--- PASS: TestAccDocDBCluster_manageMasterUserPassword (149.76s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/docdb	154.818s

@ewbankkit
Copy link
Contributor

@badmintoncryer Thanks for the contribution 🎉 👏.

@ewbankkit ewbankkit merged commit 0408f66 into hashicorp:main May 12, 2025
45 checks passed
@github-actions GitHub Actions
Copy link

Warning

This Issue has been closed, meaning that any additional comments are much easier for the maintainers to miss. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

@github-actions github-actions bot added this to the v5.98.0 milestone May 12, 2025
@badmintoncryer badmintoncryer deleted the manage-master-user-password branch May 12, 2025 13:42
@github-actions GitHub Actions
Copy link

This functionality has been released in v5.98.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions github-actions bot removed the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label May 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees

@ewbankkit ewbankkit

Labels
documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. service/docdb Issues and PRs that pertain to the docdb service. size/L Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v5.98.0
Development

Successfully merging this pull request may close these issues.

[Enhancement]: Add support for managing master user password using AWS Secrets Manager in aws_docdb_cluster
2 participants
@badmintoncryer @ewbankkit