From 962704d0d5f154cf699ebd713cb61e544826b222 Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen Date: Fri, 16 Dec 2022 11:18:54 +0100 Subject: [PATCH 1/8] Add `execution_role` attribute --- internal/service/athena/workgroup.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/internal/service/athena/workgroup.go b/internal/service/athena/workgroup.go index 6622d43102cb..e87150e0de5f 100644 --- a/internal/service/athena/workgroup.go +++ b/internal/service/athena/workgroup.go @@ -69,6 +69,11 @@ func ResourceWorkGroup() *schema.Resource { }, }, }, + "execution_role": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: verify.ValidARN, + }, "publish_cloudwatch_metrics_enabled": { Type: schema.TypeBool, Optional: true, @@ -350,6 +355,10 @@ func expandWorkGroupConfiguration(l []interface{}) *athena.WorkGroupConfiguratio configuration.EngineVersion = expandWorkGroupEngineVersion(v) } + if v, ok := m["execution_role"]; ok { + configuration.ExecutionRole = aws.String(v.(string)) + } + if v, ok := m["publish_cloudwatch_metrics_enabled"]; ok { configuration.PublishCloudWatchMetricsEnabled = aws.Bool(v.(bool)) } @@ -404,6 +413,10 @@ func expandWorkGroupConfigurationUpdates(l []interface{}) *athena.WorkGroupConfi configurationUpdates.EngineVersion = expandWorkGroupEngineVersion(v) } + if v, ok := m["execution_role"]; ok { + configurationUpdates.ExecutionRole = aws.String(v.(string)) + } + if v, ok := m["publish_cloudwatch_metrics_enabled"]; ok { configurationUpdates.PublishCloudWatchMetricsEnabled = aws.Bool(v.(bool)) } @@ -512,6 +525,7 @@ func flattenWorkGroupConfiguration(configuration *athena.WorkGroupConfiguration) "bytes_scanned_cutoff_per_query": aws.Int64Value(configuration.BytesScannedCutoffPerQuery), "enforce_workgroup_configuration": aws.BoolValue(configuration.EnforceWorkGroupConfiguration), "engine_version": flattenWorkGroupEngineVersion(configuration.EngineVersion), + "execution_role": aws.StringValue(configuration.ExecutionRole), "publish_cloudwatch_metrics_enabled": aws.BoolValue(configuration.PublishCloudWatchMetricsEnabled), "result_configuration": flattenWorkGroupResultConfiguration(configuration.ResultConfiguration), "requester_pays_enabled": aws.BoolValue(configuration.RequesterPaysEnabled), From 43a1b1bb04bfc078fb61e7a3e0f85f14924a78be Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen Date: Fri, 16 Dec 2022 11:20:06 +0100 Subject: [PATCH 2/8] Update athena_workgroup.html.markdown --- website/docs/r/athena_workgroup.html.markdown | 1 + 1 file changed, 1 insertion(+) diff --git a/website/docs/r/athena_workgroup.html.markdown b/website/docs/r/athena_workgroup.html.markdown index dac6f40a9e9d..ef2e5b6c442e 100644 --- a/website/docs/r/athena_workgroup.html.markdown +++ b/website/docs/r/athena_workgroup.html.markdown @@ -48,6 +48,7 @@ The following arguments are supported: * `bytes_scanned_cutoff_per_query` - (Optional) Integer for the upper data usage limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan. Must be at least `10485760`. * `enforce_workgroup_configuration` - (Optional) Boolean whether the settings for the workgroup override client-side settings. For more information, see [Workgroup Settings Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html). Defaults to `true`. * `engine_version` - (Optional) Configuration block for the Athena Engine Versioning. For more information, see [Athena Engine Versioning](https://docs.aws.amazon.com/athena/latest/ug/engine-versions.html). See [Engine Version](#engine-version) below. +* `execution_role` - (Optional) Role used in a notebook session for accessing the user's resources. * `publish_cloudwatch_metrics_enabled` - (Optional) Boolean whether Amazon CloudWatch metrics are enabled for the workgroup. Defaults to `true`. * `result_configuration` - (Optional) Configuration block with result settings. See [Result Configuration](#result-configuration) below. * `requester_pays_enabled` - (Optional) If set to true , allows members assigned to a workgroup to reference Amazon S3 Requester Pays buckets in queries. If set to false , workgroup members cannot query data from Requester Pays buckets, and queries that retrieve data from Requester Pays buckets cause an error. The default is false . For more information about Requester Pays buckets, see [Requester Pays Buckets](https://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html) in the Amazon Simple Storage Service Developer Guide. From b935733b9fae76e314d7733e14fdb25e78e50883 Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen Date: Fri, 16 Dec 2022 11:21:47 +0100 Subject: [PATCH 3/8] Create 28420.txt --- .changelog/28420.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/28420.txt diff --git a/.changelog/28420.txt b/.changelog/28420.txt new file mode 100644 index 000000000000..d7ca953f3f3d --- /dev/null +++ b/.changelog/28420.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_athena_workgroup: Add `execution_role` attribute +``` From 4b66525f922ff41c3cffdeb4ec0d281ab9f8a9c0 Mon Sep 17 00:00:00 2001 From: Bruno Schaatsbergen Date: Fri, 16 Dec 2022 13:01:01 +0100 Subject: [PATCH 4/8] Add executionRole test --- internal/service/athena/workgroup_test.go | 75 +++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/internal/service/athena/workgroup_test.go b/internal/service/athena/workgroup_test.go index 6f477496cfc2..baa0f0389afa 100644 --- a/internal/service/athena/workgroup_test.go +++ b/internal/service/athena/workgroup_test.go @@ -238,6 +238,36 @@ func TestAccAthenaWorkGroup_configurationEngineVersion(t *testing.T) { }) } +func TestAccAthenaWorkGroup_configurationExecutionRole(t *testing.T) { + var workgroup1 athena.WorkGroup + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_athena_workgroup.test" + iamRoleResourceName := "aws_iam_role.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, athena.EndpointsID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckWorkGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccWorkGroupConfig_configurationExecutionRole(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckWorkGroupExists(resourceName, &workgroup1), + resource.TestCheckResourceAttr(resourceName, "configuration.#", "1"), + resource.TestCheckResourceAttrPair(resourceName, "configuration.0.execution_role", iamRoleResourceName, "arn"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"force_destroy"}, + }, + }, + }) +} + func TestAccAthenaWorkGroup_publishCloudWatchMetricsEnabled(t *testing.T) { var workgroup1, workgroup2 athena.WorkGroup rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) @@ -755,6 +785,51 @@ resource "aws_athena_workgroup" "test" { `, rName, engineVersion) } +func testAccWorkGroupConfig_configurationExecutionRole(rName string) string { + return fmt.Sprintf(` +resource "aws_iam_role" "test" { + name = %[1]q + assume_role_policy = < Date: Sat, 31 Dec 2022 21:57:27 -0800 Subject: [PATCH 5/8] Fix terrafmt check on test resource --- internal/service/athena/workgroup_test.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/internal/service/athena/workgroup_test.go b/internal/service/athena/workgroup_test.go index baa0f0389afa..92e19847cae5 100644 --- a/internal/service/athena/workgroup_test.go +++ b/internal/service/athena/workgroup_test.go @@ -788,7 +788,7 @@ resource "aws_athena_workgroup" "test" { func testAccWorkGroupConfig_configurationExecutionRole(rName string) string { return fmt.Sprintf(` resource "aws_iam_role" "test" { - name = %[1]q + name = %[1]q assume_role_policy = < Date: Wed, 4 Jan 2023 14:19:36 -0500 Subject: [PATCH 6/8] Tweak CHANGELOG entry. --- .changelog/28420.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changelog/28420.txt b/.changelog/28420.txt index d7ca953f3f3d..6e55448d09c5 100644 --- a/.changelog/28420.txt +++ b/.changelog/28420.txt @@ -1,3 +1,3 @@ ```release-note:enhancement -resource/aws_athena_workgroup: Add `execution_role` attribute +resource/aws_athena_workgroup: Add `configuration.execution_role` argument ``` From 343522518095d5f806440e043b2552b9b54eba40 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 4 Jan 2023 14:24:16 -0500 Subject: [PATCH 7/8] Additional checks in 'TestAccAthenaWorkGroup_basic'. --- internal/service/athena/workgroup_test.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/internal/service/athena/workgroup_test.go b/internal/service/athena/workgroup_test.go index 92e19847cae5..ff1019985082 100644 --- a/internal/service/athena/workgroup_test.go +++ b/internal/service/athena/workgroup_test.go @@ -28,15 +28,18 @@ func TestAccAthenaWorkGroup_basic(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccWorkGroupConfig_basic(rName), - Check: resource.ComposeTestCheckFunc( + Check: resource.ComposeAggregateTestCheckFunc( testAccCheckWorkGroupExists(resourceName, &workgroup1), acctest.CheckResourceAttrRegionalARN(resourceName, "arn", "athena", fmt.Sprintf("workgroup/%s", rName)), resource.TestCheckResourceAttr(resourceName, "configuration.#", "1"), + resource.TestCheckResourceAttr(resourceName, "configuration.0.bytes_scanned_cutoff_per_query", "0"), resource.TestCheckResourceAttr(resourceName, "configuration.0.enforce_workgroup_configuration", "true"), resource.TestCheckResourceAttr(resourceName, "configuration.0.engine_version.#", "1"), resource.TestCheckResourceAttrSet(resourceName, "configuration.0.engine_version.0.effective_engine_version"), resource.TestCheckResourceAttr(resourceName, "configuration.0.engine_version.0.selected_engine_version", "AUTO"), + resource.TestCheckResourceAttr(resourceName, "configuration.0.execution_role", ""), resource.TestCheckResourceAttr(resourceName, "configuration.0.publish_cloudwatch_metrics_enabled", "true"), + resource.TestCheckResourceAttr(resourceName, "configuration.0.result_configuration.#", "0"), resource.TestCheckResourceAttr(resourceName, "configuration.0.requester_pays_enabled", "false"), resource.TestCheckResourceAttr(resourceName, "description", ""), resource.TestCheckResourceAttr(resourceName, "name", rName), From e1b804c8e6c8e2e4395dd43de024e6a3132e6068 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 4 Jan 2023 14:49:00 -0500 Subject: [PATCH 8/8] r/aws_athena_workgroup: Correct 'expandWorkGroupConfiguration' and 'expandWorkGroupConfigurationUpdates'. --- internal/service/athena/workgroup.go | 40 ++++++++++++++-------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/internal/service/athena/workgroup.go b/internal/service/athena/workgroup.go index e87150e0de5f..6615f0e55f62 100644 --- a/internal/service/athena/workgroup.go +++ b/internal/service/athena/workgroup.go @@ -343,32 +343,32 @@ func expandWorkGroupConfiguration(l []interface{}) *athena.WorkGroupConfiguratio configuration := &athena.WorkGroupConfiguration{} - if v, ok := m["bytes_scanned_cutoff_per_query"]; ok && v.(int) > 0 { - configuration.BytesScannedCutoffPerQuery = aws.Int64(int64(v.(int))) + if v, ok := m["bytes_scanned_cutoff_per_query"].(int); ok && v > 0 { + configuration.BytesScannedCutoffPerQuery = aws.Int64(int64(v)) } - if v, ok := m["enforce_workgroup_configuration"]; ok { - configuration.EnforceWorkGroupConfiguration = aws.Bool(v.(bool)) + if v, ok := m["enforce_workgroup_configuration"].(bool); ok { + configuration.EnforceWorkGroupConfiguration = aws.Bool(v) } if v, ok := m["engine_version"].([]interface{}); ok && len(v) > 0 && v[0] != nil { configuration.EngineVersion = expandWorkGroupEngineVersion(v) } - if v, ok := m["execution_role"]; ok { - configuration.ExecutionRole = aws.String(v.(string)) + if v, ok := m["execution_role"].(string); ok && v != "" { + configuration.ExecutionRole = aws.String(v) } - if v, ok := m["publish_cloudwatch_metrics_enabled"]; ok { - configuration.PublishCloudWatchMetricsEnabled = aws.Bool(v.(bool)) + if v, ok := m["publish_cloudwatch_metrics_enabled"].(bool); ok { + configuration.PublishCloudWatchMetricsEnabled = aws.Bool(v) } if v, ok := m["result_configuration"]; ok { configuration.ResultConfiguration = expandWorkGroupResultConfiguration(v.([]interface{})) } - if v, ok := m["requester_pays_enabled"]; ok { - configuration.RequesterPaysEnabled = aws.Bool(v.(bool)) + if v, ok := m["requester_pays_enabled"].(bool); ok { + configuration.RequesterPaysEnabled = aws.Bool(v) } return configuration @@ -399,34 +399,34 @@ func expandWorkGroupConfigurationUpdates(l []interface{}) *athena.WorkGroupConfi configurationUpdates := &athena.WorkGroupConfigurationUpdates{} - if v, ok := m["bytes_scanned_cutoff_per_query"]; ok && v.(int) > 0 { - configurationUpdates.BytesScannedCutoffPerQuery = aws.Int64(int64(v.(int))) + if v, ok := m["bytes_scanned_cutoff_per_query"].(int); ok && v > 0 { + configurationUpdates.BytesScannedCutoffPerQuery = aws.Int64(int64(v)) } else { configurationUpdates.RemoveBytesScannedCutoffPerQuery = aws.Bool(true) } - if v, ok := m["enforce_workgroup_configuration"]; ok { - configurationUpdates.EnforceWorkGroupConfiguration = aws.Bool(v.(bool)) + if v, ok := m["enforce_workgroup_configuration"].(bool); ok { + configurationUpdates.EnforceWorkGroupConfiguration = aws.Bool(v) } if v, ok := m["engine_version"].([]interface{}); ok && len(v) > 0 && v[0] != nil { configurationUpdates.EngineVersion = expandWorkGroupEngineVersion(v) } - if v, ok := m["execution_role"]; ok { - configurationUpdates.ExecutionRole = aws.String(v.(string)) + if v, ok := m["execution_role"].(string); ok && v != "" { + configurationUpdates.ExecutionRole = aws.String(v) } - if v, ok := m["publish_cloudwatch_metrics_enabled"]; ok { - configurationUpdates.PublishCloudWatchMetricsEnabled = aws.Bool(v.(bool)) + if v, ok := m["publish_cloudwatch_metrics_enabled"].(bool); ok { + configurationUpdates.PublishCloudWatchMetricsEnabled = aws.Bool(v) } if v, ok := m["result_configuration"]; ok { configurationUpdates.ResultConfigurationUpdates = expandWorkGroupResultConfigurationUpdates(v.([]interface{})) } - if v, ok := m["requester_pays_enabled"]; ok { - configurationUpdates.RequesterPaysEnabled = aws.Bool(v.(bool)) + if v, ok := m["requester_pays_enabled"].(bool); ok { + configurationUpdates.RequesterPaysEnabled = aws.Bool(v) } return configurationUpdates