resolve conflicts

hashicorp · Nov 21, 2024 · c535a80 · c535a80
2 parents 920bc66 + 32bf7df
commit c535a80
Show file tree

Hide file tree

Showing 16 changed files with 806 additions and 5 deletions.
diff --git a/.changelog/40177.txt b/.changelog/40177.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_ecs_service: Add vpc_lattice_configurations argument
+```
diff --git a/.changelog/40211.txt b/.changelog/40211.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+data-source/aws_ami: Add warning diagnostic when `most_recent` is true and certain filter criteria are missing
+```
diff --git a/.changelog/40216.txt b/.changelog/40216.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_ecs_task_definition: Add `versionConsistency` argument to `container_definitions`
+```
diff --git a/.ci/tools/go.mod b/.ci/tools/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/Antonboom/nilnil v1.0.0 // indirect
 	github.com/Antonboom/testifylint v1.5.2 // indirect
 	github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c // indirect
-	github.com/Crocmagnon/fatcontext v0.5.2 // indirect
+	github.com/Crocmagnon/fatcontext v0.5.3 // indirect
 	github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect
 	github.com/GaijinEntertainment/go-exhaustruct/v3 v3.3.0 // indirect
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.25.0 // indirect

diff --git a/.ci/tools/go.sum b/.ci/tools/go.sum
@@ -219,8 +219,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
 github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c h1:pxW6RcqyfI9/kWtOwnv/G+AzdKuy2ZrqINhenH4HyNs=
 github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Crocmagnon/fatcontext v0.5.2 h1:vhSEg8Gqng8awhPju2w7MKHqMlg4/NI+gSDHtR3xgwA=
-github.com/Crocmagnon/fatcontext v0.5.2/go.mod h1:87XhRMaInHP44Q7Tlc7jkgKKB7kZAOPiDkFMdKCC+74=
+github.com/Crocmagnon/fatcontext v0.5.3 h1:zCh/wjc9oyeF+Gmp+V60wetm8ph2tlsxocgg/J0hOps=
+github.com/Crocmagnon/fatcontext v0.5.3/go.mod h1:XoCQYY1J+XTfyv74qLXvNw4xFunr3L1wkopIIKG7wGM=
 github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 h1:sHglBQTwgx+rWPdisA5ynNEsoARbiCBOyGcJM4/OzsM=
 github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
 github.com/GaijinEntertainment/go-exhaustruct/v3 v3.3.0 h1:/fTUt5vmbkAcMBt4YQiuC23cV0kEsN1MVMNqeOW43cU=

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,9 @@ FEATURES:
 
 ENHANCEMENTS:
 
+* data-source/aws_ami: Add warning diagnostic when `most_recent` is true and certain filter criteria are missing ([#40211](https://github.com/hashicorp/terraform-provider-aws/issues/40211))
+* resource/aws_ecs_service: Add vpc_lattice_configurations argument ([#40177](https://github.com/hashicorp/terraform-provider-aws/issues/40177))
+* resource/aws_ecs_task_definition: Add `versionConsistency` argument to `container_definitions` ([#40216](https://github.com/hashicorp/terraform-provider-aws/issues/40216))
 * resource/aws_rds_global_cluster: Add `endpoint` argument to point to the writer DB instance in the current primary cluster ([#39960](https://github.com/hashicorp/terraform-provider-aws/issues/39960))
 
 BUG FIXES:

diff --git a/infrastructure/repository/main.tf b/infrastructure/repository/main.tf
@@ -13,7 +13,7 @@ terraform {
   required_providers {
     github = {
       source  = "integrations/github"
-      version = "6.3.1"
+      version = "6.4.0"
     }
   }
 

diff --git a/internal/service/ec2/ec2_ami_data_source.go b/internal/service/ec2/ec2_ami_data_source.go
@@ -249,6 +249,8 @@ func dataSourceAMIRead(ctx context.Context, d *schema.ResourceData, meta interfa
 		input.Owners = flex.ExpandStringValueList(v.([]interface{}))
 	}
 
+	diags = checkMostRecentAndMissingFilters(diags, input, d.Get(names.AttrMostRecent).(bool))
+
 	images, err := findImages(ctx, conn, input)
 
 	if err != nil {
@@ -418,3 +420,28 @@ func flattenAMIStateReason(m *awstypes.StateReason) map[string]interface{} {
 	}
 	return s
 }
+
+// checkMostRecentAndMissingFilters appends a diagnostic if the provided configuration
+// uses the most recent image and is not filtered by owner or image ID
+func checkMostRecentAndMissingFilters(diags diag.Diagnostics, input *ec2.DescribeImagesInput, mostRecent bool) diag.Diagnostics {
+	filtered := false
+	for _, f := range input.Filters {
+		name := aws.ToString(f.Name)
+		if name == "image-id" || name == "owner-id" {
+			filtered = true
+		}
+	}
+
+	if mostRecent && len(input.Owners) == 0 && !filtered {
+		return append(diags, diag.Diagnostic{
+			Severity: diag.Warning,
+			Summary:  "Most Recent Image Not Filtered",
+			Detail: `"most_recent" is set to "true" and results are not filtered by owner or image ID. ` +
+				"With this configuration, a third party may introduce a new image which " +
+				"will be returned by this data source. Consider filtering by owner or image ID " +
+				"to avoid this possibility.",
+		})
+	}
+
+	return diags
+}
diff --git a/internal/service/ec2/ec2_ami_data_source_test.go b/internal/service/ec2/ec2_ami_data_source_test.go
@@ -7,12 +7,90 @@ import (
 	"testing"
 
 	"github.com/YakDriver/regexache"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	awstypes "github.com/aws/aws-sdk-go-v2/service/ec2/types"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	tfec2 "github.com/hashicorp/terraform-provider-aws/internal/service/ec2"
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
+func TestCheckMostRecentAndMissingFilters(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name       string
+		input      *ec2.DescribeImagesInput
+		mostRecent bool
+		wantDiag   bool
+	}{
+		{
+			name:       "most_recent false",
+			input:      &ec2.DescribeImagesInput{},
+			mostRecent: false,
+		},
+		{
+			name: "image-id filter",
+			input: &ec2.DescribeImagesInput{
+				Filters: []awstypes.Filter{
+					{
+						Name:   aws.String("image-id"),
+						Values: []string{"ami-123"},
+					},
+				},
+			},
+			mostRecent: true,
+		},
+		{
+			name: "owner-id filter",
+			input: &ec2.DescribeImagesInput{
+				Filters: []awstypes.Filter{
+					{
+						Name:   aws.String("owner-id"),
+						Values: []string{"amazon"},
+					},
+				},
+			},
+			mostRecent: true,
+		},
+		{
+			name: "owners argument",
+			input: &ec2.DescribeImagesInput{
+				Owners: []string{"amazon"},
+			},
+			mostRecent: true,
+		},
+		{
+			name: "missing filters",
+			input: &ec2.DescribeImagesInput{
+				Filters: []awstypes.Filter{
+					{
+						Name:   aws.String("name"), // nosemgrep:ci.literal-Name-string-test-constant,ci.literal-name-string-constant
+						Values: []string{"some-ami-name-*"},
+					},
+				},
+			},
+			mostRecent: true,
+			wantDiag:   true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			var diags diag.Diagnostics
+			got := tfec2.CheckMostRecentAndMissingFilters(diags, tt.input, tt.mostRecent)
+			if (len(got) > 0) != tt.wantDiag {
+				t.Errorf("CheckMostRecentAndMissingFilters() diag = %v, wantErr %v", got, tt.wantDiag)
+				return
+			}
+		})
+	}
+}
+
 func TestAccEC2AMIDataSource_linuxInstance(t *testing.T) {
 	ctx := acctest.Context(t)
 	datasourceName := "data.aws_ami.test"
@@ -350,7 +428,7 @@ data "aws_ami" "test" {
 
   filter {
     name   = "name"
-    values = ["AwsMarketPublished_IBM App Connect v12.0.12.0 and IBM MQ v9.3.0.16 with RapidDeploy 5.1.12 -422d2ddd-3288-4067-be37-4e2a69450606"]
+    values = ["AwsMarketPublished_IBM App Connect v13.0.1.0 and IBM MQ v9.4.0.5 with RapidDeploy 5.1.15 by-422d2ddd-3288-4067-be37-4e2a69450606"]
   }
 }
 `
diff --git a/internal/service/ec2/exports_test.go b/internal/service/ec2/exports_test.go
@@ -124,6 +124,7 @@ var (
 	ResourceVerifiedAccessTrustProvider                   = resourceVerifiedAccessTrustProvider
 	ResourceVolumeAttachment                              = resourceVolumeAttachment
 
+	CheckMostRecentAndMissingFilters                           = checkMostRecentAndMissingFilters
 	CustomFiltersSchema                                        = customFiltersSchema
 	CustomerGatewayConfigurationToTunnelInfo                   = customerGatewayConfigurationToTunnelInfo
 	ErrCodeDefaultSubnetAlreadyExistsInAvailabilityZone        = errCodeDefaultSubnetAlreadyExistsInAvailabilityZone

diff --git a/internal/service/ecs/container_definitions.go b/internal/service/ecs/container_definitions.go
@@ -13,6 +13,7 @@ import (
 	_ "github.com/aws/aws-sdk-go-v2/service/ecs" // Required for go:linkname
 	awstypes "github.com/aws/aws-sdk-go-v2/service/ecs/types"
 	smithyjson "github.com/aws/smithy-go/encoding/json"
+	"github.com/hashicorp/terraform-provider-aws/internal/enum"
 	tfjson "github.com/hashicorp/terraform-provider-aws/internal/json"
 	tfslices "github.com/hashicorp/terraform-provider-aws/internal/slices"
 	itypes "github.com/hashicorp/terraform-provider-aws/internal/types"
@@ -223,9 +224,26 @@ func expandContainerDefinitions(tfString string) ([]awstypes.ContainerDefinition
 		if itypes.IsZero(&apiObject) {
 			return nil, fmt.Errorf("invalid container definition supplied at index (%d)", i)
 		}
+		if !isValidVersionConsistency(apiObject) {
+			return nil, fmt.Errorf("invalid version consistency value (%[1]s) for container definition supplied at index (%[2]d)", apiObject.VersionConsistency, i)
+		}
 	}
 
 	containerDefinitions(apiObjects).compactArrays()
 
 	return apiObjects, nil
 }
+
+func isValidVersionConsistency(cd awstypes.ContainerDefinition) bool {
+	if cd.VersionConsistency == "" {
+		return true
+	}
+
+	for _, v := range enum.EnumValues[awstypes.VersionConsistency]() {
+		if cd.VersionConsistency == v {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/internal/service/ecs/container_definitions_test.go b/internal/service/ecs/container_definitions_test.go
@@ -697,3 +697,33 @@ func TestContainerDefinitionsAreEquivalent_healthCheck(t *testing.T) {
 		t.Fatal("Expected definitions to be equal.")
 	}
 }
+
+func TestExpandContainerDefinitions_InvalidVersionConsistency(t *testing.T) {
+	t.Parallel()
+
+	cfgRepresention := `
+[
+    {
+      "name": "wordpress",
+      "image": "wordpress",
+      "essential": true,
+      "portMappings": [
+        {
+          "containerPort": 80
+        }
+      ],
+      "memory": 500,
+      "cpu": 10,
+      "versionConsistency": "invalid"
+    }
+]`
+	_, err := expandContainerDefinitions(cfgRepresention)
+	if err == nil {
+		t.Fatal("Expected error")
+	}
+
+	expectedErr := "invalid version consistency value (invalid) for container definition supplied at index (0)"
+	if err.Error() != expectedErr {
+		t.Fatalf("Expected message '%[1]s', got '%[2]s'", expectedErr, err.Error())
+	}
+}
diff --git a/internal/service/ecs/service.go b/internal/service/ecs/service.go
@@ -12,6 +12,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/YakDriver/regexache"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/aws/arn"
 	"github.com/aws/aws-sdk-go-v2/service/ecs"
@@ -1087,6 +1088,33 @@ func resourceService() *schema.Resource {
 					},
 				},
 			},
+			"vpc_lattice_configurations": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						names.AttrRoleARN: {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: verify.ValidARN,
+						},
+						"target_group_arn": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: verify.ValidARN,
+						},
+						"port_name": {
+							Type:     schema.TypeString,
+							Required: true,
+							ValidateFunc: validation.All(
+								validation.StringLenBetween(1, 64),
+								validation.StringMatch(regexache.MustCompile(`^[0-9a-z_-]+$`), "must contain only lowercase letters, numbers, underscores and hyphens"),
+								validation.StringDoesNotMatch(regexache.MustCompile(`^-`), "cannot begin with a hyphen"),
+							),
+						},
+					},
+				},
+			},
 		},
 
 		SchemaVersion: 1,
@@ -1149,6 +1177,7 @@ func resourceServiceCreate(ctx context.Context, d *schema.ResourceData, meta int
 		SchedulingStrategy:       schedulingStrategy,
 		ServiceName:              aws.String(name),
 		Tags:                     getTagsIn(ctx),
+		VpcLatticeConfigurations: expandVPCLatticeConfiguration(d.Get("vpc_lattice_configurations").(*schema.Set)),
 	}
 
 	if v, ok := d.GetOk("alarms"); ok && len(v.([]interface{})) > 0 && v.([]interface{})[0] != nil {
@@ -1353,6 +1382,15 @@ func resourceServiceRead(ctx context.Context, d *schema.ResourceData, meta inter
 	if err := d.Set(names.AttrNetworkConfiguration, flattenNetworkConfiguration(service.NetworkConfiguration)); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting network_configuration: %s", err)
 	}
+
+	for _, deployment := range service.Deployments {
+		if aws.ToString(deployment.Status) == "PRIMARY" {
+			if err := d.Set("vpc_lattice_configurations", flattenVPCLatticeConfigurations(deployment.VpcLatticeConfigurations)); err != nil {
+				return sdkdiag.AppendErrorf(diags, "setting vpc_lattice_configurations: %s", err)
+			}
+		}
+	}
+
 	if err := d.Set("ordered_placement_strategy", flattenPlacementStrategy(service.PlacementStrategy)); err != nil {
 		return sdkdiag.AppendErrorf(diags, "setting ordered_placement_strategy: %s", err)
 	}
@@ -1531,6 +1569,10 @@ func resourceServiceUpdate(ctx context.Context, d *schema.ResourceData, meta int
 			input.VolumeConfigurations = expandVolumeConfigurations(ctx, d.Get("volume_configuration").([]interface{}))
 		}
 
+		if d.HasChange("vpc_lattice_configurations") {
+			input.VpcLatticeConfigurations = expandVPCLatticeConfiguration(d.Get("vpc_lattice_configurations").(*schema.Set))
+		}
+
 		// Retry due to IAM eventual consistency.
 		const (
 			serviceUpdateTimeout = 2 * time.Minute
@@ -2113,6 +2155,48 @@ func expandNetworkConfiguration(nc []interface{}) *awstypes.NetworkConfiguration
 	return &awstypes.NetworkConfiguration{AwsvpcConfiguration: awsVpcConfig}
 }
 
+func expandVPCLatticeConfiguration(tfSet *schema.Set) []awstypes.VpcLatticeConfiguration {
+	tfList := tfSet.List()
+	if len(tfList) == 0 {
+		return nil
+	}
+
+	apiObjects := make([]awstypes.VpcLatticeConfiguration, 0)
+
+	for _, tfMapRaw := range tfSet.List() {
+		config := tfMapRaw.(map[string]interface{})
+
+		apiObject := awstypes.VpcLatticeConfiguration{
+			RoleArn:        aws.String(config[names.AttrRoleARN].(string)),
+			TargetGroupArn: aws.String(config["target_group_arn"].(string)),
+			PortName:       aws.String(config["port_name"].(string)),
+		}
+
+		apiObjects = append(apiObjects, apiObject)
+	}
+
+	return apiObjects
+}
+
+func flattenVPCLatticeConfigurations(apiObjects []awstypes.VpcLatticeConfiguration) []interface{} {
+	if len(apiObjects) == 0 {
+		return nil
+	}
+
+	tfList := make([]interface{}, 0, len(apiObjects))
+
+	for _, apiObject := range apiObjects {
+		tfMap := map[string]interface{}{
+			names.AttrRoleARN:  aws.ToString(apiObject.RoleArn),
+			"target_group_arn": aws.ToString(apiObject.TargetGroupArn),
+			"port_name":        aws.ToString(apiObject.PortName),
+		}
+		tfList = append(tfList, tfMap)
+	}
+
+	return tfList
+}
+
 func expandPlacementConstraints(tfList []interface{}) ([]awstypes.PlacementConstraint, error) {
 	if len(tfList) == 0 {
 		return nil, nil