-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option to encrypt Firehose Streams with customer managed keys #11954
Conversation
Is this feature now available to use ? |
Hi @suryatejaswi89, Given the fact, that there are other 631 PRs as well, it can unfortunately take a long time for another action to happen. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @StevenKGER 👋 Thank you for submitting this. Please see the initial feedback below and let us know if you have questions or do not have time to implement the items.
enabled = v.(bool) | ||
} | ||
|
||
return !enabled | ||
} | ||
|
||
// helper to get options of a unit | ||
func getOptionsOfConfigurationUnit(v interface{}) map[string]interface{} { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For a few reasons, we would prefer to not create a function like this:
- Different terminology used across the Terraform Provider ecosystem (we would potentially refer to this as "getting the children attributes of the first configuration block")
- Prevalence of the opposite pattern of this function, where the length/nil checking is done per configuration block handling function (changing this should be discussed in a proposal issue)
- Higher potential for
nil
dereference panics since this function can returnnil
and even in the refactored usage above this is not checked
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand your point, but I'm not quite sure, how to resolve this problem. The easiest thing would be to undo the changes and copy the code to the functions, if required. But this is of course not very beautiful to read and handle, since it would be repeating code then.
Since the issue is just for adding CMK support and not changing the structure of the file to save some code, I wouldn't recommend to make this change even more difficult to understand (like already refactoring this is a change, which is not really understandable when reading the issue's title).
Do you have any idea how to change this or should this be part of another issue?
@@ -2325,28 +2385,48 @@ func resourceAwsKinesisFirehoseDeliveryStreamUpdate(d *schema.ResourceData, meta | |||
} | |||
|
|||
if d.HasChange("server_side_encryption") { | |||
_, n := d.GetChange("server_side_encryption") | |||
o, n := d.GetChange("server_side_encryption") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please explain the changes below? The additional isKinesisFirehoseDeliveryStreamOptionDisabled(o)
and !(oldOptions["kms_key_type"] == firehose.KeyTypeAwsOwnedCmk && newOptions["kms_key_type"] == firehose.KeyTypeAwsOwnedCmk)
checks seem extraneous. We should instead return the API errors or add ForceNew: true
to a schema attribute if necessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well - the change was created some months ago and I also don't see the reason why to use it for now as well. I tested it manually as well as automated and it works with reverted changes. Feel free, to resolve this conversation, if anything is fine.
24ce884
to
28f6d6d
Compare
Hi @StevenKGER 👋 Thank you for those updates -- I have merged this in with only some minor changes to ensure that existing configurations only having Output from acceptance testing (failure unrelated and present on main branch):
|
This has been released in version 3.7.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Closes #11721
Release note for CHANGELOG:
Output from acceptance testing: