diff --git a/aws/resource_aws_rds_cluster.go b/aws/resource_aws_rds_cluster.go index 52070b3be6b..a3a2a2509d7 100644 --- a/aws/resource_aws_rds_cluster.go +++ b/aws/resource_aws_rds_cluster.go @@ -489,6 +489,11 @@ func resourceAwsRDSClusterCreate(d *schema.ResourceData, meta interface{}) error opts.KmsKeyId = aws.String(attr.(string)) } + if attr, ok := d.GetOk("master_password"); ok { + modifyDbClusterInput.MasterUserPassword = aws.String(attr.(string)) + requiresModifyDbCluster = true + } + if attr, ok := d.GetOk("option_group_name"); ok { opts.OptionGroupName = aws.String(attr.(string)) } diff --git a/aws/resource_aws_rds_cluster_test.go b/aws/resource_aws_rds_cluster_test.go index 5223905c935..0fc5ff08e17 100644 --- a/aws/resource_aws_rds_cluster_test.go +++ b/aws/resource_aws_rds_cluster_test.go @@ -1353,6 +1353,86 @@ func TestAccAWSRDSCluster_SnapshotIdentifier_EngineVersion_Equal(t *testing.T) { }) } +func TestAccAWSRDSCluster_SnapshotIdentifier_MasterPassword(t *testing.T) { + var dbCluster, sourceDbCluster rds.DBCluster + var dbClusterSnapshot rds.DBClusterSnapshot + + rName := acctest.RandomWithPrefix("tf-acc-test") + sourceDbResourceName := "aws_rds_cluster.source" + snapshotResourceName := "aws_db_cluster_snapshot.test" + resourceName := "aws_rds_cluster.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBInstanceDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSRDSClusterConfig_SnapshotIdentifier_MasterPassword(rName, "password1"), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSClusterExists(sourceDbResourceName, &sourceDbCluster), + testAccCheckDbClusterSnapshotExists(snapshotResourceName, &dbClusterSnapshot), + testAccCheckAWSClusterExists(resourceName, &dbCluster), + resource.TestCheckResourceAttr(resourceName, "master_password", "password1"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{ + "apply_immediately", + "cluster_identifier_prefix", + "master_password", + "skip_final_snapshot", + "snapshot_identifier", + }, + }, + }, + }) +} + +func TestAccAWSRDSCluster_SnapshotIdentifier_MasterUsername(t *testing.T) { + var dbCluster, sourceDbCluster rds.DBCluster + var dbClusterSnapshot rds.DBClusterSnapshot + + rName := acctest.RandomWithPrefix("tf-acc-test") + sourceDbResourceName := "aws_rds_cluster.source" + snapshotResourceName := "aws_db_cluster_snapshot.test" + resourceName := "aws_rds_cluster.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDBInstanceDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSRDSClusterConfig_SnapshotIdentifier_MasterUsername(rName, "username1"), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSClusterExists(sourceDbResourceName, &sourceDbCluster), + testAccCheckDbClusterSnapshotExists(snapshotResourceName, &dbClusterSnapshot), + testAccCheckAWSClusterExists(resourceName, &dbCluster), + resource.TestCheckResourceAttr(resourceName, "master_username", "foo"), + ), + // It is not currently possible to update the master username in the RDS API + ExpectNonEmptyPlan: true, + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{ + "apply_immediately", + "cluster_identifier_prefix", + "master_password", + "skip_final_snapshot", + "snapshot_identifier", + }, + }, + }, + }) +} + func TestAccAWSRDSCluster_SnapshotIdentifier_PreferredBackupWindow(t *testing.T) { var dbCluster, sourceDbCluster rds.DBCluster var dbClusterSnapshot rds.DBClusterSnapshot @@ -2651,6 +2731,52 @@ resource "aws_rds_cluster" "test" { `, rName, engine, engineVersionSource, rName, rName, engine, engineVersion) } +func testAccAWSRDSClusterConfig_SnapshotIdentifier_MasterPassword(rName, masterPassword string) string { + return fmt.Sprintf(` +resource "aws_rds_cluster" "source" { + cluster_identifier = "%[1]s-source" + master_password = "barbarbarbar" + master_username = "foo" + skip_final_snapshot = true +} + +resource "aws_db_cluster_snapshot" "test" { + db_cluster_identifier = "${aws_rds_cluster.source.id}" + db_cluster_snapshot_identifier = %[1]q +} + +resource "aws_rds_cluster" "test" { + cluster_identifier = %[1]q + master_password = %[2]q + skip_final_snapshot = true + snapshot_identifier = "${aws_db_cluster_snapshot.test.id}" +} +`, rName, masterPassword) +} + +func testAccAWSRDSClusterConfig_SnapshotIdentifier_MasterUsername(rName, masterUsername string) string { + return fmt.Sprintf(` +resource "aws_rds_cluster" "source" { + cluster_identifier = "%[1]s-source" + master_password = "barbarbarbar" + master_username = "foo" + skip_final_snapshot = true +} + +resource "aws_db_cluster_snapshot" "test" { + db_cluster_identifier = "${aws_rds_cluster.source.id}" + db_cluster_snapshot_identifier = %[1]q +} + +resource "aws_rds_cluster" "test" { + cluster_identifier = %[1]q + master_username = %[2]q + skip_final_snapshot = true + snapshot_identifier = "${aws_db_cluster_snapshot.test.id}" +} +`, rName, masterUsername) +} + func testAccAWSRDSClusterConfig_SnapshotIdentifier_PreferredBackupWindow(rName, preferredBackupWindow string) string { return fmt.Sprintf(` resource "aws_rds_cluster" "source" { diff --git a/website/docs/r/rds_cluster.html.markdown b/website/docs/r/rds_cluster.html.markdown index 99666473deb..c6ab747b971 100644 --- a/website/docs/r/rds_cluster.html.markdown +++ b/website/docs/r/rds_cluster.html.markdown @@ -89,7 +89,7 @@ The following arguments are supported: * `deletion_protection` - (Optional) If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`. * `master_password` - (Required unless a `snapshot_identifier` or `global_cluster_identifier` is provided) Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Please refer to the [RDS Naming Constraints][5] -* `master_username` - (Required unless a `snapshot_identifier` or `global_cluster_identifier` is provided) Username for the master DB user. Please refer to the [RDS Naming Constraints][5] +* `master_username` - (Required unless a `snapshot_identifier` or `global_cluster_identifier` is provided) Username for the master DB user. Please refer to the [RDS Naming Constraints][5]. This argument does not support in-place updates and cannot be changed during a restore from snapshot. * `final_snapshot_identifier` - (Optional) The name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made.