r/aws_cloudfront_trust_store: Add 'tags'.

Author: ewbankkit

internal/service/cloudfront/service_package_gen.go

@@ -29,11 +29,14 @@ import (
 	fwtypes "github.com/hashicorp/terraform-provider-aws/internal/framework/types"
 	"github.com/hashicorp/terraform-provider-aws/internal/retry"
 	"github.com/hashicorp/terraform-provider-aws/internal/smerr"
+	tftags "github.com/hashicorp/terraform-provider-aws/internal/tags"
 	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
 // @FrameworkResource("aws_cloudfront_trust_store", name="Trust Store")
+// @Tags(identifierAttribute="arn")
+// @Testing(tagsTest=false)
 func newTrustStoreResource(_ context.Context) (resource.ResourceWithConfigure, error) {
 	r := &trustStoreResource{}
 
@@ -67,6 +70,8 @@ func (r *trustStoreResource) Schema(ctx context.Context, req resource.SchemaRequ
 			"number_of_ca_certificates": schema.Int32Attribute{
 				Computed: true,
 			},
+			names.AttrTags:    tftags.TagsAttribute(),
+			names.AttrTagsAll: tftags.TagsAttributeComputedOnly(),
 		},
 		Blocks: map[string]schema.Block{
 			"ca_certificates_bundle_source": schema.ListNestedBlock{
@@ -128,6 +133,13 @@ func (r *trustStoreResource) Create(ctx context.Context, req resource.CreateRequ
 		return
 	}
 
+	// Additional fields.
+	if tags := getTagsIn(ctx); len(tags) > 0 {
+		input.Tags = &awstypes.Tags{
+			Items: tags,
+		}
+	}
+
 	outCTS, err := conn.CreateTrustStore(ctx, &input)
 	if err != nil {
 		smerr.AddError(ctx, &resp.Diagnostics, err, smerr.ID, name)
@@ -348,6 +360,8 @@ type trustStoreResourceModel struct {
 	ID                         types.String                                                     `tfsdk:"id"`
 	Name                       types.String                                                     `tfsdk:"name"`
 	NumberOfCACertificates     types.Int32                                                      `tfsdk:"number_of_ca_certificates"`
+	Tags                       tftags.Map                                                       `tfsdk:"tags"`
+	TagsAll                    tftags.Map                                                       `tfsdk:"tags_all"`
 	Timeouts                   timeouts.Value                                                   `tfsdk:"timeouts"`
 }
 

internal/service/cloudfront/trust_store.go

@@ -55,6 +55,7 @@ func TestAccCloudFrontTrustStore_basic(t *testing.T) {
 					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrARN), tfknownvalue.GlobalARNRegexp("cloudfront", regexache.MustCompile(`trust-store/.+`))),
 					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("etag"), knownvalue.NotNull()),
 					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New("number_of_ca_certificates"), knownvalue.Int32Exact(1)),
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrTags), knownvalue.Null()),
 				},
 			},
 			{
@@ -195,6 +196,83 @@ func TestAccCloudFrontTrustStore_update(t *testing.T) {
 	})
 }
 
+func TestAccCloudFrontTrustStore_tags(t *testing.T) {
+	ctx := acctest.Context(t)
+	var truststore cloudfront.GetTrustStoreOutput
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+	resourceName := "aws_cloudfront_trust_store.test"
+	objectKey := "ca-bundle.pem"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(ctx, t)
+			acctest.PreCheckPartitionHasService(t, names.CloudFrontEndpointID)
+		},
+		ErrorCheck:               acctest.ErrorCheck(t, names.CloudFrontServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckTrustStoreDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTrustStoreConfig_tags1(rName, objectKey, acctest.CtKey1, acctest.CtValue1),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTrustStoreExists(ctx, resourceName, &truststore),
+				),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction(resourceName, plancheck.ResourceActionCreate),
+					},
+				},
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrTags), knownvalue.MapExact(map[string]knownvalue.Check{
+						acctest.CtKey1: knownvalue.StringExact(acctest.CtValue1),
+					})),
+				},
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					"ca_certificates_bundle_source",
+				},
+			},
+			{
+				Config: testAccTrustStoreConfig_tags2(rName, objectKey, acctest.CtKey1, acctest.CtValue1Updated, acctest.CtKey2, acctest.CtValue2),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTrustStoreExists(ctx, resourceName, &truststore),
+				),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction(resourceName, plancheck.ResourceActionUpdate),
+					},
+				},
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrTags), knownvalue.MapExact(map[string]knownvalue.Check{
+						acctest.CtKey1: knownvalue.StringExact(acctest.CtValue1Updated),
+						acctest.CtKey2: knownvalue.StringExact(acctest.CtValue2),
+					})),
+				},
+			},
+			{
+				Config: testAccTrustStoreConfig_tags1(rName, objectKey, acctest.CtKey2, acctest.CtValue2),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTrustStoreExists(ctx, resourceName, &truststore),
+				),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction(resourceName, plancheck.ResourceActionUpdate),
+					},
+				},
+				ConfigStateChecks: []statecheck.StateCheck{
+					statecheck.ExpectKnownValue(resourceName, tfjsonpath.New(names.AttrTags), knownvalue.MapExact(map[string]knownvalue.Check{
+						acctest.CtKey2: knownvalue.StringExact(acctest.CtValue2),
+					})),
+				},
+			},
+		},
+	})
+}
+
 func testAccCheckTrustStoreDestroy(ctx context.Context) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		conn := acctest.Provider.Meta().(*conns.AWSClient).CloudFrontClient(ctx)
@@ -363,3 +441,60 @@ resource "aws_cloudfront_trust_store" "test" {
 }
 `, rName, key, testAccTrustStoreCertificateContent))
 }
+
+func testAccTrustStoreConfig_tags1(rName, key, tagKey1, tagValue1 string) string {
+	return acctest.ConfigCompose(testAccTrustStoreConfig_base(rName), fmt.Sprintf(`
+resource "aws_s3_object" "test" {
+  bucket  = aws_s3_bucket.test.id
+  key     = %[2]q
+  content = <<-EOT
+%[3]s
+EOT
+}
+
+resource "aws_cloudfront_trust_store" "test" {
+  name = %[1]q
+
+  ca_certificates_bundle_source {
+    ca_certificates_bundle_s3_location {
+      bucket = aws_s3_bucket.test.id
+      key    = aws_s3_object.test.key
+      region = data.aws_region.current.name
+    }
+  }
+
+  tags = {
+    %[4]q = %[5]q
+  }
+}
+`, rName, key, testAccTrustStoreCertificateContent, tagKey1, tagValue1))
+}
+
+func testAccTrustStoreConfig_tags2(rName, key, tagKey1, tagValue1, tagKey2, tagValue2 string) string {
+	return acctest.ConfigCompose(testAccTrustStoreConfig_base(rName), fmt.Sprintf(`
+resource "aws_s3_object" "test" {
+  bucket  = aws_s3_bucket.test.id
+  key     = %[2]q
+  content = <<-EOT
+%[3]s
+EOT
+}
+
+resource "aws_cloudfront_trust_store" "test" {
+  name = %[1]q
+
+  ca_certificates_bundle_source {
+    ca_certificates_bundle_s3_location {
+      bucket = aws_s3_bucket.test.id
+      key    = aws_s3_object.test.key
+      region = data.aws_region.current.name
+    }
+  }
+
+  tags = {
+    %[4]q = %[5]q
+    %[6]q = %[7]q
+  }
+}
+`, rName, key, testAccTrustStoreCertificateContent, tagKey1, tagValue1, tagKey2, tagValue2))
+}

internal/service/cloudfront/trust_store_test.go

@@ -52,6 +52,10 @@ The following arguments are required:
 * `name` - (Required) Name of the trust store. Changing this forces a new resource to be created.
 * `ca_certificates_bundle_source` - (Required) Configuration block for the CA certificates bundle source. See [`ca_certificates_bundle_source`](#ca_certificates_bundle_source) below.
 
+The following arguments are optional:
+
+* `tags` - (Optional) Key-value tags for the place index. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
+
 ### ca_certificates_bundle_source
 
 * `ca_certificates_bundle_s3_location` - (Required) Configuration block for the S3 location of the CA certificates bundle. See [`ca_certificates_bundle_s3_location`](#ca_certificates_bundle_s3_location) below.
@@ -71,6 +75,7 @@ This resource exports the following attributes in addition to the arguments abov
 * `etag` - ETag of the trust store.
 * `id` - ID of the trust store.
 * `number_of_ca_certificates` - Number of CA certificates in the trust store.
+* `tags_all` - A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block).
 
 ## Timeouts