Introduce accidentally dropped Plugin Framework resources (#3099)

Fixes #3081 An unfortunate interaction of schema manipulation over tags_all and how the upstream provider is written caused silent dropout of new PF based resources. WIth these changes `make tfgen` will fail loudly when this happens in the future, and the resources are now reintroduced to the provider. 5 resources in total: ``` `tags_all` attribute must not be Computed: aws_docdbelastic_cluster `tags_all` attribute must not be Computed: aws_eks_pod_identity_association `tags_all` attribute must not be Computed: aws_s3control_access_grant `tags_all` attribute must not be Computed: aws_s3control_access_grants_instance `tags_all` attribute must not be Computed: aws_s3control_access_grants_location ```
pulumi · Dec 7, 2023 · e68945c · e68945c
1 parent 1083a8b
commit e68945c
Show file tree

Hide file tree

Showing 81 changed files with 15,044 additions and 4 deletions.
diff --git a/patches/0032-Fix-job-queue-sdkv2-migration.patch b/patches/0032-Fix-job-queue-sdkv2-migration.patch
@@ -1,5 +1,11 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Anton Tayanovskyy <[email protected]>
+Date: Wed, 6 Dec 2023 23:41:21 -0500
+Subject: [PATCH 32/32] Fix job queue sdkv2 migration
+
+
 diff --git a/internal/service/batch/job_queue_schema.go b/internal/service/batch/job_queue_schema.go
-index bd19814922..11cf093ece 100644
+index 45c6b8cadc..11cf093ece 100644
 --- a/internal/service/batch/job_queue_schema.go
 +++ b/internal/service/batch/job_queue_schema.go
 @@ -92,6 +92,7 @@ func upgradeJobQueueResourceStateV0toV1(ctx context.Context, req resource.Upgrad

diff --git a/patches/0033-DisableTagSchemaCheck-for-PF-provider.patch b/patches/0033-DisableTagSchemaCheck-for-PF-provider.patch
@@ -0,0 +1,81 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Anton Tayanovskyy <[email protected]>
+Date: Wed, 6 Dec 2023 23:44:25 -0500
+Subject: [PATCH 33/33] DisableTagSchemaCheck for PF provider
+
+
+diff --git a/internal/provider/fwprovider/provider.go b/internal/provider/fwprovider/provider.go
+index acde512855..f277744dbf 100644
+--- a/internal/provider/fwprovider/provider.go
++++ b/internal/provider/fwprovider/provider.go
+@@ -408,8 +408,7 @@ func (p *fwprovider) Resources(ctx context.Context) []func() resource.Resource {
+ 			if v.Tags != nil {
+ 				// The resource has opted in to transparent tagging.
+ 				// Ensure that the schema look OK.
+-				schemaResponse := resource.SchemaResponse{}
+-				inner.Schema(ctx, resource.SchemaRequest{}, &schemaResponse)
++				schemaResponse := schemaResponseForTagsChecking(ctx, inner)
+
+ 				if v, ok := schemaResponse.Schema.Attributes[names.AttrTags]; ok {
+ 					if v.IsComputed() {
+diff --git a/internal/provider/fwprovider/provider_tagscheck.go b/internal/provider/fwprovider/provider_tagscheck.go
+new file mode 100644
+index 0000000000..f790acb4e2
+--- /dev/null
++++ b/internal/provider/fwprovider/provider_tagscheck.go
+@@ -0,0 +1,43 @@
++package fwprovider
++
++import (
++	"context"
++
++	"github.com/hashicorp/terraform-plugin-framework/resource"
++	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
++
++	"github.com/hashicorp/terraform-provider-aws/names"
++)
++
++type disableTagsSchemaCheckKey struct{}
++
++func DisableTagSchemaCheck(ctx context.Context) context.Context {
++	return context.WithValue(ctx, disableTagsSchemaCheckKey{}, true)
++}
++
++func schemaResponseForTagsChecking(
++	ctx context.Context,
++	r resource.ResourceWithConfigure,
++) *resource.SchemaResponse {
++	flag := ctx.Value(disableTagsSchemaCheckKey{})
++	switch flag := flag.(type) {
++	case bool:
++		if flag {
++			return &resource.SchemaResponse{
++				Schema: schema.Schema{
++					Attributes: map[string]schema.Attribute{
++						names.AttrTags: schema.MapAttribute{
++							Computed: true,
++						},
++						names.AttrTagsAll: schema.MapAttribute{
++							Computed: false,
++						},
++					},
++				},
++			}
++		}
++	}
++	var resp resource.SchemaResponse
++	r.Schema(ctx, resource.SchemaRequest{}, &resp)
++	return &resp
++}
+diff --git a/shim/shim.go b/shim/shim.go
+index 00297dbe77..9ef51a5245 100644
+--- a/shim/shim.go
++++ b/shim/shim.go
+@@ -18,6 +18,7 @@ type UpstreamProvider struct {
+ }
+
+ func NewUpstreamProvider(ctx context.Context) (UpstreamProvider, error) {
++	ctx = fwprovider.DisableTagSchemaCheck(ctx)
+ 	primary, err := provider.New(provider.DisableTagSchemaCheck(ctx))
+ 	if err != nil {
+ 		return UpstreamProvider{}, err
diff --git a/patches/0034-Run-scripts-patch_computed_only.sh-to-patch-eks-pod_.patch b/patches/0034-Run-scripts-patch_computed_only.sh-to-patch-eks-pod_.patch
@@ -0,0 +1,72 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Anton Tayanovskyy <[email protected]>
+Date: Thu, 7 Dec 2023 00:05:40 -0500
+Subject: [PATCH 34/34] Run scripts/patch_computed_only.sh to patch
+ eks/pod_identity_association and more
+
+
+diff --git a/internal/service/docdbelastic/cluster.go b/internal/service/docdbelastic/cluster.go
+index 31b2fbe18f..aa6820adf4 100644
+--- a/internal/service/docdbelastic/cluster.go
++++ b/internal/service/docdbelastic/cluster.go
+@@ -127,7 +127,7 @@ func (r *resourceCluster) Schema(ctx context.Context, _ resource.SchemaRequest,
+ 				},
+ 			},
+ 			names.AttrTags:    tftags.TagsAttribute(),
+-			names.AttrTagsAll: tftags.TagsAttributeComputedOnly(),
++			names.AttrTagsAll: tftags.TagsAttribute(),
+ 			"vpc_security_group_ids": schema.SetAttribute{
+ 				ElementType: types.StringType,
+ 				Optional:    true,
+diff --git a/internal/service/eks/pod_identity_association.go b/internal/service/eks/pod_identity_association.go
+index b5f6e46d2b..98c3f91956 100644
+--- a/internal/service/eks/pod_identity_association.go
++++ b/internal/service/eks/pod_identity_association.go
+@@ -105,7 +105,7 @@ func (r *podIdentityAssociationResource) Schema(ctx context.Context, req resourc
+ 				},
+ 			},
+ 			names.AttrTags:    tftags.TagsAttribute(),
+-			names.AttrTagsAll: tftags.TagsAttributeComputedOnly(),
++			names.AttrTagsAll: tftags.TagsAttribute(),
+ 		},
+ 	}
+ }
+diff --git a/internal/service/s3control/access_grant.go b/internal/service/s3control/access_grant.go
+index f2963c92a6..d93b539ff2 100644
+--- a/internal/service/s3control/access_grant.go
++++ b/internal/service/s3control/access_grant.go
+@@ -103,7 +103,7 @@ func (r *accessGrantResource) Schema(ctx context.Context, request resource.Schem
+ 				},
+ 			},
+ 			names.AttrTags:    tftags.TagsAttribute(),
+-			names.AttrTagsAll: tftags.TagsAttributeComputedOnly(),
++			names.AttrTagsAll: tftags.TagsAttribute(),
+ 		},
+ 		Blocks: map[string]schema.Block{
+ 			"access_grants_location_configuration": schema.ListNestedBlock{
+diff --git a/internal/service/s3control/access_grants_instance.go b/internal/service/s3control/access_grants_instance.go
+index 8adcc8ce67..ceb5336ce9 100644
+--- a/internal/service/s3control/access_grants_instance.go
++++ b/internal/service/s3control/access_grants_instance.go
+@@ -82,7 +82,7 @@ func (r *accessGrantsInstanceResource) Schema(ctx context.Context, request resou
+ 				Optional:   true,
+ 			},
+ 			names.AttrTags:    tftags.TagsAttribute(),
+-			names.AttrTagsAll: tftags.TagsAttributeComputedOnly(),
++			names.AttrTagsAll: tftags.TagsAttribute(),
+ 		},
+ 	}
+ }
+diff --git a/internal/service/s3control/access_grants_location.go b/internal/service/s3control/access_grants_location.go
+index f45d59078b..bead9b4bb9 100644
+--- a/internal/service/s3control/access_grants_location.go
++++ b/internal/service/s3control/access_grants_location.go
+@@ -84,7 +84,7 @@ func (r *accessGrantsLocationResource) Schema(ctx context.Context, request resou
+ 			},
+ 			names.AttrID:      framework.IDAttribute(),
+ 			names.AttrTags:    tftags.TagsAttribute(),
+-			names.AttrTagsAll: tftags.TagsAttributeComputedOnly(),
++			names.AttrTagsAll: tftags.TagsAttribute(),
+ 		},
+ 	}
+ }
diff --git a/patches/0035-Fail-fast-when-PF-resources-are-dropped.patch b/patches/0035-Fail-fast-when-PF-resources-are-dropped.patch
@@ -0,0 +1,21 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Anton Tayanovskyy <[email protected]>
+Date: Thu, 7 Dec 2023 00:18:14 -0500
+Subject: [PATCH 35/35] Fail fast when PF resources are dropped
+
+
+diff --git a/internal/provider/fwprovider/provider.go b/internal/provider/fwprovider/provider.go
+index f277744dbf..00c69b64b5 100644
+--- a/internal/provider/fwprovider/provider.go
++++ b/internal/provider/fwprovider/provider.go
+@@ -439,9 +439,7 @@ func (p *fwprovider) Resources(ctx context.Context) []func() resource.Resource {
+ 	}
+
+ 	if err := errors.Join(errs...); err != nil {
+-		tflog.Warn(ctx, "registering resources", map[string]interface{}{
+-			"error": err.Error(),
+-		})
++		panic(err)
+ 	}
+
+ 	return resources
diff --git a/provider/cmd/pulumi-resource-aws/bridge-metadata.json b/provider/cmd/pulumi-resource-aws/bridge-metadata.json
@@ -7964,6 +7964,18 @@
                     }
                 }
             },
+            "aws_docdbelastic_cluster": {
+                "current": "aws:docdb/elasticCluster:ElasticCluster",
+                "majorVersion": 6,
+                "fields": {
+                    "subnet_ids": {
+                        "maxItemsOne": false
+                    },
+                    "vpc_security_group_ids": {
+                        "maxItemsOne": false
+                    }
+                }
+            },
             "aws_dx_bgp_peer": {
                 "current": "aws:directconnect/bgpPeer:BgpPeer",
                 "majorVersion": 6
@@ -9437,6 +9449,10 @@
                     }
                 }
             },
+            "aws_eks_pod_identity_association": {
+                "current": "aws:eks/podIdentityAssociation:PodIdentityAssociation",
+                "majorVersion": 6
+            },
             "aws_elastic_beanstalk_application": {
                 "current": "aws:elasticbeanstalk/application:Application",
                 "majorVersion": 6,
@@ -148364,10 +148380,30 @@
                     }
                 }
             },
+            "aws_s3control_access_grant": {
+                "current": "aws:s3control/accessGrant:AccessGrant",
+                "majorVersion": 6,
+                "fields": {
+                    "access_grants_location_configuration": {
+                        "maxItemsOne": true
+                    },
+                    "grantee": {
+                        "maxItemsOne": true
+                    }
+                }
+            },
+            "aws_s3control_access_grants_instance": {
+                "current": "aws:s3control/accessGrantsInstance:AccessGrantsInstance",
+                "majorVersion": 6
+            },
             "aws_s3control_access_grants_instance_resource_policy": {
                 "current": "aws:s3control/accessGrantsInstanceResourcePolicy:AccessGrantsInstanceResourcePolicy",
                 "majorVersion": 6
             },
+            "aws_s3control_access_grants_location": {
+                "current": "aws:s3control/accessGrantsLocation:AccessGrantsLocation",
+                "majorVersion": 6
+            },
             "aws_s3control_access_point_policy": {
                 "current": "aws:s3control/accessPointPolicy:AccessPointPolicy",
                 "majorVersion": 6
@@ -220906,6 +220942,7 @@
             "aws:docdb/clusterInstance:ClusterInstance": 0,
             "aws:docdb/clusterParameterGroup:ClusterParameterGroup": 0,
             "aws:docdb/clusterSnapshot:ClusterSnapshot": 0,
+            "aws:docdb/elasticCluster:ElasticCluster": 1,
             "aws:docdb/eventSubscription:EventSubscription": 0,
             "aws:docdb/globalCluster:GlobalCluster": 0,
             "aws:docdb/subnetGroup:SubnetGroup": 0,
@@ -221067,6 +221104,7 @@
             "aws:eks/fargateProfile:FargateProfile": 0,
             "aws:eks/identityProviderConfig:IdentityProviderConfig": 0,
             "aws:eks/nodeGroup:NodeGroup": 0,
+            "aws:eks/podIdentityAssociation:PodIdentityAssociation": 1,
             "aws:elasticache/cluster:Cluster": 0,
             "aws:elasticache/globalReplicationGroup:GlobalReplicationGroup": 0,
             "aws:elasticache/parameterGroup:ParameterGroup": 0,
@@ -221596,7 +221634,10 @@
             "aws:s3/directoryBucket:DirectoryBucket": 1,
             "aws:s3/inventory:Inventory": 0,
             "aws:s3/objectCopy:ObjectCopy": 0,
+            "aws:s3control/accessGrant:AccessGrant": 1,
+            "aws:s3control/accessGrantsInstance:AccessGrantsInstance": 1,
             "aws:s3control/accessGrantsInstanceResourcePolicy:AccessGrantsInstanceResourcePolicy": 1,
+            "aws:s3control/accessGrantsLocation:AccessGrantsLocation": 1,
             "aws:s3control/accessPointPolicy:AccessPointPolicy": 0,
             "aws:s3control/bucket:Bucket": 0,
             "aws:s3control/bucketLifecycleConfiguration:BucketLifecycleConfiguration": 0,
@@ -222733,6 +222774,7 @@
             "aws:docdb/clusterInstance:ClusterInstance": "aws_docdb_cluster_instance",
             "aws:docdb/clusterParameterGroup:ClusterParameterGroup": "aws_docdb_cluster_parameter_group",
             "aws:docdb/clusterSnapshot:ClusterSnapshot": "aws_docdb_cluster_snapshot",
+            "aws:docdb/elasticCluster:ElasticCluster": "aws_docdbelastic_cluster",
             "aws:docdb/eventSubscription:EventSubscription": "aws_docdb_event_subscription",
             "aws:docdb/globalCluster:GlobalCluster": "aws_docdb_global_cluster",
             "aws:docdb/subnetGroup:SubnetGroup": "aws_docdb_subnet_group",
@@ -222894,6 +222936,7 @@
             "aws:eks/fargateProfile:FargateProfile": "aws_eks_fargate_profile",
             "aws:eks/identityProviderConfig:IdentityProviderConfig": "aws_eks_identity_provider_config",
             "aws:eks/nodeGroup:NodeGroup": "aws_eks_node_group",
+            "aws:eks/podIdentityAssociation:PodIdentityAssociation": "aws_eks_pod_identity_association",
             "aws:elasticache/cluster:Cluster": "aws_elasticache_cluster",
             "aws:elasticache/globalReplicationGroup:GlobalReplicationGroup": "aws_elasticache_global_replication_group",
             "aws:elasticache/parameterGroup:ParameterGroup": "aws_elasticache_parameter_group",
@@ -223423,7 +223466,10 @@
             "aws:s3/directoryBucket:DirectoryBucket": "aws_s3_directory_bucket",
             "aws:s3/inventory:Inventory": "aws_s3_bucket_inventory",
             "aws:s3/objectCopy:ObjectCopy": "aws_s3_object_copy",
+            "aws:s3control/accessGrant:AccessGrant": "aws_s3control_access_grant",
+            "aws:s3control/accessGrantsInstance:AccessGrantsInstance": "aws_s3control_access_grants_instance",
             "aws:s3control/accessGrantsInstanceResourcePolicy:AccessGrantsInstanceResourcePolicy": "aws_s3control_access_grants_instance_resource_policy",
+            "aws:s3control/accessGrantsLocation:AccessGrantsLocation": "aws_s3control_access_grants_location",
             "aws:s3control/accessPointPolicy:AccessPointPolicy": "aws_s3control_access_point_policy",
             "aws:s3control/bucket:Bucket": "aws_s3control_bucket",
             "aws:s3control/bucketLifecycleConfiguration:BucketLifecycleConfiguration": "aws_s3control_bucket_lifecycle_configuration",
@@ -232515,6 +232561,18 @@
                 "storageEncrypted": "storage_encrypted",
                 "vpcId": "vpc_id"
             },
+            "aws:docdb/elasticCluster:ElasticCluster": {
+                "adminUserName": "admin_user_name",
+                "adminUserPassword": "admin_user_password",
+                "authType": "auth_type",
+                "kmsKeyId": "kms_key_id",
+                "preferredMaintenanceWindow": "preferred_maintenance_window",
+                "shardCapacity": "shard_capacity",
+                "shardCount": "shard_count",
+                "subnetIds": "subnet_ids",
+                "tagsAll": "tags_all",
+                "vpcSecurityGroupIds": "vpc_security_group_ids"
+            },
             "aws:docdb/eventSubscription:EventSubscription": {
                 "customerAwsId": "customer_aws_id",
                 "eventCategories": "event_categories",
@@ -236810,6 +236868,14 @@
                 "taints": "taint",
                 "updateConfig": "update_config"
             },
+            "aws:eks/podIdentityAssociation:PodIdentityAssociation": {
+                "associationArn": "association_arn",
+                "associationId": "association_id",
+                "clusterName": "cluster_name",
+                "roleArn": "role_arn",
+                "serviceAccount": "service_account",
+                "tagsAll": "tags_all"
+            },
             "aws:elasticache/ClusterCacheNode:ClusterCacheNode": {
                 "availabilityZone": "availability_zone",
                 "outpostArn": "outpost_arn"
@@ -249996,6 +250062,13 @@
                 "versionId": "version_id",
                 "websiteRedirect": "website_redirect"
             },
+            "aws:s3control/AccessGrantAccessGrantsLocationConfiguration:AccessGrantAccessGrantsLocationConfiguration": {
+                "s3SubPrefix": "s3_sub_prefix"
+            },
+            "aws:s3control/AccessGrantGrantee:AccessGrantGrantee": {
+                "granteeIdentifier": "grantee_identifier",
+                "granteeType": "grantee_type"
+            },
             "aws:s3control/BucketLifecycleConfigurationRule:BucketLifecycleConfigurationRule": {
                 "abortIncompleteMultipartUpload": "abort_incomplete_multipart_upload"
             },
@@ -250078,9 +250151,35 @@
             "aws:s3control/StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionSseKms:StorageLensConfigurationStorageLensConfigurationDataExportS3BucketDestinationEncryptionSseKms": {
                 "keyId": "key_id"
             },
+            "aws:s3control/accessGrant:AccessGrant": {
+                "accessGrantArn": "access_grant_arn",
+                "accessGrantId": "access_grant_id",
+                "accessGrantsLocationConfiguration": "access_grants_location_configuration",
+                "accessGrantsLocationId": "access_grants_location_id",
+                "accountId": "account_id",
+                "grantScope": "grant_scope",
+                "s3PrefixType": "s3_prefix_type",
+                "tagsAll": "tags_all"
+            },
+            "aws:s3control/accessGrantsInstance:AccessGrantsInstance": {
+                "accessGrantsInstanceArn": "access_grants_instance_arn",
+                "accessGrantsInstanceId": "access_grants_instance_id",
+                "accountId": "account_id",
+                "identityCenterApplicationArn": "identity_center_application_arn",
+                "identityCenterArn": "identity_center_arn",
+                "tagsAll": "tags_all"
+            },
             "aws:s3control/accessGrantsInstanceResourcePolicy:AccessGrantsInstanceResourcePolicy": {
                 "accountId": "account_id"
             },
+            "aws:s3control/accessGrantsLocation:AccessGrantsLocation": {
+                "accessGrantsLocationArn": "access_grants_location_arn",
+                "accessGrantsLocationId": "access_grants_location_id",
+                "accountId": "account_id",
+                "iamRoleArn": "iam_role_arn",
+                "locationScope": "location_scope",
+                "tagsAll": "tags_all"
+            },
             "aws:s3control/accessPointPolicy:AccessPointPolicy": {
                 "accessPointArn": "access_point_arn",
                 "hasPublicAccessPolicy": "has_public_access_policy"

diff --git a/provider/cmd/pulumi-resource-aws/runtime-bridge-metadata.json b/provider/cmd/pulumi-resource-aws/runtime-bridge-metadata.json