Merge pull request #39206 from prestonprice57/f-update-cloudhsm-clust…

…er-type

Add hsm2m.medium as valid type for hsm_type on aws_cloudhsm_v2_cluster

.changelog/39206.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+resource/aws_cloudhsm_v2_cluster: Support `hsm2m.medium` as a valid value for `hsm_type`
+```
+
+```release-note:enhancement
+resource/aws_cloudhsm_v2_cluster: Add `mode` argument
+```

internal/service/cloudhsmv2/cloudhsmv2_test.go

@@ -17,6 +17,7 @@ func TestAccCloudHSMV2_serial(t *testing.T) {
  acctest.CtBasic: testAccCluster_basic,
  acctest.CtDisappears: testAccCluster_disappears,
  "tags": testAccCluster_tags,
+ "hsmType": testAccCluster_hsmType,
  },
  "Hsm": {
  "availabilityZone": testAccHSM_AvailabilityZone,

internal/service/cloudhsmv2/cluster.go

@@ -88,7 +88,14 @@ func resourceCluster() *schema.Resource {
  Type: schema.TypeString,
  Required: true,
  ForceNew: true,
- ValidateFunc: validation.StringInSlice([]string{"hsm1.medium"}, false),
+ ValidateFunc: validation.StringInSlice([]string{"hsm1.medium", "hsm2m.medium"}, false),
+ },
+ names.AttrMode: {
+ Type: schema.TypeString,
+ Optional: true,
+ Computed: true,
+ ForceNew: true,
+ ValidateDiagFunc: enum.Validate[types.ClusterMode](),
  },
  "security_group_id": {
  Type: schema.TypeString,
@@ -127,6 +134,10 @@ func resourceClusterCreate(ctx context.Context, d *schema.ResourceData, meta int
  TagList: getTagsIn(ctx),
  }
 
+ if v, ok := d.GetOk(names.AttrMode); ok && v != "" {
+ input.Mode = types.ClusterMode(v.(string))
+ }
+
  if v, ok := d.GetOk("source_backup_identifier"); ok {
  input.SourceBackupId = aws.String(v.(string))
  }
@@ -173,6 +184,7 @@ func resourceClusterRead(ctx context.Context, d *schema.ResourceData, meta inter
  d.Set("cluster_id", cluster.ClusterId)
  d.Set("cluster_state", cluster.State)
  d.Set("hsm_type", cluster.HsmType)
+ d.Set(names.AttrMode, cluster.Mode)
  d.Set("security_group_id", cluster.SecurityGroup)
  d.Set("source_backup_identifier", cluster.SourceBackupId)
  d.Set(names.AttrSubnetIDs, tfmaps.Values(cluster.SubnetMapping))

internal/service/cloudhsmv2/cluster_test.go

@@ -38,6 +38,7 @@ func testAccCluster_basic(t *testing.T) {
  resource.TestMatchResourceAttr(resourceName, "cluster_id", regexache.MustCompile(`^cluster-.+`)),
  resource.TestCheckResourceAttr(resourceName, "cluster_state", string(types.ClusterStateUninitialized)),
  resource.TestCheckResourceAttr(resourceName, "hsm_type", "hsm1.medium"),
+ resource.TestCheckResourceAttr(resourceName, names.AttrMode, "FIPS"),
  resource.TestMatchResourceAttr(resourceName, "security_group_id", regexache.MustCompile(`^sg-.+`)),
  resource.TestCheckResourceAttr(resourceName, "source_backup_identifier", ""),
  resource.TestCheckResourceAttr(resourceName, "subnet_ids.#", acctest.Ct2),
@@ -126,6 +127,35 @@ func testAccCluster_tags(t *testing.T) {
  })
 }
 
+func testAccCluster_hsmType(t *testing.T) {
+ ctx := acctest.Context(t)
+ resourceName := "aws_cloudhsm_v2_cluster.test"
+ rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { acctest.PreCheck(ctx, t) },
+ ErrorCheck: acctest.ErrorCheck(t, names.CloudHSMV2ServiceID),
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+ CheckDestroy: testAccCheckClusterDestroy(ctx),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccClusterConfig_hsm2m_medium(rName),
+ Check: resource.ComposeAggregateTestCheckFunc(
+ testAccCheckClusterExists(ctx, resourceName),
+ resource.TestCheckResourceAttr(resourceName, "hsm_type", "hsm2m.medium"),
+ resource.TestCheckResourceAttr(resourceName, names.AttrMode, "NON_FIPS"),
+ ),
+ },
+ {
+ ResourceName: resourceName,
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"cluster_certificates"},
+ },
+ },
+ })
+}
+
 func testAccCheckClusterDestroy(ctx context.Context) resource.TestCheckFunc {
  return func(s *terraform.State) error {
  conn := acctest.Provider.Meta().(*conns.AWSClient).CloudHSMV2Client(ctx)
@@ -180,6 +210,16 @@ resource "aws_cloudhsm_v2_cluster" "test" {
 `)
 }
 
+func testAccClusterConfig_hsm2m_medium(rName string) string {
+ return acctest.ConfigCompose(testAccClusterConfig_base(rName), `
+resource "aws_cloudhsm_v2_cluster" "test" {
+ hsm_type = "hsm2m.medium"
+ mode = "NON_FIPS"
+ subnet_ids = aws_subnet.test[*].id
+}
+`)
+}
+
 func testAccClusterConfig_tags1(rName, tagKey1, tagValue1 string) string {
  return acctest.ConfigCompose(testAccClusterConfig_base(rName), fmt.Sprintf(`
 resource "aws_cloudhsm_v2_cluster" "test" {

website/docs/cdktf/python/r/cloudhsm_v2_cluster.html.markdown

@@ -83,7 +83,8 @@ class MyConvertedCode(TerraformStack):
 This resource supports the following arguments:
 
 * `source_backup_identifier` - (Optional) ID of Cloud HSM v2 cluster backup to be restored.
-* `hsm_type` - (Required) The type of HSM module in the cluster. Currently, only `hsm1.medium` is supported.
+* `hsm_type` - (Required) The type of HSM module in the cluster. Currently, `hsm1.medium` and `hsm2m.medium` are supported.
+* `mode` - (Optional) The mode to use in the cluster. The allowed values are `FIPS` and `NON_FIPS`. This field is required if `hsm_type` is `hsm2m.medium`.
 * `subnet_ids` - (Required) The IDs of subnets in which cluster will operate.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 

website/docs/cdktf/typescript/r/cloudhsm_v2_cluster.html.markdown

@@ -90,7 +90,8 @@ class MyConvertedCode extends TerraformStack {
 This resource supports the following arguments:
 
 * `sourceBackupIdentifier` - (Optional) ID of Cloud HSM v2 cluster backup to be restored.
-* `hsmType` - (Required) The type of HSM module in the cluster. Currently, only `hsm1.medium` is supported.
+* `hsmType` - (Required) The type of HSM module in the cluster. Currently, `hsm1.medium` and `hsm2m.medium` are supported.
+* `mode` - (Optional) The mode to use in the cluster. The allowed values are `FIPS` and `NON_FIPS`. This field is required if `hsm_type` is `hsm2m.medium`.
 * `subnetIds` - (Required) The IDs of subnets in which cluster will operate.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`defaultTags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 

website/docs/r/cloudhsm_v2_cluster.html.markdown

@@ -65,8 +65,9 @@ resource "aws_cloudhsm_v2_cluster" "cloudhsm_v2_cluster" {
 This resource supports the following arguments:
 
 * `source_backup_identifier` - (Optional) ID of Cloud HSM v2 cluster backup to be restored.
-* `hsm_type` - (Required) The type of HSM module in the cluster. Currently, only `hsm1.medium` is supported.
+* `hsm_type` - (Required) The type of HSM module in the cluster. Currently, `hsm1.medium` and `hsm2m.medium` are supported.
 * `subnet_ids` - (Required) The IDs of subnets in which cluster will operate.
+* `mode` - (Optional) The mode to use in the cluster. The allowed values are `FIPS` and `NON_FIPS`. This field is required if `hsm_type` is `hsm2m.medium`.
 * `tags` - (Optional) A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.
 
 ## Attribute Reference