resource/aws_elasticsearch_domain: Future proof new log type values in order to support the new AUDIT_LOGS log type

[reedloden]

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #15217

Release note for CHANGELOG:

ENHANCEMENTS

* resource/aws_elasticsearch_domain: Add `AUDIT_LOGS` as a possible log type [GH-15218]

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAccAWSElasticSearchDomain_LogPublishingOptions'

... [unfortunately, don't have a set up testing environment for this]

[reedloden]

Note this requires aws/aws-sdk-go v1.34.26 to actually work. #15123

[anGie44]

Hi @reedloden, thank you for creating this PR! With the SDK update we'll have to add one additional update in the "log_type" definition w/in the resource's schema as this field has a validation function in place which checks that the provided input value matches an item in the list of possible log types - currently the list of valid types includes the SDK enums:

elasticsearch.LogTypeIndexSlowLogs,
elasticsearch.LogTypeSearchSlowLogs,
elasticsearch.LogTypeEsApplicationLogs,

we could add the new "AuditLogs" enum available in the AWS Go SDK update or better yet replace the explicit string array seen here with elasticsearchdomain.LogType_Values() provided by the AWS Go SDK so that all possible values are included, making long-term maintenance a bit easier.

[bflad]

Just merged in the AWS Go SDK update so updating the validation to elasticsearchdomain.LogType_Values() will enable this now. 👍

[reedloden]

@anGie44 My late night grep mad skillz missed that somehow. My apologies! Good call on just changing this to use the LogType_Values() function (and thanks for the SDK update, @bflad). I have updated my commit. However, I don't have a good working AWS test environment to test this change, unfortunately.

[anGie44]

No worries @reedloden, changes look great! If you don't mind, I can follow-up with a commit to this PR to add acceptance testing around validating the changes to log_type 👍

[reedloden]

@anGie44 Sounds good, and many thanks!

[reedloden]

TestAccAWSElasticSearchDomain_LogPublishingOptions already tests the INDEX_SLOW_LOGS log type. Would it make sense to just convert that to a variable and loop through all four possible options to ensure they work?

[anGie44]

@reedloden, for this attribute it would be best to create a separate test as different configurations are required for the different logging types. in my initial testing, I found that AUDIT_LOGS type required AdvancedSecurityOptions configured while INDEX_SLOW_LOGS, for example, do not.

Update: updating log_type in configurations affected by #5752 (old log_publishing_options will not be removed as expected :/ )

[anGie44]

Thanks again @reedloden 🚀
Output of acceptance tests:

--- PASS: TestAccAWSElasticSearchDomain_CognitoOptionsCreateAndRemove (1692.96s)
--- PASS: TestAccAWSElasticSearchDomain_duplicate (800.39s)
--- PASS: TestAccAWSElasticSearchDomainPolicy_basic (874.70s)
--- PASS: TestAccAWSElasticSearchDomain_basic (1016.79s)
--- PASS: TestAccAWSElasticSearchDomain_LogPublishingOptions_EsApplicationLogs (1051.29s)
--- PASS: TestAccAWSElasticSearchDomain_vpc (1067.70s)
--- PASS: TestAccAWSElasticSearchDomain_v23 (1157.55s)
--- PASS: TestAccAWSElasticSearchDomain_AdvancedSecurityOptions_UserDB (1286.58s)
--- PASS: TestAccAWSElasticSearchDomain_policy (647.51s)
--- PASS: TestAccAWSElasticSearchDomain_AdvancedSecurityOptions_IAM (1552.30s)
--- PASS: TestAccAWSElasticSearchDomain_AdvancedSecurityOptions_Disabled (1652.79s)
--- PASS: TestAccAWSElasticSearchDomain_LogPublishingOptions_AuditLogs (1860.44s)
--- PASS: TestAccAWSElasticSearchDomain_LogPublishingOptions_SearchSlowLogs (1880.79s)
--- PASS: TestAccAWSElasticSearchDomain_LogPublishingOptions_IndexSlowLogs (1930.89s)
--- PASS: TestAccAWSElasticSearchDomain_encrypt_at_rest_specify_key (947.75s)
--- PASS: TestAccAWSElasticSearchDomain_encrypt_at_rest_default_key (1096.99s)
--- PASS: TestAccAWSElasticSearchDomain_tags (931.47s)
--- PASS: TestAccAWSElasticSearchDomain_NodeToNodeEncryption (961.64s)
--- PASS: TestAccAWSElasticSearchDomain_RequireHTTPS (2016.41s)
--- PASS: TestAccAWSElasticSearchDomain_complex (2074.74s)
--- PASS: TestAccAWSElasticSearchDomain_WithVolumeType_Missing (1032.62s)
--- PASS: TestAccAWSElasticSearchDomain_CognitoOptionsUpdate (2528.93s)
--- PASS: TestAccAWSElasticSearchDomain_vpc_update (2616.26s)
--- PASS: TestAccAWSElasticSearchDomain_withDedicatedMaster (3121.48s)
--- PASS: TestAccAWSElasticSearchDomain_update (2003.60s)
--- PASS: TestAccAWSElasticSearchDomain_internetToVpcEndpoint (3686.54s)
--- PASS: TestAccAWSElasticSearchDomain_update_version (3329.99s)
--- PASS: TestAccAWSElasticSearchDomain_update_volume_type (3383.02s)
--- PASS: TestAccAWSElasticSearchDomain_ClusterConfig_ZoneAwarenessConfig (5046.46s)
--- PASS: TestAccAWSElasticSearchDomain_warm (5737.54s)

[ghost]

This has been released in version 3.8.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!