fms: Migrate to aws-sdk-go-v2

go.mod

@@ -85,6 +85,7 @@ require (
  github.com/aws/aws-sdk-go-v2/service/finspace v1.24.1
  github.com/aws/aws-sdk-go-v2/service/firehose v1.28.5
  github.com/aws/aws-sdk-go-v2/service/fis v1.24.2
+ github.com/aws/aws-sdk-go-v2/service/fms v1.31.4
  github.com/aws/aws-sdk-go-v2/service/glacier v1.22.4
  github.com/aws/aws-sdk-go-v2/service/groundstation v1.27.0
  github.com/aws/aws-sdk-go-v2/service/healthlake v1.23.4

go.sum

@@ -190,6 +190,8 @@ github.com/aws/aws-sdk-go-v2/service/firehose v1.28.5 h1:7h4RJRnBULtax1Tk6iSYsIP
 github.com/aws/aws-sdk-go-v2/service/firehose v1.28.5/go.mod h1:78F+4pVJf6Qlg7a34oR2I2SpM/v0EUSAL/htTZ9trg4=
 github.com/aws/aws-sdk-go-v2/service/fis v1.24.2 h1:1QesvhdcRDCJYFCuUcQ8XbBEZXRZQXrAlkPdWov07dc=
 github.com/aws/aws-sdk-go-v2/service/fis v1.24.2/go.mod h1:ISG70NA5WILagob8et1PhuyC+4lWLflITLzWWPFLXoE=
+github.com/aws/aws-sdk-go-v2/service/fms v1.31.4 h1:gY+Dp2QdphY6m5IVkETmsNauYztd62piL9az5B6rVtQ=
+github.com/aws/aws-sdk-go-v2/service/fms v1.31.4/go.mod h1:X4DjA4sm8cobhR9DtHn947+dLYxU1oWq3zwRZUmFSLo=
 github.com/aws/aws-sdk-go-v2/service/glacier v1.22.4 h1:y0/RN8LwIbyDTPe/dnDBdsCw89ko8ZNFPW4vStye4aE=
 github.com/aws/aws-sdk-go-v2/service/glacier v1.22.4/go.mod h1:8ofkOuh1SZLKR5EdfxPhQ1UgaQuCBAZzUwbeIBmeKIM=
 github.com/aws/aws-sdk-go-v2/service/groundstation v1.27.0 h1:joAdQdtfg8Yy/e5Pq5qwAe0hjH3+EJUzd1jPrlXE3SA=

internal/service/fms/admin_account.go

@@ -8,19 +8,22 @@ import (
  "log"
  "time"
 
- "github.com/aws/aws-sdk-go/aws"
- "github.com/aws/aws-sdk-go/service/fms"
- "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
+ "github.com/aws/aws-sdk-go-v2/aws"
+ "github.com/aws/aws-sdk-go-v2/service/fms"
+ awstypes "github.com/aws/aws-sdk-go-v2/service/fms/types"
+ "github.com/hashicorp/aws-sdk-go-base/v2/tfawserr"
  "github.com/hashicorp/terraform-plugin-sdk/v2/diag"
  "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
  "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
  "github.com/hashicorp/terraform-provider-aws/internal/conns"
+ "github.com/hashicorp/terraform-provider-aws/internal/enum"
+ "github.com/hashicorp/terraform-provider-aws/internal/errs"
  "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
  "github.com/hashicorp/terraform-provider-aws/internal/tfresource"
  "github.com/hashicorp/terraform-provider-aws/internal/verify"
 )
 
-// @SDKResource("aws_fms_admin_account")
+// @SDKResource("aws_fms_admin_account", name="Admin Account")
 func resourceAdminAccount() *schema.Resource {
  return &schema.Resource{
  CreateWithoutTimeout: resourceAdminAccountCreate,
@@ -50,13 +53,13 @@ func resourceAdminAccount() *schema.Resource {
 
 func resourceAdminAccountCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
  var diags diag.Diagnostics
- conn := meta.(*conns.AWSClient).FMSConn(ctx)
+ conn := meta.(*conns.AWSClient).FMSClient(ctx)
 
  // Ensure there is not an existing FMS Admin Account.
  output, err := findAdminAccount(ctx, conn)
 
  if !tfresource.NotFound(err) {
- return sdkdiag.AppendErrorf(diags, "FMS Admin Account (%s) already associated: import this Terraform resource to manage", aws.StringValue(output.AdminAccount))
+ return sdkdiag.AppendErrorf(diags, "FMS Admin Account (%s) already associated: import this Terraform resource to manage", aws.ToString(output.AdminAccount))
  }
 
  accountID := meta.(*conns.AWSClient).AccountID
@@ -75,7 +78,7 @@ func resourceAdminAccountCreate(ctx context.Context, d *schema.ResourceData, met
 
 func resourceAdminAccountRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
  var diags diag.Diagnostics
- conn := meta.(*conns.AWSClient).FMSConn(ctx)
+ conn := meta.(*conns.AWSClient).FMSClient(ctx)
 
  output, err := findAdminAccount(ctx, conn)
 
@@ -96,9 +99,13 @@ func resourceAdminAccountRead(ctx context.Context, d *schema.ResourceData, meta
 
 func resourceAdminAccountDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
  var diags diag.Diagnostics
- conn := meta.(*conns.AWSClient).FMSConn(ctx)
+ conn := meta.(*conns.AWSClient).FMSClient(ctx)
 
- _, err := conn.DisassociateAdminAccountWithContext(ctx, &fms.DisassociateAdminAccountInput{})
+ _, err := conn.DisassociateAdminAccount(ctx, &fms.DisassociateAdminAccountInput{})
+
+ if tfawserr.ErrMessageContains(err, errCodeAccessDeniedException, "No default admin could be found for account") {
+ return diags
+ }
 
  if err != nil {
  return sdkdiag.AppendErrorf(diags, "disassociating FMS Admin Account (%s): %s", d.Id(), err)
@@ -111,12 +118,12 @@ func resourceAdminAccountDelete(ctx context.Context, d *schema.ResourceData, met
  return diags
 }
 
-func findAdminAccount(ctx context.Context, conn *fms.FMS) (*fms.GetAdminAccountOutput, error) {
+func findAdminAccount(ctx context.Context, conn *fms.Client) (*fms.GetAdminAccountOutput, error) {
  input := &fms.GetAdminAccountInput{}
 
- output, err := conn.GetAdminAccountWithContext(ctx, input)
+ output, err := conn.GetAdminAccount(ctx, input)
 
- if tfawserr.ErrCodeEquals(err, fms.ErrCodeResourceNotFoundException) {
+ if errs.IsA[*awstypes.ResourceNotFoundException](err) {
  return nil, &retry.NotFoundError{
  LastError: err,
  LastRequest: input,
@@ -131,55 +138,55 @@ func findAdminAccount(ctx context.Context, conn *fms.FMS) (*fms.GetAdminAccountO
  return nil, tfresource.NewEmptyResultError(input)
  }
 
- if status := aws.StringValue(output.RoleStatus); status == fms.AccountRoleStatusDeleted {
+ if status := output.RoleStatus; status == awstypes.AccountRoleStatusDeleted {
  return nil, &retry.NotFoundError{
- Message: status,
+ Message: string(status),
  LastRequest: input,
  }
  }
 
  return output, nil
 }
 
-func statusAssociateAdminAccount(ctx context.Context, conn *fms.FMS, accountID string) retry.StateRefreshFunc {
+func statusAssociateAdminAccount(ctx context.Context, conn *fms.Client, accountID string) retry.StateRefreshFunc {
  // This is all wrapped in a StateRefreshFunc since AssociateAdminAccount returns
  // success even though it failed if called too quickly after creating an Organization.
  return func() (interface{}, string, error) {
  input := &fms.AssociateAdminAccountInput{
  AdminAccount: aws.String(accountID),
  }
 
- _, err := conn.AssociateAdminAccountWithContext(ctx, input)
+ _, err := conn.AssociateAdminAccount(ctx, input)
 
  if err != nil {
  return nil, "", err
  }
 
- output, err := conn.GetAdminAccountWithContext(ctx, &fms.GetAdminAccountInput{})
+ output, err := conn.GetAdminAccount(ctx, &fms.GetAdminAccountInput{})
 
  // FMS returns an AccessDeniedException if no account is associated,
  // but does not define this in its error codes.
- if tfawserr.ErrMessageContains(err, "AccessDeniedException", "is not currently delegated by AWS FM") {
+ if tfawserr.ErrMessageContains(err, errCodeAccessDeniedException, "is not currently delegated by AWS FM") {
  return nil, "", nil
  }
 
- if tfawserr.ErrCodeEquals(err, fms.ErrCodeResourceNotFoundException) {
+ if errs.IsA[*awstypes.ResourceNotFoundException](err) {
  return nil, "", nil
  }
 
  if err != nil {
  return nil, "", err
  }
 
- if aws.StringValue(output.AdminAccount) != accountID {
+ if aws.ToString(output.AdminAccount) != accountID {
  return nil, "", nil
  }
 
- return output, aws.StringValue(output.RoleStatus), err
+ return output, string(output.RoleStatus), err
  }
 }
 
-func statusAdminAccount(ctx context.Context, conn *fms.FMS) retry.StateRefreshFunc {
+func statusAdminAccount(ctx context.Context, conn *fms.Client) retry.StateRefreshFunc {
  return func() (interface{}, string, error) {
  output, err := findAdminAccount(ctx, conn)
 
@@ -191,17 +198,17 @@ func statusAdminAccount(ctx context.Context, conn *fms.FMS) retry.StateRefreshFu
  return nil, "", err
  }
 
- return output, aws.StringValue(output.RoleStatus), nil
+ return output, string(output.RoleStatus), nil
  }
 }
 
-func waitAdminAccountCreated(ctx context.Context, conn *fms.FMS, accountID string, timeout time.Duration) (*fms.GetAdminAccountOutput, error) {
+func waitAdminAccountCreated(ctx context.Context, conn *fms.Client, accountID string, timeout time.Duration) (*fms.GetAdminAccountOutput, error) {
  stateConf := &retry.StateChangeConf{
- Pending: []string{
- fms.AccountRoleStatusDeleted, // Recreating association can return this status.
- fms.AccountRoleStatusCreating,
- },
- Target: []string{fms.AccountRoleStatusReady},
+ Pending: enum.Slice(
+ awstypes.AccountRoleStatusDeleted, // Recreating association can return this status.
+ awstypes.AccountRoleStatusCreating,
+ ),
+ Target: enum.Slice(awstypes.AccountRoleStatusReady),
  Refresh: statusAssociateAdminAccount(ctx, conn, accountID),
  Timeout: timeout,
  Delay: 10 * time.Second,
@@ -216,13 +223,13 @@ func waitAdminAccountCreated(ctx context.Context, conn *fms.FMS, accountID strin
  return nil, err
 }
 
-func waitAdminAccountDeleted(ctx context.Context, conn *fms.FMS, timeout time.Duration) (*fms.GetAdminAccountOutput, error) {
+func waitAdminAccountDeleted(ctx context.Context, conn *fms.Client, timeout time.Duration) (*fms.GetAdminAccountOutput, error) {
  stateConf := &retry.StateChangeConf{
- Pending: []string{
- fms.AccountRoleStatusDeleting,
- fms.AccountRoleStatusPendingDeletion,
- fms.AccountRoleStatusReady,
- },
+ Pending: enum.Slice(
+ awstypes.AccountRoleStatusDeleting,
+ awstypes.AccountRoleStatusPendingDeletion,
+ awstypes.AccountRoleStatusReady,
+ ),
  Target: []string{},
  Refresh: statusAdminAccount(ctx, conn),
  Timeout: timeout,

internal/service/fms/admin_account_test.go

@@ -8,7 +8,6 @@ import (
  "fmt"
  "testing"
 
- "github.com/aws/aws-sdk-go/aws/endpoints"
  "github.com/hashicorp/terraform-plugin-testing/helper/resource"
  "github.com/hashicorp/terraform-plugin-testing/terraform"
  "github.com/hashicorp/terraform-provider-aws/internal/acctest"
@@ -25,7 +24,7 @@ func testAccAdminAccount_basic(t *testing.T) {
  resource.Test(t, resource.TestCase{
  PreCheck: func() {
  acctest.PreCheck(ctx, t)
- acctest.PreCheckRegion(t, endpoints.UsEast1RegionID)
+ acctest.PreCheckRegion(t, names.USEast1RegionID)
  acctest.PreCheckOrganizationsEnabled(ctx, t)
  acctest.PreCheckOrganizationManagementAccount(ctx, t)
  },
@@ -35,7 +34,8 @@ func testAccAdminAccount_basic(t *testing.T) {
  Steps: []resource.TestStep{
  {
  Config: testAccAdminAccountConfig_basic,
- Check: resource.ComposeTestCheckFunc(
+ Check: resource.ComposeAggregateTestCheckFunc(
+ testAccAdminAccountExists(ctx, resourceName),
  acctest.CheckResourceAttrAccountID(resourceName, "account_id"),
  ),
  },
@@ -50,7 +50,7 @@ func testAccAdminAccount_disappears(t *testing.T) {
  resource.Test(t, resource.TestCase{
  PreCheck: func() {
  acctest.PreCheck(ctx, t)
- acctest.PreCheckRegion(t, endpoints.UsEast1RegionID)
+ acctest.PreCheckRegion(t, names.USEast1RegionID)
  acctest.PreCheckOrganizationsEnabled(ctx, t)
  acctest.PreCheckOrganizationManagementAccount(ctx, t)
  },
@@ -61,6 +61,7 @@ func testAccAdminAccount_disappears(t *testing.T) {
  {
  Config: testAccAdminAccountConfig_basic,
  Check: resource.ComposeTestCheckFunc(
+ testAccAdminAccountExists(ctx, resourceName),
  acctest.CheckResourceAttrAccountID(resourceName, "account_id"),
  acctest.CheckResourceDisappears(ctx, acctest.Provider, tffms.ResourceAdminAccount(), resourceName),
  ),
@@ -72,7 +73,7 @@ func testAccAdminAccount_disappears(t *testing.T) {
 
 func testAccCheckAdminAccountDestroy(ctx context.Context) resource.TestCheckFunc {
  return func(s *terraform.State) error {
- conn := acctest.Provider.Meta().(*conns.AWSClient).FMSConn(ctx)
+ conn := acctest.Provider.Meta().(*conns.AWSClient).FMSClient(ctx)
 
  for _, rs := range s.RootModule().Resources {
  if rs.Type != "aws_fms_admin_account" {
@@ -96,6 +97,21 @@ func testAccCheckAdminAccountDestroy(ctx context.Context) resource.TestCheckFunc
  }
 }
 
+func testAccAdminAccountExists(ctx context.Context, n string) resource.TestCheckFunc {
+ return func(s *terraform.State) error {
+ _, ok := s.RootModule().Resources[n]
+ if !ok {
+ return fmt.Errorf("Not found: %s", n)
+ }
+
+ conn := acctest.Provider.Meta().(*conns.AWSClient).FMSClient(ctx)
+
+ _, err := tffms.FindAdminAccount(ctx, conn)
+
+ return err
+ }
+}
+
 const testAccAdminAccountConfig_basic = `
 data "aws_caller_identity" "current" {}
 

internal/service/fms/errors.go

@@ -0,0 +1,8 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package fms
+
+const (
+ errCodeAccessDeniedException = "AccessDeniedException"
+)

internal/service/fms/generate.go

@@ -1,7 +1,7 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0
 
-//go:generate go run ../../generate/tags/main.go -ListTags -ListTagsOp=ListTagsForResource -ListTagsInIDElem=ResourceArn -ListTagsOutTagsElem=TagList -ServiceTagsSlice -TagOp=TagResource -TagInTagsElem=TagList -TagInIDElem=ResourceArn -UpdateTags -TagType=Tag
+//go:generate go run ../../generate/tags/main.go -AWSSDKVersion=2 -ListTags -ListTagsOp=ListTagsForResource -ListTagsInIDElem=ResourceArn -ListTagsOutTagsElem=TagList -ServiceTagsSlice -TagOp=TagResource -TagInTagsElem=TagList -TagInIDElem=ResourceArn -UpdateTags -TagType=Tag
 
 //go:generate go run ../../generate/servicepackage/main.go
 // ONLY generate directives and package declaration! Do not add anything else to this file.