Merge pull request #5262 from stack72/b-aws-redshift-cluster-public

provider/aws: `aws_redshift_cluster` publicly_accessible now defaults true

builtin/providers/aws/resource_aws_redshift_cluster.go

@@ -146,6 +146,7 @@ func resourceAwsRedshiftCluster() *schema.Resource {
 				Type:     schema.TypeBool,
 				Optional: true,
 				ForceNew: true,
+				Default:  true,
 			},
 
 			"encrypted": &schema.Schema{
@@ -205,6 +206,7 @@ func resourceAwsRedshiftClusterCreate(d *schema.ResourceData, meta interface{})
 		NodeType:            aws.String(d.Get("node_type").(string)),
 		DBName:              aws.String(d.Get("database_name").(string)),
 		AllowVersionUpgrade: aws.Bool(d.Get("allow_version_upgrade").(bool)),
+		PubliclyAccessible:  aws.Bool(d.Get("publicly_accessible").(bool)),
 	}
 
 	if v := d.Get("number_of_nodes").(int); v > 1 {
@@ -242,10 +244,6 @@ func resourceAwsRedshiftClusterCreate(d *schema.ResourceData, meta interface{})
 		createOpts.AutomatedSnapshotRetentionPeriod = aws.Int64(int64(v.(int)))
 	}
 
-	if v, ok := d.GetOk("publicly_accessible"); ok {
-		createOpts.PubliclyAccessible = aws.Bool(v.(bool))
-	}
-
 	if v, ok := d.GetOk("encrypted"); ok {
 		createOpts.Encrypted = aws.Bool(v.(bool))
 	}

builtin/providers/aws/resource_aws_redshift_cluster_test.go

@@ -30,6 +30,31 @@ func TestAccAWSRedshiftCluster_basic(t *testing.T) {
 					testAccCheckAWSRedshiftClusterExists("aws_redshift_cluster.default", &v),
 					resource.TestCheckResourceAttr(
 						"aws_redshift_cluster.default", "cluster_type", "single-node"),
+					resource.TestCheckResourceAttr(
+						"aws_redshift_cluster.default", "publicly_accessible", "true"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAWSRedshiftCluster_notPubliclyAccessible(t *testing.T) {
+	var v redshift.Cluster
+
+	ri := rand.New(rand.NewSource(time.Now().UnixNano())).Int()
+	config := fmt.Sprintf(testAccAWSRedshiftClusterConfig_notPubliclyAccessible, ri)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSRedshiftClusterDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSRedshiftClusterExists("aws_redshift_cluster.default", &v),
+					resource.TestCheckResourceAttr(
+						"aws_redshift_cluster.default", "publicly_accessible", "false"),
 				),
 			},
 		},
@@ -248,3 +273,65 @@ resource "aws_redshift_cluster" "default" {
   automated_snapshot_retention_period = 7
   allow_version_upgrade = false
 }`
+
+var testAccAWSRedshiftClusterConfig_notPubliclyAccessible = `
+provider "aws" {
+	region = "us-west-2"
+}
+
+resource "aws_vpc" "foo" {
+	cidr_block = "10.1.0.0/16"
+}
+
+resource "aws_internet_gateway" "foo" {
+	vpc_id = "${aws_vpc.foo.id}"
+	tags {
+		foo = "bar"
+	}
+}
+
+resource "aws_subnet" "foo" {
+	cidr_block = "10.1.1.0/24"
+	availability_zone = "us-west-2a"
+	vpc_id = "${aws_vpc.foo.id}"
+	tags {
+		Name = "tf-dbsubnet-test-1"
+	}
+}
+
+resource "aws_subnet" "bar" {
+	cidr_block = "10.1.2.0/24"
+	availability_zone = "us-west-2b"
+	vpc_id = "${aws_vpc.foo.id}"
+	tags {
+		Name = "tf-dbsubnet-test-2"
+	}
+}
+
+resource "aws_subnet" "foobar" {
+	cidr_block = "10.1.3.0/24"
+	availability_zone = "us-west-2c"
+	vpc_id = "${aws_vpc.foo.id}"
+	tags {
+		Name = "tf-dbsubnet-test-3"
+	}
+}
+
+resource "aws_redshift_subnet_group" "foo" {
+	name = "foo"
+	description = "foo description"
+	subnet_ids = ["${aws_subnet.foo.id}", "${aws_subnet.bar.id}", "${aws_subnet.foobar.id}"]
+}
+
+resource "aws_redshift_cluster" "default" {
+  cluster_identifier = "tf-redshift-cluster-%d"
+  availability_zone = "us-west-2a"
+  database_name = "mydb"
+  master_username = "foo"
+  master_password = "Mustbe8characters"
+  node_type = "dc1.large"
+  automated_snapshot_retention_period = 7
+  allow_version_upgrade = false
+  cluster_subnet_group_name = "${aws_redshift_subnet_group.foo.name}"
+  publicly_accessible = false
+}`

website/source/docs/providers/aws/r/redshift_cluster.html.markdown

@@ -50,7 +50,7 @@ string.
                                  The version selected runs on all the nodes in the cluster.
 * `allow_version_upgrade` - (Optional) If true , major version upgrades can be applied during the maintenance window to the Amazon Redshift engine that is running on the cluster. Default is true
 * `number_of_nodes` - (Optional) The number of compute nodes in the cluster. This parameter is required when the ClusterType parameter is specified as multi-node. Default is 1.
-* `publicly_accessible` - (Optional) If true , the cluster can be accessed from a public network.
+* `publicly_accessible` - (Optional) If true, the cluster can be accessed from a public network. Default is `true`.
 * `encrypted` - (Optional) If true , the data in the cluster is encrypted at rest.
 * `elastic_ip` - (Optional) The Elastic IP (EIP) address for the cluster.
 * `skip_final_snapshot` - (Optional) Determines whether a final snapshot of the cluster is created before Amazon Redshift deletes the cluster. If true , a final cluster snapshot is not created. If false , a final cluster snapshot is created before the cluster is deleted. Default is true.