Tests and docs for AWS CloudTrail "enable_logging"

Add acceptance tests for creation, enable, and disable logging.

Add option to docs and example.

builtin/providers/aws/resource_aws_cloudtrail_test.go

@@ -39,6 +39,39 @@ func TestAccAWSCloudTrail_basic(t *testing.T) {
 	})
 }
 
+func TestAccAWSCloudTrail_enable_logging(t *testing.T) {
+	var trail cloudtrail.Trail
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSCloudTrailDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSCloudTrailConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
+					testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", false, &trail),
+				),
+			},
+			resource.TestStep{
+				Config: testAccAWSCloudTrailConfigModified,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
+					testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", true, &trail),
+				),
+			},
+			resource.TestStep{
+				Config: testAccAWSCloudTrailConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudTrailExists("aws_cloudtrail.foobar", &trail),
+					testAccCheckCloudTrailLoggingEnabled("aws_cloudtrail.foobar", false, &trail),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckCloudTrailExists(n string, trail *cloudtrail.Trail) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
@@ -63,6 +96,30 @@ func testAccCheckCloudTrailExists(n string, trail *cloudtrail.Trail) resource.Te
 	}
 }
 
+func testAccCheckCloudTrailLoggingEnabled(n string, desired bool, trail *cloudtrail.Trail) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).cloudtrailconn
+		params := cloudtrail.GetTrailStatusInput{
+			Name: aws.String(rs.Primary.ID),
+		}
+		resp, err := conn.GetTrailStatus(&params)
+
+		if err != nil {
+			return err
+		}
+		if *resp.IsLogging != desired {
+			return fmt.Errorf("Logging status is incorrect")
+		}
+
+		return nil
+	}
+}
+
 func testAccCheckAWSCloudTrailDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).cloudtrailconn
 
@@ -134,6 +191,7 @@ resource "aws_cloudtrail" "foobar" {
     s3_bucket_name = "${aws_s3_bucket.foo.id}"
     s3_key_prefix = "/prefix"
     include_global_service_events = false
+    enable_logging = true
 }
 
 resource "aws_s3_bucket" "foo" {

website/source/docs/providers/aws/r/cloudtrail.html.markdown

@@ -16,6 +16,7 @@ resource "aws_cloudtrail" "foobar" {
     name = "tf-trail-foobar"
     s3_bucket_name = "${aws_s3_bucket.foo.id}"
     s3_key_prefix = "/prefix"
+    enable_logging = true
     include_global_service_events = false
 }
 
@@ -63,6 +64,7 @@ The following arguments are supported:
     endpoint to assume to write to a user’s log group.
 * `cloud_watch_logs_group_arn` - (Optional) Specifies a log group name using an Amazon Resource Name (ARN),
     that represents the log group to which CloudTrail logs will be delivered.
+* `enable_logging` - (Optional) Enables logging for the trail.  Defaults to `false`.
 * `include_global_service_events` - (Optional) Specifies whether the trail is publishing events
     from global services such as IAM to the log files. Defaults to `true`.
 * `sns_topic_name` - (Optional) Specifies the name of the Amazon SNS topic