diff --git a/config/opensearch/config.go b/config/opensearch/config.go index 27cc716eaf..07d1d0c2e0 100644 --- a/config/opensearch/config.go +++ b/config/opensearch/config.go @@ -12,7 +12,7 @@ import ( ) // Configure adds configurations for the opensearch group. -func Configure(p *config.Provider) { +func Configure(p *config.Provider) { //nolint:gocyclo p.AddResourceConfigurator("aws_opensearch_domain", func(r *config.Resource) { config.MoveToStatus(r.TerraformResource, "access_policies") r.References["encrypt_at_rest.kms_key_id"] = config.Reference{ @@ -36,7 +36,11 @@ func Configure(p *config.Provider) { r.UseAsync = true r.TerraformCustomDiff = func(diff *terraform.InstanceDiff, _ *terraform.InstanceState, _ *terraform.ResourceConfig) (*terraform.InstanceDiff, error) { - if diff != nil && diff.Attributes != nil { + if diff == nil || diff.Empty() || diff.Destroy || diff.Attributes == nil { + return diff, nil + } + asoDiff, ok := diff.Attributes["advanced_security_options.#"] + if ok && asoDiff.Old == "" && asoDiff.New == "" && asoDiff.NewComputed { delete(diff.Attributes, "advanced_security_options.#") } return diff, nil diff --git a/examples/opensearch/v1beta1/domain-with-advanced-security-options.yaml b/examples/opensearch/v1beta1/domain-with-advanced-security-options.yaml new file mode 100644 index 0000000000..d9873ef036 --- /dev/null +++ b/examples/opensearch/v1beta1/domain-with-advanced-security-options.yaml @@ -0,0 +1,37 @@ +# SPDX-FileCopyrightText: 2024 The Crossplane Authors +# +# SPDX-License-Identifier: CC0-1.0 + +apiVersion: opensearch.aws.upbound.io/v1beta1 +kind: Domain +metadata: + annotations: + meta.upbound.io/example-id: opensearch/v1beta1/domain + labels: + testing.upbound.io/example-name: example-advanced-security-options + name: example-advanced-security-options +spec: + writeConnectionSecretToRef: + name: example-aso-domain + namespace: default + forProvider: + domainName: ${Rand.RFC1123Subdomain} + engineVersion: OpenSearch_1.0 + region: us-west-1 + advancedSecurityOptions: + - enabled: true + internalUserDatabaseEnabled: false + masterUserOptions: + - masterUserArn: arn:aws:iam::${data.aws_account_id}:user/example + nodeToNodeEncryption: + - enabled: true + encryptAtRest: + - enabled: true + domainEndpointOptions: + - enforceHttps: true + clusterConfig: + - instanceType: m4.large.search + ebsOptions: + - ebsEnabled: true + volumeType: gp2 + volumeSize: 10