resource/aws_dms_endpoint: send postgres_settings on Modify

nkk0 · nkk0 · commit dc1788967324 · 2025-09-21T17:17:22.000-06:00
Fixes a bug where ModifyEndpoint did not include `PostgreSQLSettings` when only the nested `postgres_settings` block changed (e.g. toggling `heartbeat_enable` or setting `heartbeat_schema`). Previously the Update logic only attached `PostgreSQLSettings` when top-level connection or secrets fields changed, so nested-only diffs were lost. Implementation: * Build a single `PostgreSQLSettings` object for the update. * If `postgres_settings` changed, expand and attach those fields. * If top-level connection or secrets fields changed, overlay those onto the same object and, for the non-secrets path, call `expandTopLevelConnectionInfoModify` to keep top-level fields in sync. * Ensure `EngineName` is set so DMS accepts the modify call. Tests: * Add `TestAccDMSEndpoint_PostgreSQL_settings_update` to toggle `heartbeat_enable` and set `heartbeat_schema`, verifying that nested-only changes are applied. No schema changes, no docs changes. Fixes #35834
diff --git a/.changelog/44389.txt b/.changelog/44389.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_dms_endpoint: fix ModifyEndpoint not sending `postgres_settings` when only nested fields are updated
+```
diff --git a/internal/service/dms/endpoint.go b/internal/service/dms/endpoint.go
@@ -942,29 +942,47 @@ func resourceEndpointUpdate(ctx context.Context, d *schema.ResourceData, meta an
 					}
 				}
 			case engineNameAuroraPostgresql, engineNamePostgres:
+				// Build up a single PostgreSQLSettings object so we can merge:
+				// 1) nested postgres_settings block changes and
+				// 2) connection/secrets changes (username/password/server/port/db OR secrets_manager_*)
+				var pgSettings *awstypes.PostgreSQLSettings
+
+				// If the nested postgres_settings block changed, expand it into pgSettings
+				if d.HasChange("postgres_settings") {
+					raw := d.Get("postgres_settings").([]any)
+					if len(raw) > 0 && raw[0] != nil {
+						pgSettings = expandPostgreSQLSettings(raw[0].(map[string]any))
+					}
+				}
+
+				// If connection or secrets changed, overlay those onto the same settings object
 				if d.HasChanges(
-					names.AttrUsername, names.AttrPassword, "server_name", names.AttrPort, names.AttrDatabaseName, "secrets_manager_access_role_arn",
-					"secrets_manager_arn") {
+					names.AttrUsername, names.AttrPassword, "server_name", names.AttrPort, names.AttrDatabaseName,
+					"secrets_manager_access_role_arn", "secrets_manager_arn") {
+					if pgSettings == nil {
+						pgSettings = &awstypes.PostgreSQLSettings{}
+					}
 					if _, ok := d.GetOk("secrets_manager_arn"); ok {
-						input.PostgreSQLSettings = &awstypes.PostgreSQLSettings{
-							DatabaseName:                aws.String(d.Get(names.AttrDatabaseName).(string)),
-							SecretsManagerAccessRoleArn: aws.String(d.Get("secrets_manager_access_role_arn").(string)),
-							SecretsManagerSecretId:      aws.String(d.Get("secrets_manager_arn").(string)),
-						}
+						pgSettings.SecretsManagerAccessRoleArn = aws.String(d.Get("secrets_manager_access_role_arn").(string))
+						pgSettings.SecretsManagerSecretId = aws.String(d.Get("secrets_manager_arn").(string))
+						pgSettings.DatabaseName = aws.String(d.Get(names.AttrDatabaseName).(string))
 					} else {
-						input.PostgreSQLSettings = &awstypes.PostgreSQLSettings{
-							Username:     aws.String(d.Get(names.AttrUsername).(string)),
-							Password:     aws.String(d.Get(names.AttrPassword).(string)),
-							ServerName:   aws.String(d.Get("server_name").(string)),
-							Port:         aws.Int32(int32(d.Get(names.AttrPort).(int))),
-							DatabaseName: aws.String(d.Get(names.AttrDatabaseName).(string)),
-						}
-						input.EngineName = aws.String(engineName) // Must be included (should be 'postgres')
+						pgSettings.Username = aws.String(d.Get(names.AttrUsername).(string))
+						pgSettings.Password = aws.String(d.Get(names.AttrPassword).(string))
+						pgSettings.ServerName = aws.String(d.Get("server_name").(string))
+						pgSettings.Port = aws.Int32(int32(d.Get(names.AttrPort).(int)))
+						pgSettings.DatabaseName = aws.String(d.Get(names.AttrDatabaseName).(string))
 
 						// Update connection info in top-level namespace as well
 						expandTopLevelConnectionInfoModify(d, &input)
 					}
 				}
+
+				// Attach PostgreSQLSettings and ensure EngineName is set
+				if pgSettings != nil {
+					input.PostgreSQLSettings = pgSettings
+					input.EngineName = aws.String(engineName) // should be "postgres" or "aurora-postgresql"
+				}
 			case engineNameDynamoDB:
 				if d.HasChange("service_access_role") {
 					input.DynamoDbSettings = &awstypes.DynamoDbSettings{
diff --git a/internal/service/dms/endpoint_test.go b/internal/service/dms/endpoint_test.go
@@ -1210,6 +1210,67 @@ func TestAccDMSEndpoint_PostgreSQL_settings_target(t *testing.T) {
 	})
 }
 
+func TestAccDMSEndpoint_PostgreSQL_settings_update(t *testing.T) {
+	ctx := acctest.Context(t)
+	resourceName := "aws_dms_endpoint.test"
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.DMSServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckEndpointDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				// Create with heartbeat disabled
+				Config: testAccEndpointConfig_postgreSQLHeartbeat(rName, false, ""),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckEndpointExists(ctx, resourceName),
+					resource.TestCheckResourceAttr(resourceName, "engine_name", "postgres"),
+					resource.TestCheckResourceAttr(resourceName, "postgres_settings.0.heartbeat_enable", acctest.CtFalse),
+				),
+			},
+			{
+				// Update only nested postgres_settings: enable heartbeat + set schema
+				Config: testAccEndpointConfig_postgreSQLHeartbeat(rName, true, "dms_heartbeat"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckEndpointExists(ctx, resourceName),
+					resource.TestCheckResourceAttr(resourceName, "postgres_settings.0.heartbeat_enable", acctest.CtTrue),
+					resource.TestCheckResourceAttr(resourceName, "postgres_settings.0.heartbeat_schema", "dms_heartbeat"),
+				),
+			},
+		},
+	})
+}
+
+func testAccEndpointConfig_postgreSQLHeartbeat(id string, heartbeat bool, schema string) string {
+	schemaLine := ""
+	if schema != "" {
+		schemaLine = fmt.Sprintf(`heartbeat_schema = %q`, schema)
+	}
+
+	// DMS ModifyEndpoint accepts metadata changes without validating connectivity,
+	// so placeholder connection values are sufficient for the test
+	return fmt.Sprintf(`
+resource "aws_dms_endpoint" "test" {
+  endpoint_id   = %q
+  endpoint_type = "source"
+  engine_name   = "postgres"
+
+  username      = "user"
+  password      = "pass"
+  server_name   = "example.com"
+  database_name = "postgres"
+  port          = 5432
+
+  postgres_settings {
+    heartbeat_enable = %t
+    %s
+  }
+}
+`, id, heartbeat, schemaLine)
+}
+
 func TestAccDMSEndpoint_SQLServer_basic(t *testing.T) {
 	ctx := acctest.Context(t)
 	resourceName := "aws_dms_endpoint.test"

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:bug
	`2`	+resource/aws_dms_endpoint: fix ModifyEndpoint not sending `postgres_settings` when only nested fields are updated
	`3`	+```