Add aws_rdsdata_query action

psantus · psantus · commit 09e482838004 · 2025-11-26T18:01:48.000+01:00
diff --git a/internal/service/rdsdata/query_action.go b/internal/service/rdsdata/query_action.go
@@ -0,0 +1,180 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package rdsdata
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/aws/aws-sdk-go-v2/service/rdsdata"
+	"github.com/aws/aws-sdk-go-v2/service/rdsdata/types"
+	"github.com/hashicorp/terraform-plugin-framework/action"
+	"github.com/hashicorp/terraform-plugin-framework/action/schema"
+	fwtypes2 "github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	"github.com/hashicorp/terraform-provider-aws/internal/conns"
+	"github.com/hashicorp/terraform-provider-aws/internal/framework"
+	fwtypes "github.com/hashicorp/terraform-provider-aws/internal/framework/types"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+// @Action(aws_rdsdata_query, name="RDS Data Query")
+func newQueryAction(_ context.Context) (action.ActionWithConfigure, error) {
+	return &queryAction{}, nil
+}
+
+// NewQueryAction creates a new query action for testing
+func NewQueryAction(ctx context.Context) (action.ActionWithConfigure, error) {
+	return newQueryAction(ctx)
+}
+
+var (
+	_ action.Action = (*queryAction)(nil)
+)
+
+type queryAction struct {
+	framework.ActionWithModel[queryActionModel]
+	client *rdsdata.Client
+}
+
+type queryActionModel struct {
+	framework.WithRegionModel
+	ResourceArn           fwtypes2.String                                    `tfsdk:"resource_arn"`
+	SecretArn             fwtypes2.String                                    `tfsdk:"secret_arn"`
+	SQL                   fwtypes2.String                                    `tfsdk:"sql"`
+	Database              fwtypes2.String                                    `tfsdk:"database"`
+	Parameters            fwtypes.ListNestedObjectValueOf[sqlParameterModel] `tfsdk:"parameters"`
+	IncludeResultMetadata fwtypes2.Bool                                      `tfsdk:"include_result_metadata"`
+}
+
+type sqlParameterModel struct {
+	Name  fwtypes2.String `tfsdk:"name"`
+	Value fwtypes2.String `tfsdk:"value"`
+}
+
+func (a *queryAction) Schema(ctx context.Context, req action.SchemaRequest, resp *action.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		Description: "Executes SQL queries against Aurora Serverless clusters using RDS Data API",
+		Attributes: map[string]schema.Attribute{
+			names.AttrResourceARN: schema.StringAttribute{
+				Description: "ARN of the Aurora Serverless cluster",
+				Required:    true,
+			},
+			"secret_arn": schema.StringAttribute{
+				Description: "ARN of the Secrets Manager secret containing database credentials",
+				Required:    true,
+			},
+			"sql": schema.StringAttribute{
+				Description: "SQL statement to execute",
+				Required:    true,
+			},
+			names.AttrDatabase: schema.StringAttribute{
+				Description: "Name of the database",
+				Optional:    true,
+			},
+			"include_result_metadata": schema.BoolAttribute{
+				Description: "Include column metadata in query results",
+				Optional:    true,
+			},
+		},
+		Blocks: map[string]schema.Block{
+			names.AttrParameters: schema.ListNestedBlock{
+				Description: "SQL parameters for prepared statements",
+				CustomType:  fwtypes.NewListNestedObjectTypeOf[sqlParameterModel](ctx),
+				NestedObject: schema.NestedBlockObject{
+					Attributes: map[string]schema.Attribute{
+						names.AttrName: schema.StringAttribute{
+							Description: "Parameter name",
+							Required:    true,
+						},
+						names.AttrValue: schema.StringAttribute{
+							Description: "Parameter value",
+							Required:    true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func (a *queryAction) Configure(ctx context.Context, req action.ConfigureRequest, resp *action.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	meta, ok := req.ProviderData.(*conns.AWSClient)
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Action Configure Type",
+			fmt.Sprintf("Expected *conns.AWSClient, got: %T", req.ProviderData),
+		)
+		return
+	}
+
+	a.client = meta.RDSDataClient(ctx)
+}
+
+func (a *queryAction) Invoke(ctx context.Context, req action.InvokeRequest, resp *action.InvokeResponse) {
+	var model queryActionModel
+	resp.Diagnostics.Append(req.Config.Get(ctx, &model)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Info(ctx, "Starting RDS Data query execution", map[string]any{
+		names.AttrResourceARN: model.ResourceArn.ValueString(),
+		"sql_length":          len(model.SQL.ValueString()),
+	})
+
+	resp.SendProgress(action.InvokeProgressEvent{
+		Message: "Executing SQL query...",
+	})
+
+	input := rdsdata.ExecuteStatementInput{
+		ResourceArn: model.ResourceArn.ValueStringPointer(),
+		SecretArn:   model.SecretArn.ValueStringPointer(),
+		Sql:         model.SQL.ValueStringPointer(),
+	}
+
+	if !model.Database.IsNull() {
+		input.Database = model.Database.ValueStringPointer()
+	}
+
+	if !model.IncludeResultMetadata.IsNull() {
+		input.IncludeResultMetadata = model.IncludeResultMetadata.ValueBool()
+	}
+
+	if !model.Parameters.IsNull() {
+		var params []sqlParameterModel
+		resp.Diagnostics.Append(model.Parameters.ElementsAs(ctx, &params, false)...)
+		if resp.Diagnostics.HasError() {
+			return
+		}
+
+		var sqlParams []types.SqlParameter
+		for _, param := range params {
+			sqlParams = append(sqlParams, types.SqlParameter{
+				Name:  param.Name.ValueStringPointer(),
+				Value: &types.FieldMemberStringValue{Value: param.Value.ValueString()},
+			})
+		}
+		input.Parameters = sqlParams
+	}
+
+	output, err := a.client.ExecuteStatement(ctx, &input)
+	if err != nil {
+		resp.Diagnostics.AddError("SQL Execution Failed", err.Error())
+		return
+	}
+
+	resp.SendProgress(action.InvokeProgressEvent{
+		Message: fmt.Sprintf("Query executed successfully. Records affected: %d", output.NumberOfRecordsUpdated),
+	})
+
+	tflog.Info(ctx, "RDS Data query completed successfully", map[string]any{
+		"records_updated": output.NumberOfRecordsUpdated,
+		"has_records":     len(output.Records) > 0,
+	})
+}
diff --git a/internal/service/rdsdata/query_action_test.go b/internal/service/rdsdata/query_action_test.go
@@ -0,0 +1,39 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package rdsdata_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-aws/internal/acctest"
+	"github.com/hashicorp/terraform-provider-aws/names"
+)
+
+func TestAccRDSDataQueryAction_basic(t *testing.T) {
+	ctx := acctest.Context(t)
+	rName := acctest.RandomWithPrefix(t, acctest.ResourcePrefix)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, names.RDSDataServiceID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccQueryActionConfig_basic(rName),
+			},
+		},
+	})
+}
+
+func testAccQueryActionConfig_basic(rName string) string {
+	return acctest.ConfigCompose(testAccQueryDataSourceConfig_base(rName), `
+resource "aws_rdsdata_query" "test" {
+  depends_on   = [aws_rds_cluster_instance.test]
+  resource_arn = aws_rds_cluster.test.arn
+  secret_arn   = aws_secretsmanager_secret_version.test.arn
+  sql          = "SELECT 1"
+}
+`)
+}
diff --git a/internal/service/rdsdata/service_package_gen.go b/internal/service/rdsdata/service_package_gen.go
diff --git a/website/docs/actions/rdsdata_query.html.markdown b/website/docs/actions/rdsdata_query.html.markdown
@@ -0,0 +1,132 @@
+---
+subcategory: "RDS (Relational Database)"
+layout: "aws"
+page_title: "AWS: aws_rdsdata_query"
+description: |-
+  Executes SQL queries against Aurora Serverless databases using the RDS Data API.
+---
+
+# Action: aws_rdsdata_query
+
+~> **Note:** `aws_rdsdata_query` is in beta. Its interface and behavior may change as the feature evolves, and breaking changes are possible. It is offered as a technical preview without compatibility guarantees until Terraform 1.14 is generally available.
+
+Executes SQL queries against Aurora Serverless databases using the RDS Data API. This action allows for imperative SQL execution with support for parameterized queries and transaction management.
+
+For information about the RDS Data API, see the [RDS Data API Developer Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html). For specific information about executing statements, see the [ExecuteStatement](https://docs.aws.amazon.com/rdsdataservice/latest/APIReference/API_ExecuteStatement.html) page in the RDS Data Service API Reference.
+
+## Example Usage
+
+### Basic Query
+
+```terraform
+resource "aws_rds_cluster" "example" {
+  cluster_identifier   = "example-cluster"
+  engine               = "aurora-mysql"
+  database_name        = "example"
+  master_username      = "admin"
+  master_password      = "password123"
+  enable_http_endpoint = true
+  skip_final_snapshot  = true
+
+  serverlessv2_scaling_configuration {
+    max_capacity = 1
+    min_capacity = 0.5
+  }
+}
+
+resource "aws_secretsmanager_secret" "example" {
+  name = "example-db-credentials"
+}
+
+resource "aws_secretsmanager_secret_version" "example" {
+  secret_id = aws_secretsmanager_secret.example.id
+  secret_string = jsonencode({
+    username = aws_rds_cluster.example.master_username
+    password = aws_rds_cluster.example.master_password
+  })
+}
+
+action "aws_rdsdata_query" "example" {
+  config {
+    resource_arn = aws_rds_cluster.example.arn
+    secret_arn   = aws_secretsmanager_secret_version.example.arn
+    sql          = "SELECT COUNT(*) FROM users"
+  }
+}
+
+resource "terraform_data" "example" {
+  input = "trigger-query"
+
+  lifecycle {
+    action_trigger {
+      events  = [before_create]
+      actions = [action.aws_rdsdata_query.example]
+    }
+  }
+}
+```
+
+### Parameterized Query
+
+```terraform
+action "aws_rdsdata_query" "user_lookup" {
+  config {
+    resource_arn = aws_rds_cluster.example.arn
+    secret_arn   = aws_secretsmanager_secret_version.example.arn
+    database     = "example"
+    sql          = "SELECT * FROM users WHERE status = :status AND created_date > :date"
+
+    parameters {
+      name  = "status"
+      value = "active"
+    }
+
+    parameters {
+      name  = "date"
+      value = "2024-01-01"
+    }
+  }
+}
+```
+
+### Data Modification Query
+
+```terraform
+action "aws_rdsdata_query" "update_status" {
+  config {
+    resource_arn = aws_rds_cluster.example.arn
+    secret_arn   = aws_secretsmanager_secret_version.example.arn
+    database     = "example"
+    sql          = "UPDATE users SET last_login = NOW() WHERE user_id = :user_id"
+
+    parameters {
+      name  = "user_id"
+      value = "12345"
+    }
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are required:
+
+* `resource_arn` - (Required) The Amazon Resource Name (ARN) of the Aurora Serverless DB cluster.
+* `secret_arn` - (Required) The ARN of the secret that enables access to the DB cluster. The secret must contain the database credentials.
+* `sql` - (Required) The SQL statement to execute.
+
+The following arguments are optional:
+
+* `database` - (Optional) The name of the database to execute the SQL statement against.
+* `parameters` - (Optional) Parameters for the SQL statement. See [Parameters](#parameters) below.
+
+### Parameters
+
+The `parameters` block supports the following:
+
+* `name` - (Required) The name of the parameter.
+* `value` - (Required) The value of the parameter.
+
+## Import
+
+Actions cannot be imported.
