From ca2ddcf28d74f859653ee1cd4a9613ae9e328777 Mon Sep 17 00:00:00 2001
From: Kay Craig <kay.craig@hashicorp.com>
Date: Wed, 11 Dec 2024 12:27:31 -0500
Subject: [PATCH] move sts_region to 1.19 check; update tests

---
 vault/resource_aws_secret_backend.go      | 15 ++++++++++++++-
 vault/resource_aws_secret_backend_test.go |  2 ++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/vault/resource_aws_secret_backend.go b/vault/resource_aws_secret_backend.go
index 734aa7faa..139ecd3f5 100644
--- a/vault/resource_aws_secret_backend.go
+++ b/vault/resource_aws_secret_backend.go
@@ -23,7 +23,6 @@ import (
 var awsSecretFields = []string{
 	consts.FieldIAMEndpoint,
 	consts.FieldSTSEndpoint,
-	consts.FieldSTSRegion,
 	consts.FieldUsernameTemplate,
 }
 
@@ -243,6 +242,10 @@ func awsSecretBackendCreate(ctx context.Context, d *schema.ResourceData, meta in
 		if v, ok := d.GetOk(consts.FieldSTSFallbackRegions); ok {
 			data[consts.FieldSTSFallbackRegions] = util.ToStringArray(v.([]interface{}))
 		}
+
+		if v, ok := d.GetOk(consts.FieldSTSRegion); ok {
+			data[consts.FieldSTSRegion] = v.(string)
+		}
 	}
 
 	if useAPIVer116 {
@@ -349,6 +352,12 @@ func awsSecretBackendRead(ctx context.Context, d *schema.ResourceData, meta inte
 					return diag.Errorf("error reading %s for AWS Secret Backend %q: %q", consts.FieldSTSFallbackRegions, path, err)
 				}
 			}
+
+			if v, ok := resp.Data[consts.FieldSTSRegion]; ok {
+				if err := d.Set(consts.FieldSTSRegion, v); err != nil {
+					return diag.Errorf("error reading %s for AWS Secret Backend %q: %q", consts.FieldSTSRegion, path, err)
+				}
+			}
 		}
 
 		if useAPIVer116 {
@@ -450,6 +459,10 @@ func awsSecretBackendUpdate(ctx context.Context, d *schema.ResourceData, meta in
 			if v, ok := d.GetOk(consts.FieldSTSFallbackRegions); ok {
 				data[consts.FieldSTSFallbackRegions] = util.ToStringArray(v.([]interface{}))
 			}
+
+			if v, ok := d.GetOk(consts.FieldSTSRegion); ok {
+				data[consts.FieldSTSRegion] = v.(string)
+			}
 		}
 
 		if useAPIVer116 {
diff --git a/vault/resource_aws_secret_backend_test.go b/vault/resource_aws_secret_backend_test.go
index 5a0f6597c..0543cc4e6 100644
--- a/vault/resource_aws_secret_backend_test.go
+++ b/vault/resource_aws_secret_backend_test.go
@@ -91,6 +91,8 @@ func TestAccAWSSecretBackend_fallback(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr(resourceName, consts.FieldPath, path),
 					resource.TestCheckResourceAttr(resourceName, consts.FieldDescription, "test description"),
+					resource.TestCheckResourceAttr(resourceName, consts.FieldSTSEndpoint, "https://sts.us-west-1.amazonaws.com"),
+					resource.TestCheckResourceAttr(resourceName, consts.FieldSTSRegion, "us-west-1"),
 					resource.TestCheckResourceAttr(resourceName, consts.FieldSTSFallbackRegions+".0", "us-east-2"),
 					resource.TestCheckResourceAttr(resourceName, consts.FieldSTSFallbackRegions+".1", "us-east-1"),
 					resource.TestCheckResourceAttr(resourceName, consts.FieldSTSFallbackEndpoints+".0", "https://sts.us-east-2.amazonaws.com"),