From 8a060a451144f777bc0ee89eb73d173064a023d1 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 21 Aug 2020 20:16:29 -0400 Subject: [PATCH] service/globalaccelerator: Support Client IP address preservation, increase default accelerator creation timeout, remove health_check_path default (#14486) * Add client_ip_preservation_enabled to global accelerator * commit test * r/aws_globalaccelerator_endpoint_group: Use 'tfawsresource.TestCheckTypeSetElemNestedAttrs'. * r/aws_globalaccelerator_endpoint: Increase deployment wait time (#14161). * r/aws_globalaccelerator_endpoint_group: Make 'client_ip_preservation_enabled' computed. * r/aws_globalaccelerator_endpoint_group: Delete security group created by Global Accelerator service in acceptance tests. Acceptance test output: $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP -timeout 120m === RUN TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP === PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP === CONT TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP --- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP (650.27s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 650.320s * r/aws_globalaccelerator_endpoint_group: Document 'client_ip_preservation_enabled'. * r/aws_globalaccelerator_endpoint_group: Add 'TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint'. Acceptance test output: $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint -timeout 120m === RUN TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint === PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint === CONT TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint testing.go:684: Step 0 error: errors during apply: Error: Error creating Global Accelerator endpoint group: InvalidArgumentException: Client IP Preservation cannot be set to false for EC2 instances on /tmp/tf-test004466997/main.tf line 86: (source code not available) --- FAIL: TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint (133.29s) FAIL FAIL github.com/terraform-providers/terraform-provider-aws/aws 133.338s FAIL GNUmakefile:26: recipe for target 'testacc' failed make: *** [testacc] Error 1 * r/aws_globalaccelerator_endpoint_group: Simplify 'TestAccAwsGlobalAcceleratorEndpointGroup_basic'. Acceptance test output: $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_basic' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_basic -timeout 120m === RUN TestAccAwsGlobalAcceleratorEndpointGroup_basic === PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_basic === CONT TestAccAwsGlobalAcceleratorEndpointGroup_basic testing.go:684: Step 0 error: After applying this step, the plan was not empty: DIFF: UPDATE: aws_globalaccelerator_endpoint_group.test endpoint_configuration.#: "0" => "0" endpoint_group_region: "us-west-2" => "us-west-2" health_check_interval_seconds: "30" => "30" health_check_path: "" => "/" health_check_port: "80" => "" health_check_protocol: "TCP" => "TCP" id: "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59/endpoint-group/e84317b2d005" => "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59/endpoint-group/e84317b2d005" listener_arn: "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59" => "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59" threshold_count: "3" => "3" traffic_dial_percentage: "100" => "100" STATE: aws_globalaccelerator_accelerator.test: ID = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0 provider = provider.aws attributes.# = 1 attributes.0.flow_logs_enabled = false attributes.0.flow_logs_s3_bucket = attributes.0.flow_logs_s3_prefix = dns_name = a9225ffbbaaf25cce.awsglobalaccelerator.com enabled = false hosted_zone_id = Z2BJ6XQ5FK7U4H ip_address_type = IPV4 ip_sets.# = 1 ip_sets.0.ip_addresses.# = 2 ip_sets.0.ip_addresses.0 = 75.2.20.133 ip_sets.0.ip_addresses.1 = 99.83.169.50 ip_sets.0.ip_family = IPv4 name = tf-acc-test-809980946792323534 aws_globalaccelerator_endpoint_group.test: ID = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59/endpoint-group/e84317b2d005 provider = provider.aws endpoint_group_region = us-west-2 health_check_interval_seconds = 30 health_check_path = health_check_port = 80 health_check_protocol = TCP listener_arn = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59 threshold_count = 3 traffic_dial_percentage = 100 Dependencies: aws_globalaccelerator_listener.test aws_globalaccelerator_listener.test: ID = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59 provider = provider.aws accelerator_arn = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0 client_affinity = NONE port_range.# = 1 port_range.0.from_port = 80 port_range.0.to_port = 80 protocol = TCP Dependencies: aws_globalaccelerator_accelerator.test --- FAIL: TestAccAwsGlobalAcceleratorEndpointGroup_basic (179.82s) FAIL FAIL github.com/terraform-providers/terraform-provider-aws/aws 179.872s FAIL GNUmakefile:26: recipe for target 'testacc' failed make: *** [testacc] Error 1 * Fix health_check_path for GA TCP endpoint group - Set `health_check_path` to Computed without Default - Update documentation * Update website/docs/r/globalaccelerator_endpoint_group.html.markdown Co-authored-by: Brian Flad * r/aws_globalaccelerator_endpoint_group: Change 'health_check_port' to Computed (#12882). Acceptance test output: $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_basic' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_basic -timeout 120m === RUN TestAccAwsGlobalAcceleratorEndpointGroup_basic === PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_basic === CONT TestAccAwsGlobalAcceleratorEndpointGroup_basic --- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_basic (183.26s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 183.312s $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_update' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_update -timeout 120m === RUN TestAccAwsGlobalAcceleratorEndpointGroup_update === PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_update === CONT TestAccAwsGlobalAcceleratorEndpointGroup_update --- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_update (241.78s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 241.856s * r/aws_globalaccelerator_endpoint_group: Add '_disappears' acceptance test (#13527, #13826). Acceptance test output: $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_disappears' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_disappears -timeout 120m === RUN TestAccAwsGlobalAcceleratorEndpointGroup_disappears === PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_disappears === CONT TestAccAwsGlobalAcceleratorEndpointGroup_disappears --- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_disappears (191.83s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 191.883s * r/aws_globalaccelerator_endpoint_group: Set 'client_ip_preservation_enabled' to 'true' for EC2 instance endpoint test. Co-authored-by: Zuhaib Siddique Co-authored-by: LOU Xun Co-authored-by: Brian Flad --- ...ource_aws_globalaccelerator_accelerator.go | 2 +- ...ce_aws_globalaccelerator_endpoint_group.go | 10 +- ...s_globalaccelerator_endpoint_group_test.go | 471 ++++++++++++++++-- ...alaccelerator_endpoint_group.html.markdown | 7 +- 4 files changed, 454 insertions(+), 36 deletions(-) diff --git a/aws/resource_aws_globalaccelerator_accelerator.go b/aws/resource_aws_globalaccelerator_accelerator.go index 482f8b352be..cde58e2dc99 100644 --- a/aws/resource_aws_globalaccelerator_accelerator.go +++ b/aws/resource_aws_globalaccelerator_accelerator.go @@ -312,7 +312,7 @@ func resourceAwsGlobalAcceleratorAcceleratorWaitForDeployedState(conn *globalacc Pending: []string{globalaccelerator.AcceleratorStatusInProgress}, Target: []string{globalaccelerator.AcceleratorStatusDeployed}, Refresh: resourceAwsGlobalAcceleratorAcceleratorStateRefreshFunc(conn, acceleratorArn), - Timeout: 5 * time.Minute, + Timeout: 10 * time.Minute, } log.Printf("[DEBUG] Waiting for Global Accelerator accelerator (%s) availability", acceleratorArn) diff --git a/aws/resource_aws_globalaccelerator_endpoint_group.go b/aws/resource_aws_globalaccelerator_endpoint_group.go index 8fc270ccdbe..408a9f35924 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group.go @@ -45,11 +45,12 @@ func resourceAwsGlobalAcceleratorEndpointGroup() *schema.Resource { "health_check_path": { Type: schema.TypeString, Optional: true, - Default: "/", + Computed: true, }, "health_check_port": { Type: schema.TypeInt, Optional: true, + Computed: true, }, "health_check_protocol": { Type: schema.TypeString, @@ -87,6 +88,11 @@ func resourceAwsGlobalAcceleratorEndpointGroup() *schema.Resource { Type: schema.TypeInt, Optional: true, }, + "client_ip_preservation_enabled": { + Type: schema.TypeBool, + Optional: true, + Computed: true, + }, }, }, }, @@ -213,6 +219,7 @@ func resourceAwsGlobalAcceleratorEndpointGroupExpandEndpointConfigurations(confi m.EndpointId = aws.String(configuration["endpoint_id"].(string)) m.Weight = aws.Int64(int64(configuration["weight"].(int))) + m.ClientIPPreservationEnabled = aws.Bool(configuration["client_ip_preservation_enabled"].(bool)) out[i] = &m } @@ -229,6 +236,7 @@ func resourceAwsGlobalAcceleratorEndpointGroupFlattenEndpointDescriptions(config m["endpoint_id"] = aws.StringValue(configuration.EndpointId) m["weight"] = aws.Int64Value(configuration.Weight) + m["client_ip_preservation_enabled"] = aws.BoolValue(configuration.ClientIPPreservationEnabled) out[i] = m } diff --git a/aws/resource_aws_globalaccelerator_endpoint_group_test.go b/aws/resource_aws_globalaccelerator_endpoint_group_test.go index c1f966306f4..078359cd62b 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group_test.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group_test.go @@ -4,14 +4,133 @@ import ( "fmt" "testing" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ec2" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + "github.com/terraform-providers/terraform-provider-aws/aws/internal/tfawsresource" ) func TestAccAwsGlobalAcceleratorEndpointGroup_basic(t *testing.T) { - resourceName := "aws_globalaccelerator_endpoint_group.example" - rInt := acctest.RandInt() + resourceName := "aws_globalaccelerator_endpoint_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccGlobalAcceleratorEndpointGroupConfigBasic(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), + resource.TestCheckResourceAttr(resourceName, "health_check_path", ""), + resource.TestCheckResourceAttr(resourceName, "health_check_port", "80"), + resource.TestCheckResourceAttr(resourceName, "health_check_protocol", "TCP"), + resource.TestCheckResourceAttr(resourceName, "threshold_count", "3"), + resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "100"), + resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_group_region", testAccGetRegion()), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccAwsGlobalAcceleratorEndpointGroup_disappears(t *testing.T) { + resourceName := "aws_globalaccelerator_endpoint_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccGlobalAcceleratorEndpointGroupConfigBasic(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), + testAccCheckResourceDisappears(testAccProvider, resourceAwsGlobalAcceleratorEndpointGroup(), resourceName), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + +func TestAccAwsGlobalAcceleratorEndpointGroup_ALBEndpoint_ClientIP(t *testing.T) { + var vpc ec2.Vpc + resourceName := "aws_globalaccelerator_endpoint_group.test" + vpcResourceName := "aws_vpc.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccGlobalAcceleratorEndpointGroupConfigALBEndpointClientIP(rName, false), + Check: resource.ComposeTestCheckFunc( + testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), + resource.TestCheckResourceAttr(resourceName, "health_check_path", "/"), + resource.TestCheckResourceAttr(resourceName, "health_check_port", "80"), + resource.TestCheckResourceAttr(resourceName, "health_check_protocol", "HTTP"), + resource.TestCheckResourceAttr(resourceName, "threshold_count", "3"), + resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "100"), + resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), + tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "endpoint_configuration.*", map[string]string{ + "client_ip_preservation_enabled": "false", + "weight": "20", + }), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccGlobalAcceleratorEndpointGroupConfigALBEndpointClientIP(rName, true), + Check: resource.ComposeTestCheckFunc( + testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), + resource.TestCheckResourceAttr(resourceName, "health_check_path", "/"), + resource.TestCheckResourceAttr(resourceName, "health_check_port", "80"), + resource.TestCheckResourceAttr(resourceName, "health_check_protocol", "HTTP"), + resource.TestCheckResourceAttr(resourceName, "threshold_count", "3"), + resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "100"), + resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), + tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "endpoint_configuration.*", map[string]string{ + "client_ip_preservation_enabled": "true", + "weight": "20", + }), + ), + }, + { + Config: testAccGlobalAcceleratorEndpointGroupConfigBaseVpc(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckVpcExists(vpcResourceName, &vpc), + testAccCheckGlobalAcceleratorEndpointGroupDeleteGlobalAcceleratorSecurityGroup(&vpc), + ), + }, + }, + }) +} + +func TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint(t *testing.T) { + var vpc ec2.Vpc + resourceName := "aws_globalaccelerator_endpoint_group.test" + vpcResourceName := "aws_vpc.test" + rName := acctest.RandomWithPrefix("tf-acc-test") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -19,7 +138,7 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_basic(t *testing.T) { CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, Steps: []resource.TestStep{ { - Config: testAccGlobalAcceleratorEndpointGroup_basic(rInt), + Config: testAccGlobalAcceleratorEndpointGroupConfigInstanceEndpoint(rName), Check: resource.ComposeTestCheckFunc( testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), @@ -29,6 +148,10 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_basic(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "threshold_count", "3"), resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "100"), resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), + tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "endpoint_configuration.*", map[string]string{ + "client_ip_preservation_enabled": "true", + "weight": "20", + }), ), }, { @@ -36,13 +159,20 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_basic(t *testing.T) { ImportState: true, ImportStateVerify: true, }, + { + Config: testAccGlobalAcceleratorEndpointGroupConfigBaseVpc(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckVpcExists(vpcResourceName, &vpc), + testAccCheckGlobalAcceleratorEndpointGroupDeleteGlobalAcceleratorSecurityGroup(&vpc), + ), + }, }, }) } func TestAccAwsGlobalAcceleratorEndpointGroup_update(t *testing.T) { - resourceName := "aws_globalaccelerator_endpoint_group.example" - rInt := acctest.RandInt() + resourceName := "aws_globalaccelerator_endpoint_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -50,10 +180,10 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_update(t *testing.T) { CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, Steps: []resource.TestStep{ { - Config: testAccGlobalAcceleratorEndpointGroup_basic(rInt), + Config: testAccGlobalAcceleratorEndpointGroupConfigBasic(rName), }, { - Config: testAccGlobalAcceleratorEndpointGroup_update(rInt), + Config: testAccGlobalAcceleratorEndpointGroupConfigUpdated(rName), Check: resource.ComposeTestCheckFunc( testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "10"), @@ -63,6 +193,40 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_update(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "threshold_count", "1"), resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), + tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "endpoint_configuration.*", map[string]string{ + "client_ip_preservation_enabled": "false", + "weight": "20", + }), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccAwsGlobalAcceleratorEndpointGroup_tcp(t *testing.T) { + resourceName := "aws_globalaccelerator_endpoint_group.example" + rInt := acctest.RandInt() + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccGlobalAcceleratorEndpointGroup_tcp(rInt), + Check: resource.ComposeTestCheckFunc( + testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), + resource.TestCheckResourceAttr(resourceName, "health_check_port", "1234"), + resource.TestCheckResourceAttr(resourceName, "health_check_protocol", "TCP"), + resource.TestCheckResourceAttr(resourceName, "threshold_count", "3"), + resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "100"), + resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), ), }, { @@ -120,16 +284,52 @@ func testAccCheckGlobalAcceleratorEndpointGroupDestroy(s *terraform.State) error return nil } -func testAccGlobalAcceleratorEndpointGroup_basic(rInt int) string { +// testAccCheckGlobalAcceleratorEndpointGroupDeleteGlobalAcceleratorSecurityGroup deletes the security group +// placed into the VPC when Global Accelerator client IP address preservation is enabled. +func testAccCheckGlobalAcceleratorEndpointGroupDeleteGlobalAcceleratorSecurityGroup(vpc *ec2.Vpc) resource.TestCheckFunc { + return func(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).ec2conn + + input := &ec2.DescribeSecurityGroupsInput{ + Filters: buildEC2AttributeFilterList( + map[string]string{ + "group-name": "GlobalAccelerator", + "vpc-id": aws.StringValue(vpc.VpcId), + }, + ), + } + + output, err := conn.DescribeSecurityGroups(input) + if err != nil { + return err + } + + if len(output.SecurityGroups) == 0 { + // Already gone. + return nil + } + + _, err = conn.DeleteSecurityGroup(&ec2.DeleteSecurityGroupInput{ + GroupId: output.SecurityGroups[0].GroupId, + }) + if err != nil { + return err + } + + return nil + } +} + +func testAccGlobalAcceleratorEndpointGroupConfigBasic(rName string) string { return fmt.Sprintf(` -resource "aws_globalaccelerator_accelerator" "example" { - name = "tf-%d" +resource "aws_globalaccelerator_accelerator" "test" { + name = %[1]q ip_address_type = "IPV4" enabled = false } -resource "aws_globalaccelerator_listener" "example" { - accelerator_arn = aws_globalaccelerator_accelerator.example.id +resource "aws_globalaccelerator_listener" "test" { + accelerator_arn = aws_globalaccelerator_accelerator.test.id protocol = "TCP" port_range { @@ -138,19 +338,115 @@ resource "aws_globalaccelerator_listener" "example" { } } -data "aws_region" "current" {} +resource "aws_globalaccelerator_endpoint_group" "test" { + listener_arn = aws_globalaccelerator_listener.test.id +} +`, rName) +} -resource "aws_eip" "example" {} +func testAccGlobalAcceleratorEndpointGroupConfigBaseVpc(rName string) string { + return fmt.Sprintf(` +resource "aws_vpc" "test" { + cidr_block = "10.0.0.0/16" -resource "aws_globalaccelerator_endpoint_group" "example" { - listener_arn = aws_globalaccelerator_listener.example.id + tags = { + Name = %[1]q + } +} +`, rName) +} + +func testAccGlobalAcceleratorEndpointGroupConfigALBEndpointClientIP(rName string, clientIP bool) string { + return composeConfig( + testAccAvailableAZsNoOptInDefaultExcludeConfig(), + testAccGlobalAcceleratorEndpointGroupConfigBaseVpc(rName), + fmt.Sprintf(` +resource "aws_lb" "test" { + name = %[1]q + internal = false + security_groups = [aws_security_group.test.id] + subnets = [aws_subnet.test.*.id[0], aws_subnet.test.*.id[1]] + + idle_timeout = 30 + enable_deletion_protection = false + + tags = { + Name = %[1]q + } +} + +variable "subnets" { + default = ["10.0.1.0/24", "10.0.2.0/24"] + type = list +} + +resource "aws_subnet" "test" { + count = length(var.subnets) + vpc_id = aws_vpc.test.id + cidr_block = element(var.subnets, count.index) + availability_zone = element(data.aws_availability_zones.available.names, count.index) + + tags = { + Name = %[1]q + } +} + +resource "aws_security_group" "test" { + name = %[1]q + vpc_id = aws_vpc.test.id + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = %[1]q + } +} + +resource "aws_internet_gateway" "test" { + vpc_id = aws_vpc.test.id + + tags = { + Name = %[1]q + } +} + +resource "aws_globalaccelerator_accelerator" "test" { + name = %[1]q + ip_address_type = "IPV4" + enabled = false +} + +resource "aws_globalaccelerator_listener" "test" { + accelerator_arn = aws_globalaccelerator_accelerator.test.id + protocol = "TCP" + + port_range { + from_port = 80 + to_port = 80 + } +} + +resource "aws_globalaccelerator_endpoint_group" "test" { + listener_arn = aws_globalaccelerator_listener.test.id endpoint_configuration { - endpoint_id = aws_eip.example.id - weight = 10 + endpoint_id = aws_lb.test.id + weight = 20 + client_ip_preservation_enabled = %[2]t } - endpoint_group_region = data.aws_region.current.name health_check_interval_seconds = 30 health_check_path = "/" health_check_port = 80 @@ -158,19 +454,52 @@ resource "aws_globalaccelerator_endpoint_group" "example" { threshold_count = 3 traffic_dial_percentage = 100 } -`, rInt) +`, rName, clientIP)) } -func testAccGlobalAcceleratorEndpointGroup_update(rInt int) string { - return fmt.Sprintf(` -resource "aws_globalaccelerator_accelerator" "example" { - name = "tf-%d" +func testAccGlobalAcceleratorEndpointGroupConfigInstanceEndpoint(rName string) string { + return composeConfig( + testAccAvailableAZsNoOptInDefaultExcludeConfig(), + testAccAvailableEc2InstanceTypeForAvailabilityZone("data.aws_availability_zones.available.names[0]", "t3.micro", "t2.micro"), + testAccLatestAmazonLinuxHvmEbsAmiConfig(), + testAccGlobalAcceleratorEndpointGroupConfigBaseVpc(rName), + fmt.Sprintf(` +resource "aws_subnet" "test" { + vpc_id = aws_vpc.test.id + cidr_block = "10.0.1.0/24" + availability_zone = data.aws_availability_zones.available.names[0] + + tags = { + Name = %[1]q + } +} + +resource "aws_internet_gateway" "test" { + vpc_id = aws_vpc.test.id + + tags = { + Name = %[1]q + } +} + +resource "aws_instance" "test" { + ami = data.aws_ami.amzn-ami-minimal-hvm-ebs.id + instance_type = data.aws_ec2_instance_type_offering.available.instance_type + subnet_id = aws_subnet.test.id + + tags = { + Name = %[1]q + } +} + +resource "aws_globalaccelerator_accelerator" "test" { + name = %[1]q ip_address_type = "IPV4" enabled = false } -resource "aws_globalaccelerator_listener" "example" { - accelerator_arn = aws_globalaccelerator_accelerator.example.id +resource "aws_globalaccelerator_listener" "test" { + accelerator_arn = aws_globalaccelerator_accelerator.test.id protocol = "TCP" port_range { @@ -179,19 +508,57 @@ resource "aws_globalaccelerator_listener" "example" { } } -data "aws_region" "current" {} +resource "aws_globalaccelerator_endpoint_group" "test" { + listener_arn = aws_globalaccelerator_listener.test.id -resource "aws_eip" "example" {} + endpoint_configuration { + endpoint_id = aws_instance.test.id + weight = 20 + client_ip_preservation_enabled = true + } -resource "aws_globalaccelerator_endpoint_group" "example" { - listener_arn = aws_globalaccelerator_listener.example.id + health_check_interval_seconds = 30 + health_check_path = "/" + health_check_port = 80 + health_check_protocol = "HTTP" + threshold_count = 3 + traffic_dial_percentage = 100 +} +`, rName)) +} + +func testAccGlobalAcceleratorEndpointGroupConfigUpdated(rName string) string { + return fmt.Sprintf(` +resource "aws_globalaccelerator_accelerator" "test" { + name = %[1]q + ip_address_type = "IPV4" + enabled = false +} + +resource "aws_globalaccelerator_listener" "test" { + accelerator_arn = aws_globalaccelerator_accelerator.test.id + protocol = "TCP" + + port_range { + from_port = 80 + to_port = 80 + } +} + +resource "aws_eip" "test" { + tags = { + Name = %[1]q + } +} + +resource "aws_globalaccelerator_endpoint_group" "test" { + listener_arn = aws_globalaccelerator_listener.test.id endpoint_configuration { - endpoint_id = aws_eip.example.id + endpoint_id = aws_eip.test.id weight = 20 } - endpoint_group_region = data.aws_region.current.name health_check_interval_seconds = 10 health_check_path = "/foo" health_check_port = 8080 @@ -199,5 +566,45 @@ resource "aws_globalaccelerator_endpoint_group" "example" { threshold_count = 1 traffic_dial_percentage = 0 } +`, rName) +} + +func testAccGlobalAcceleratorEndpointGroup_tcp(rInt int) string { + return fmt.Sprintf(` +resource "aws_globalaccelerator_accelerator" "example" { + name = "tf-%d" + ip_address_type = "IPV4" + enabled = false +} + +resource "aws_globalaccelerator_listener" "example" { + accelerator_arn = "${aws_globalaccelerator_accelerator.example.id}" + protocol = "TCP" + + port_range { + from_port = 80 + to_port = 80 + } +} + +data "aws_region" "current" {} + +resource "aws_eip" "example" {} + +resource "aws_globalaccelerator_endpoint_group" "example" { + listener_arn = "${aws_globalaccelerator_listener.example.id}" + + endpoint_configuration { + endpoint_id = "${aws_eip.example.id}" + weight = 10 + } + + endpoint_group_region = "${data.aws_region.current.name}" + health_check_interval_seconds = 30 + health_check_port = 1234 + health_check_protocol = "TCP" + threshold_count = 3 + traffic_dial_percentage = 100 +} `, rInt) } diff --git a/website/docs/r/globalaccelerator_endpoint_group.html.markdown b/website/docs/r/globalaccelerator_endpoint_group.html.markdown index 5b34143b13e..7c7e27ebdfb 100644 --- a/website/docs/r/globalaccelerator_endpoint_group.html.markdown +++ b/website/docs/r/globalaccelerator_endpoint_group.html.markdown @@ -30,8 +30,9 @@ The following arguments are supported: * `listener_arn` - (Required) The Amazon Resource Name (ARN) of the listener. * `endpoint_group_region` (Optional) - The name of the AWS Region where the endpoint group is located. * `health_check_interval_seconds` - (Optional) The time—10 seconds or 30 seconds—between each health check for an endpoint. The default value is 30. -* `health_check_path` - (Optional) If the protocol is HTTP/S, then this specifies the path that is the destination for health check targets. The default value is slash (/). +* `health_check_path` - (Optional) If the protocol is HTTP/S, then this specifies the path that is the destination for health check targets. The default value is slash (`/`). Terraform will only perform drift detection of its value when present in a configuration. * `health_check_port` - (Optional) The port that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default port is the listener port that this endpoint group is associated with. If listener port is a list of ports, Global Accelerator uses the first port in the list. +Terraform will only perform drift detection of its value when present in a configuration. * `health_check_protocol` - (Optional) The protocol that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default value is TCP. * `threshold_count` - (Optional) The number of consecutive health checks required to set the state of a healthy endpoint to unhealthy, or to set an unhealthy endpoint to healthy. The default value is 3. * `traffic_dial_percentage` - (Optional) The percentage of traffic to send to an AWS Region. Additional traffic is distributed to other endpoint groups for this listener. The default value is 100. @@ -39,8 +40,10 @@ The following arguments are supported: **endpoint_configuration** supports the following attributes: +* `client_ip_preservation_enabled` - (Optional) Indicates whether client IP address preservation is enabled for an Application Load Balancer endpoint. See the [AWS documentation](https://docs.aws.amazon.com/global-accelerator/latest/dg/preserve-client-ip-address.html) for more details. The default value is `false`. +**Note:** When client IP address preservation is enabled, the Global Accelerator service creates an EC2 Security Group in the VPC named `GlobalAccelerator` that must be deleted (potentially outside of Terraform) before the VPC will successfully delete. If this EC2 Security Group is not deleted, Terraform will retry the VPC deletion for a few minutes before reporting a `DependencyViolation` error. This cannot be resolved by re-running Terraform. * `endpoint_id` - (Optional) An ID for the endpoint. If the endpoint is a Network Load Balancer or Application Load Balancer, this is the Amazon Resource Name (ARN) of the resource. If the endpoint is an Elastic IP address, this is the Elastic IP address allocation ID. -* `weight` - (Optional) The weight associated with the endpoint. When you add weights to endpoints, you configure AWS Global Accelerator to route traffic based on proportions that you specify. +* `weight` - (Optional) The weight associated with the endpoint. When you add weights to endpoints, you configure AWS Global Accelerator to route traffic based on proportions that you specify. ## Attributes Reference