Merge pull request #17336 from hashicorp/f_cloudfront_cache_policy

CloudFront Cache Policy
hashicorp · Feb 11, 2021 · 6b44c85 · 6b44c85
2 parents 61692d3 + 976ec8e
commit 6b44c85
Show file tree

Hide file tree

Showing 14 changed files with 1,433 additions and 25 deletions.
diff --git a/.changelog/17336.txt b/.changelog/17336.txt
@@ -0,0 +1,11 @@
+```release-note:new-data-source
+aws_cloudfront_cache_policy
+```
+
+```release-note:new-resource
+aws_cloudfront_cache_policy
+```
+
+```release-note:enhancement
+resource/aws_cloudfront_distribution: Add `cache_policy_id` attribute
+```
diff --git a/aws/cloudfront_cache_policy_structure.go b/aws/cloudfront_cache_policy_structure.go
@@ -0,0 +1,233 @@
+package aws
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/cloudfront"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func expandCloudFrontCachePolicyCookieNames(tfMap map[string]interface{}) *cloudfront.CookieNames {
+	if tfMap == nil {
+		return nil
+	}
+
+	items := expandStringSet(tfMap["items"].(*schema.Set))
+
+	apiObject := &cloudfront.CookieNames{
+		Items:    items,
+		Quantity: aws.Int64(int64(len(items))),
+	}
+
+	return apiObject
+}
+
+func expandCloudFrontCachePolicyCookiesConfig(tfMap map[string]interface{}) *cloudfront.CachePolicyCookiesConfig {
+	if tfMap == nil {
+		return nil
+	}
+
+	apiObject := &cloudfront.CachePolicyCookiesConfig{
+		CookieBehavior: aws.String(tfMap["cookie_behavior"].(string)),
+	}
+
+	if items, ok := tfMap["cookies"].([]interface{}); ok && len(items) == 1 {
+		apiObject.Cookies = expandCloudFrontCachePolicyCookieNames(items[0].(map[string]interface{}))
+	}
+
+	return apiObject
+}
+
+func expandCloudFrontCachePolicyHeaders(tfMap map[string]interface{}) *cloudfront.Headers {
+	if tfMap == nil {
+		return nil
+	}
+
+	items := expandStringSet(tfMap["items"].(*schema.Set))
+
+	apiObject := &cloudfront.Headers{
+		Items:    items,
+		Quantity: aws.Int64(int64(len(items))),
+	}
+
+	return apiObject
+}
+
+func expandCloudFrontCachePolicyHeadersConfig(tfMap map[string]interface{}) *cloudfront.CachePolicyHeadersConfig {
+	if tfMap == nil {
+		return nil
+	}
+
+	apiObject := &cloudfront.CachePolicyHeadersConfig{
+		HeaderBehavior: aws.String(tfMap["header_behavior"].(string)),
+	}
+
+	if items, ok := tfMap["headers"].([]interface{}); ok && len(items) == 1 && tfMap["header_behavior"] != "none" {
+		apiObject.Headers = expandCloudFrontCachePolicyHeaders(items[0].(map[string]interface{}))
+	}
+
+	return apiObject
+}
+
+func expandCloudFrontCachePolicyQueryStringNames(tfMap map[string]interface{}) *cloudfront.QueryStringNames {
+	if tfMap == nil {
+		return nil
+	}
+
+	items := expandStringSet(tfMap["items"].(*schema.Set))
+
+	apiObject := &cloudfront.QueryStringNames{
+		Items:    items,
+		Quantity: aws.Int64(int64(len(items))),
+	}
+
+	return apiObject
+}
+
+func expandCloudFrontCachePolicyQueryStringConfig(tfMap map[string]interface{}) *cloudfront.CachePolicyQueryStringsConfig {
+	if tfMap == nil {
+		return nil
+	}
+
+	apiObject := &cloudfront.CachePolicyQueryStringsConfig{
+		QueryStringBehavior: aws.String(tfMap["query_string_behavior"].(string)),
+	}
+
+	if items, ok := tfMap["query_strings"].([]interface{}); ok && len(items) == 1 {
+		apiObject.QueryStrings = expandCloudFrontCachePolicyQueryStringNames(items[0].(map[string]interface{}))
+	}
+
+	return apiObject
+}
+
+func expandCloudFrontCachePolicyParametersConfig(tfMap map[string]interface{}) *cloudfront.ParametersInCacheKeyAndForwardedToOrigin {
+	if tfMap == nil {
+		return nil
+	}
+
+	var cookiesConfig *cloudfront.CachePolicyCookiesConfig
+	var headersConfig *cloudfront.CachePolicyHeadersConfig
+	var queryStringsConfig *cloudfront.CachePolicyQueryStringsConfig
+
+	if cookiesFlat, ok := tfMap["cookies_config"].([]interface{}); ok && len(cookiesFlat) == 1 {
+		cookiesConfig = expandCloudFrontCachePolicyCookiesConfig(cookiesFlat[0].(map[string]interface{}))
+	}
+
+	if headersFlat, ok := tfMap["headers_config"].([]interface{}); ok && len(headersFlat) == 1 {
+		headersConfig = expandCloudFrontCachePolicyHeadersConfig(headersFlat[0].(map[string]interface{}))
+	}
+
+	if queryStringsFlat, ok := tfMap["query_strings_config"].([]interface{}); ok && len(queryStringsFlat) == 1 {
+		queryStringsConfig = expandCloudFrontCachePolicyQueryStringConfig(queryStringsFlat[0].(map[string]interface{}))
+	}
+
+	parametersConfig := &cloudfront.ParametersInCacheKeyAndForwardedToOrigin{
+		CookiesConfig:              cookiesConfig,
+		EnableAcceptEncodingBrotli: aws.Bool(tfMap["enable_accept_encoding_brotli"].(bool)),
+		EnableAcceptEncodingGzip:   aws.Bool(tfMap["enable_accept_encoding_gzip"].(bool)),
+		HeadersConfig:              headersConfig,
+		QueryStringsConfig:         queryStringsConfig,
+	}
+
+	return parametersConfig
+}
+
+func expandCloudFrontCachePolicyConfig(d *schema.ResourceData) *cloudfront.CachePolicyConfig {
+	parametersConfig := &cloudfront.ParametersInCacheKeyAndForwardedToOrigin{}
+
+	if parametersFlat, ok := d.GetOk("parameters_in_cache_key_and_forwarded_to_origin"); ok {
+		parametersConfig = expandCloudFrontCachePolicyParametersConfig(parametersFlat.([]interface{})[0].(map[string]interface{}))
+	}
+	cachePolicy := &cloudfront.CachePolicyConfig{
+		Comment:                                  aws.String(d.Get("comment").(string)),
+		DefaultTTL:                               aws.Int64(int64(d.Get("default_ttl").(int))),
+		MaxTTL:                                   aws.Int64(int64(d.Get("max_ttl").(int))),
+		MinTTL:                                   aws.Int64(int64(d.Get("min_ttl").(int))),
+		Name:                                     aws.String(d.Get("name").(string)),
+		ParametersInCacheKeyAndForwardedToOrigin: parametersConfig,
+	}
+
+	return cachePolicy
+}
+
+func flattenCloudFrontCachePolicyCookiesConfig(cookiesConfig *cloudfront.CachePolicyCookiesConfig) []map[string]interface{} {
+	cookiesConfigFlat := map[string]interface{}{}
+
+	cookies := []map[string]interface{}{}
+	if cookiesConfig.Cookies != nil {
+		cookies = []map[string]interface{}{
+			{
+				"items": cookiesConfig.Cookies.Items,
+			},
+		}
+	}
+
+	cookiesConfigFlat["cookie_behavior"] = aws.StringValue(cookiesConfig.CookieBehavior)
+	cookiesConfigFlat["cookies"] = cookies
+
+	return []map[string]interface{}{
+		cookiesConfigFlat,
+	}
+}
+
+func flattenCloudFrontCachePolicyHeadersConfig(headersConfig *cloudfront.CachePolicyHeadersConfig) []map[string]interface{} {
+	headersConfigFlat := map[string]interface{}{}
+
+	headers := []map[string]interface{}{}
+	if headersConfig.Headers != nil {
+		headers = []map[string]interface{}{
+			{
+				"items": headersConfig.Headers.Items,
+			},
+		}
+	}
+
+	headersConfigFlat["header_behavior"] = aws.StringValue(headersConfig.HeaderBehavior)
+	headersConfigFlat["headers"] = headers
+
+	return []map[string]interface{}{
+		headersConfigFlat,
+	}
+}
+
+func flattenCloudFrontCachePolicyQueryStringsConfig(queryStringsConfig *cloudfront.CachePolicyQueryStringsConfig) []map[string]interface{} {
+	queryStringsConfigFlat := map[string]interface{}{}
+
+	queryStrings := []map[string]interface{}{}
+	if queryStringsConfig.QueryStrings != nil {
+		queryStrings = []map[string]interface{}{
+			{
+				"items": queryStringsConfig.QueryStrings.Items,
+			},
+		}
+	}
+
+	queryStringsConfigFlat["query_string_behavior"] = aws.StringValue(queryStringsConfig.QueryStringBehavior)
+	queryStringsConfigFlat["query_strings"] = queryStrings
+
+	return []map[string]interface{}{
+		queryStringsConfigFlat,
+	}
+}
+
+func setParametersConfig(parametersConfig *cloudfront.ParametersInCacheKeyAndForwardedToOrigin) []map[string]interface{} {
+	parametersConfigFlat := map[string]interface{}{
+		"enable_accept_encoding_brotli": aws.BoolValue(parametersConfig.EnableAcceptEncodingBrotli),
+		"enable_accept_encoding_gzip":   aws.BoolValue(parametersConfig.EnableAcceptEncodingGzip),
+		"cookies_config":                flattenCloudFrontCachePolicyCookiesConfig(parametersConfig.CookiesConfig),
+		"headers_config":                flattenCloudFrontCachePolicyHeadersConfig(parametersConfig.HeadersConfig),
+		"query_strings_config":          flattenCloudFrontCachePolicyQueryStringsConfig(parametersConfig.QueryStringsConfig),
+	}
+
+	return []map[string]interface{}{
+		parametersConfigFlat,
+	}
+}
+
+func setCloudFrontCachePolicy(d *schema.ResourceData, cachePolicy *cloudfront.CachePolicyConfig) {
+	d.Set("comment", aws.StringValue(cachePolicy.Comment))
+	d.Set("default_ttl", aws.Int64Value(cachePolicy.DefaultTTL))
+	d.Set("max_ttl", aws.Int64Value(cachePolicy.MaxTTL))
+	d.Set("min_ttl", aws.Int64Value(cachePolicy.MinTTL))
+	d.Set("name", aws.StringValue(cachePolicy.Name))
+	d.Set("parameters_in_cache_key_and_forwarded_to_origin", setParametersConfig(cachePolicy.ParametersInCacheKeyAndForwardedToOrigin))
+}
diff --git a/aws/cloudfront_distribution_configuration_structure.go b/aws/cloudfront_distribution_configuration_structure.go
@@ -189,17 +189,24 @@ func flattenCacheBehaviors(cbs *cloudfront.CacheBehaviors) []interface{} {
 
 func expandCloudFrontDefaultCacheBehavior(m map[string]interface{}) *cloudfront.DefaultCacheBehavior {
 	dcb := &cloudfront.DefaultCacheBehavior{
+		CachePolicyId:          aws.String(m["cache_policy_id"].(string)),
 		Compress:               aws.Bool(m["compress"].(bool)),
-		DefaultTTL:             aws.Int64(int64(m["default_ttl"].(int))),
 		FieldLevelEncryptionId: aws.String(m["field_level_encryption_id"].(string)),
-		ForwardedValues:        expandForwardedValues(m["forwarded_values"].([]interface{})[0].(map[string]interface{})),
-		MaxTTL:                 aws.Int64(int64(m["max_ttl"].(int))),
-		MinTTL:                 aws.Int64(int64(m["min_ttl"].(int))),
 		OriginRequestPolicyId:  aws.String(m["origin_request_policy_id"].(string)),
 		TargetOriginId:         aws.String(m["target_origin_id"].(string)),
 		ViewerProtocolPolicy:   aws.String(m["viewer_protocol_policy"].(string)),
 	}
 
+	if forwardedValuesFlat, ok := m["forwarded_values"].([]interface{}); ok && len(forwardedValuesFlat) == 1 {
+		dcb.ForwardedValues = expandForwardedValues(m["forwarded_values"].([]interface{})[0].(map[string]interface{}))
+	}
+
+	if m["cache_policy_id"].(string) == "" {
+		dcb.MinTTL = aws.Int64(int64(m["min_ttl"].(int)))
+		dcb.MaxTTL = aws.Int64(int64(m["max_ttl"].(int)))
+		dcb.DefaultTTL = aws.Int64(int64(m["default_ttl"].(int)))
+	}
+
 	if v, ok := m["trusted_signers"]; ok {
 		dcb.TrustedSigners = expandTrustedSigners(v.([]interface{}))
 	} else {
@@ -227,18 +234,27 @@ func expandCloudFrontDefaultCacheBehavior(m map[string]interface{}) *cloudfront.
 }
 
 func expandCacheBehavior(m map[string]interface{}) *cloudfront.CacheBehavior {
+	var forwardedValues *cloudfront.ForwardedValues
+	if forwardedValuesFlat, ok := m["forwarded_values"].([]interface{}); ok && len(forwardedValuesFlat) == 1 {
+		forwardedValues = expandForwardedValues(m["forwarded_values"].([]interface{})[0].(map[string]interface{}))
+	}
+
 	cb := &cloudfront.CacheBehavior{
+		CachePolicyId:          aws.String(m["cache_policy_id"].(string)),
 		Compress:               aws.Bool(m["compress"].(bool)),
-		DefaultTTL:             aws.Int64(int64(m["default_ttl"].(int))),
 		FieldLevelEncryptionId: aws.String(m["field_level_encryption_id"].(string)),
-		ForwardedValues:        expandForwardedValues(m["forwarded_values"].([]interface{})[0].(map[string]interface{})),
-		MaxTTL:                 aws.Int64(int64(m["max_ttl"].(int))),
-		MinTTL:                 aws.Int64(int64(m["min_ttl"].(int))),
+		ForwardedValues:        forwardedValues,
 		OriginRequestPolicyId:  aws.String(m["origin_request_policy_id"].(string)),
 		TargetOriginId:         aws.String(m["target_origin_id"].(string)),
 		ViewerProtocolPolicy:   aws.String(m["viewer_protocol_policy"].(string)),
 	}
 
+	if m["cache_policy_id"].(string) == "" {
+		cb.MinTTL = aws.Int64(int64(m["min_ttl"].(int)))
+		cb.MaxTTL = aws.Int64(int64(m["max_ttl"].(int)))
+		cb.DefaultTTL = aws.Int64(int64(m["default_ttl"].(int)))
+	}
+
 	if v, ok := m["trusted_signers"]; ok {
 		cb.TrustedSigners = expandTrustedSigners(v.([]interface{}))
 	} else {
@@ -270,6 +286,7 @@ func expandCacheBehavior(m map[string]interface{}) *cloudfront.CacheBehavior {
 
 func flattenCloudFrontDefaultCacheBehavior(dcb *cloudfront.DefaultCacheBehavior) map[string]interface{} {
 	m := map[string]interface{}{
+		"cache_policy_id":           aws.StringValue(dcb.CachePolicyId),
 		"compress":                  aws.BoolValue(dcb.Compress),
 		"field_level_encryption_id": aws.StringValue(dcb.FieldLevelEncryptionId),
 		"viewer_protocol_policy":    aws.StringValue(dcb.ViewerProtocolPolicy),
@@ -310,6 +327,7 @@ func flattenCloudFrontDefaultCacheBehavior(dcb *cloudfront.DefaultCacheBehavior)
 func flattenCacheBehavior(cb *cloudfront.CacheBehavior) map[string]interface{} {
 	m := make(map[string]interface{})
 
+	m["cache_policy_id"] = aws.StringValue(cb.CachePolicyId)
 	m["compress"] = aws.BoolValue(cb.Compress)
 	m["field_level_encryption_id"] = aws.StringValue(cb.FieldLevelEncryptionId)
 	m["viewer_protocol_policy"] = aws.StringValue(cb.ViewerProtocolPolicy)
@@ -427,6 +445,10 @@ func flattenLambdaFunctionAssociation(lfa *cloudfront.LambdaFunctionAssociation)
 }
 
 func expandForwardedValues(m map[string]interface{}) *cloudfront.ForwardedValues {
+	if len(m) < 1 {
+		return nil
+	}
+
 	fv := &cloudfront.ForwardedValues{
 		QueryString: aws.Bool(m["query_string"].(bool)),
 	}

diff --git a/aws/cloudfront_distribution_configuration_structure_test.go b/aws/cloudfront_distribution_configuration_structure_test.go
@@ -12,6 +12,7 @@ import (
 func defaultCacheBehaviorConf() map[string]interface{} {
 	return map[string]interface{}{
 		"viewer_protocol_policy":      "allow-all",
+		"cache_policy_id":             "",
 		"target_origin_id":            "myS3Origin",
 		"forwarded_values":            []interface{}{forwardedValuesConf()},
 		"min_ttl":                     0,