Merge pull request #7459 from kterada0509/feature/add-support-aws_wor…

…klink_website_certificate_authority_association-resource

Add support aws worklink website certificate authority association resource

aws/provider.go

@@ -743,6 +743,7 @@ func Provider() terraform.ResourceProvider {
 			"aws_wafregional_web_acl":                                 resourceAwsWafRegionalWebAcl(),
 			"aws_wafregional_web_acl_association":                     resourceAwsWafRegionalWebAclAssociation(),
 			"aws_worklink_fleet":                                      resourceAwsWorkLinkFleet(),
+			"aws_worklink_website_certificate_authority_association":  resourceAwsWorkLinkWebsiteCertificateAuthorityAssociation(),
 			"aws_batch_compute_environment":                           resourceAwsBatchComputeEnvironment(),
 			"aws_batch_job_definition":                                resourceAwsBatchJobDefinition(),
 			"aws_batch_job_queue":                                     resourceAwsBatchJobQueue(),

aws/resource_aws_worklink_website_certificate_authority_association.go

@@ -0,0 +1,171 @@
+package aws
+
+import (
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/worklink"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/helper/validation"
+)
+
+func resourceAwsWorkLinkWebsiteCertificateAuthorityAssociation() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceAwsWorkLinkWebsiteCertificateAuthorityAssociationCreate,
+		Read:   resourceAwsWorkLinkWebsiteCertificateAuthorityAssociationRead,
+		Delete: resourceAwsWorkLinkWebsiteCertificateAuthorityAssociationDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"fleet_arn": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"certificate": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+			"display_name": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				ValidateFunc: validation.StringLenBetween(0, 100),
+			},
+			"website_ca_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func resourceAwsWorkLinkWebsiteCertificateAuthorityAssociationCreate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).worklinkconn
+
+	input := &worklink.AssociateWebsiteCertificateAuthorityInput{
+		FleetArn:    aws.String(d.Get("fleet_arn").(string)),
+		Certificate: aws.String(d.Get("certificate").(string)),
+	}
+
+	if v, ok := d.GetOk("display_name"); ok {
+		input.DisplayName = aws.String(v.(string))
+	}
+
+	resp, err := conn.AssociateWebsiteCertificateAuthority(input)
+	if err != nil {
+		return fmt.Errorf("Error creating WorkLink Website Certificate Authority Association: %s", err)
+	}
+
+	d.SetId(fmt.Sprintf("%s,%s", d.Get("fleet_arn").(string), aws.StringValue(resp.WebsiteCaId)))
+
+	return resourceAwsWorkLinkWebsiteCertificateAuthorityAssociationRead(d, meta)
+}
+
+func resourceAwsWorkLinkWebsiteCertificateAuthorityAssociationRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).worklinkconn
+
+	fleetArn, websiteCaID, err := decodeWorkLinkWebsiteCertificateAuthorityAssociationResourceID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	input := &worklink.DescribeWebsiteCertificateAuthorityInput{
+		FleetArn:    aws.String(fleetArn),
+		WebsiteCaId: aws.String(websiteCaID),
+	}
+
+	resp, err := conn.DescribeWebsiteCertificateAuthority(input)
+	if err != nil {
+		if isAWSErr(err, worklink.ErrCodeResourceNotFoundException, "") {
+			log.Printf("[WARN] WorkLink Website Certificate Authority Association (%s) not found, removing from state", d.Id())
+			d.SetId("")
+			return nil
+		}
+		return fmt.Errorf("Error describing WorkLink Website Certificate Authority Association (%s): %s", d.Id(), err)
+	}
+
+	d.Set("website_ca_id", websiteCaID)
+	d.Set("fleet_arn", fleetArn)
+	d.Set("certificate", resp.Certificate)
+	d.Set("display_name", resp.DisplayName)
+
+	return nil
+}
+
+func resourceAwsWorkLinkWebsiteCertificateAuthorityAssociationDelete(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).worklinkconn
+
+	fleetArn, websiteCaID, err := decodeWorkLinkWebsiteCertificateAuthorityAssociationResourceID(d.Id())
+	if err != nil {
+		return err
+	}
+
+	input := &worklink.DisassociateWebsiteCertificateAuthorityInput{
+		FleetArn:    aws.String(fleetArn),
+		WebsiteCaId: aws.String(websiteCaID),
+	}
+
+	if _, err := conn.DisassociateWebsiteCertificateAuthority(input); err != nil {
+		if isAWSErr(err, worklink.ErrCodeResourceNotFoundException, "") {
+			return nil
+		}
+		return fmt.Errorf("Error deleting WorkLink Website Certificate Authority Association (%s): %s", d.Id(), err)
+	}
+
+	stateConf := &resource.StateChangeConf{
+		Pending:    []string{"DELETING"},
+		Target:     []string{"DELETED"},
+		Refresh:    worklinkWebsiteCertificateAuthorityAssociationStateRefresh(conn, websiteCaID, fleetArn),
+		Timeout:    15 * time.Minute,
+		Delay:      10 * time.Second,
+		MinTimeout: 3 * time.Second,
+	}
+
+	_, err = stateConf.WaitForState()
+	if err != nil {
+		return fmt.Errorf(
+			"Error waiting for disassociate Worklink Website Certificate Authority (%s) to become deleted: %s",
+			d.Id(), err)
+	}
+
+	return nil
+}
+
+func worklinkWebsiteCertificateAuthorityAssociationStateRefresh(conn *worklink.WorkLink, websiteCaID, arn string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		emptyResp := &worklink.DescribeWebsiteCertificateAuthorityOutput{}
+
+		resp, err := conn.DescribeWebsiteCertificateAuthority(&worklink.DescribeWebsiteCertificateAuthorityInput{
+			FleetArn:    aws.String(arn),
+			WebsiteCaId: aws.String(websiteCaID),
+		})
+		if isAWSErr(err, worklink.ErrCodeResourceNotFoundException, "") {
+			return emptyResp, "DELETED", nil
+		}
+		if err != nil {
+			return nil, "", err
+		}
+
+		return resp, "", nil
+	}
+}
+
+func decodeWorkLinkWebsiteCertificateAuthorityAssociationResourceID(id string) (string, string, error) {
+	parts := strings.SplitN(id, ",", 2)
+	if len(parts) != 2 || parts[0] == "" || parts[1] == "" {
+		return "", "", fmt.Errorf("Unexpected format of ID(%s), expected WebsiteCaId/FleetArn", id)
+	}
+	fleetArn := parts[0]
+	websiteCaID := parts[1]
+
+	return fleetArn, websiteCaID, nil
+}

aws/resource_aws_worklink_website_certificate_authority_association_test.go

@@ -0,0 +1,219 @@
+package aws
+
+import (
+	"fmt"
+	"regexp"
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/worklink"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAWSWorkLinkWorkLinkWebsiteCertificateAuthorityAssociation_Basic(t *testing.T) {
+	suffix := randomString(20)
+	resourceName := "aws_worklink_website_certificate_authority_association.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSWorkLinkWebsiteCertificateAuthorityAssociationDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSWorkLinkWebsiteCertificateAuthorityAssociationConfig(suffix),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSWorkLinkWebsiteCertificateAuthorityAssociationExists(resourceName),
+					resource.TestCheckResourceAttrPair(
+						resourceName, "fleet_arn",
+						"aws_worklink_fleet.test", "arn"),
+					resource.TestMatchResourceAttr(resourceName, "certificate", regexp.MustCompile("^-----BEGIN CERTIFICATE-----")),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccAWSWorkLinkWorkLinkWebsiteCertificateAuthorityAssociation_DisplayName(t *testing.T) {
+	suffix := randomString(20)
+	resourceName := "aws_worklink_website_certificate_authority_association.test"
+	displayName1 := fmt.Sprintf("tf-website-certificate-%s", randomString(5))
+	displayName2 := fmt.Sprintf("tf-website-certificate-%s", randomString(5))
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSWorkLinkWebsiteCertificateAuthorityAssociationDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSWorkLinkWebsiteCertificateAuthorityAssociationConfigDisplayName(suffix, displayName1),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSWorkLinkWebsiteCertificateAuthorityAssociationExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "display_name", displayName1),
+				),
+			},
+			{
+				Config: testAccAWSWorkLinkWebsiteCertificateAuthorityAssociationConfigDisplayName(suffix, displayName2),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSWorkLinkWebsiteCertificateAuthorityAssociationExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "display_name", displayName2),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccAWSWorkLinkWorkLinkWebsiteCertificateAuthorityAssociation_Disappears(t *testing.T) {
+	suffix := randomString(20)
+	resourceName := "aws_worklink_website_certificate_authority_association.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSWorkLinkWebsiteCertificateAuthorityAssociationDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSWorkLinkWebsiteCertificateAuthorityAssociationConfig(suffix),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSWorkLinkWebsiteCertificateAuthorityAssociationExists(resourceName),
+					testAccCheckAWSWorkLinkWebsiteCertificateAuthorityAssociationDisappears(resourceName),
+				),
+				ExpectNonEmptyPlan: true,
+			},
+		},
+	})
+}
+
+func testAccCheckAWSWorkLinkWebsiteCertificateAuthorityAssociationDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*AWSClient).worklinkconn
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "aws_worklink_website_certificate_authority_association" {
+			continue
+		}
+
+		_, err := conn.DescribeWebsiteCertificateAuthority(&worklink.DescribeWebsiteCertificateAuthorityInput{
+			FleetArn:    aws.String(rs.Primary.Attributes["fleet_arn"]),
+			WebsiteCaId: aws.String(rs.Primary.ID),
+		})
+
+		if err != nil {
+			if isAWSErr(err, worklink.ErrCodeResourceNotFoundException, "") {
+				return nil
+			}
+
+			return err
+		}
+		return fmt.Errorf("Worklink Website Certificate Authority Association(%s) still exists", rs.Primary.ID)
+	}
+
+	return nil
+}
+
+func testAccCheckAWSWorkLinkWebsiteCertificateAuthorityAssociationDisappears(resourceName string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("Not found: %s", resourceName)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No resource ID is set")
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).worklinkconn
+		fleetArn, websiteCaID, err := decodeWorkLinkWebsiteCertificateAuthorityAssociationResourceID(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
+		input := &worklink.DisassociateWebsiteCertificateAuthorityInput{
+			FleetArn:    aws.String(fleetArn),
+			WebsiteCaId: aws.String(websiteCaID),
+		}
+
+		if _, err := conn.DisassociateWebsiteCertificateAuthority(input); err != nil {
+			return err
+		}
+
+		stateConf := &resource.StateChangeConf{
+			Pending:    []string{"DELETING"},
+			Target:     []string{"DELETED"},
+			Refresh:    worklinkWebsiteCertificateAuthorityAssociationStateRefresh(conn, websiteCaID, fleetArn),
+			Timeout:    15 * time.Minute,
+			Delay:      10 * time.Second,
+			MinTimeout: 3 * time.Second,
+		}
+
+		_, err = stateConf.WaitForState()
+
+		return err
+	}
+
+}
+
+func testAccCheckAWSWorkLinkWebsiteCertificateAuthorityAssociationExists(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No Worklink Website Certificate Authority Association ID is set")
+		}
+
+		if _, ok := rs.Primary.Attributes["fleet_arn"]; !ok {
+			return fmt.Errorf("WorkLink Fleet ARN is missing, should be set.")
+		}
+
+		conn := testAccProvider.Meta().(*AWSClient).worklinkconn
+		fleetArn, websiteCaID, err := decodeWorkLinkWebsiteCertificateAuthorityAssociationResourceID(rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
+		_, err = conn.DescribeWebsiteCertificateAuthority(&worklink.DescribeWebsiteCertificateAuthorityInput{
+			FleetArn:    aws.String(fleetArn),
+			WebsiteCaId: aws.String(websiteCaID),
+		})
+
+		return err
+	}
+}
+
+func testAccAWSWorkLinkWebsiteCertificateAuthorityAssociationConfig(r string) string {
+	return fmt.Sprintf(`
+%s
+
+resource "aws_worklink_website_certificate_authority_association" "test" {
+	fleet_arn	= "${aws_worklink_fleet.test.arn}"
+	certificate = "${file("test-fixtures/worklink-website-certificate-authority-association.pem")}"
+}
+
+`, testAccAWSWorkLinkFleetConfig(r))
+}
+
+func testAccAWSWorkLinkWebsiteCertificateAuthorityAssociationConfigDisplayName(r, displayName string) string {
+	return fmt.Sprintf(`
+%s
+
+resource "aws_worklink_website_certificate_authority_association" "test" {
+	fleet_arn		= "${aws_worklink_fleet.test.arn}"
+	certificate 	= "${file("test-fixtures/worklink-website-certificate-authority-association.pem")}"
+	display_name 	= "%s"
+}
+
+`, testAccAWSWorkLinkFleetConfig(r), displayName)
+}