diff --git a/.changelog/21034.txt b/.changelog/21034.txt new file mode 100644 index 00000000000..184714f56cf --- /dev/null +++ b/.changelog/21034.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_cloudfront_distribution: Add plan time validation to `ordered_cache_behavior.forwarded_values.cookies`, `ordered_cache_behavior.lambda_function_association.event_type`, `ordered_cache_behavior.lambda_function_association.lambda_arn`, `ordered_cache_behavior.function_association.lambda_arn`, `ordered_cache_behavior.function_association.event_type`, `ordered_cache_behavior.viewer_protocol_policy`, `comment`, `default_cache_behavior.forwarded_values.cookies`, `default_cache_behavior.lambda_function_association.event_type`, `ordered_cache_behavior.lambda_function_association.lambda_arn`, `default_cache_behavior.function_association.lambda_arn`, `default_cache_behavior.function_association.event_type`, `default_cache_behavior.viewer_protocol_policy`, `origin.custom_origin_config.origin_keepalive_timeout`, `origin.custom_origin_config.origin_read_timeout`, `origin.custom_origin_config.origin_protocol_policy`, `origin.custom_origin_config.origin_ssl_protocols`, `price_class`, `viewer_certificate.acm_certificate_arn`, `viewer_certificate.minimum_protocol_version`, `viewer_certificate.ssl_support_method`. +``` \ No newline at end of file diff --git a/internal/service/cloudfront/distribution.go b/internal/service/cloudfront/distribution.go index 0b2b5b88ee4..223db8c70e8 100644 --- a/internal/service/cloudfront/distribution.go +++ b/internal/service/cloudfront/distribution.go @@ -92,13 +92,9 @@ func ResourceDistribution() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "forward": { - Type: schema.TypeString, - Required: true, - ValidateFunc: validation.StringInSlice([]string{ - cloudfront.ItemSelectionAll, - cloudfront.ItemSelectionNone, - cloudfront.ItemSelectionWhitelist, - }, false), + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice(cloudfront.ItemSelection_Values(), false), }, "whitelisted_names": { Type: schema.TypeSet, @@ -134,12 +130,14 @@ func ResourceDistribution() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "event_type": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice(cloudfront.EventType_Values(), false), }, "lambda_arn": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidARN, }, "include_body": { Type: schema.TypeBool, @@ -157,12 +155,14 @@ func ResourceDistribution() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "event_type": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice(cloudfront.EventType_Values(), false), }, "function_arn": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidARN, }, }, }, @@ -213,15 +213,17 @@ func ResourceDistribution() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, }, "viewer_protocol_policy": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice(cloudfront.ViewerProtocolPolicy_Values(), false), }, }, }, }, "comment": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringLenBetween(0, 128), }, "custom_error_response": { Type: schema.TypeSet, @@ -295,13 +297,9 @@ func ResourceDistribution() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "forward": { - Type: schema.TypeString, - Required: true, - ValidateFunc: validation.StringInSlice([]string{ - cloudfront.ItemSelectionAll, - cloudfront.ItemSelectionNone, - cloudfront.ItemSelectionWhitelist, - }, false), + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice(cloudfront.ItemSelection_Values(), false), }, "whitelisted_names": { Type: schema.TypeSet, @@ -338,12 +336,14 @@ func ResourceDistribution() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "event_type": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice(cloudfront.EventType_Values(), false), }, "lambda_arn": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidARN, }, "include_body": { Type: schema.TypeBool, @@ -361,12 +361,14 @@ func ResourceDistribution() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "event_type": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice(cloudfront.EventType_Values(), false), }, "function_arn": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidARN, }, }, }, @@ -415,8 +417,9 @@ func ResourceDistribution() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, }, "viewer_protocol_policy": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice(cloudfront.ViewerProtocolPolicy_Values(), false), }, }, }, @@ -432,8 +435,8 @@ func ResourceDistribution() *schema.Resource { "http_version": { Type: schema.TypeString, Optional: true, - Default: "http2", - ValidateFunc: validation.StringInSlice([]string{"http1.1", "http2"}, false), + Default: cloudfront.HttpVersionHttp2, + ValidateFunc: validation.StringInSlice(cloudfront.HttpVersion_Values(), false), }, "logging_config": { Type: schema.TypeList, @@ -533,23 +536,29 @@ func ResourceDistribution() *schema.Resource { Required: true, }, "origin_keepalive_timeout": { - Type: schema.TypeInt, - Optional: true, - Default: 5, + Type: schema.TypeInt, + Optional: true, + Default: 5, + ValidateFunc: validation.IntBetween(1, 60), }, "origin_read_timeout": { - Type: schema.TypeInt, - Optional: true, - Default: 30, + Type: schema.TypeInt, + Optional: true, + Default: 30, + ValidateFunc: validation.IntBetween(1, 60), }, "origin_protocol_policy": { - Type: schema.TypeString, - Required: true, + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice(cloudfront.OriginProtocolPolicy_Values(), false), }, "origin_ssl_protocols": { Type: schema.TypeSet, Required: true, - Elem: &schema.Schema{Type: schema.TypeString}, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringInSlice(cloudfront.SslProtocol_Values(), false), + }, }, }, }, @@ -620,9 +629,10 @@ func ResourceDistribution() *schema.Resource { }, }, "price_class": { - Type: schema.TypeString, - Optional: true, - Default: "PriceClass_All", + Type: schema.TypeString, + Optional: true, + Default: cloudfront.PriceClassPriceClassAll, + ValidateFunc: validation.StringInSlice(cloudfront.PriceClass_Values(), false), }, "restrictions": { Type: schema.TypeList, @@ -643,13 +653,9 @@ func ResourceDistribution() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, }, "restriction_type": { - Type: schema.TypeString, - Required: true, - ValidateFunc: validation.StringInSlice([]string{ - cloudfront.GeoRestrictionTypeNone, - cloudfront.GeoRestrictionTypeBlacklist, - cloudfront.GeoRestrictionTypeWhitelist, - }, false), + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice(cloudfront.GeoRestrictionType_Values(), false), }, }, }, @@ -664,8 +670,9 @@ func ResourceDistribution() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "acm_certificate_arn": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + ValidateFunc: verify.ValidARN, }, "cloudfront_default_certificate": { Type: schema.TypeBool, @@ -676,13 +683,15 @@ func ResourceDistribution() *schema.Resource { Optional: true, }, "minimum_protocol_version": { - Type: schema.TypeString, - Optional: true, - Default: "TLSv1", + Type: schema.TypeString, + Optional: true, + Default: cloudfront.MinimumProtocolVersionTlsv1, + ValidateFunc: validation.StringInSlice(cloudfront.MinimumProtocolVersion_Values(), false), }, "ssl_support_method": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice(cloudfront.SSLSupportMethod_Values(), false), }, }, },