Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Resource: aws_lb_listener_certificate #2686

Merged
merged 11 commits into from
Feb 20, 2018

Conversation

Puneeth-n
Copy link
Contributor

@Puneeth-n Puneeth-n commented Dec 16, 2017

Fixes the acceptance tests in #2649 and closes #2649 and #1853. as requested in this comment here

@oarmstrong

  1. Removed the TLS resource in tests because sometimes the tests were failing because of "malformed certificate".
  2. Fixed the segmentation fault
  3. Add debug statements
  4. Fixed the Destroy function to handle LB deletions in acceptance tests
  5. Added a full cycle test

For some reason, I couldn't create a PR on the original branch hence creating the PR against master.

make testacc TESTARGS='-run=TestAccAwsLbListenerCertificate_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -run=TestAccAwsLbListenerCertificate_ -timeout 120m
?   	github.com/terraform-providers/terraform-provider-aws	[no test files]
=== RUN   TestAccAwsLbListenerCertificate_basic
--- PASS: TestAccAwsLbListenerCertificate_basic (227.65s)
=== RUN   TestAccAwsLbListenerCertificate_cycle
--- PASS: TestAccAwsLbListenerCertificate_cycle (288.34s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	516.021s

@Puneeth-n Puneeth-n mentioned this pull request Dec 16, 2017
@Puneeth-n
Copy link
Contributor Author

@Ninir @radeksimko Can you please review it so that I and @oarmstrong see it to completion :)

@oarmstrong
Copy link
Contributor

Should my PR #2649 be closed in favour of this one now then?

@Puneeth-n
Copy link
Contributor Author

Puneeth-n commented Dec 22, 2017

@oarmstrong feel free to to either close and work on this one or merge this to your branch and I close this one. Basically, I just fixed the acceptance tests in your branch.

@ArmandSag
Copy link

Hello guys,

Great feature here ! Do you have any idea when this will be released ?

@Puneeth-n
Copy link
Contributor Author

@radeksimko @Ninir Can you please review it?

@ArmandSag
Copy link

Does anyone plan to review this ? This is so important to have only one application load balancer with all the certificates. Tx !!

@egorchabala
Copy link

Pls, review, since this functionality can be very useful for many cases

@radeksimko radeksimko added service/elb Issues and PRs that pertain to the elb service. service/elbv2 Issues and PRs that pertain to the elbv2 service. and removed service/elb Issues and PRs that pertain to the elb service. labels Jan 16, 2018
@radeksimko radeksimko changed the title New Resource: LB Listener Additional Certificates New Resource: aws_lb_listener_certificate Jan 16, 2018
@radeksimko radeksimko added this to the v1.11.0 milestone Jan 16, 2018
@naveenacharya
Copy link

Is there anyway to get this feature up asap? We have been waiting for this since a long time.

@paddycarver paddycarver self-requested a review January 29, 2018 15:13
@paddycarver paddycarver self-assigned this Jan 29, 2018
@derBroBro
Copy link

We have also a issue which would be solved by this. Maybe someone else like @bflad can support?

Copy link
Contributor

@paddycarver paddycarver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Puneeth-n,

Thanks for the PR! In running the tests, both fail for me:

 make testacc TEST=./aws TESTARGS='-run=TestAccAwsLbListenerCertificate_*'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAwsLbListenerCertificate_* -timeout 120m
=== RUN   TestAccAwsLbListenerCertificate_basic
--- FAIL: TestAccAwsLbListenerCertificate_basic (192.75s)
	testing.go:503: Step 0 error: Error applying: 1 error(s) occurred:

		* aws_iam_server_certificate.default: 1 error(s) occurred:

		* aws_iam_server_certificate.default: [WARN] Error uploading server certificate, error: EntityAlreadyExists: The Server Certificate with name terraform-default-cert already exists.
=== RUN   TestAccAwsLbListenerCertificate_cycle
--- FAIL: TestAccAwsLbListenerCertificate_cycle (191.70s)
	testing.go:503: Step 0 error: Error applying: 1 error(s) occurred:

		* aws_iam_server_certificate.default: 1 error(s) occurred:

		* aws_iam_server_certificate.default: [WARN] Error uploading server certificate, error: EntityAlreadyExists: The Server Certificate with name terraform-default-cert already exists.
FAIL
exit status 1
FAIL	github.com/terraform-providers/terraform-provider-aws/aws	384.503s

It seems the tests can't be run in parallel, because the certificate names chosen are hardcoded, but must be unique.

The following patch resolved the issue for me:

diff --git a/aws/resource_aws_lb_listener_certificate_test.go b/aws/resource_aws_lb_listener_certificate_test.go
index ee564cd1..46f15268 100644
--- a/aws/resource_aws_lb_listener_certificate_test.go
+++ b/aws/resource_aws_lb_listener_certificate_test.go
@@ -20,7 +20,7 @@ func TestAccAwsLbListenerCertificate_basic(t *testing.T) {
 		CheckDestroy: testAccCheckAwsLbListenerCertificateDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccLbListenerCertificateConfig(acctest.RandString(5)),
+				Config: testAccLbListenerCertificateConfig(acctest.RandString(5), acctest.RandString(5)),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAwsLbListenerCertificateExists("aws_lb_listener_certificate.default"),
 					testAccCheckAwsLbListenerCertificateExists("aws_lb_listener_certificate.additional_1"),
@@ -39,6 +39,7 @@ func TestAccAwsLbListenerCertificate_basic(t *testing.T) {

 func TestAccAwsLbListenerCertificate_cycle(t *testing.T) {
 	rName := acctest.RandString(5)
+	suffix := acctest.RandString(5)

 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -46,7 +47,7 @@ func TestAccAwsLbListenerCertificate_cycle(t *testing.T) {
 		CheckDestroy: testAccCheckAwsLbListenerCertificateDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccLbListenerCertificateConfig(rName),
+				Config: testAccLbListenerCertificateConfig(rName, suffix),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAwsLbListenerCertificateExists("aws_lb_listener_certificate.default"),
 					testAccCheckAwsLbListenerCertificateExists("aws_lb_listener_certificate.additional_1"),
@@ -60,7 +61,7 @@ func TestAccAwsLbListenerCertificate_cycle(t *testing.T) {
 				),
 			},
 			{
-				Config: testAccLbListenerCertificateAddNew(rName),
+				Config: testAccLbListenerCertificateAddNew(rName, suffix),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAwsLbListenerCertificateExists("aws_lb_listener_certificate.default"),
 					testAccCheckAwsLbListenerCertificateExists("aws_lb_listener_certificate.additional_1"),
@@ -77,7 +78,7 @@ func TestAccAwsLbListenerCertificate_cycle(t *testing.T) {
 				),
 			},
 			{
-				Config: testAccLbListenerCertificateConfig(rName),
+				Config: testAccLbListenerCertificateConfig(rName, suffix),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckAwsLbListenerCertificateExists("aws_lb_listener_certificate.default"),
 					testAccCheckAwsLbListenerCertificateExists("aws_lb_listener_certificate.additional_1"),
@@ -153,7 +154,7 @@ func testAccCheckAwsLbListenerCertificateNotExists(name string) resource.TestChe
 	}
 }

-func testAccLbListenerCertificateConfig(rName string) string {
+func testAccLbListenerCertificateConfig(rName, suffix string) string {
 	return fmt.Sprintf(`
 resource "aws_lb_listener_certificate" "default" {
   listener_arn    = "${aws_lb_listener.test.arn}"
@@ -196,7 +197,7 @@ resource "aws_lb_listener" "test" {
 }

 resource "aws_iam_server_certificate" "default" {
-  name             = "terraform-default-cert"
+  name             = "terraform-default-cert-%s"
   certificate_body = <<EOF
 -----BEGIN CERTIFICATE-----
 MIICpDCCAYwCCQC8EdACDsZ33jANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
@@ -252,7 +253,7 @@ EOF
 }

 resource "aws_iam_server_certificate" "additional_1" {
-  name             = "terraform-additional-cert-1"
+  name             = "terraform-additional-cert-1-%s"
   certificate_body = <<EOF
 -----BEGIN CERTIFICATE-----
 MIICpDCCAYwCCQD3BjmOb0++dDANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
@@ -308,7 +309,7 @@ EOF
 }

 resource "aws_iam_server_certificate" "additional_2" {
-  name             = "terraform-additional-cert-2"
+  name             = "terraform-additional-cert-2-%s"
   certificate_body = <<EOF
 -----BEGIN CERTIFICATE-----
 MIICpDCCAYwCCQDZ2oRa1sGckDANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
@@ -364,7 +365,7 @@ EOF
 }

 resource "aws_iam_server_certificate" "additional_3" {
-  name             = "terraform-additional-cert-3"
+  name             = "terraform-additional-cert-3-%s"
   certificate_body = <<EOF
 -----BEGIN CERTIFICATE-----
 MIICpDCCAYwCCQC5bnxXukDHoTANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAls
@@ -434,11 +435,11 @@ resource "aws_subnet" "test" {
   vpc_id            = "${aws_vpc.test.id}"
   cidr_block        = "${element(var.subnets, count.index)}"
   availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}"
-}`, rName)
+}`, rName, suffix, suffix, suffix, suffix)
 }

-func testAccLbListenerCertificateAddNew(rName string) string {
-	return fmt.Sprintf(testAccLbListenerCertificateConfig(rName) + `
+func testAccLbListenerCertificateAddNew(rName, prefix string) string {
+	return fmt.Sprintf(testAccLbListenerCertificateConfig(rName, prefix) + `
 resource "aws_lb_listener_certificate" "additional_3" {
   listener_arn    = "${aws_lb_listener.test.arn}"
   certificate_arn = "${aws_iam_server_certificate.additional_3.arn}"

Feel free to use that, or come up with your own solution.

@Puneeth-n
Copy link
Contributor Author

@paddycarver Sure. Will give it a spin and get back to you.

@ghost ghost added the size/XL Managed by automation to categorize the size of a PR. label Feb 20, 2018
@Puneeth-n
Copy link
Contributor Author

@paddycarver done!

TF_ACC=1 go test ./... -v -run=TestAccAwsLbListenerCertificate_ -timeout 120m -parallel=5
?   	github.com/terraform-providers/terraform-provider-aws	[no test files]
=== RUN   TestAccAwsLbListenerCertificate_basic
--- PASS: TestAccAwsLbListenerCertificate_basic (205.78s)
=== RUN   TestAccAwsLbListenerCertificate_cycle
--- PASS: TestAccAwsLbListenerCertificate_cycle (280.92s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	486.728s

@paddycarver
Copy link
Contributor

Tests pass for me! Thanks!

@paddycarver paddycarver merged commit 5a8f237 into hashicorp:master Feb 20, 2018
@Puneeth-n
Copy link
Contributor Author

@oarmstrong @paddycarver Thanks!

@Puneeth-n Puneeth-n deleted the chore/alb-sni-fix branch February 20, 2018 16:46
@oarmstrong
Copy link
Contributor

Thanks for all your help @Puneeth-n on my original PR and for all the maintainers involved in getting this merged! Great work everyone!

@cemo
Copy link

cemo commented Feb 20, 2018

thanks guys, huge milestone.

@paddycarver You may want also change milestone of this issue since it is targeted to v1.11.0. #1853 also requires a change.

@paddycarver paddycarver modified the milestones: v1.11.0, v1.10.0 Feb 22, 2018
@bflad
Copy link
Contributor

bflad commented Feb 27, 2018

This has been released in version 1.10.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@ghost
Copy link

ghost commented Apr 7, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 7, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
new-resource Introduces a new resource. service/elb Issues and PRs that pertain to the elb service. service/elbv2 Issues and PRs that pertain to the elbv2 service. size/XL Managed by automation to categorize the size of a PR.
Projects
None yet
Development

Successfully merging this pull request may close these issues.