-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue 1769 add aws shield protection feature ( Part II ) #7721
Issue 1769 add aws shield protection feature ( Part II ) #7721
Conversation
…ield_Protection_feature
@bflad any update on this pr? I know you guys have been busy, but we've an open ticket on our side plus I am wondering if all is good with the PR. |
Hi @parabolic @radeksimko @bflad, I/my company would be happy to test this PR if another tester is still required? I'm also going to add a comment to the other PR this stemmed from around subscriptions. Cheers, |
@JoshiiSinfield thank you for your help. Cheers! |
Hi @parabolic. Are you still looking for testers? I have shield and would be happy to test. I'm keen to see this merged. Thanks! |
@accuracy27 Thanks for the offer! We don't need more testers I think we've shield and I've tested it and posted the output in the description of the PR. What we need is a response from hashicorp on how do we proceed from here. Cheers! |
Hi @parabolic 👋 We're finally ready to acceptance test this! Looks like this pull request could use some love for rebasing and running the acceptance testing with its default
Would you be okay if I rebased and pushed some testing changes to your branch? Otherwise I can provide line by line feedback. Thanks! |
Hi @bflad , that is awesome. Please feel free to rebase and push, and afterwards I will do the acceptance tests again. I believe that the documentation format has changed as well right ? Cheers. |
…eld SDK Region to us-east-1 References: * https://docs.aws.amazon.com/general/latest/gr/rande.html#global_accelerator_region * https://docs.aws.amazon.com/general/latest/gr/rande.html#shield_region Global AWS services sometimes only use a single region for their endpoint. As a past precedent we have hardcoded the Route 53 SDK Region to us-east-1. Following the current AWS Regions and Endpoints documentation, we do the same type of SDK configuration for Global Accelerator (endpoint is only in us-west-2) and Shield (endpoint is only in us-east-1).
Brings the acceptance testing style and configurations up to latest. Previously was failing due to Terraform 0.12 syntax changes. Changes include: * Remove provider declaration in Global Accelerator configuration (typically review feedback) * Perform `ImportState` testing in all tests instead of single import test (typically review feedback) * Perform API verification of resource creation in `testAccCheckAWSShieldProtectionExists` (typically review feedback) * Prefer `resource.ParallelTest()` over `resource.Test()` (typically review feedback) * Move `fmt.Sprintf()` usage to configurations and use underscores in test naming (typically style feedback) * Add `testAccPreCheckAWSShield` to skip testing if not subscribed to Shield
@parabolic just need permission to your fork, thanks!
I'll provide a "regular" review once this little bit of administrivia is handled. 😄 |
Oh sorry about that @bflad, I've ticked the Allow edits from maintainers checkbox, |
1692897
to
b553421
Compare
The pull request was in great shape! Should just be a few minor feedback items at this point (I'll provide in a few minutes) and then we can get this merged in once they're addressed. Thanks so much for your work here, @parabolic! 💯 Rebased on master and added two commits:
References:
Global AWS services sometimes only use a single region for their endpoint. As a past precedent we have hardcoded the Route 53 SDK Region to us-east-1. Following the current AWS Regions and Endpoints documentation, we do the same type of SDK configuration for Global Accelerator (endpoint is only in us-west-2) and Shield (endpoint is only in us-east-1).
Brings the acceptance testing style and configurations up to latest. Previously was failing due to Terraform 0.12 syntax changes. Changes include:
Output from acceptance testing (without setting
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here are the remaining feedback items, thanks @parabolic! Please reach out if you have any questions or do not have time to implement these items.
…:parabolic/terraform-provider-aws into Issue_1769_AWS_Shield_Protection_feature
--- - remove the unused import awserr - use ImportStatePassthrough - print the error when there's one - import fmt
Co-Authored-By: Brian Flad <[email protected]>
Co-Authored-By: Brian Flad <[email protected]>
Co-Authored-By: Brian Flad <[email protected]>
- remove the tags and the variables - remove obsolete lines
@bflad Thanks for the suggestions and help! TF_ACC=1 go test ./aws -v -timeout 120m -parallel 20 -run='TestAccAWSShieldProtection'
==> Checking that code complies with gofmt requirements...
go install
=== RUN TestAccAWSShieldProtection_GlobalAccelerator
=== PAUSE TestAccAWSShieldProtection_GlobalAccelerator
=== RUN TestAccAWSShieldProtection_ElasticIPAddress
=== PAUSE TestAccAWSShieldProtection_ElasticIPAddress
=== RUN TestAccAWSShieldProtection_Alb
=== PAUSE TestAccAWSShieldProtection_Alb
=== RUN TestAccAWSShieldProtection_Elb
=== PAUSE TestAccAWSShieldProtection_Elb
=== RUN TestAccAWSShieldProtection_Cloudfront
=== PAUSE TestAccAWSShieldProtection_Cloudfront
=== RUN TestAccAWSShieldProtection_Route53
=== PAUSE TestAccAWSShieldProtection_Route53
=== CONT TestAccAWSShieldProtection_GlobalAccelerator
=== CONT TestAccAWSShieldProtection_Cloudfront
=== CONT TestAccAWSShieldProtection_Route53
=== CONT TestAccAWSShieldProtection_Alb
=== CONT TestAccAWSShieldProtection_Elb
=== CONT TestAccAWSShieldProtection_ElasticIPAddress
--- PASS: TestAccAWSShieldProtection_Cloudfront (34.38s)
--- PASS: TestAccAWSShieldProtection_ElasticIPAddress (40.75s)
--- PASS: TestAccAWSShieldProtection_Route53 (65.61s)
--- PASS: TestAccAWSShieldProtection_GlobalAccelerator (86.69s)
--- PASS: TestAccAWSShieldProtection_Elb (87.50s)
--- PASS: TestAccAWSShieldProtection_Alb (253.88s)
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws 253.924s |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fantastic, @parabolic! LGTM 🚀
Output from acceptance testing:
--- PASS: TestAccAWSShieldProtection_ElasticIPAddress (16.26s)
--- PASS: TestAccAWSShieldProtection_Route53 (44.68s)
--- PASS: TestAccAWSShieldProtection_Elb (47.75s)
--- PASS: TestAccAWSShieldProtection_GlobalAccelerator (103.22s)
--- PASS: TestAccAWSShieldProtection_Alb (196.09s)
--- PASS: TestAccAWSShieldProtection_Cloudfront (514.49s)
This has been released in version 2.11.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Fixes #1769
Superseeds: #1899
Changes proposed in this pull request:
aws_shield_protection
resource.aws_shield_protection
resource.Output from acceptance testing:
Note: The acceptance tests where run with
TF_TEST_CLOUDFRONT_RETAIN=true
environment variable set in order for it not to wait the deletion of the cloudfront distribution.