diff --git a/.changelog/34362.txt b/.changelog/34362.txt new file mode 100644 index 00000000000..3c228eaf41b --- /dev/null +++ b/.changelog/34362.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_cloudfront_origin_access_control: Add `lambda` and `mediapackagev2` as valid values for `origin_access_control_origin_type` +``` \ No newline at end of file diff --git a/internal/service/cloudfront/origin_access_control_test.go b/internal/service/cloudfront/origin_access_control_test.go index 92cf3f8f332..b8401089c95 100644 --- a/internal/service/cloudfront/origin_access_control_test.go +++ b/internal/service/cloudfront/origin_access_control_test.go @@ -271,6 +271,102 @@ func testAccCheckOriginAccessControlExists(ctx context.Context, name string, ori } } +func TestAccCloudFrontOriginAccessControl_lambdaOriginType(t *testing.T) { + ctx := acctest.Context(t) + var originaccesscontrol cloudfront.OriginAccessControl + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_cloudfront_origin_access_control.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(ctx, t) + acctest.PreCheckPartitionHasService(t, cloudfront.EndpointsID) + testAccPreCheck(ctx, t) + }, + ErrorCheck: acctest.ErrorCheck(t, names.CloudFrontServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckOriginAccessControlDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccOriginAccessControlConfig_originType(rName, "lambda"), + Check: resource.ComposeTestCheckFunc( + testAccCheckOriginAccessControlExists(ctx, resourceName, &originaccesscontrol), + resource.TestCheckResourceAttr(resourceName, "description", "Managed by Terraform"), + resource.TestCheckResourceAttrSet(resourceName, "etag"), + resource.TestCheckResourceAttrWith(resourceName, "id", func(value string) error { + if value == "" { + return fmt.Errorf("expected attribute to be set") + } + + if id := aws.StringValue(originaccesscontrol.Id); value != id { + return fmt.Errorf("expected attribute to be equal to %s", id) + } + + return nil + }), + resource.TestCheckResourceAttr(resourceName, "name", rName), + resource.TestCheckResourceAttr(resourceName, "origin_access_control_origin_type", "lambda"), + resource.TestCheckResourceAttr(resourceName, "signing_behavior", "always"), + resource.TestCheckResourceAttr(resourceName, "signing_protocol", "sigv4"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccCloudFrontOriginAccessControl_mediaPackageV2Type(t *testing.T) { + ctx := acctest.Context(t) + var originaccesscontrol cloudfront.OriginAccessControl + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + resourceName := "aws_cloudfront_origin_access_control.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { + acctest.PreCheck(ctx, t) + acctest.PreCheckPartitionHasService(t, cloudfront.EndpointsID) + testAccPreCheck(ctx, t) + }, + ErrorCheck: acctest.ErrorCheck(t, names.CloudFrontServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckOriginAccessControlDestroy(ctx), + Steps: []resource.TestStep{ + { + Config: testAccOriginAccessControlConfig_originType(rName, "mediapackagev2"), + Check: resource.ComposeTestCheckFunc( + testAccCheckOriginAccessControlExists(ctx, resourceName, &originaccesscontrol), + resource.TestCheckResourceAttr(resourceName, "description", "Managed by Terraform"), + resource.TestCheckResourceAttrSet(resourceName, "etag"), + resource.TestCheckResourceAttrWith(resourceName, "id", func(value string) error { + if value == "" { + return fmt.Errorf("expected attribute to be set") + } + + if id := aws.StringValue(originaccesscontrol.Id); value != id { + return fmt.Errorf("expected attribute to be equal to %s", id) + } + + return nil + }), + resource.TestCheckResourceAttr(resourceName, "name", rName), + resource.TestCheckResourceAttr(resourceName, "origin_access_control_origin_type", "mediapackagev2"), + resource.TestCheckResourceAttr(resourceName, "signing_behavior", "always"), + resource.TestCheckResourceAttr(resourceName, "signing_protocol", "sigv4"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func testAccPreCheck(ctx context.Context, t *testing.T) { conn := acctest.Provider.Meta().(*conns.AWSClient).CloudFrontConn(ctx) @@ -330,3 +426,14 @@ resource "aws_cloudfront_origin_access_control" "test" { } `, rName, signingBehavior) } + +func testAccOriginAccessControlConfig_originType(rName, originType string) string { + return fmt.Sprintf(` +resource "aws_cloudfront_origin_access_control" "test" { + name = %[1]q + origin_access_control_origin_type = %[2]q + signing_behavior = "always" + signing_protocol = "sigv4" +} +`, rName, originType) +} diff --git a/website/docs/r/cloudfront_origin_access_control.html.markdown b/website/docs/r/cloudfront_origin_access_control.html.markdown index 32e24acf2f9..03e1243ddb2 100644 --- a/website/docs/r/cloudfront_origin_access_control.html.markdown +++ b/website/docs/r/cloudfront_origin_access_control.html.markdown @@ -32,7 +32,7 @@ The following arguments are required: * `name` - (Required) A name that identifies the Origin Access Control. * `description` - (Optional) The description of the Origin Access Control. Defaults to "Managed by Terraform" if omitted. -* `origin_access_control_origin_type` - (Required) The type of origin that this Origin Access Control is for. Valid values are `s3`, and `mediastore`. +* `origin_access_control_origin_type` - (Required) The type of origin that this Origin Access Control is for. Valid values are `lambda`, `mediapackagev2`, `mediastore`, and `s3`. * `signing_behavior` - (Required) Specifies which requests CloudFront signs. Specify `always` for the most common use case. Allowed values: `always`, `never`, and `no-override`. * `signing_protocol` - (Required) Determines how CloudFront signs (authenticates) requests. The only valid value is `sigv4`.