Skip to content

Commit

Permalink
resource/aws_lb_listener_certificate: Prevent resource ID parsing err…
Browse files Browse the repository at this point in the history 
…or with IAM Server Certificate names containing underscores

Reference: #17639

Previously:

```
=== CONT  TestAccAwsLbListenerCertificate_CertificateArn_Underscores
    resource_aws_lb_listener_certificate_test.go:54: Step 1/2 error: Error running apply: exit status 1

        Error: error parsing ELBv2 Listener Certificate ID (arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/tf-acc-test-1918488772698388616/37ea83aabfff17e9/c77f900678310ecd_arn:aws:iam::123456789012:server-certificate/tf_acc_test_1918488772698388616): unexpected format for ID ("arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/tf-acc-test-1918488772698388616/37ea83aabfff17e9/c77f900678310ecd_arn:aws:iam::123456789012:server-certificate/tf_acc_test_1918488772698388616"), expected listener-arn_certificate-arn

--- FAIL: TestAccAwsLbListenerCertificate_CertificateArn_Underscores (161.31s)
```

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAwsLbListenerCertificate_disappears (165.35s)
--- PASS: TestAccAwsLbListenerCertificate_CertificateArn_Underscores (167.76s)
--- PASS: TestAccAwsLbListenerCertificate_basic (168.14s)
--- PASS: TestAccAwsLbListenerCertificate_multiple (243.26s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- PASS: TestAccAwsLbListenerCertificate_CertificateArn_Underscores (159.16s)
--- PASS: TestAccAwsLbListenerCertificate_disappears (162.81s)
--- PASS: TestAccAwsLbListenerCertificate_basic (170.08s)
--- PASS: TestAccAwsLbListenerCertificate_multiple (272.30s)
```
  • Loading branch information
@bflad
bflad committed Feb 16, 2021
1 parent c63960b commit 57957c0
Show file tree
Hide file tree
Showing 3 changed files with 104 additions and 1 deletion.
3 changes: 3 additions & 0 deletions .changelog/pending.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
resource/aws_lb_listener_certificate: Prevent resource ID parsing error with IAM Server Certificate names containing underscores
```
2 changes: 1 addition & 1 deletion aws/internal/service/elbv2/id.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (
const listenerCertificateIDSeparator = "_"

func ListenerCertificateParseID(id string) (string, string, error) {
parts := strings.Split(id, listenerCertificateIDSeparator)
parts := strings.SplitN(id, listenerCertificateIDSeparator, 2)
if len(parts) == 2 && parts[0] != "" && parts[1] != "" {
return parts[0], parts[1], nil
}
Expand Down
100 changes: 100 additions & 0 deletions aws/resource_aws_lb_listener_certificate_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,37 @@ func TestAccAwsLbListenerCertificate_basic(t *testing.T) {
})
}

// Reference: https://github.com/hashicorp/terraform-provider-aws/issues/17639
func TestAccAwsLbListenerCertificate_CertificateArn_Underscores(t *testing.T) {
key := tlsRsaPrivateKeyPem(2048)
certificate := tlsRsaX509SelfSignedCertificatePem(key, "example.com")
iamServerCertificateResourceName := "aws_iam_server_certificate.test"
lbListenerResourceName := "aws_lb_listener.test"
resourceName := "aws_lb_listener_certificate.test"
rName := acctest.RandomWithPrefix("tf-acc-test")

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAwsLbListenerCertificateDestroy,
Steps: []resource.TestStep{
{
Config: testAccLbListenerCertificateConfigCertificateArnUnderscores(rName, key, certificate),
Check: resource.ComposeTestCheckFunc(
testAccCheckAwsLbListenerCertificateExists(resourceName),
resource.TestCheckResourceAttrPair(resourceName, "certificate_arn", iamServerCertificateResourceName, "arn"),
resource.TestCheckResourceAttrPair(resourceName, "listener_arn", lbListenerResourceName, "arn"),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccAwsLbListenerCertificate_multiple(t *testing.T) {
keys := make([]string, 4)
certificates := make([]string, 4)
Expand Down Expand Up @@ -267,6 +298,75 @@ resource "aws_lb_listener_certificate" "test" {
`
}

func testAccLbListenerCertificateConfigCertificateArnUnderscores(rName, key, certificate string) string {
return fmt.Sprintf(`
data "aws_availability_zones" "available" {
state = "available"
filter {
name = "opt-in-status"
values = ["opt-in-not-required"]
}
}
resource "aws_vpc" "test" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "terraform-testacc-lb-listener-certificate"
}
}
resource "aws_subnet" "test" {
count = 2
availability_zone = data.aws_availability_zones.available.names[count.index]
cidr_block = cidrsubnet(aws_vpc.test.cidr_block, 8, count.index)
vpc_id = aws_vpc.test.id
tags = {
Name = "tf-acc-lb-listener-certificate-${count.index}"
}
}
resource "aws_lb_target_group" "test" {
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.test.id
}
resource "aws_lb" "test" {
internal = true
name = %[1]q
subnets = aws_subnet.test[*].id
}
resource "aws_iam_server_certificate" "test" {
name = replace("%[1]s", "-", "_")
certificate_body = "%[2]s"
private_key = "%[3]s"
}
resource "aws_lb_listener" "test" {
load_balancer_arn = aws_lb.test.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = aws_iam_server_certificate.test.arn
default_action {
target_group_arn = aws_lb_target_group.test.arn
type = "forward"
}
}
resource "aws_lb_listener_certificate" "test" {
certificate_arn = aws_iam_server_certificate.test.arn
listener_arn = aws_lb_listener.test.arn
}
`, rName, tlsPemEscapeNewlines(certificate), tlsPemEscapeNewlines(key))
}

func testAccLbListenerCertificateConfigMultiple(rName string, keys, certificates []string) string {
return testAccLbListenerCertificateConfigLbListenerBase(rName, keys[0], certificates[0]) + fmt.Sprintf(`
resource "aws_lb_listener_certificate" "default" {
Expand Down

0 comments on commit 57957c0

Please sign in to comment.