Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

r/appsync_domain_name + association resources #22487

Merged
merged 13 commits into from
Jan 18, 2022
Merged

r/appsync_domain_name + association resources #22487

merged 13 commits into from
Jan 18, 2022

Conversation

DrFaust92
Copy link
Collaborator

@DrFaust92 DrFaust92 commented Jan 8, 2022
edited
Loading

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #22088

Output from acceptance testing:

$ make testacc TESTS= TestAccAppSync_serial/DomainName PKG=appsync
        --- PASS: TestAccAppSync_serial/DomainName/description (255.22s)
        --- PASS: TestAccAppSync_serial/DomainName/basic (277.56s)
        --- PASS: TestAccAppSync_serial/DomainName/disappears (268.27s)

$ make testacc TESTS= TestAccAppSync_serial/Association PKG=appsync
    --- PASS: TestAccAppSync_serial/DomainNameAssociation (840.03s)
        --- PASS: TestAccAppSync_serial/DomainNameAssociation/basic (703.23s)
        --- PASS: TestAccAppSync_serial/DomainNameAssociation/disappears (136.80s)

@github-actions github-actions bot added provider Pertains to the provider itself, rather than any interaction with AWS. service/appsync Issues and PRs that pertain to the appsync service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. size/XL Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. labels Jan 8, 2022
@DrFaust92 DrFaust92 added the new-resource Introduces a new resource. label Jan 8, 2022
@DrFaust92 DrFaust92 force-pushed the appsync_domain_name branch 2 times, most recently from 1096768 to 94d3afe Compare January 14, 2022 10:33
@github-actions github-actions bot added the sweeper Pertains to changes to or issues with the sweeper. label Jan 14, 2022
@DrFaust92 DrFaust92 marked this pull request as ready for review January 15, 2022 09:07
@DrFaust92 DrFaust92 force-pushed the appsync_domain_name branch from 56a0d36 to 4c474be Compare January 18, 2022 16:17
ewbankkit
ewbankkit approved these changes Jan 18, 2022
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

Unable to verify due to not having a suitable certificate.

% AWS_APPSYNC_DOMAIN_NAME_CERTIFICATE_DOMAIN=example.com make testacc TESTS=TestAccAppSync_serial/DomainName PKG=appsync
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/appsync/... -v -count 1 -parallel 20 -run='TestAccAppSync_serial/DomainName'  -timeout 180m
=== RUN   TestAccAppSync_serial
=== RUN   TestAccAppSync_serial/DomainName
=== RUN   TestAccAppSync_serial/DomainName/description
    domain_name_test.go:59: Step 1/3 error: Error running pre-apply refresh: exit status 1
        
        Error: No certificate for domain "*.example.com" found in this region
        
          with data.aws_acm_certificate.test,
          on terraform_plugin_test.tf line 6, in data "aws_acm_certificate" "test":
           6: data "aws_acm_certificate" "test" {
        
=== RUN   TestAccAppSync_serial/DomainName/basic
    domain_name_test.go:28: Step 1/2 error: Error running pre-apply refresh: exit status 1
        
        Error: No certificate for domain "*.example.com" found in this region
        
          with data.aws_acm_certificate.test,
          on terraform_plugin_test.tf line 6, in data "aws_acm_certificate" "test":
           6: data "aws_acm_certificate" "test" {
        
=== RUN   TestAccAppSync_serial/DomainName/disappears
    domain_name_test.go:96: Step 1/1 error: Error running pre-apply refresh: exit status 1
        
        Error: No certificate for domain "*.example.com" found in this region
        
          with data.aws_acm_certificate.test,
          on terraform_plugin_test.tf line 6, in data "aws_acm_certificate" "test":
           6: data "aws_acm_certificate" "test" {
        
=== RUN   TestAccAppSync_serial/DomainNameAssociation
=== RUN   TestAccAppSync_serial/DomainNameAssociation/basic
    domain_name_api_association_test.go:27: Step 1/3 error: Error running pre-apply refresh: exit status 1
        
        Error: No certificate for domain "*.example.com" found in this region
        
          with data.aws_acm_certificate.test,
          on terraform_plugin_test.tf line 6, in data "aws_acm_certificate" "test":
           6: data "aws_acm_certificate" "test" {
        
=== RUN   TestAccAppSync_serial/DomainNameAssociation/disappears
    domain_name_api_association_test.go:66: Step 1/1 error: Error running pre-apply refresh: exit status 1
        
        Error: No certificate for domain "*.example.com" found in this region
        
          with data.aws_acm_certificate.test,
          on terraform_plugin_test.tf line 6, in data "aws_acm_certificate" "test":
           6: data "aws_acm_certificate" "test" {
        
--- FAIL: TestAccAppSync_serial (9.57s)
    --- FAIL: TestAccAppSync_serial/DomainName (6.24s)
        --- FAIL: TestAccAppSync_serial/DomainName/description (2.78s)
        --- FAIL: TestAccAppSync_serial/DomainName/basic (1.74s)
        --- FAIL: TestAccAppSync_serial/DomainName/disappears (1.71s)
    --- FAIL: TestAccAppSync_serial/DomainNameAssociation (3.33s)
        --- FAIL: TestAccAppSync_serial/DomainNameAssociation/basic (1.65s)
        --- FAIL: TestAccAppSync_serial/DomainNameAssociation/disappears (1.69s)
FAIL
FAIL	github.com/hashicorp/terraform-provider-aws/internal/service/appsync	12.958s
FAIL
make: *** [testacc] Error 1
% AWS_APPSYNC_DOMAIN_NAME_CERTIFICATE_DOMAIN=example.com make testacc TESTS=TestAccAppSync_serial/Association PKG=appsync
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/appsync/... -v -count 1 -parallel 20 -run='TestAccAppSync_serial/Association'  -timeout 180m
=== RUN   TestAccAppSync_serial
=== RUN   TestAccAppSync_serial/DomainNameAssociation
=== RUN   TestAccAppSync_serial/DomainNameAssociation/basic
    domain_name_api_association_test.go:27: Step 1/3 error: Error running pre-apply refresh: exit status 1
        
        Error: No certificate for domain "*.example.com" found in this region
        
          with data.aws_acm_certificate.test,
          on terraform_plugin_test.tf line 6, in data "aws_acm_certificate" "test":
           6: data "aws_acm_certificate" "test" {
        
=== RUN   TestAccAppSync_serial/DomainNameAssociation/disappears
    domain_name_api_association_test.go:66: Step 1/1 error: Error running pre-apply refresh: exit status 1
        
        Error: No certificate for domain "*.example.com" found in this region
        
          with data.aws_acm_certificate.test,
          on terraform_plugin_test.tf line 6, in data "aws_acm_certificate" "test":
           6: data "aws_acm_certificate" "test" {
        
--- FAIL: TestAccAppSync_serial (4.08s)
    --- FAIL: TestAccAppSync_serial/DomainNameAssociation (4.08s)
        --- FAIL: TestAccAppSync_serial/DomainNameAssociation/basic (2.44s)
        --- FAIL: TestAccAppSync_serial/DomainNameAssociation/disappears (1.64s)
FAIL
FAIL	github.com/hashicorp/terraform-provider-aws/internal/service/appsync	7.463s
FAIL
make: *** [testacc] Error 1

@ewbankkit ewbankkit merged commit 8026ea1 into hashicorp:main Jan 18, 2022
@github-actions github-actions bot added this to the v3.73.0 milestone Jan 18, 2022
@bobsut
Copy link
Contributor

bobsut commented Jan 20, 2022
edited
Loading

@DrFaust92 - Thanks for this!

Please help clarify the parameters and exports. In the example below, for aws_route53_record.example.alias.name should I use aws_appsync_domain_name.example.id or aws_appsync_domain_name.example.appsync_domain_name?

I suggest adopting the phrases that describe similar exported values from aws_api_gateway_domain_name or aws_apigatewayv2_domain_name, something like

  • id - "The identifier assigned to this endpoint domain name by AppSync"
  • appsync_domain_name - "The internal hostname assigned to this endpoint by AppSync"
  • hosted_zone_id - "The hosted zone ID that can be used to create a Route53 alias record for the endpoint."

I would submit a PR with these documentation changes, but I'm not entirely confident I got them right based on my reading of the existing descriptions.

resource "aws_appsync_domain_name" "example" {
  domain_name     = "graphql.${local.fqdn}"
  certificate_arn = aws_acm_certificate_validation.stardotfqdn.certificate_arn
}

resource "aws_appsync_domain_name_api_association" "example" {
  api_id      = aws_appsync_graphql_api.example.id
  domain_name = aws_appsync_domain_name.example.domain_name
}

resource "aws_route53_record" "example" {
  name    = aws_appsync_domain_name.example.appsync_domain_name
  type    = "A"
  zone_id = data.aws_route53_zone.fqdn.zone_id
  alias {
    name                   = aws_appsync_domain_name.example.appsync_domain_name
    zone_id                = aws_appsync_domain_name.example.hosted_zone_id
    evaluate_target_health = true
  }
  allow_overwrite = true
}

resource "aws_route53_record" "example6" {
  name    = aws_appsync_domain_name.example.appsync_domain_name
  type    = "AAAA"
  count   = local.enable_ipv6 ? 1 : 0
  zone_id = data.aws_route53_zone.fqdn.zone_id
  alias {
    name                   = aws_appsync_domain_name.example.appsync_domain_name
    zone_id                = aws_appsync_domain_name.example.hosted_zone_id
    evaluate_target_health = true
  }
  allow_overwrite = true
}

#
# support resources for completeness
#

locals {
  enable_ipv6 = true
  fqdn        = "example.com"
}

data "aws_route53_zone" "fqdn" {
  name         = local.fqdn
  private_zone = false
}

resource "aws_appsync_graphql_api" "example" {
  name                = "example"
  authentication-type = "API_KEY"
  # ...
}

resource "aws_acm_certificate" "stardotfqdn" {
  domain_name               = local.fqdn
  subject_alternative_names = ["*.${local.fqdn}"]
  validation_method         = "DNS"
  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_acm_certificate_validation" "stardotfqdn" {
  certificate_arn         = aws_acm_certificate.stardotfqdn.arn
  validation_record_fqdns = [for record in aws_route53_record.stardotfqdn : record.fqdn]
}

resource "aws_route53_record" "stardotfqdn" {
  for_each = {
    for dvo in aws_acm_certificate.stardotfqdn.domain_validation_options : dvo.domain_name => {
      name   = dvo.resource_record_name
      record = dvo.resource_record_value
      type   = dvo.resource_record_type
    }
  }
  allow_overwrite = true
  name            = each.value.name
  records         = [each.value.record]
  ttl             = 60
  type            = each.value.type
  zone_id         = data.aws_route53_zone.fqdn.zone_id
}

@github-actions
Copy link

This functionality has been released in v3.73.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@antonbabenko antonbabenko mentioned this pull request Feb 1, 2022
Closed
@DrFaust92 DrFaust92 deleted the appsync_domain_name branch February 12, 2022 12:47
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. new-resource Introduces a new resource. provider Pertains to the provider itself, rather than any interaction with AWS. service/appsync Issues and PRs that pertain to the appsync service. size/XL Managed by automation to categorize the size of a PR. sweeper Pertains to changes to or issues with the sweeper. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v3.73.0
Development

Successfully merging this pull request may close these issues.

Feature Request: Support AWS AppSync Custom Domains
3 participants
@DrFaust92 @bobsut @ewbankkit