Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

resource/aws_elasticsearch_domain DomainEndpointOptions #10430

Merged
merged 17 commits into from
Jan 29, 2020
Merged

resource/aws_elasticsearch_domain DomainEndpointOptions #10430

Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
d9c421f
Merge branch 'master' of https://github.com/terraform-providers/terra…
barrytam20 Mar 6, 2019
06905c6
Merge branch 'master' of https://github.com/barrytam20/terraform-prov…
barrytam20 Mar 17, 2019
3a61b59
Merge branch 'master' of https://github.com/terraform-providers/terra…
barrytam20 Mar 31, 2019
462b26b
Merge branch 'master' of https://github.com/terraform-providers/terra…
barrytam20 Oct 2, 2019
c22b34d
Merge branch 'master' of https://github.com/terraform-providers/terra…
barrytam20 Oct 4, 2019
071671b
Merge branch 'master' of https://github.com/terraform-providers/terra…
barrytam20 Oct 9, 2019
ac8d447
init commit of elasticsearch require https
barrytam20 Oct 9, 2019
8c75775
Merge branch 'master' of https://github.com/terraform-providers/terra…
Oct 9, 2019
4a2e050
adding tests
Oct 9, 2019
3c9b27c
merging in master
barrytam20 Oct 12, 2019
e4f6229
merging in master
Nov 8, 2019
b6ab109
merging in master
Nov 8, 2019
d880754
removing default value
barrytam20 Nov 10, 2019
071299f
Merge branch 'master' of https://github.com/terraform-providers/terra…
Dec 6, 2019
863138c
domain endpoint options
Dec 6, 2019
5860909
PR review changes
barrytam20 Jan 26, 2020
b34fb97
fixing tests
Jan 27, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions aws/resource_aws_elasticsearch_domain.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,10 @@ func resourceAwsElasticSearchDomain() *schema.Resource {
Type: schema.TypeString,
Computed: true,
},
"require_https": {
Type: schema.TypeBool,
Optional: true,
},
"endpoint": {
Type: schema.TypeString,
Computed: true,
Expand Down Expand Up @@ -361,6 +365,12 @@ func resourceAwsElasticSearchDomainCreate(d *schema.ResourceData, meta interface
input.AdvancedOptions = stringMapToPointers(v.(map[string]interface{}))
}

if d.Get("require_https").(bool) {
barrytam20 marked this conversation as resolved.
Show resolved Hide resolved
input.SetDomainEndpointOptions(&elasticsearch.DomainEndpointOptions{
EnforceHTTPS: aws.Bool(true),
})
}

if v, ok := d.GetOk("ebs_options"); ok {
options := v.([]interface{})

Expand Down Expand Up @@ -642,6 +652,10 @@ func resourceAwsElasticSearchDomainRead(d *schema.ResourceData, meta interface{}
d.Set("log_publishing_options", m)
}

if *ds.DomainEndpointOptions.EnforceHTTPS {
d.Set("require_https", true)
}

d.Set("arn", ds.ARN)

listOut, err := conn.ListTags(&elasticsearch.ListTagsInput{
Expand Down Expand Up @@ -684,6 +698,12 @@ func resourceAwsElasticSearchDomainUpdate(d *schema.ResourceData, meta interface
input.AdvancedOptions = stringMapToPointers(d.Get("advanced_options").(map[string]interface{}))
}

if d.HasChange("require_https") {
input.SetDomainEndpointOptions(&elasticsearch.DomainEndpointOptions{
EnforceHTTPS: aws.Bool(d.Get("require_https").(bool)),
})
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like an older iteration of this feature request 😄


if d.HasChange("ebs_options") || d.HasChange("cluster_config") {
options := d.Get("ebs_options").([]interface{})

Expand Down
39 changes: 39 additions & 0 deletions aws/resource_aws_elasticsearch_domain_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,30 @@ func TestAccAWSElasticSearchDomain_basic(t *testing.T) {
})
}

func TestAccAWSElasticSearchDomain_RequireHTTPS(t *testing.T) {
var domain elasticsearch.ElasticsearchDomainStatus
ri := acctest.RandInt()

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckESDomainDestroy,
Steps: []resource.TestStep{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should include two additional TestStep that verify that imports and in-place updates work as expected with this new functionality, e.g.

		Steps: []resource.TestStep{
			{
				Config: testAccESDomainConfig_DomainEndpointOptions(ri, true, "Policy-Min-TLS-1-0-2019-07"),
				Check: resource.ComposeTestCheckFunc(
					testAccCheckESDomainExists("aws_elasticsearch_domain.example", &domain),
					testAccCheckESDomainEndpointOptions(true, "Policy-Min-TLS-1-0-2019-07", &domain),
				),
			},
			{
				ResourceName:      "aws_elasticsearch_domain.example",
				ImportState:       true,
				ImportStateId:     resourceId,
				ImportStateVerify: true,
			},
			{
				Config: testAccESDomainConfig_DomainEndpointOptions(ri, true, "Policy-Min-TLS-1-2-2019-07"),
				Check: resource.ComposeTestCheckFunc(
					testAccCheckESDomainExists("aws_elasticsearch_domain.example", &domain),
					testAccCheckESDomainEndpointOptions(true, "Policy-Min-TLS-1-2-2019-07", &domain),
				),
			},
		},

// ...

func testAccESDomainConfig_DomainEndpointOptions(randInt int, enforceHttps bool, tlsSecurityPolicy string) string {
	return fmt.Sprintf(`
resource "aws_elasticsearch_domain" "example" {
  domain_name = "tf-test-%[1]d"

  domain_endpoint_options {
    enforce_https       = %[2]t
    tls_security_policy = %[3]q
  }

  ebs_options {
    ebs_enabled = true
    volume_size = 10
  }
}
`, randInt, enforceHttps, tlsSecurityPolicy)
}

{
Config: testAccESDomainConfig_RequireHTTPS(ri),
Check: resource.ComposeTestCheckFunc(
testAccCheckESDomainExists("aws_elasticsearch_domain.example", &domain),
resource.TestCheckResourceAttr(
"aws_elasticsearch_domain.example", "elasticsearch_version", "1.5"),
resource.TestMatchResourceAttr("aws_elasticsearch_domain.example", "kibana_endpoint", regexp.MustCompile(".*es.amazonaws.com/_plugin/kibana/")),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: These checks look irrelevant to the testing of domain endpoint options and can be removed. 👍

resource.TestCheckResourceAttr(
"aws_elasticsearch_domain.example", "require_https", "true"),
),
},
},
})
}

func TestAccAWSElasticSearchDomain_ClusterConfig_ZoneAwarenessConfig(t *testing.T) {
var domain1, domain2, domain3, domain4 elasticsearch.ElasticsearchDomainStatus
rName := acctest.RandomWithPrefix("tf-acc-test")[:28]
Expand Down Expand Up @@ -976,6 +1000,21 @@ resource "aws_elasticsearch_domain" "test" {
`, randInt)
}

func testAccESDomainConfig_RequireHTTPS(randInt int) string {
return fmt.Sprintf(`
resource "aws_elasticsearch_domain" "example" {
domain_name = "tf-test-%d"

require_https = true

ebs_options {
ebs_enabled = true
volume_size = 10
}
}
`, randInt)
}

func testAccESDomainConfig_ClusterConfig_ZoneAwarenessConfig_AvailabilityZoneCount(rName string, availabilityZoneCount int) string {
return fmt.Sprintf(`
resource "aws_elasticsearch_domain" "test" {
Expand Down
1 change: 1 addition & 0 deletions website/docs/r/elasticsearch_domain.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,7 @@ The following arguments are supported:
* `vpc_options` - (Optional) VPC related options, see below. Adding or removing this configuration forces a new resource ([documentation](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html#es-vpc-limitations)).
* `log_publishing_options` - (Optional) Options for publishing slow logs to CloudWatch Logs.
* `elasticsearch_version` - (Optional) The version of Elasticsearch to deploy. Defaults to `1.5`
* `require_https` - (Optional) Whether the Elasticsearch domain requires HTTPS to connect
* `tags` - (Optional) A mapping of tags to assign to the resource

**ebs_options** supports the following attributes:
Expand Down