Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] App Mesh preview 01/2020: Cross-account support, route timeouts, enhanced support for TLS #11850

Closed
wants to merge 17 commits into from

Conversation

ewbankkit
Copy link
Contributor

@ewbankkit ewbankkit commented Feb 2, 2020

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

WIP to support 01/2020 enhancements in the App Mesh preview channel:

Replaces #9468.

Related:

@ewbankkit ewbankkit requested a review from a team February 2, 2020 13:18
@ghost ghost added needs-triage Waiting for first response or review from a maintainer. size/XXL Managed by automation to categorize the size of a PR. provider Pertains to the provider itself, rather than any interaction with AWS. service/appmesh Issues and PRs that pertain to the appmesh service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. dependencies Used to indicate dependency changes. labels Feb 2, 2020
@ghost ghost added the documentation Introduces or discusses updates to documentation. label Feb 2, 2020
- Alias appmeshpreview to appmesh
- Remove test sweepers
- Correct service in acceptance test arn checking

Acceptance test output:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSAppmesh'
==> Checking that code complies with gofmt requirements...
GO111MODULE=off TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAppmesh -timeout 120m
=== RUN   TestAccAWSAppmesh
=== RUN   TestAccAWSAppmesh/VirtualService
=== RUN   TestAccAWSAppmesh/VirtualService/virtualNode
=== RUN   TestAccAWSAppmesh/VirtualService/virtualRouter
=== RUN   TestAccAWSAppmesh/Mesh
=== RUN   TestAccAWSAppmesh/Mesh/basic
=== RUN   TestAccAWSAppmesh/Mesh/egressFilter
=== RUN   TestAccAWSAppmesh/Route
=== RUN   TestAccAWSAppmesh/Route/httpRoute
=== RUN   TestAccAWSAppmesh/Route/tcpRoute
=== RUN   TestAccAWSAppmesh/VirtualNode
=== RUN   TestAccAWSAppmesh/VirtualNode/listenerHealthChecks
=== RUN   TestAccAWSAppmesh/VirtualNode/logging
=== RUN   TestAccAWSAppmesh/VirtualNode/basic
=== RUN   TestAccAWSAppmesh/VirtualNode/cloudMapServiceDiscovery
=== RUN   TestAccAWSAppmesh/VirtualRouter
=== RUN   TestAccAWSAppmesh/VirtualRouter/basic
--- PASS: TestAccAWSAppmesh (504.50s)
    --- PASS: TestAccAWSAppmesh/VirtualService (85.82s)
        --- PASS: TestAccAWSAppmesh/VirtualService/virtualNode (45.03s)
        --- PASS: TestAccAWSAppmesh/VirtualService/virtualRouter (40.78s)
    --- PASS: TestAccAWSAppmesh/Mesh (69.52s)
        --- PASS: TestAccAWSAppmesh/Mesh/basic (22.54s)
        --- PASS: TestAccAWSAppmesh/Mesh/egressFilter (46.98s)
    --- PASS: TestAccAWSAppmesh/Route (87.39s)
        --- PASS: TestAccAWSAppmesh/Route/httpRoute (44.00s)
        --- PASS: TestAccAWSAppmesh/Route/tcpRoute (43.38s)
    --- PASS: TestAccAWSAppmesh/VirtualNode (221.41s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/listenerHealthChecks (40.86s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/logging (41.29s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/basic (25.50s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/cloudMapServiceDiscovery (113.76s)
    --- PASS: TestAccAWSAppmesh/VirtualRouter (40.37s)
        --- PASS: TestAccAWSAppmesh/VirtualRouter/basic (40.37s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	504.545s
…account mesh sharing.

Acceptance test output:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSAppmesh'
==> Checking that code complies with gofmt requirements...
GO111MODULE=off TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAppmesh -timeout 120m
=== RUN   TestAccAWSAppmesh
=== RUN   TestAccAWSAppmesh/Mesh
=== RUN   TestAccAWSAppmesh/Mesh/basic
=== RUN   TestAccAWSAppmesh/Mesh/egressFilter
=== RUN   TestAccAWSAppmesh/Route
=== RUN   TestAccAWSAppmesh/Route/httpRoute
=== RUN   TestAccAWSAppmesh/Route/tcpRoute
=== RUN   TestAccAWSAppmesh/VirtualNode
=== RUN   TestAccAWSAppmesh/VirtualNode/basic
=== RUN   TestAccAWSAppmesh/VirtualNode/cloudMapServiceDiscovery
=== RUN   TestAccAWSAppmesh/VirtualNode/listenerHealthChecks
=== RUN   TestAccAWSAppmesh/VirtualNode/logging
=== RUN   TestAccAWSAppmesh/VirtualRouter
=== RUN   TestAccAWSAppmesh/VirtualRouter/basic
=== RUN   TestAccAWSAppmesh/VirtualService
=== RUN   TestAccAWSAppmesh/VirtualService/virtualNode
=== RUN   TestAccAWSAppmesh/VirtualService/virtualRouter
--- PASS: TestAccAWSAppmesh (505.56s)
    --- PASS: TestAccAWSAppmesh/Mesh (69.94s)
        --- PASS: TestAccAWSAppmesh/Mesh/basic (23.51s)
        --- PASS: TestAccAWSAppmesh/Mesh/egressFilter (46.43s)
    --- PASS: TestAccAWSAppmesh/Route (88.69s)
        --- PASS: TestAccAWSAppmesh/Route/httpRoute (43.76s)
        --- PASS: TestAccAWSAppmesh/Route/tcpRoute (44.93s)
    --- PASS: TestAccAWSAppmesh/VirtualNode (221.53s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/basic (25.11s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/cloudMapServiceDiscovery (114.29s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/listenerHealthChecks (41.37s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/logging (40.76s)
    --- PASS: TestAccAWSAppmesh/VirtualRouter (41.17s)
        --- PASS: TestAccAWSAppmesh/VirtualRouter/basic (41.17s)
    --- PASS: TestAccAWSAppmesh/VirtualService (84.22s)
        --- PASS: TestAccAWSAppmesh/VirtualService/virtualNode (43.32s)
        --- PASS: TestAccAWSAppmesh/VirtualService/virtualRouter (40.90s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	505.641s
@ewbankkit ewbankkit force-pushed the appmesh-preview-01-2020 branch from ea609a6 to 0dfbf3b Compare February 29, 2020 22:11
Acceptance test output:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSAppmesh/Route'
==> Checking that code complies with gofmt requirements...
GO111MODULE=off TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAppmesh/Route -timeout 120m
=== RUN   TestAccAWSAppmesh
=== RUN   TestAccAWSAppmesh/VirtualRouter
=== RUN   TestAccAWSAppmesh/VirtualRouter/basic
=== RUN   TestAccAWSAppmesh/Route
=== RUN   TestAccAWSAppmesh/Route/grpcRoute
=== RUN   TestAccAWSAppmesh/Route/http2Route
=== RUN   TestAccAWSAppmesh/Route/httpHeader
=== RUN   TestAccAWSAppmesh/Route/httpRetryPolicy
=== RUN   TestAccAWSAppmesh/Route/httpRoute
=== RUN   TestAccAWSAppmesh/Route/routePriority
=== RUN   TestAccAWSAppmesh/Route/tcpRoute
=== RUN   TestAccAWSAppmesh/Route/tcpRouteIdleTimeout
--- PASS: TestAccAWSAppmesh (393.96s)
    --- PASS: TestAccAWSAppmesh/VirtualRouter (40.51s)
        --- PASS: TestAccAWSAppmesh/VirtualRouter/basic (40.51s)
    --- PASS: TestAccAWSAppmesh/Route (353.45s)
        --- PASS: TestAccAWSAppmesh/Route/grpcRoute (44.54s)
        --- PASS: TestAccAWSAppmesh/Route/http2Route (44.07s)
        --- PASS: TestAccAWSAppmesh/Route/httpHeader (43.80s)
        --- PASS: TestAccAWSAppmesh/Route/httpRetryPolicy (44.30s)
        --- PASS: TestAccAWSAppmesh/Route/httpRoute (43.99s)
        --- PASS: TestAccAWSAppmesh/Route/routePriority (43.95s)
        --- PASS: TestAccAWSAppmesh/Route/tcpRoute (43.97s)
        --- PASS: TestAccAWSAppmesh/Route/tcpRouteIdleTimeout (44.83s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	394.018s
Acceptance test output:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSAppmesh/Route'
==> Checking that code complies with gofmt requirements...
GO111MODULE=off TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAppmesh/Route -timeout 120m
=== RUN   TestAccAWSAppmesh
=== RUN   TestAccAWSAppmesh/Route
=== RUN   TestAccAWSAppmesh/Route/httpRoute
=== RUN   TestAccAWSAppmesh/Route/routePriority
=== RUN   TestAccAWSAppmesh/Route/tcpRoute
=== RUN   TestAccAWSAppmesh/Route/grpcRoute
=== RUN   TestAccAWSAppmesh/Route/http2Route
=== RUN   TestAccAWSAppmesh/Route/httpHeader
=== RUN   TestAccAWSAppmesh/Route/httpRetryPolicy
=== RUN   TestAccAWSAppmesh/VirtualRouter
=== RUN   TestAccAWSAppmesh/VirtualRouter/basic
--- PASS: TestAccAWSAppmesh (349.43s)
    --- PASS: TestAccAWSAppmesh/Route (308.84s)
        --- PASS: TestAccAWSAppmesh/Route/httpRoute (45.42s)
        --- PASS: TestAccAWSAppmesh/Route/routePriority (44.00s)
        --- PASS: TestAccAWSAppmesh/Route/tcpRoute (44.08s)
        --- PASS: TestAccAWSAppmesh/Route/grpcRoute (44.20s)
        --- PASS: TestAccAWSAppmesh/Route/http2Route (43.12s)
        --- PASS: TestAccAWSAppmesh/Route/httpHeader (44.36s)
        --- PASS: TestAccAWSAppmesh/Route/httpRetryPolicy (43.64s)
    --- PASS: TestAccAWSAppmesh/VirtualRouter (40.59s)
        --- PASS: TestAccAWSAppmesh/VirtualRouter/basic (40.59s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	349.504s
…ut attribute.

Acceptance test output:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSAppmesh/Route'
==> Checking that code complies with gofmt requirements...
GO111MODULE=off TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAppmesh/Route -timeout 120m
=== RUN   TestAccAWSAppmesh
=== RUN   TestAccAWSAppmesh/Route
=== RUN   TestAccAWSAppmesh/Route/routePriority
=== RUN   TestAccAWSAppmesh/Route/tcpRoute
=== RUN   TestAccAWSAppmesh/Route/grpcRoute
=== RUN   TestAccAWSAppmesh/Route/http2Route
=== RUN   TestAccAWSAppmesh/Route/httpHeader
=== RUN   TestAccAWSAppmesh/Route/httpRetryPolicy
=== RUN   TestAccAWSAppmesh/Route/httpRoute
=== RUN   TestAccAWSAppmesh/VirtualRouter
=== RUN   TestAccAWSAppmesh/VirtualRouter/basic
--- PASS: TestAccAWSAppmesh (351.38s)
    --- PASS: TestAccAWSAppmesh/Route (310.90s)
        --- PASS: TestAccAWSAppmesh/Route/routePriority (44.54s)
        --- PASS: TestAccAWSAppmesh/Route/tcpRoute (44.65s)
        --- PASS: TestAccAWSAppmesh/Route/grpcRoute (44.90s)
        --- PASS: TestAccAWSAppmesh/Route/http2Route (44.58s)
        --- PASS: TestAccAWSAppmesh/Route/httpHeader (44.16s)
        --- PASS: TestAccAWSAppmesh/Route/httpRetryPolicy (43.95s)
        --- PASS: TestAccAWSAppmesh/Route/httpRoute (44.11s)
    --- PASS: TestAccAWSAppmesh/VirtualRouter (40.48s)
        --- PASS: TestAccAWSAppmesh/VirtualRouter/basic (40.48s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	351.473s
@ewbankkit
Copy link
Contributor Author

ewbankkit commented Mar 1, 2020

For the enhanced TLS support consider the 3 described features:

  • New certificate sources
  • Client policies
  • Client policy defaults

Enhanced TLS support was merged in AWS SDK v1.29.13:

Cross-account support was merged in AWS SDK v1.29.19:

@ewbankkit
Copy link
Contributor Author

ewbankkit commented Mar 2, 2020

aws/aws-app-mesh-roadmap#38 (comment):

TLS with customer-provided certificates is now generally available in the App Mesh APIs, SDKs, and CloudFormation for all regions that App Mesh operates in. Check out the latest user guide for more information.

Please note that at this time the App Mesh console experience has not been updated. Additionally, support in the Kubernetes controller for App Mesh is pending merge and release (see this PR for the latest).

We'll be holding this issue open until everything is closed out, after which a more formal announcement will be made.

A huge thanks to all who have provided feedback to us through the design and preview period for the feature.

Blog post.
Announcement.
User guide.

Acceptance test output:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSAppmesh/VirtualNode'
==> Checking that code complies with gofmt requirements...
GO111MODULE=off TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAppmesh/VirtualNode -timeout 120m
=== RUN   TestAccAWSAppmesh
=== RUN   TestAccAWSAppmesh/VirtualNode
=== RUN   TestAccAWSAppmesh/VirtualNode/cloudMapServiceDiscovery
=== RUN   TestAccAWSAppmesh/VirtualNode/listenerHealthChecks
=== RUN   TestAccAWSAppmesh/VirtualNode/logging
=== RUN   TestAccAWSAppmesh/VirtualNode/basic
--- PASS: TestAccAWSAppmesh (221.62s)
    --- PASS: TestAccAWSAppmesh/VirtualNode (221.62s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/cloudMapServiceDiscovery (114.06s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/listenerHealthChecks (40.76s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/logging (41.45s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/basic (25.35s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	221.667s
Disable SDS support (ForbiddenException: TLS Certificates from SDS are not supported).

Acceptance test output:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSAppmesh/VirtualNode/tls'
==> Checking that code complies with gofmt requirements...
GO111MODULE=off TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAppmesh/VirtualNode/tls -timeout 120m
=== RUN   TestAccAWSAppmesh
=== RUN   TestAccAWSAppmesh/VirtualNode
=== RUN   TestAccAWSAppmesh/VirtualNode/tls
--- PASS: TestAccAWSAppmesh (56.32s)
    --- PASS: TestAccAWSAppmesh/VirtualNode (56.32s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/tls (56.32s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	56.365s
… attribute.

TODO: Enabled acceptance tests.

Acceptance testing output:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSAppmesh/VirtualNode'
==> Checking that code complies with gofmt requirements...
GO111MODULE=off TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAppmesh/VirtualNode -timeout 120m
=== RUN   TestAccAWSAppmesh
=== RUN   TestAccAWSAppmesh/VirtualNode
=== RUN   TestAccAWSAppmesh/VirtualNode/tls
=== RUN   TestAccAWSAppmesh/VirtualNode/basic
=== RUN   TestAccAWSAppmesh/VirtualNode/cloudMapServiceDiscovery
=== RUN   TestAccAWSAppmesh/VirtualNode/listenerHealthChecks
=== RUN   TestAccAWSAppmesh/VirtualNode/logging
--- PASS: TestAccAWSAppmesh (283.47s)
    --- PASS: TestAccAWSAppmesh/VirtualNode (283.47s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/tls (56.13s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/basic (26.08s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/cloudMapServiceDiscovery (115.83s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/listenerHealthChecks (43.04s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/logging (42.39s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	283.517s
…y...file attribute.

Acceptance testing output:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSAppmesh/VirtualNode/clientPolicyFile'
==> Checking that code complies with gofmt requirements...
GO111MODULE=off TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAppmesh/VirtualNode/clientPolicyFile -timeout 120m
=== RUN   TestAccAWSAppmesh
=== RUN   TestAccAWSAppmesh/VirtualNode
=== RUN   TestAccAWSAppmesh/VirtualNode/clientPolicyFile
--- PASS: TestAccAWSAppmesh (41.99s)
    --- PASS: TestAccAWSAppmesh/VirtualNode (41.99s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/clientPolicyFile (41.99s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	42.027s
…y...acm attribute.

Acceptance test output:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSAppmesh/VirtualNode/clientPolicyAcm'
==> Checking that code complies with gofmt requirements...
GO111MODULE=off TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAppmesh/VirtualNode/clientPolicyAcm -timeout 120m
=== RUN   TestAccAWSAppmesh
=== RUN   TestAccAWSAppmesh/VirtualNode
=== RUN   TestAccAWSAppmesh/VirtualNode/clientPolicyAcm
--- PASS: TestAccAWSAppmesh (68.09s)
    --- PASS: TestAccAWSAppmesh/VirtualNode (68.09s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/clientPolicyAcm (68.09s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	68.124s
@ghost ghost added the service/acmpca Issues and PRs that pertain to the acmpca service. label Mar 24, 2020
Acceptance test output:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSAppmesh/VirtualNode/clientPolicyFile'
==> Checking that code complies with gofmt requirements...
GO111MODULE=off TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAppmesh/VirtualNode/clientPolicyFile -timeout 120m
=== RUN   TestAccAWSAppmesh
=== RUN   TestAccAWSAppmesh/VirtualNode
=== RUN   TestAccAWSAppmesh/VirtualNode/clientPolicyFile
--- PASS: TestAccAWSAppmesh (42.17s)
    --- PASS: TestAccAWSAppmesh/VirtualNode (42.17s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/clientPolicyFile (42.17s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	42.221s
Acceptance test output:

$ make testacc TEST=./aws TESTARGS='-run=TestAccAWSAppmesh/VirtualNode/backendDefaults'
==> Checking that code complies with gofmt requirements...
GO111MODULE=off TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAppmesh/VirtualNode/backendDefaults -timeout 120m
=== RUN   TestAccAWSAppmesh
=== RUN   TestAccAWSAppmesh/VirtualNode
=== RUN   TestAccAWSAppmesh/VirtualNode/backendDefaults
--- PASS: TestAccAWSAppmesh (41.99s)
    --- PASS: TestAccAWSAppmesh/VirtualNode (41.99s)
        --- PASS: TestAccAWSAppmesh/VirtualNode/backendDefaults (41.99s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	42.047s
@ewbankkit
Copy link
Contributor Author

Work continues in #12750.

@ewbankkit ewbankkit closed this Apr 9, 2020
@ewbankkit ewbankkit deleted the appmesh-preview-01-2020 branch April 9, 2020 15:32
@ghost
Copy link

ghost commented May 9, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators May 9, 2020
@breathingdust breathingdust removed the needs-triage Waiting for first response or review from a maintainer. label Sep 17, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Used to indicate dependency changes. documentation Introduces or discusses updates to documentation. provider Pertains to the provider itself, rather than any interaction with AWS. service/acmpca Issues and PRs that pertain to the acmpca service. service/appmesh Issues and PRs that pertain to the appmesh service. size/XXL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants