Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] App Mesh preview 01/2020: Cross-account support, route timeouts, enhanced support for TLS #11850

Closed
wants to merge 17 commits into from
Closed

[WIP] App Mesh preview 01/2020: Cross-account support, route timeouts, enhanced support for TLS #11850

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
df7825f
r/aws_appmesh_route: Add support for retry policies.
ewbankkit Jan 18, 2020
6a00f48
r/aws_appmesh_route: Support gRPC and HTTP/2 services.
ewbankkit Jan 18, 2020
da1316e
Add App Mesh Preview service from https://github.com/ewbankkit/aws-sd…
ewbankkit Feb 1, 2020
1852bed
Add 'GO111MODULE=off' to go commands.
ewbankkit Feb 1, 2020
e9b339d
- Comment out resource tagging
ewbankkit Feb 1, 2020
0dfbf3b
Add 'mesh_owner' and 'resource_owner' attributes in support of cross-…
ewbankkit Feb 2, 2020
d753492
r/aws_appmesh_route: Add 'tcp_route.timeout' attribute.
ewbankkit Feb 29, 2020
2d80402
Correct service in acceptance test arn checking after rebase.
ewbankkit Feb 29, 2020
5de4b5e
Test TCP route timeout in existing acceptance test.
ewbankkit Mar 1, 2020
7e34600
r/aws_appmesh_route: Add grpc_route, http2_route and http_route timeo…
ewbankkit Mar 1, 2020
4d2137d
r/aws_appmesh_virtual_node: Add listener.tls attribute.
ewbankkit Mar 7, 2020
88b2938
r/aws_appmesh_virtual_node: Test listener.tls attribute.
ewbankkit Mar 8, 2020
7e01dac
r/aws_appmesh_virtual_node: Add backend.virtual_service.client_policy…
ewbankkit Mar 23, 2020
6723993
r/aws_appmesh_virtual_node: Test backend.virtual_service.client_polic…
ewbankkit Mar 24, 2020
b84b3ee
r/aws_appmesh_virtual_node: Test backend.virtual_service.client_polic…
ewbankkit Mar 24, 2020
2a0231f
r/aws_appmesh_virtual_node: Add spec.backend_defaults attribute.
ewbankkit Mar 25, 2020
b27d089
r/aws_appmesh_virtual_node: Test spec.backend_defaults attribute.
ewbankkit Mar 25, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions GNUmakefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,21 +8,21 @@ TEST_COUNT?=1
default: build

build: fmtcheck
go install
GO111MODULE=off go install

gen:
rm -f aws/internal/keyvaluetags/*_gen.go
go generate ./...
GO111MODULE=off go generate ./...

sweep:
@echo "WARNING: This will destroy infrastructure. Use only in development accounts."
go test $(TEST) -v -sweep=$(SWEEP) $(SWEEPARGS) -timeout 60m
GO111MODULE=off go test $(TEST) -v -sweep=$(SWEEP) $(SWEEPARGS) -timeout 60m

test: fmtcheck
go test $(TEST) $(TESTARGS) -timeout=120s -parallel=4
GO111MODULE=off go test $(TEST) $(TESTARGS) -timeout=120s -parallel=4

testacc: fmtcheck
TF_ACC=1 go test $(TEST) -v -count $(TEST_COUNT) -parallel 20 $(TESTARGS) -timeout 120m
GO111MODULE=off TF_ACC=1 go test $(TEST) -v -count $(TEST_COUNT) -parallel 20 $(TESTARGS) -timeout 120m

fmt:
@echo "==> Fixing source code with gofmt..."
Expand Down
6 changes: 3 additions & 3 deletions aws/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ import (
"github.com/aws/aws-sdk-go/service/apigatewayv2"
"github.com/aws/aws-sdk-go/service/applicationautoscaling"
"github.com/aws/aws-sdk-go/service/applicationinsights"
"github.com/aws/aws-sdk-go/service/appmesh"
"github.com/aws/aws-sdk-go/service/appmeshpreview"
"github.com/aws/aws-sdk-go/service/appstream"
"github.com/aws/aws-sdk-go/service/appsync"
"github.com/aws/aws-sdk-go/service/athena"
Expand Down Expand Up @@ -192,7 +192,7 @@ type AWSClient struct {
apigatewayv2conn *apigatewayv2.ApiGatewayV2
appautoscalingconn *applicationautoscaling.ApplicationAutoScaling
applicationinsightsconn *applicationinsights.ApplicationInsights
appmeshconn *appmesh.AppMesh
appmeshconn *appmeshpreview.AppMeshPreview
appstreamconn *appstream.AppStream
appsyncconn *appsync.AppSync
athenaconn *athena.Athena
Expand Down Expand Up @@ -397,7 +397,7 @@ func (c *Config) Client() (interface{}, error) {
apigatewayv2conn: apigatewayv2.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["apigateway"])})),
appautoscalingconn: applicationautoscaling.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["applicationautoscaling"])})),
applicationinsightsconn: applicationinsights.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["applicationinsights"])})),
appmeshconn: appmesh.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["appmesh"])})),
appmeshconn: appmeshpreview.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["appmesh"])})),
appstreamconn: appstream.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["appstream"])})),
appsyncconn: appsync.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["appsync"])})),
athenaconn: athena.New(sess.Copy(&aws.Config{Endpoint: aws.String(c.Endpoints["athena"])})),
Expand Down
129 changes: 116 additions & 13 deletions aws/resource_aws_acmpca_certificate_authority_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,11 @@ import (
"log"
"regexp"
"testing"
"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/acmpca"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/terraform"
Expand Down Expand Up @@ -40,24 +42,45 @@ func testSweepAcmpcaCertificateAuthorities(region string) error {
return nil
}

var sweeperErrs *multierror.Error

for _, certificateAuthority := range certificateAuthorities {
arn := aws.StringValue(certificateAuthority.Arn)

if aws.StringValue(certificateAuthority.Status) == acmpca.CertificateAuthorityStatusActive {
log.Printf("[INFO] Disabling ACMPCA Certificate Authority: %s", arn)
_, err := conn.UpdateCertificateAuthority(&acmpca.UpdateCertificateAuthorityInput{
CertificateAuthorityArn: aws.String(arn),
Status: aws.String(acmpca.CertificateAuthorityStatusDisabled),
})
if isAWSErr(err, acmpca.ErrCodeResourceNotFoundException, "") {
continue
}
if err != nil {
sweeperErr := fmt.Errorf("error disabling ACMPCA Certificate Authority (%s): %w", arn, err)
log.Printf("[ERROR] %s", sweeperErr)
sweeperErrs = multierror.Append(sweeperErrs, sweeperErr)
continue
}
}

log.Printf("[INFO] Deleting ACMPCA Certificate Authority: %s", arn)
input := &acmpca.DeleteCertificateAuthorityInput{
_, err := conn.DeleteCertificateAuthority(&acmpca.DeleteCertificateAuthorityInput{
CertificateAuthorityArn: aws.String(arn),
PermanentDeletionTimeInDays: aws.Int64(int64(7)),
})
if isAWSErr(err, acmpca.ErrCodeResourceNotFoundException, "") {
continue
}

_, err := conn.DeleteCertificateAuthority(input)
if err != nil {
if isAWSErr(err, acmpca.ErrCodeResourceNotFoundException, "") {
continue
}
log.Printf("[ERROR] Failed to delete ACMPCA Certificate Authority (%s): %s", arn, err)
sweeperErr := fmt.Errorf("error deleting ACMPCA Certificate Authority (%s): %w", arn, err)
log.Printf("[ERROR] %s", sweeperErr)
sweeperErrs = multierror.Append(sweeperErrs, sweeperErr)
continue
}
}

return nil
return sweeperErrs.ErrorOrNil()
}

func TestAccAwsAcmpcaCertificateAuthority_Basic(t *testing.T) {
Expand Down Expand Up @@ -413,14 +436,15 @@ func TestAccAwsAcmpcaCertificateAuthority_Tags(t *testing.T) {
func TestAccAwsAcmpcaCertificateAuthority_Type_Root(t *testing.T) {
var certificateAuthority acmpca.CertificateAuthority
resourceName := "aws_acmpca_certificate_authority.test"
rName := acctest.RandomWithPrefix("tf-acc-test")

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAwsAcmpcaCertificateAuthorityDestroy,
Steps: []resource.TestStep{
{
Config: testAccAwsAcmpcaCertificateAuthorityConfigType(acmpca.CertificateAuthorityTypeRoot),
Config: testAccAwsAcmpcaCertificateAuthorityConfigType(rName, acmpca.CertificateAuthorityTypeRoot),
Check: resource.ComposeTestCheckFunc(
testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName, &certificateAuthority),
resource.TestCheckResourceAttr(resourceName, "type", acmpca.CertificateAuthorityTypeRoot),
Expand Down Expand Up @@ -496,6 +520,85 @@ func testAccCheckAwsAcmpcaCertificateAuthorityExists(resourceName string, certif
}
}

func testAccCheckAwsAcmpcaCertificateAuthorityActivateCA(certificateAuthority *acmpca.CertificateAuthority) resource.TestCheckFunc {
return func(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).acmpcaconn

arn := aws.StringValue(certificateAuthority.Arn)

getCsrResp, err := conn.GetCertificateAuthorityCsr(&acmpca.GetCertificateAuthorityCsrInput{
CertificateAuthorityArn: aws.String(arn),
})
if err != nil {
return fmt.Errorf("error getting ACMPCA Certificate Authority (%s) CSR: %s", arn, err)
}

issueCertResp, err := conn.IssueCertificate(&acmpca.IssueCertificateInput{
CertificateAuthorityArn: aws.String(arn),
Csr: []byte(aws.StringValue(getCsrResp.Csr)),
IdempotencyToken: aws.String(resource.UniqueId()),
SigningAlgorithm: certificateAuthority.CertificateAuthorityConfiguration.SigningAlgorithm,
TemplateArn: aws.String("arn:aws:acm-pca:::template/RootCACertificate/V1"),
Validity: &acmpca.Validity{
Type: aws.String(acmpca.ValidityPeriodTypeYears),
Value: aws.Int64(1),
},
})
if err != nil {
return fmt.Errorf("error issuing ACMPCA Certificate Authority (%s) Root CA certificate from CSR: %s", arn, err)
}

// Wait for certificate status to become ISSUED.
var getCertResp *acmpca.GetCertificateOutput
err = resource.Retry(1*time.Minute, func() *resource.RetryError {
var err error
getCertResp, err = conn.GetCertificate(&acmpca.GetCertificateInput{
CertificateAuthorityArn: aws.String(arn),
CertificateArn: issueCertResp.CertificateArn,
})
if err != nil {
if isAWSErr(err, acmpca.ErrCodeRequestInProgressException, "Try again later") {
return resource.RetryableError(err)
}
return resource.NonRetryableError(err)
}
return nil
})
if isResourceTimeoutError(err) {
getCertResp, err = conn.GetCertificate(&acmpca.GetCertificateInput{
CertificateAuthorityArn: aws.String(arn),
CertificateArn: issueCertResp.CertificateArn,
})
}
if err != nil {
return fmt.Errorf("error getting ACMPCA Certificate Authority (%s) issued Root CA certificate: %s", arn, err)
}

_, err = conn.ImportCertificateAuthorityCertificate(&acmpca.ImportCertificateAuthorityCertificateInput{
CertificateAuthorityArn: aws.String(arn),
Certificate: []byte(aws.StringValue(getCertResp.Certificate)),
})
if err != nil {
return fmt.Errorf("error importing ACMPCA Certificate Authority (%s) Root CA certificate: %s", arn, err)
}

return err
}
}

func testAccCheckAwsAcmpcaCertificateAuthorityDisableCA(certificateAuthority *acmpca.CertificateAuthority) resource.TestCheckFunc {
return func(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).acmpcaconn

_, err := conn.UpdateCertificateAuthority(&acmpca.UpdateCertificateAuthorityInput{
CertificateAuthorityArn: certificateAuthority.Arn,
Status: aws.String(acmpca.CertificateAuthorityStatusDisabled),
})

return err
}
}

func listAcmpcaCertificateAuthorities(conn *acmpca.ACMPCA) ([]*acmpca.CertificateAuthority, error) {
certificateAuthorities := []*acmpca.CertificateAuthority{}
input := &acmpca.ListCertificateAuthoritiesInput{}
Expand Down Expand Up @@ -723,20 +826,20 @@ resource "aws_acmpca_certificate_authority" "test" {
}
`

func testAccAwsAcmpcaCertificateAuthorityConfigType(certificateAuthorityType string) string {
func testAccAwsAcmpcaCertificateAuthorityConfigType(rName, certificateAuthorityType string) string {
return fmt.Sprintf(`
resource "aws_acmpca_certificate_authority" "test" {
permanent_deletion_time_in_days = 7
type = %[1]q
type = %[2]q

certificate_authority_configuration {
key_algorithm = "RSA_4096"
signing_algorithm = "SHA512WITHRSA"

subject {
common_name = "terraformtesting.com"
common_name = "%[1]s.com"
}
}
}
`, certificateAuthorityType)
`, rName, certificateAuthorityType)
}
36 changes: 18 additions & 18 deletions aws/resource_aws_appmesh_mesh.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ import (
"time"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/appmesh"
appmesh "github.com/aws/aws-sdk-go/service/appmeshpreview"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
// "github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
)

func resourceAwsAppmeshMesh() *schema.Resource {
Expand Down Expand Up @@ -76,7 +76,7 @@ func resourceAwsAppmeshMesh() *schema.Resource {
Computed: true,
},

"tags": tagsSchema(),
// "tags": tagsSchema(),
},
}
}
Expand All @@ -88,7 +88,7 @@ func resourceAwsAppmeshMeshCreate(d *schema.ResourceData, meta interface{}) erro
req := &appmesh.CreateMeshInput{
MeshName: aws.String(meshName),
Spec: expandAppmeshMeshSpec(d.Get("spec").([]interface{})),
Tags: keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().AppmeshTags(),
// Tags: keyvaluetags.New(d.Get("tags").(map[string]interface{})).IgnoreAws().AppmeshTags(),
}

log.Printf("[DEBUG] Creating App Mesh service mesh: %#v", req)
Expand Down Expand Up @@ -132,15 +132,15 @@ func resourceAwsAppmeshMeshRead(d *schema.ResourceData, meta interface{}) error
return fmt.Errorf("error setting spec: %s", err)
}

tags, err := keyvaluetags.AppmeshListTags(conn, arn)
// tags, err := keyvaluetags.AppmeshListTags(conn, arn)

if err != nil {
return fmt.Errorf("error listing tags for App Mesh service mesh (%s): %s", arn, err)
}
// if err != nil {
// return fmt.Errorf("error listing tags for App Mesh service mesh (%s): %s", arn, err)
// }

if err := d.Set("tags", tags.IgnoreAws().Map()); err != nil {
return fmt.Errorf("error setting tags: %s", err)
}
// if err := d.Set("tags", tags.IgnoreAws().Map()); err != nil {
// return fmt.Errorf("error setting tags: %s", err)
// }

return nil
}
Expand All @@ -162,14 +162,14 @@ func resourceAwsAppmeshMeshUpdate(d *schema.ResourceData, meta interface{}) erro
}
}

arn := d.Get("arn").(string)
if d.HasChange("tags") {
o, n := d.GetChange("tags")
// arn := d.Get("arn").(string)
// if d.HasChange("tags") {
// o, n := d.GetChange("tags")

if err := keyvaluetags.AppmeshUpdateTags(conn, arn, o, n); err != nil {
return fmt.Errorf("error updating App Mesh service mesh (%s) tags: %s", arn, err)
}
}
// if err := keyvaluetags.AppmeshUpdateTags(conn, arn, o, n); err != nil {
// return fmt.Errorf("error updating App Mesh service mesh (%s) tags: %s", arn, err)
// }
// }

return resourceAwsAppmeshMeshRead(d, meta)
}
Expand Down
Loading