diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index f342abece443..aa198c2b6fb2 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -364,6 +364,11 @@ "Comment": "v1.1.14", "Rev": "6876e9922ff299adf36e43e04c94820077968b3b" }, + { + "ImportPath": "github.com/aws/aws-sdk-go/service/cloudfront", + "Comment": "v1.1.14", + "Rev": "6876e9922ff299adf36e43e04c94820077968b3b" + }, { "ImportPath": "github.com/aws/aws-sdk-go/service/cloudtrail", "Comment": "v1.1.14", diff --git a/builtin/providers/aws/cloudfront_distribution_configuration_structure.go b/builtin/providers/aws/cloudfront_distribution_configuration_structure.go new file mode 100644 index 000000000000..b6d3295a7f41 --- /dev/null +++ b/builtin/providers/aws/cloudfront_distribution_configuration_structure.go @@ -0,0 +1,942 @@ +// CloudFront DistributionConfig structure helpers. +// +// These functions assist in pulling in data from Terraform resource +// configuration for the aws_cloudfront_distribution resource, as there are +// several sub-fields that require their own data type, and do not necessarily +// 1-1 translate to resource configuration. + +package aws + +import ( + "bytes" + "fmt" + "reflect" + "strconv" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/cloudfront" + "github.com/hashicorp/terraform/flatmap" + "github.com/hashicorp/terraform/helper/hashcode" + "github.com/hashicorp/terraform/helper/schema" +) + +// Assemble the *cloudfront.DistributionConfig variable. Calls out to various +// expander functions to convert attributes and sub-attributes to the various +// complex structures which are necessary to properly build the +// DistributionConfig structure. +// +// Used by the aws_cloudfront_distribution Create and Update functions. +func expandDistributionConfig(d *schema.ResourceData) *cloudfront.DistributionConfig { + distributionConfig := &cloudfront.DistributionConfig{ + CacheBehaviors: expandCacheBehaviors(d.Get("cache_behavior").(*schema.Set)), + CustomErrorResponses: expandCustomErrorResponses(d.Get("custom_error_response").(*schema.Set)), + DefaultCacheBehavior: expandDefaultCacheBehavior(d.Get("default_cache_behavior").(*schema.Set).List()[0].(map[string]interface{})), + Enabled: aws.Bool(d.Get("enabled").(bool)), + Origins: expandOrigins(d.Get("origin").(*schema.Set)), + PriceClass: aws.String(d.Get("price_class").(string)), + } + // This sets CallerReference if it's still pending computation (ie: new resource) + if v, ok := d.GetOk("caller_reference"); ok == false { + distributionConfig.CallerReference = aws.String(time.Now().Format(time.RFC3339Nano)) + } else { + distributionConfig.CallerReference = aws.String(v.(string)) + } + if v, ok := d.GetOk("comment"); ok { + distributionConfig.Comment = aws.String(v.(string)) + } else { + distributionConfig.Comment = aws.String("") + } + if v, ok := d.GetOk("default_root_object"); ok { + distributionConfig.DefaultRootObject = aws.String(v.(string)) + } else { + distributionConfig.DefaultRootObject = aws.String("") + } + if v, ok := d.GetOk("logging_config"); ok { + distributionConfig.Logging = expandLoggingConfig(v.(*schema.Set).List()[0].(map[string]interface{})) + } else { + distributionConfig.Logging = expandLoggingConfig(nil) + } + if v, ok := d.GetOk("aliases"); ok { + distributionConfig.Aliases = expandAliases(v.(*schema.Set)) + } else { + distributionConfig.Aliases = expandAliases(schema.NewSet(aliasesHash, []interface{}{})) + } + if v, ok := d.GetOk("restrictions"); ok { + distributionConfig.Restrictions = expandRestrictions(v.(*schema.Set).List()[0].(map[string]interface{})) + } + if v, ok := d.GetOk("viewer_certificate"); ok { + distributionConfig.ViewerCertificate = expandViewerCertificate(v.(*schema.Set).List()[0].(map[string]interface{})) + } + if v, ok := d.GetOk("web_acl_id"); ok { + distributionConfig.WebACLId = aws.String(v.(string)) + } else { + distributionConfig.WebACLId = aws.String("") + } + return distributionConfig +} + +// Unpack the *cloudfront.DistributionConfig variable and set resource data. +// Calls out to flatten functions to convert the DistributionConfig +// sub-structures to their respective attributes in the +// aws_cloudfront_distribution resource. +// +// Used by the aws_cloudfront_distribution Read function. +func flattenDistributionConfig(d *schema.ResourceData, distributionConfig *cloudfront.DistributionConfig) { + d.Set("origins", flattenOrigins(distributionConfig.Origins)) + d.Set("enabled", *distributionConfig.Enabled) + d.Set("default_cache_behavior", flattenDefaultCacheBehavior(distributionConfig.DefaultCacheBehavior)) + d.Set("viewer_certificate", flattenViewerCertificate(distributionConfig.ViewerCertificate)) + d.Set("price_class", *distributionConfig.PriceClass) + + if distributionConfig.CallerReference != nil { + d.Set("caller_reference", *distributionConfig.CallerReference) + } + if distributionConfig.Comment != nil { + if *distributionConfig.Comment != "" { + d.Set("comment", *distributionConfig.Comment) + } + } + if distributionConfig.DefaultRootObject != nil { + d.Set("default_root_object", *distributionConfig.DefaultRootObject) + } + if distributionConfig.CustomErrorResponses != nil { + d.Set("custom_error_response", flattenCustomErrorResponses(distributionConfig.CustomErrorResponses)) + } + if distributionConfig.CacheBehaviors != nil { + d.Set("cache_behavior", flattenCacheBehaviors(distributionConfig.CacheBehaviors)) + } + if distributionConfig.Logging != nil && *distributionConfig.Logging.Enabled { + d.Set("logging_config", flattenLoggingConfig(distributionConfig.Logging)) + } + if distributionConfig.Aliases != nil { + d.Set("aliases", flattenAliases(distributionConfig.Aliases)) + } + if distributionConfig.Restrictions != nil { + d.Set("restrictions", flattenRestrictions(distributionConfig.Restrictions)) + } + if distributionConfig.WebACLId != nil { + d.Set("web_acl_id", *distributionConfig.WebACLId) + } +} + +func expandDefaultCacheBehavior(m map[string]interface{}) *cloudfront.DefaultCacheBehavior { + cb := expandCacheBehavior(m) + var dcb cloudfront.DefaultCacheBehavior + + simpleCopyStruct(cb, &dcb) + return &dcb +} + +func flattenDefaultCacheBehavior(dcb *cloudfront.DefaultCacheBehavior) *schema.Set { + m := make(map[string]interface{}) + var cb cloudfront.CacheBehavior + + simpleCopyStruct(dcb, &cb) + m = flattenCacheBehavior(&cb) + return schema.NewSet(defaultCacheBehaviorHash, []interface{}{m}) +} + +// Assemble the hash for the aws_cloudfront_distribution default_cache_behavior +// TypeSet attribute. +func defaultCacheBehaviorHash(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + buf.WriteString(fmt.Sprintf("%t-", m["compress"].(bool))) + buf.WriteString(fmt.Sprintf("%s-", m["viewer_protocol_policy"].(string))) + buf.WriteString(fmt.Sprintf("%s-", m["target_origin_id"].(string))) + buf.WriteString(fmt.Sprintf("%d-", forwardedValuesHash(m["forwarded_values"].(*schema.Set).List()[0].(map[string]interface{})))) + buf.WriteString(fmt.Sprintf("%d-", m["min_ttl"].(int))) + if d, ok := m["trusted_signers"]; ok { + for _, e := range sortInterfaceSlice(d.([]interface{})) { + buf.WriteString(fmt.Sprintf("%s-", e.(string))) + } + } + if d, ok := m["max_ttl"]; ok { + buf.WriteString(fmt.Sprintf("%d-", d.(int))) + } + if d, ok := m["smooth_streaming"]; ok { + buf.WriteString(fmt.Sprintf("%t-", d.(bool))) + } + if d, ok := m["default_ttl"]; ok { + buf.WriteString(fmt.Sprintf("%d-", d.(int))) + } + if d, ok := m["allowed_methods"]; ok { + for _, e := range sortInterfaceSlice(d.([]interface{})) { + buf.WriteString(fmt.Sprintf("%s-", e.(string))) + } + } + if d, ok := m["cached_methods"]; ok { + for _, e := range sortInterfaceSlice(d.([]interface{})) { + buf.WriteString(fmt.Sprintf("%s-", e.(string))) + } + } + return hashcode.String(buf.String()) +} + +func expandCacheBehaviors(s *schema.Set) *cloudfront.CacheBehaviors { + var qty int64 + var items []*cloudfront.CacheBehavior + for _, v := range s.List() { + items = append(items, expandCacheBehavior(v.(map[string]interface{}))) + qty++ + } + return &cloudfront.CacheBehaviors{ + Quantity: aws.Int64(qty), + Items: items, + } +} + +func flattenCacheBehaviors(cbs *cloudfront.CacheBehaviors) *schema.Set { + s := []interface{}{} + for _, v := range cbs.Items { + s = append(s, flattenCacheBehavior(v)) + } + return schema.NewSet(cacheBehaviorHash, s) +} + +func expandCacheBehavior(m map[string]interface{}) *cloudfront.CacheBehavior { + cb := &cloudfront.CacheBehavior{ + Compress: aws.Bool(m["compress"].(bool)), + ViewerProtocolPolicy: aws.String(m["viewer_protocol_policy"].(string)), + TargetOriginId: aws.String(m["target_origin_id"].(string)), + ForwardedValues: expandForwardedValues(m["forwarded_values"].(*schema.Set).List()[0].(map[string]interface{})), + MinTTL: aws.Int64(int64(m["min_ttl"].(int))), + MaxTTL: aws.Int64(int64(m["max_ttl"].(int))), + DefaultTTL: aws.Int64(int64(m["default_ttl"].(int))), + } + if v, ok := m["trusted_signers"]; ok { + cb.TrustedSigners = expandTrustedSigners(v.([]interface{})) + } else { + cb.TrustedSigners = expandTrustedSigners([]interface{}{}) + } + if v, ok := m["smooth_streaming"]; ok { + cb.SmoothStreaming = aws.Bool(v.(bool)) + } + if v, ok := m["allowed_methods"]; ok { + cb.AllowedMethods = expandAllowedMethods(v.([]interface{})) + } + if v, ok := m["cached_methods"]; ok { + cb.AllowedMethods.CachedMethods = expandCachedMethods(v.([]interface{})) + } + if v, ok := m["path_pattern"]; ok { + cb.PathPattern = aws.String(v.(string)) + } + return cb +} + +func flattenCacheBehavior(cb *cloudfront.CacheBehavior) map[string]interface{} { + m := make(map[string]interface{}) + + m["compress"] = *cb.Compress + m["viewer_protocol_policy"] = *cb.ViewerProtocolPolicy + m["target_origin_id"] = *cb.TargetOriginId + m["forwarded_values"] = schema.NewSet(forwardedValuesHash, []interface{}{flattenForwardedValues(cb.ForwardedValues)}) + m["min_ttl"] = int(*cb.MinTTL) + + if len(cb.TrustedSigners.Items) > 0 { + m["trusted_signers"] = flattenTrustedSigners(cb.TrustedSigners) + } + if cb.MaxTTL != nil { + m["max_ttl"] = int(*cb.MaxTTL) + } + if cb.SmoothStreaming != nil { + m["smooth_streaming"] = *cb.SmoothStreaming + } + if cb.DefaultTTL != nil { + m["default_ttl"] = int(*cb.DefaultTTL) + } + if cb.AllowedMethods != nil { + m["allowed_methods"] = flattenAllowedMethods(cb.AllowedMethods) + } + if cb.AllowedMethods.CachedMethods != nil { + m["cached_methods"] = flattenCachedMethods(cb.AllowedMethods.CachedMethods) + } + if cb.PathPattern != nil { + m["path_pattern"] = *cb.PathPattern + } + return m +} + +// Assemble the hash for the aws_cloudfront_distribution cache_behavior +// TypeSet attribute. +func cacheBehaviorHash(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + buf.WriteString(fmt.Sprintf("%t-", m["compress"].(bool))) + buf.WriteString(fmt.Sprintf("%s-", m["viewer_protocol_policy"].(string))) + buf.WriteString(fmt.Sprintf("%s-", m["target_origin_id"].(string))) + buf.WriteString(fmt.Sprintf("%d-", forwardedValuesHash(m["forwarded_values"].(*schema.Set).List()[0].(map[string]interface{})))) + buf.WriteString(fmt.Sprintf("%d-", m["min_ttl"].(int))) + if d, ok := m["trusted_signers"]; ok { + for _, e := range sortInterfaceSlice(d.([]interface{})) { + buf.WriteString(fmt.Sprintf("%s-", e.(string))) + } + } + if d, ok := m["max_ttl"]; ok { + buf.WriteString(fmt.Sprintf("%d-", d.(int))) + } + if d, ok := m["smooth_streaming"]; ok { + buf.WriteString(fmt.Sprintf("%t-", d.(bool))) + } + if d, ok := m["default_ttl"]; ok { + buf.WriteString(fmt.Sprintf("%d-", d.(int))) + } + if d, ok := m["allowed_methods"]; ok { + for _, e := range sortInterfaceSlice(d.([]interface{})) { + buf.WriteString(fmt.Sprintf("%s-", e.(string))) + } + } + if d, ok := m["cached_methods"]; ok { + for _, e := range sortInterfaceSlice(d.([]interface{})) { + buf.WriteString(fmt.Sprintf("%s-", e.(string))) + } + } + if d, ok := m["path_pattern"]; ok { + buf.WriteString(fmt.Sprintf("%s-", d)) + } + return hashcode.String(buf.String()) +} + +func expandTrustedSigners(s []interface{}) *cloudfront.TrustedSigners { + var ts cloudfront.TrustedSigners + if len(s) > 0 { + ts.Quantity = aws.Int64(int64(len(s))) + ts.Items = expandStringList(s) + ts.Enabled = aws.Bool(true) + } else { + ts.Quantity = aws.Int64(0) + ts.Enabled = aws.Bool(false) + } + return &ts +} + +func flattenTrustedSigners(ts *cloudfront.TrustedSigners) []interface{} { + if ts.Items != nil { + return flattenStringList(ts.Items) + } + return []interface{}{} +} + +func expandForwardedValues(m map[string]interface{}) *cloudfront.ForwardedValues { + fv := &cloudfront.ForwardedValues{ + QueryString: aws.Bool(m["query_string"].(bool)), + } + if v, ok := m["cookies"]; ok { + fv.Cookies = expandCookiePreference(v.(*schema.Set).List()[0].(map[string]interface{})) + } + if v, ok := m["headers"]; ok { + fv.Headers = expandHeaders(v.([]interface{})) + } + return fv +} + +func flattenForwardedValues(fv *cloudfront.ForwardedValues) map[string]interface{} { + m := make(map[string]interface{}) + m["query_string"] = *fv.QueryString + if fv.Cookies != nil { + m["cookies"] = schema.NewSet(cookiePreferenceHash, []interface{}{flattenCookiePreference(fv.Cookies)}) + } + if fv.Headers != nil { + m["headers"] = flattenHeaders(fv.Headers) + } + return m +} + +// Assemble the hash for the aws_cloudfront_distribution forwarded_values +// TypeSet attribute. +func forwardedValuesHash(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + buf.WriteString(fmt.Sprintf("%t-", m["query_string"].(bool))) + if d, ok := m["cookies"]; ok { + buf.WriteString(fmt.Sprintf("%d-", cookiePreferenceHash(d.(*schema.Set).List()[0].(map[string]interface{})))) + } + if d, ok := m["headers"]; ok { + for _, e := range sortInterfaceSlice(d.([]interface{})) { + buf.WriteString(fmt.Sprintf("%s-", e.(string))) + } + } + return hashcode.String(buf.String()) +} + +func expandHeaders(d []interface{}) *cloudfront.Headers { + return &cloudfront.Headers{ + Quantity: aws.Int64(int64(len(d))), + Items: expandStringList(d), + } +} + +func flattenHeaders(h *cloudfront.Headers) []interface{} { + if h.Items != nil { + return flattenStringList(h.Items) + } + return []interface{}{} +} + +func expandCookiePreference(m map[string]interface{}) *cloudfront.CookiePreference { + cp := &cloudfront.CookiePreference{ + Forward: aws.String(m["forward"].(string)), + } + if v, ok := m["whitelisted_names"]; ok { + cp.WhitelistedNames = expandCookieNames(v.([]interface{})) + } + return cp +} + +func flattenCookiePreference(cp *cloudfront.CookiePreference) map[string]interface{} { + m := make(map[string]interface{}) + m["forward"] = *cp.Forward + if cp.WhitelistedNames != nil { + m["whitelisted_names"] = flattenCookieNames(cp.WhitelistedNames) + } + return m +} + +// Assemble the hash for the aws_cloudfront_distribution cookies +// TypeSet attribute. +func cookiePreferenceHash(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + buf.WriteString(fmt.Sprintf("%s-", m["forward"].(string))) + if d, ok := m["whitelisted_names"]; ok { + for _, e := range sortInterfaceSlice(d.([]interface{})) { + buf.WriteString(fmt.Sprintf("%s-", e.(string))) + } + } + return hashcode.String(buf.String()) +} + +func expandCookieNames(d []interface{}) *cloudfront.CookieNames { + return &cloudfront.CookieNames{ + Quantity: aws.Int64(int64(len(d))), + Items: expandStringList(d), + } +} + +func flattenCookieNames(cn *cloudfront.CookieNames) []interface{} { + if cn.Items != nil { + return flattenStringList(cn.Items) + } + return []interface{}{} +} + +func expandAllowedMethods(s []interface{}) *cloudfront.AllowedMethods { + return &cloudfront.AllowedMethods{ + Quantity: aws.Int64(int64(len(s))), + Items: expandStringList(s), + } +} + +func flattenAllowedMethods(am *cloudfront.AllowedMethods) []interface{} { + if am.Items != nil { + return flattenStringList(am.Items) + } + return []interface{}{} +} + +func expandCachedMethods(s []interface{}) *cloudfront.CachedMethods { + return &cloudfront.CachedMethods{ + Quantity: aws.Int64(int64(len(s))), + Items: expandStringList(s), + } +} + +func flattenCachedMethods(cm *cloudfront.CachedMethods) []interface{} { + if cm.Items != nil { + return flattenStringList(cm.Items) + } + return []interface{}{} +} + +func expandOrigins(s *schema.Set) *cloudfront.Origins { + qty := 0 + items := []*cloudfront.Origin{} + for _, v := range s.List() { + items = append(items, expandOrigin(v.(map[string]interface{}))) + qty++ + } + return &cloudfront.Origins{ + Quantity: aws.Int64(int64(qty)), + Items: items, + } +} + +func flattenOrigins(ors *cloudfront.Origins) *schema.Set { + s := []interface{}{} + for _, v := range ors.Items { + s = append(s, flattenOrigin(v)) + } + return schema.NewSet(originHash, s) +} + +func expandOrigin(m map[string]interface{}) *cloudfront.Origin { + origin := &cloudfront.Origin{ + Id: aws.String(m["origin_id"].(string)), + DomainName: aws.String(m["domain_name"].(string)), + } + if v, ok := m["custom_header"]; ok { + origin.CustomHeaders = expandCustomHeaders(v.(*schema.Set)) + } + if v, ok := m["custom_origin_config"]; ok { + if s := v.(*schema.Set).List(); len(s) > 0 { + origin.CustomOriginConfig = expandCustomOriginConfig(s[0].(map[string]interface{})) + } + } + if v, ok := m["origin_path"]; ok { + origin.OriginPath = aws.String(v.(string)) + } + if v, ok := m["s3_origin_config"]; ok { + if s := v.(*schema.Set).List(); len(s) > 0 { + origin.S3OriginConfig = expandS3OriginConfig(s[0].(map[string]interface{})) + } + } + return origin +} + +func flattenOrigin(or *cloudfront.Origin) map[string]interface{} { + m := make(map[string]interface{}) + m["origin_id"] = *or.Id + m["domain_name"] = *or.DomainName + if or.CustomHeaders != nil { + m["custom_header"] = flattenCustomHeaders(or.CustomHeaders) + } + if or.CustomOriginConfig != nil { + m["custom_origin_config"] = schema.NewSet(customOriginConfigHash, []interface{}{flattenCustomOriginConfig(or.CustomOriginConfig)}) + } + if or.OriginPath != nil { + m["origin_path"] = *or.OriginPath + } + if or.S3OriginConfig != nil { + m["s3_origin_config"] = schema.NewSet(s3OriginConfigHash, []interface{}{flattenS3OriginConfig(or.S3OriginConfig)}) + } + return m +} + +// Assemble the hash for the aws_cloudfront_distribution origin +// TypeSet attribute. +func originHash(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + buf.WriteString(fmt.Sprintf("%s-", m["origin_id"].(string))) + buf.WriteString(fmt.Sprintf("%s-", m["domain_name"].(string))) + if v, ok := m["custom_header"]; ok { + buf.WriteString(fmt.Sprintf("%d-", customHeadersHash(v.(*schema.Set)))) + } + if v, ok := m["custom_origin_config"]; ok { + if s := v.(*schema.Set).List(); len(s) > 0 { + buf.WriteString(fmt.Sprintf("%d-", customOriginConfigHash((s[0].(map[string]interface{}))))) + } + } + if v, ok := m["origin_path"]; ok { + buf.WriteString(fmt.Sprintf("%s-", v.(string))) + } + if v, ok := m["s3_origin_config"]; ok { + if s := v.(*schema.Set).List(); len(s) > 0 { + buf.WriteString(fmt.Sprintf("%d-", s3OriginConfigHash((s[0].(map[string]interface{}))))) + } + } + return hashcode.String(buf.String()) +} + +func expandCustomHeaders(s *schema.Set) *cloudfront.CustomHeaders { + qty := 0 + items := []*cloudfront.OriginCustomHeader{} + for _, v := range s.List() { + items = append(items, expandOriginCustomHeader(v.(map[string]interface{}))) + qty++ + } + return &cloudfront.CustomHeaders{ + Quantity: aws.Int64(int64(qty)), + Items: items, + } +} + +func flattenCustomHeaders(chs *cloudfront.CustomHeaders) *schema.Set { + s := []interface{}{} + for _, v := range chs.Items { + s = append(s, flattenOriginCustomHeader(v)) + } + return schema.NewSet(originCustomHeaderHash, s) +} + +func expandOriginCustomHeader(m map[string]interface{}) *cloudfront.OriginCustomHeader { + return &cloudfront.OriginCustomHeader{ + HeaderName: aws.String(m["name"].(string)), + HeaderValue: aws.String(m["value"].(string)), + } +} + +func flattenOriginCustomHeader(och *cloudfront.OriginCustomHeader) map[string]interface{} { + return map[string]interface{}{ + "name": *och.HeaderName, + "value": *och.HeaderValue, + } +} + +// Helper function used by originHash to get a composite hash for all +// aws_cloudfront_distribution custom_header attributes. +func customHeadersHash(s *schema.Set) int { + var buf bytes.Buffer + for _, v := range s.List() { + buf.WriteString(fmt.Sprintf("%d-", originCustomHeaderHash(v))) + } + return hashcode.String(buf.String()) +} + +// Assemble the hash for the aws_cloudfront_distribution custom_header +// TypeSet attribute. +func originCustomHeaderHash(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + buf.WriteString(fmt.Sprintf("%s-", m["name"].(string))) + buf.WriteString(fmt.Sprintf("%s-", m["value"].(string))) + return hashcode.String(buf.String()) +} + +func expandCustomOriginConfig(m map[string]interface{}) *cloudfront.CustomOriginConfig { + return &cloudfront.CustomOriginConfig{ + OriginProtocolPolicy: aws.String(m["origin_protocol_policy"].(string)), + HTTPPort: aws.Int64(int64(m["http_port"].(int))), + HTTPSPort: aws.Int64(int64(m["https_port"].(int))), + OriginSslProtocols: expandCustomOriginConfigSSL(m["origin_ssl_protocols"].([]interface{})), + } +} + +func flattenCustomOriginConfig(cor *cloudfront.CustomOriginConfig) map[string]interface{} { + return map[string]interface{}{ + "origin_protocol_policy": *cor.OriginProtocolPolicy, + "http_port": int(*cor.HTTPPort), + "https_port": int(*cor.HTTPSPort), + "origin_ssl_protocols": flattenCustomOriginConfigSSL(cor.OriginSslProtocols), + } +} + +// Assemble the hash for the aws_cloudfront_distribution custom_origin_config +// TypeSet attribute. +func customOriginConfigHash(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + buf.WriteString(fmt.Sprintf("%s-", m["origin_protocol_policy"].(string))) + buf.WriteString(fmt.Sprintf("%d-", m["http_port"].(int))) + buf.WriteString(fmt.Sprintf("%d-", m["https_port"].(int))) + for _, v := range sortInterfaceSlice(m["origin_ssl_protocols"].([]interface{})) { + buf.WriteString(fmt.Sprintf("%s-", v.(string))) + } + return hashcode.String(buf.String()) +} + +func expandCustomOriginConfigSSL(s []interface{}) *cloudfront.OriginSslProtocols { + items := expandStringList(s) + return &cloudfront.OriginSslProtocols{ + Quantity: aws.Int64(int64(len(items))), + Items: items, + } +} + +func flattenCustomOriginConfigSSL(osp *cloudfront.OriginSslProtocols) []interface{} { + return flattenStringList(osp.Items) +} + +func expandS3OriginConfig(m map[string]interface{}) *cloudfront.S3OriginConfig { + return &cloudfront.S3OriginConfig{ + OriginAccessIdentity: aws.String(m["origin_access_identity"].(string)), + } +} + +func flattenS3OriginConfig(s3o *cloudfront.S3OriginConfig) map[string]interface{} { + return map[string]interface{}{ + "origin_access_identity": *s3o.OriginAccessIdentity, + } +} + +// Assemble the hash for the aws_cloudfront_distribution s3_origin_config +// TypeSet attribute. +func s3OriginConfigHash(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + buf.WriteString(fmt.Sprintf("%s-", m["origin_access_identity"].(string))) + return hashcode.String(buf.String()) +} + +func expandCustomErrorResponses(s *schema.Set) *cloudfront.CustomErrorResponses { + qty := 0 + items := []*cloudfront.CustomErrorResponse{} + for _, v := range s.List() { + items = append(items, expandCustomErrorResponse(v.(map[string]interface{}))) + qty++ + } + return &cloudfront.CustomErrorResponses{ + Quantity: aws.Int64(int64(qty)), + Items: items, + } +} + +func flattenCustomErrorResponses(ers *cloudfront.CustomErrorResponses) *schema.Set { + s := []interface{}{} + for _, v := range ers.Items { + s = append(s, flattenCustomErrorResponse(v)) + } + return schema.NewSet(customErrorResponseHash, s) +} + +func expandCustomErrorResponse(m map[string]interface{}) *cloudfront.CustomErrorResponse { + er := cloudfront.CustomErrorResponse{ + ErrorCode: aws.Int64(int64(m["error_code"].(int))), + } + if v, ok := m["error_caching_min_ttl"]; ok { + er.ErrorCachingMinTTL = aws.Int64(int64(v.(int))) + } + if v, ok := m["response_code"]; ok { + er.ResponseCode = aws.String(strconv.Itoa(v.(int))) + } + if v, ok := m["response_page_path"]; ok { + er.ResponsePagePath = aws.String(v.(string)) + } + return &er +} + +func flattenCustomErrorResponse(er *cloudfront.CustomErrorResponse) map[string]interface{} { + m := make(map[string]interface{}) + m["error_code"] = int(*er.ErrorCode) + if er.ErrorCachingMinTTL != nil { + m["error_caching_min_ttl"] = int(*er.ErrorCachingMinTTL) + } + if er.ResponseCode != nil { + m["response_code"], _ = strconv.Atoi(*er.ResponseCode) + } + if er.ResponsePagePath != nil { + m["response_page_path"] = *er.ResponsePagePath + } + return m +} + +// Assemble the hash for the aws_cloudfront_distribution custom_error_response +// TypeSet attribute. +func customErrorResponseHash(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + buf.WriteString(fmt.Sprintf("%d-", m["error_code"].(int))) + if v, ok := m["error_caching_min_ttl"]; ok { + buf.WriteString(fmt.Sprintf("%d-", v.(int))) + } + if v, ok := m["response_code"]; ok { + buf.WriteString(fmt.Sprintf("%d-", v.(int))) + } + if v, ok := m["response_page_path"]; ok { + buf.WriteString(fmt.Sprintf("%s-", v.(string))) + } + return hashcode.String(buf.String()) +} + +func expandLoggingConfig(m map[string]interface{}) *cloudfront.LoggingConfig { + var lc cloudfront.LoggingConfig + if m != nil { + lc.Prefix = aws.String(m["prefix"].(string)) + lc.Bucket = aws.String(m["bucket"].(string)) + lc.IncludeCookies = aws.Bool(m["include_cookies"].(bool)) + lc.Enabled = aws.Bool(true) + } else { + lc.Prefix = aws.String("") + lc.Bucket = aws.String("") + lc.IncludeCookies = aws.Bool(false) + lc.Enabled = aws.Bool(false) + } + return &lc +} + +func flattenLoggingConfig(lc *cloudfront.LoggingConfig) *schema.Set { + m := make(map[string]interface{}) + m["prefix"] = *lc.Prefix + m["bucket"] = *lc.Bucket + m["include_cookies"] = *lc.IncludeCookies + return schema.NewSet(loggingConfigHash, []interface{}{m}) +} + +// Assemble the hash for the aws_cloudfront_distribution logging_config +// TypeSet attribute. +func loggingConfigHash(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + buf.WriteString(fmt.Sprintf("%s-", m["prefix"].(string))) + buf.WriteString(fmt.Sprintf("%s-", m["bucket"].(string))) + buf.WriteString(fmt.Sprintf("%t-", m["include_cookies"].(bool))) + return hashcode.String(buf.String()) +} + +func expandAliases(as *schema.Set) *cloudfront.Aliases { + s := as.List() + var aliases cloudfront.Aliases + if len(s) > 0 { + aliases.Quantity = aws.Int64(int64(len(s))) + aliases.Items = expandStringList(s) + } else { + aliases.Quantity = aws.Int64(0) + } + return &aliases +} + +func flattenAliases(aliases *cloudfront.Aliases) *schema.Set { + if aliases.Items != nil { + return schema.NewSet(aliasesHash, flattenStringList(aliases.Items)) + } + return schema.NewSet(aliasesHash, []interface{}{}) +} + +// Assemble the hash for the aws_cloudfront_distribution aliases +// TypeSet attribute. +func aliasesHash(v interface{}) int { + return hashcode.String(v.(string)) +} + +func expandRestrictions(m map[string]interface{}) *cloudfront.Restrictions { + return &cloudfront.Restrictions{ + GeoRestriction: expandGeoRestriction(m["geo_restriction"].(*schema.Set).List()[0].(map[string]interface{})), + } +} + +func flattenRestrictions(r *cloudfront.Restrictions) *schema.Set { + m := make(map[string]interface{}) + s := schema.NewSet(geoRestrictionHash, []interface{}{flattenGeoRestriction(r.GeoRestriction)}) + m["geo_restriction"] = s + return schema.NewSet(restrictionsHash, []interface{}{m}) +} + +// Assemble the hash for the aws_cloudfront_distribution restrictions +// TypeSet attribute. +func restrictionsHash(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + buf.WriteString(fmt.Sprintf("%d-", geoRestrictionHash(m["geo_restriction"].(*schema.Set).List()[0].(map[string]interface{})))) + return hashcode.String(buf.String()) +} + +func expandGeoRestriction(m map[string]interface{}) *cloudfront.GeoRestriction { + gr := cloudfront.GeoRestriction{ + RestrictionType: aws.String(m["restriction_type"].(string)), + } + if v, ok := m["locations"]; ok { + gr.Quantity = aws.Int64(int64(len(v.([]interface{})))) + gr.Items = expandStringList(v.([]interface{})) + } else { + gr.Quantity = aws.Int64(0) + } + return &gr +} + +func flattenGeoRestriction(gr *cloudfront.GeoRestriction) map[string]interface{} { + m := make(map[string]interface{}) + + m["restriction_type"] = *gr.RestrictionType + if gr.Items != nil { + m["locations"] = flattenStringList(gr.Items) + } + return m +} + +// Assemble the hash for the aws_cloudfront_distribution geo_restriction +// TypeSet attribute. +func geoRestrictionHash(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + // All keys added in alphabetical order. + buf.WriteString(fmt.Sprintf("%s-", m["restriction_type"].(string))) + if v, ok := m["locations"]; ok { + for _, w := range sortInterfaceSlice(v.([]interface{})) { + buf.WriteString(fmt.Sprintf("%s-", w.(string))) + } + } + return hashcode.String(buf.String()) +} + +func expandViewerCertificate(m map[string]interface{}) *cloudfront.ViewerCertificate { + var vc cloudfront.ViewerCertificate + if v, ok := m["iam_certificate_id"]; ok && v != "" { + vc.IAMCertificateId = aws.String(v.(string)) + vc.SSLSupportMethod = aws.String(m["ssl_support_method"].(string)) + } else if v, ok := m["acm_certificate_arn"]; ok && v != "" { + vc.ACMCertificateArn = aws.String(v.(string)) + vc.SSLSupportMethod = aws.String(m["ssl_support_method"].(string)) + } else { + vc.CloudFrontDefaultCertificate = aws.Bool(m["cloudfront_default_certificate"].(bool)) + } + if v, ok := m["minimum_protocol_version"]; ok && v != "" { + vc.MinimumProtocolVersion = aws.String(v.(string)) + } + return &vc +} + +func flattenViewerCertificate(vc *cloudfront.ViewerCertificate) *schema.Set { + m := make(map[string]interface{}) + + if vc.IAMCertificateId != nil { + m["iam_certificate_id"] = *vc.IAMCertificateId + m["ssl_support_method"] = *vc.SSLSupportMethod + } else if vc.ACMCertificateArn != nil { + m["acm_certificate_arn"] = *vc.ACMCertificateArn + m["ssl_support_method"] = *vc.SSLSupportMethod + } else { + m["cloudfront_default_certificate"] = *vc.CloudFrontDefaultCertificate + } + if vc.MinimumProtocolVersion != nil { + m["minimum_protocol_version"] = *vc.MinimumProtocolVersion + } + return schema.NewSet(viewerCertificateHash, []interface{}{m}) +} + +// Assemble the hash for the aws_cloudfront_distribution viewer_certificate +// TypeSet attribute. +func viewerCertificateHash(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + if v, ok := m["iam_certificate_id"]; ok { + buf.WriteString(fmt.Sprintf("%s-", v.(string))) + buf.WriteString(fmt.Sprintf("%s-", m["ssl_support_method"].(string))) + } else if v, ok := m["acm_certificate_arn"]; ok { + buf.WriteString(fmt.Sprintf("%s-", v.(string))) + buf.WriteString(fmt.Sprintf("%s-", m["ssl_support_method"].(string))) + } else { + buf.WriteString(fmt.Sprintf("%t-", m["cloudfront_default_certificate"].(bool))) + } + if v, ok := m["minimum_protocol_version"]; ok { + buf.WriteString(fmt.Sprintf("%s-", v.(string))) + } + return hashcode.String(buf.String()) +} + +// Do a top-level copy of struct fields from one struct to another. Used to +// copy fields between CacheBehavior and DefaultCacheBehavior structs. +func simpleCopyStruct(src, dst interface{}) { + s := reflect.ValueOf(src).Elem() + d := reflect.ValueOf(dst).Elem() + + for i := 0; i < s.NumField(); i++ { + if s.Field(i).CanSet() == true { + if s.Field(i).Interface() != nil { + for j := 0; j < d.NumField(); j++ { + if d.Type().Field(j).Name == s.Type().Field(i).Name { + d.Field(j).Set(s.Field(i)) + } + } + } + } + } +} + +// Convert *cloudfront.ActiveTrustedSigners to a flatmap.Map type, which ensures +// it can probably be inserted into the schema.TypeMap type used by the +// active_trusted_signers attribute. +func flattenActiveTrustedSigners(ats *cloudfront.ActiveTrustedSigners) flatmap.Map { + m := make(map[string]interface{}) + s := []interface{}{} + m["enabled"] = *ats.Enabled + + for _, v := range ats.Items { + signer := make(map[string]interface{}) + signer["aws_account_number"] = *v.AwsAccountNumber + signer["key_pair_ids"] = aws.StringValueSlice(v.KeyPairIds.Items) + s = append(s, signer) + } + m["items"] = s + return flatmap.Flatten(m) +} diff --git a/builtin/providers/aws/cloudfront_distribution_configuration_structure_test.go b/builtin/providers/aws/cloudfront_distribution_configuration_structure_test.go new file mode 100644 index 000000000000..792a926862b2 --- /dev/null +++ b/builtin/providers/aws/cloudfront_distribution_configuration_structure_test.go @@ -0,0 +1,989 @@ +package aws + +import ( + "reflect" + "testing" + + "github.com/aws/aws-sdk-go/aws" + "github.com/hashicorp/terraform/helper/schema" +) + +func defaultCacheBehaviorConf() map[string]interface{} { + return map[string]interface{}{ + "viewer_protocol_policy": "allow-all", + "target_origin_id": "myS3Origin", + "forwarded_values": schema.NewSet(forwardedValuesHash, []interface{}{forwardedValuesConf()}), + "min_ttl": 86400, + "trusted_signers": trustedSignersConf(), + "max_ttl": 365000000, + "smooth_streaming": false, + "default_ttl": 86400, + "allowed_methods": allowedMethodsConf(), + "cached_methods": cachedMethodsConf(), + "compress": true, + } +} + +func cacheBehaviorConf1() map[string]interface{} { + cb := defaultCacheBehaviorConf() + cb["path_pattern"] = "/path1" + return cb +} + +func cacheBehaviorConf2() map[string]interface{} { + cb := defaultCacheBehaviorConf() + cb["path_pattern"] = "/path2" + return cb +} + +func cacheBehaviorsConf() *schema.Set { + return schema.NewSet(cacheBehaviorHash, []interface{}{cacheBehaviorConf1(), cacheBehaviorConf2()}) +} + +func trustedSignersConf() []interface{} { + return []interface{}{"1234567890EX", "1234567891EX"} +} + +func forwardedValuesConf() map[string]interface{} { + return map[string]interface{}{ + "query_string": true, + "cookies": schema.NewSet(cookiePreferenceHash, []interface{}{cookiePreferenceConf()}), + "headers": headersConf(), + } +} + +func headersConf() []interface{} { + return []interface{}{"X-Example1", "X-Example2"} +} + +func cookiePreferenceConf() map[string]interface{} { + return map[string]interface{}{ + "forward": "whitelist", + "whitelisted_names": cookieNamesConf(), + } +} + +func cookieNamesConf() []interface{} { + return []interface{}{"Example1", "Example2"} +} + +func allowedMethodsConf() []interface{} { + return []interface{}{"DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"} +} + +func cachedMethodsConf() []interface{} { + return []interface{}{"GET", "HEAD", "OPTIONS"} +} + +func originCustomHeadersConf() *schema.Set { + return schema.NewSet(originCustomHeaderHash, []interface{}{originCustomHeaderConf1(), originCustomHeaderConf2()}) +} + +func originCustomHeaderConf1() map[string]interface{} { + return map[string]interface{}{ + "name": "X-Custom-Header1", + "value": "samplevalue", + } +} + +func originCustomHeaderConf2() map[string]interface{} { + return map[string]interface{}{ + "name": "X-Custom-Header2", + "value": "samplevalue", + } +} + +func customOriginConf() map[string]interface{} { + return map[string]interface{}{ + "origin_protocol_policy": "http-only", + "http_port": 80, + "https_port": 443, + "origin_ssl_protocols": customOriginSslProtocolsConf(), + } +} + +func customOriginSslProtocolsConf() []interface{} { + return []interface{}{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"} +} + +func s3OriginConf() map[string]interface{} { + return map[string]interface{}{ + "origin_access_identity": "origin-access-identity/cloudfront/E127EXAMPLE51Z", + } +} + +func originWithCustomConf() map[string]interface{} { + return map[string]interface{}{ + "origin_id": "CustomOrigin", + "domain_name": "www.example.com", + "origin_path": "/", + "custom_origin_config": schema.NewSet(customOriginConfigHash, []interface{}{customOriginConf()}), + "custom_header": originCustomHeadersConf(), + } +} +func originWithS3Conf() map[string]interface{} { + return map[string]interface{}{ + "origin_id": "S3Origin", + "domain_name": "s3.example.com", + "origin_path": "/", + "s3_origin_config": schema.NewSet(s3OriginConfigHash, []interface{}{s3OriginConf()}), + "custom_header": originCustomHeadersConf(), + } +} + +func multiOriginConf() *schema.Set { + return schema.NewSet(originHash, []interface{}{originWithCustomConf(), originWithS3Conf()}) +} + +func geoRestrictionWhitelistConf() map[string]interface{} { + return map[string]interface{}{ + "restriction_type": "whitelist", + "locations": []interface{}{"CA", "GB", "US"}, + } +} + +func geoRestrictionsConf() map[string]interface{} { + return map[string]interface{}{ + "geo_restriction": schema.NewSet(geoRestrictionHash, []interface{}{geoRestrictionWhitelistConf()}), + } +} + +func geoRestrictionConfNoItems() map[string]interface{} { + return map[string]interface{}{ + "restriction_type": "none", + } +} + +func customErrorResponsesConf() []interface{} { + return []interface{}{ + map[string]interface{}{ + "error_code": 404, + "error_caching_min_ttl": 30, + "response_code": 200, + "response_page_path": "/error-pages/404.html", + }, + map[string]interface{}{ + "error_code": 403, + "error_caching_min_ttl": 15, + "response_code": 404, + "response_page_path": "/error-pages/404.html", + }, + } +} + +func aliasesConf() *schema.Set { + return schema.NewSet(aliasesHash, []interface{}{"example.com", "www.example.com"}) +} + +func loggingConfigConf() map[string]interface{} { + return map[string]interface{}{ + "include_cookies": false, + "bucket": "mylogs.s3.amazonaws.com", + "prefix": "myprefix", + } +} + +func customErrorResponsesConfSet() *schema.Set { + return schema.NewSet(customErrorResponseHash, customErrorResponsesConf()) +} + +func customErrorResponsesConfFirst() map[string]interface{} { + return customErrorResponsesConf()[0].(map[string]interface{}) +} + +func viewerCertificateConfSetCloudFrontDefault() map[string]interface{} { + return map[string]interface{}{ + "cloudfront_default_certificate": true, + } +} + +func viewerCertificateConfSetIAM() map[string]interface{} { + return map[string]interface{}{ + "iam_certificate_id": "iamcert-01234567", + "ssl_support_method": "vip", + "minimum_protocol_version": "TLSv1", + } +} + +func viewerCertificateConfSetACM() map[string]interface{} { + return map[string]interface{}{ + "acm_certificate_arn": "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012", + "ssl_support_method": "sni-only", + "minimum_protocol_version": "TLSv1", + } +} + +func TestCloudFrontStructure_expandDefaultCacheBehavior(t *testing.T) { + data := defaultCacheBehaviorConf() + dcb := expandDefaultCacheBehavior(data) + if *dcb.Compress != true { + t.Fatalf("Expected Compress to be true, got %v", *dcb.Compress) + } + if *dcb.ViewerProtocolPolicy != "allow-all" { + t.Fatalf("Expected ViewerProtocolPolicy to be allow-all, got %v", *dcb.ViewerProtocolPolicy) + } + if *dcb.TargetOriginId != "myS3Origin" { + t.Fatalf("Expected TargetOriginId to be allow-all, got %v", *dcb.TargetOriginId) + } + if reflect.DeepEqual(dcb.ForwardedValues.Headers.Items, expandStringList(headersConf())) != true { + t.Fatalf("Expected Items to be %v, got %v", headersConf(), dcb.ForwardedValues.Headers.Items) + } + if *dcb.MinTTL != 86400 { + t.Fatalf("Expected MinTTL to be 86400, got %v", *dcb.MinTTL) + } + if reflect.DeepEqual(dcb.TrustedSigners.Items, expandStringList(trustedSignersConf())) != true { + t.Fatalf("Expected TrustedSigners.Items to be %v, got %v", trustedSignersConf(), dcb.TrustedSigners.Items) + } + if *dcb.MaxTTL != 365000000 { + t.Fatalf("Expected MaxTTL to be 86400, got %v", *dcb.MaxTTL) + } + if *dcb.SmoothStreaming != false { + t.Fatalf("Expected SmoothStreaming to be false, got %v", *dcb.SmoothStreaming) + } + if *dcb.DefaultTTL != 86400 { + t.Fatalf("Expected DefaultTTL to be 86400, got %v", *dcb.DefaultTTL) + } + if reflect.DeepEqual(dcb.AllowedMethods.Items, expandStringList(allowedMethodsConf())) != true { + t.Fatalf("Expected TrustedSigners.Items to be %v, got %v", allowedMethodsConf(), dcb.AllowedMethods.Items) + } + if reflect.DeepEqual(dcb.AllowedMethods.CachedMethods.Items, expandStringList(cachedMethodsConf())) != true { + t.Fatalf("Expected TrustedSigners.Items to be %v, got %v", cachedMethodsConf(), dcb.AllowedMethods.CachedMethods.Items) + } +} + +func TestCloudFrontStructure_flattenDefaultCacheBehavior(t *testing.T) { + in := defaultCacheBehaviorConf() + dcb := expandDefaultCacheBehavior(in) + out := flattenDefaultCacheBehavior(dcb) + diff := schema.NewSet(defaultCacheBehaviorHash, []interface{}{in}).Difference(out) + + if len(diff.List()) > 0 { + t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff) + } +} + +func TestCloudFrontStructure_expandCacheBehavior(t *testing.T) { + data := cacheBehaviorConf1() + cb := expandCacheBehavior(data) + if *cb.Compress != true { + t.Fatalf("Expected Compress to be true, got %v", *cb.Compress) + } + if *cb.ViewerProtocolPolicy != "allow-all" { + t.Fatalf("Expected ViewerProtocolPolicy to be allow-all, got %v", *cb.ViewerProtocolPolicy) + } + if *cb.TargetOriginId != "myS3Origin" { + t.Fatalf("Expected TargetOriginId to be myS3Origin, got %v", *cb.TargetOriginId) + } + if reflect.DeepEqual(cb.ForwardedValues.Headers.Items, expandStringList(headersConf())) != true { + t.Fatalf("Expected Items to be %v, got %v", headersConf(), cb.ForwardedValues.Headers.Items) + } + if *cb.MinTTL != 86400 { + t.Fatalf("Expected MinTTL to be 86400, got %v", *cb.MinTTL) + } + if reflect.DeepEqual(cb.TrustedSigners.Items, expandStringList(trustedSignersConf())) != true { + t.Fatalf("Expected TrustedSigners.Items to be %v, got %v", trustedSignersConf(), cb.TrustedSigners.Items) + } + if *cb.MaxTTL != 365000000 { + t.Fatalf("Expected MaxTTL to be 365000000, got %v", *cb.MaxTTL) + } + if *cb.SmoothStreaming != false { + t.Fatalf("Expected SmoothStreaming to be false, got %v", *cb.SmoothStreaming) + } + if *cb.DefaultTTL != 86400 { + t.Fatalf("Expected DefaultTTL to be 86400, got %v", *cb.DefaultTTL) + } + if reflect.DeepEqual(cb.AllowedMethods.Items, expandStringList(allowedMethodsConf())) != true { + t.Fatalf("Expected AllowedMethods.Items to be %v, got %v", allowedMethodsConf(), cb.AllowedMethods.Items) + } + if reflect.DeepEqual(cb.AllowedMethods.CachedMethods.Items, expandStringList(cachedMethodsConf())) != true { + t.Fatalf("Expected AllowedMethods.CachedMethods.Items to be %v, got %v", cachedMethodsConf(), cb.AllowedMethods.CachedMethods.Items) + } + if *cb.PathPattern != "/path1" { + t.Fatalf("Expected PathPattern to be /path1, got %v", *cb.PathPattern) + } +} + +func TestCloudFrontStructure_flattenCacheBehavior(t *testing.T) { + in := cacheBehaviorConf1() + cb := expandCacheBehavior(in) + out := flattenCacheBehavior(cb) + var diff *schema.Set + if out["compress"] != true { + t.Fatalf("Expected out[compress] to be true, got %v", out["compress"]) + } + if out["viewer_protocol_policy"] != "allow-all" { + t.Fatalf("Expected out[viewer_protocol_policy] to be allow-all, got %v", out["viewer_protocol_policy"]) + } + if out["target_origin_id"] != "myS3Origin" { + t.Fatalf("Expected out[target_origin_id] to be myS3Origin, got %v", out["target_origin_id"]) + } + diff = out["forwarded_values"].(*schema.Set).Difference(in["forwarded_values"].(*schema.Set)) + if len(diff.List()) > 0 { + t.Fatalf("Expected out[forwarded_values] to be %v, got %v, diff: %v", out["forwarded_values"], in["forwarded_values"], diff) + } + if out["min_ttl"] != int(86400) { + t.Fatalf("Expected out[min_ttl] to be 86400 (int), got %v", out["forwarded_values"]) + } + if reflect.DeepEqual(out["trusted_signers"], in["trusted_signers"]) != true { + t.Fatalf("Expected out[trusted_signers] to be %v, got %v", in["trusted_signers"], out["trusted_signers"]) + } + if out["max_ttl"] != int(365000000) { + t.Fatalf("Expected out[max_ttl] to be 365000000 (int), got %v", out["max_ttl"]) + } + if out["smooth_streaming"] != false { + t.Fatalf("Expected out[smooth_streaming] to be false, got %v", out["smooth_streaming"]) + } + if out["default_ttl"] != int(86400) { + t.Fatalf("Expected out[default_ttl] to be 86400 (int), got %v", out["default_ttl"]) + } + if reflect.DeepEqual(out["allowed_methods"], in["allowed_methods"]) != true { + t.Fatalf("Expected out[allowed_methods] to be %v, got %v", in["allowed_methods"], out["allowed_methods"]) + } + if reflect.DeepEqual(out["cached_methods"], in["cached_methods"]) != true { + t.Fatalf("Expected out[cached_methods] to be %v, got %v", in["cached_methods"], out["cached_methods"]) + } + if out["path_pattern"] != "/path1" { + t.Fatalf("Expected out[path_pattern] to be /path1, got %v", out["path_pattern"]) + } +} + +func TestCloudFrontStructure_expandCacheBehaviors(t *testing.T) { + data := cacheBehaviorsConf() + cbs := expandCacheBehaviors(data) + if *cbs.Quantity != 2 { + t.Fatalf("Expected Quantity to be 2, got %v", *cbs.Quantity) + } + if *cbs.Items[0].TargetOriginId != "myS3Origin" { + t.Fatalf("Expected first Item's TargetOriginId to be myS3Origin, got %v", *cbs.Items[0].TargetOriginId) + } +} + +func TestCloudFrontStructure_flattenCacheBehaviors(t *testing.T) { + in := cacheBehaviorsConf() + cbs := expandCacheBehaviors(in) + out := flattenCacheBehaviors(cbs) + diff := in.Difference(out) + + if len(diff.List()) > 0 { + t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff) + } +} + +func TestCloudFrontStructure_expandTrustedSigners(t *testing.T) { + data := trustedSignersConf() + ts := expandTrustedSigners(data) + if *ts.Quantity != 2 { + t.Fatalf("Expected Quantity to be 2, got %v", *ts.Quantity) + } + if *ts.Enabled != true { + t.Fatalf("Expected Enabled to be true, got %v", *ts.Enabled) + } + if reflect.DeepEqual(ts.Items, expandStringList(data)) != true { + t.Fatalf("Expected Items to be %v, got %v", data, ts.Items) + } +} + +func TestCloudFrontStructure_flattenTrustedSigners(t *testing.T) { + in := trustedSignersConf() + ts := expandTrustedSigners(in) + out := flattenTrustedSigners(ts) + + if reflect.DeepEqual(in, out) != true { + t.Fatalf("Expected out to be %v, got %v", in, out) + } +} + +func TestCloudFrontStructure_expandTrustedSigners_empty(t *testing.T) { + data := []interface{}{} + ts := expandTrustedSigners(data) + if *ts.Quantity != 0 { + t.Fatalf("Expected Quantity to be 2, got %v", *ts.Quantity) + } + if *ts.Enabled != false { + t.Fatalf("Expected Enabled to be true, got %v", *ts.Enabled) + } + if ts.Items != nil { + t.Fatalf("Expected Items to be nil, got %v", ts.Items) + } +} + +func TestCloudFrontStructure_expandForwardedValues(t *testing.T) { + data := forwardedValuesConf() + fv := expandForwardedValues(data) + if *fv.QueryString != true { + t.Fatalf("Expected QueryString to be true, got %v", *fv.QueryString) + } + if reflect.DeepEqual(fv.Cookies.WhitelistedNames.Items, expandStringList(cookieNamesConf())) != true { + t.Fatalf("Expected Cookies.WhitelistedNames.Items to be %v, got %v", cookieNamesConf(), fv.Cookies.WhitelistedNames.Items) + } + if reflect.DeepEqual(fv.Headers.Items, expandStringList(headersConf())) != true { + t.Fatalf("Expected Headers.Items to be %v, got %v", headersConf(), fv.Headers.Items) + } +} + +func TestCloudFrontStructure_flattenForwardedValues(t *testing.T) { + in := forwardedValuesConf() + fv := expandForwardedValues(in) + out := flattenForwardedValues(fv) + + if out["query_string"] != true { + t.Fatalf("Expected out[query_string] to be true, got %v", out["query_string"]) + } + if out["cookies"].(*schema.Set).Equal(in["cookies"].(*schema.Set)) != true { + t.Fatalf("Expected out[cookies] to be %v, got %v", in["cookies"], out["cookies"]) + } + if reflect.DeepEqual(out["headers"], in["headers"]) != true { + t.Fatalf("Expected out[headers] to be %v, got %v", in["headers"], out["headers"]) + } +} + +func TestCloudFrontStructure_expandHeaders(t *testing.T) { + data := headersConf() + h := expandHeaders(data) + if *h.Quantity != 2 { + t.Fatalf("Expected Quantity to be 2, got %v", *h.Quantity) + } + if reflect.DeepEqual(h.Items, expandStringList(data)) != true { + t.Fatalf("Expected Items to be %v, got %v", data, h.Items) + } +} + +func TestCloudFrontStructure_flattenHeaders(t *testing.T) { + in := headersConf() + h := expandHeaders(in) + out := flattenHeaders(h) + + if reflect.DeepEqual(in, out) != true { + t.Fatalf("Expected out to be %v, got %v", in, out) + } +} + +func TestCloudFrontStructure_expandCookiePreference(t *testing.T) { + data := cookiePreferenceConf() + cp := expandCookiePreference(data) + if *cp.Forward != "whitelist" { + t.Fatalf("Expected Forward to be whitelist, got %v", *cp.Forward) + } + if reflect.DeepEqual(cp.WhitelistedNames.Items, expandStringList(cookieNamesConf())) != true { + t.Fatalf("Expected WhitelistedNames.Items to be %v, got %v", cookieNamesConf(), cp.WhitelistedNames.Items) + } +} + +func TestCloudFrontStructure_flattenCookiePreference(t *testing.T) { + in := cookiePreferenceConf() + cp := expandCookiePreference(in) + out := flattenCookiePreference(cp) + + if reflect.DeepEqual(in, out) != true { + t.Fatalf("Expected out to be %v, got %v", in, out) + } +} + +func TestCloudFrontStructure_expandCookieNames(t *testing.T) { + data := cookieNamesConf() + cn := expandCookieNames(data) + if *cn.Quantity != 2 { + t.Fatalf("Expected Quantity to be 2, got %v", *cn.Quantity) + } + if reflect.DeepEqual(cn.Items, expandStringList(data)) != true { + t.Fatalf("Expected Items to be %v, got %v", data, cn.Items) + } +} + +func TestCloudFrontStructure_flattenCookieNames(t *testing.T) { + in := cookieNamesConf() + cn := expandCookieNames(in) + out := flattenCookieNames(cn) + + if reflect.DeepEqual(in, out) != true { + t.Fatalf("Expected out to be %v, got %v", in, out) + } +} + +func TestCloudFrontStructure_expandAllowedMethods(t *testing.T) { + data := allowedMethodsConf() + am := expandAllowedMethods(data) + if *am.Quantity != 7 { + t.Fatalf("Expected Quantity to be 3, got %v", *am.Quantity) + } + if reflect.DeepEqual(am.Items, expandStringList(data)) != true { + t.Fatalf("Expected Items to be %v, got %v", data, am.Items) + } +} + +func TestCloudFrontStructure_flattenAllowedMethods(t *testing.T) { + in := allowedMethodsConf() + am := expandAllowedMethods(in) + out := flattenAllowedMethods(am) + + if reflect.DeepEqual(in, out) != true { + t.Fatalf("Expected out to be %v, got %v", in, out) + } +} + +func TestCloudFrontStructure_expandCachedMethods(t *testing.T) { + data := cachedMethodsConf() + cm := expandCachedMethods(data) + if *cm.Quantity != 3 { + t.Fatalf("Expected Quantity to be 3, got %v", *cm.Quantity) + } + if reflect.DeepEqual(cm.Items, expandStringList(data)) != true { + t.Fatalf("Expected Items to be %v, got %v", data, cm.Items) + } +} + +func TestCloudFrontStructure_flattenCachedMethods(t *testing.T) { + in := cachedMethodsConf() + cm := expandCachedMethods(in) + out := flattenCachedMethods(cm) + + if reflect.DeepEqual(in, out) != true { + t.Fatalf("Expected out to be %v, got %v", in, out) + } +} + +func TestCloudFrontStructure_expandOrigins(t *testing.T) { + data := multiOriginConf() + origins := expandOrigins(data) + if *origins.Quantity != 2 { + t.Fatalf("Expected Quantity to be 2, got %v", *origins.Quantity) + } + if *origins.Items[0].OriginPath != "/" { + t.Fatalf("Expected first Item's OriginPath to be /, got %v", *origins.Items[0].OriginPath) + } +} + +func TestCloudFrontStructure_flattenOrigins(t *testing.T) { + in := multiOriginConf() + origins := expandOrigins(in) + out := flattenOrigins(origins) + diff := in.Difference(out) + + if len(diff.List()) > 0 { + t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff) + } +} + +func TestCloudFrontStructure_expandOrigin(t *testing.T) { + data := originWithCustomConf() + or := expandOrigin(data) + if *or.Id != "CustomOrigin" { + t.Fatalf("Expected Id to be CustomOrigin, got %v", *or.Id) + } + if *or.DomainName != "www.example.com" { + t.Fatalf("Expected DomainName to be www.example.com, got %v", *or.DomainName) + } + if *or.OriginPath != "/" { + t.Fatalf("Expected OriginPath to be /, got %v", *or.OriginPath) + } + if *or.CustomOriginConfig.OriginProtocolPolicy != "http-only" { + t.Fatalf("Expected CustomOriginConfig.OriginProtocolPolicy to be http-only, got %v", *or.CustomOriginConfig.OriginProtocolPolicy) + } + if *or.CustomHeaders.Items[0].HeaderValue != "samplevalue" { + t.Fatalf("Expected CustomHeaders.Items[0].HeaderValue to be samplevalue, got %v", *or.CustomHeaders.Items[0].HeaderValue) + } +} + +func TestCloudFrontStructure_flattenOrigin(t *testing.T) { + in := originWithCustomConf() + or := expandOrigin(in) + out := flattenOrigin(or) + + if out["origin_id"] != "CustomOrigin" { + t.Fatalf("Expected out[origin_id] to be CustomOrigin, got %v", out["origin_id"]) + } + if out["domain_name"] != "www.example.com" { + t.Fatalf("Expected out[domain_name] to be www.example.com, got %v", out["domain_name"]) + } + if out["origin_path"] != "/" { + t.Fatalf("Expected out[origin_path] to be /, got %v", out["origin_path"]) + } + if out["custom_origin_config"].(*schema.Set).Equal(in["custom_origin_config"].(*schema.Set)) != true { + t.Fatalf("Expected out[custom_origin_config] to be %v, got %v", in["custom_origin_config"], out["custom_origin_config"]) + } +} + +func TestCloudFrontStructure_expandCustomHeaders(t *testing.T) { + in := originCustomHeadersConf() + chs := expandCustomHeaders(in) + if *chs.Quantity != 2 { + t.Fatalf("Expected Quantity to be 2, got %v", *chs.Quantity) + } + if *chs.Items[0].HeaderValue != "samplevalue" { + t.Fatalf("Expected first Item's HeaderValue to be samplevalue, got %v", *chs.Items[0].HeaderValue) + } +} + +func TestCloudFrontStructure_flattenCustomHeaders(t *testing.T) { + in := originCustomHeadersConf() + chs := expandCustomHeaders(in) + out := flattenCustomHeaders(chs) + diff := in.Difference(out) + + if len(diff.List()) > 0 { + t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff) + } +} + +func TestCloudFrontStructure_flattenOriginCustomHeader(t *testing.T) { + in := originCustomHeaderConf1() + och := expandOriginCustomHeader(in) + out := flattenOriginCustomHeader(och) + + if out["name"] != "X-Custom-Header1" { + t.Fatalf("Expected out[name] to be X-Custom-Header1, got %v", out["name"]) + } + if out["value"] != "samplevalue" { + t.Fatalf("Expected out[value] to be samplevalue, got %v", out["value"]) + } +} + +func TestCloudFrontStructure_expandOriginCustomHeader(t *testing.T) { + in := originCustomHeaderConf1() + och := expandOriginCustomHeader(in) + + if *och.HeaderName != "X-Custom-Header1" { + t.Fatalf("Expected HeaderName to be X-Custom-Header1, got %v", *och.HeaderName) + } + if *och.HeaderValue != "samplevalue" { + t.Fatalf("Expected HeaderValue to be samplevalue, got %v", *och.HeaderValue) + } +} + +func TestCloudFrontStructure_expandCustomOriginConfig(t *testing.T) { + data := customOriginConf() + co := expandCustomOriginConfig(data) + if *co.OriginProtocolPolicy != "http-only" { + t.Fatalf("Expected OriginProtocolPolicy to be http-only, got %v", *co.OriginProtocolPolicy) + } + if *co.HTTPPort != 80 { + t.Fatalf("Expected HTTPPort to be 80, got %v", *co.HTTPPort) + } + if *co.HTTPSPort != 443 { + t.Fatalf("Expected HTTPSPort to be 443, got %v", *co.HTTPSPort) + } +} + +func TestCloudFrontStructure_flattenCustomOriginConfig(t *testing.T) { + in := customOriginConf() + co := expandCustomOriginConfig(in) + out := flattenCustomOriginConfig(co) + + if reflect.DeepEqual(in, out) != true { + t.Fatalf("Expected out to be %v, got %v", in, out) + } +} + +func TestCloudFrontStructure_expandCustomOriginConfigSSL(t *testing.T) { + in := customOriginSslProtocolsConf() + ocs := expandCustomOriginConfigSSL(in) + if *ocs.Quantity != 4 { + t.Fatalf("Expected Quantity to be 4, got %v", *ocs.Quantity) + } + if *ocs.Items[0] != "SSLv3" { + t.Fatalf("Expected first Item to be SSLv3, got %v", *ocs.Items[0]) + } +} + +func TestCloudFrontStructure_flattenCustomOriginConfigSSL(t *testing.T) { + in := customOriginSslProtocolsConf() + ocs := expandCustomOriginConfigSSL(in) + out := flattenCustomOriginConfigSSL(ocs) + + if reflect.DeepEqual(in, out) != true { + t.Fatalf("Expected out to be %v, got %v", in, out) + } +} + +func TestCloudFrontStructure_expandS3OriginConfig(t *testing.T) { + data := s3OriginConf() + s3o := expandS3OriginConfig(data) + if *s3o.OriginAccessIdentity != "origin-access-identity/cloudfront/E127EXAMPLE51Z" { + t.Fatalf("Expected OriginAccessIdentity to be origin-access-identity/cloudfront/E127EXAMPLE51Z, got %v", *s3o.OriginAccessIdentity) + } +} + +func TestCloudFrontStructure_flattenS3OriginConfig(t *testing.T) { + in := s3OriginConf() + s3o := expandS3OriginConfig(in) + out := flattenS3OriginConfig(s3o) + + if reflect.DeepEqual(in, out) != true { + t.Fatalf("Expected out to be %v, got %v", in, out) + } +} + +func TestCloudFrontStructure_expandCustomErrorResponses(t *testing.T) { + data := customErrorResponsesConfSet() + ers := expandCustomErrorResponses(data) + if *ers.Quantity != 2 { + t.Fatalf("Expected Quantity to be 2, got %v", *ers.Quantity) + } + if *ers.Items[0].ResponsePagePath != "/error-pages/404.html" { + t.Fatalf("Expected ResponsePagePath in first Item to be /error-pages/404.html, got %v", *ers.Items[0].ResponsePagePath) + } +} + +func TestCloudFrontStructure_flattenCustomErrorResponses(t *testing.T) { + in := customErrorResponsesConfSet() + ers := expandCustomErrorResponses(in) + out := flattenCustomErrorResponses(ers) + + if in.Equal(out) != true { + t.Fatalf("Expected out to be %v, got %v", in, out) + } +} + +func TestCloudFrontStructure_expandCustomErrorResponse(t *testing.T) { + data := customErrorResponsesConfFirst() + er := expandCustomErrorResponse(data) + if *er.ErrorCode != 404 { + t.Fatalf("Expected ErrorCode to be 404, got %v", *er.ErrorCode) + } + if *er.ErrorCachingMinTTL != 30 { + t.Fatalf("Expected ErrorCachingMinTTL to be 30, got %v", *er.ErrorCachingMinTTL) + } + if *er.ResponseCode != "200" { + t.Fatalf("Expected ResponseCode to be 200 (as string), got %v", *er.ResponseCode) + } + if *er.ResponsePagePath != "/error-pages/404.html" { + t.Fatalf("Expected ResponsePagePath to be /error-pages/404.html, got %v", *er.ResponsePagePath) + } +} + +func TestCloudFrontStructure_flattenCustomErrorResponse(t *testing.T) { + in := customErrorResponsesConfFirst() + er := expandCustomErrorResponse(in) + out := flattenCustomErrorResponse(er) + + if reflect.DeepEqual(in, out) != true { + t.Fatalf("Expected out to be %v, got %v", in, out) + } +} + +func TestCloudFrontStructure_expandLoggingConfig(t *testing.T) { + data := loggingConfigConf() + + lc := expandLoggingConfig(data) + if *lc.Enabled != true { + t.Fatalf("Expected Enabled to be true, got %v", *lc.Enabled) + } + if *lc.Prefix != "myprefix" { + t.Fatalf("Expected Prefix to be myprefix, got %v", *lc.Prefix) + } + if *lc.Bucket != "mylogs.s3.amazonaws.com" { + t.Fatalf("Expected Bucket to be mylogs.s3.amazonaws.com, got %v", *lc.Bucket) + } + if *lc.IncludeCookies != false { + t.Fatalf("Expected IncludeCookies to be false, got %v", *lc.IncludeCookies) + } +} + +func TestCloudFrontStructure_expandLoggingConfig_nilValue(t *testing.T) { + lc := expandLoggingConfig(nil) + if *lc.Enabled != false { + t.Fatalf("Expected Enabled to be false, got %v", *lc.Enabled) + } + if *lc.Prefix != "" { + t.Fatalf("Expected Prefix to be blank, got %v", *lc.Prefix) + } + if *lc.Bucket != "" { + t.Fatalf("Expected Bucket to be blank, got %v", *lc.Bucket) + } + if *lc.IncludeCookies != false { + t.Fatalf("Expected IncludeCookies to be false, got %v", *lc.IncludeCookies) + } +} + +func TestCloudFrontStructure_flattenLoggingConfig(t *testing.T) { + in := loggingConfigConf() + lc := expandLoggingConfig(in) + out := flattenLoggingConfig(lc) + diff := schema.NewSet(loggingConfigHash, []interface{}{in}).Difference(out) + + if len(diff.List()) > 0 { + t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff) + } +} + +func TestCloudFrontStructure_expandAliases(t *testing.T) { + data := aliasesConf() + a := expandAliases(data) + if *a.Quantity != 2 { + t.Fatalf("Expected Quantity to be 2, got %v", *a.Quantity) + } + if reflect.DeepEqual(a.Items, expandStringList(data.List())) != true { + t.Fatalf("Expected Items to be [example.com www.example.com], got %v", a.Items) + } +} + +func TestCloudFrontStructure_flattenAliases(t *testing.T) { + in := aliasesConf() + a := expandAliases(in) + out := flattenAliases(a) + diff := in.Difference(out) + + if len(diff.List()) > 0 { + t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff) + } +} + +func TestCloudFrontStructure_expandRestrictions(t *testing.T) { + data := geoRestrictionsConf() + r := expandRestrictions(data) + if *r.GeoRestriction.RestrictionType != "whitelist" { + t.Fatalf("Expected GeoRestriction.RestrictionType to be whitelist, got %v", *r.GeoRestriction.RestrictionType) + } +} + +func TestCloudFrontStructure_flattenRestrictions(t *testing.T) { + in := geoRestrictionsConf() + r := expandRestrictions(in) + out := flattenRestrictions(r) + diff := schema.NewSet(restrictionsHash, []interface{}{in}).Difference(out) + + if len(diff.List()) > 0 { + t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff) + } +} + +func TestCloudFrontStructure_expandGeoRestriction_whitelist(t *testing.T) { + data := geoRestrictionWhitelistConf() + gr := expandGeoRestriction(data) + if *gr.RestrictionType != "whitelist" { + t.Fatalf("Expected RestrictionType to be whitelist, got %v", *gr.RestrictionType) + } + if *gr.Quantity != 3 { + t.Fatalf("Expected Quantity to be 3, got %v", *gr.Quantity) + } + if reflect.DeepEqual(gr.Items, aws.StringSlice([]string{"CA", "GB", "US"})) != true { + t.Fatalf("Expected Items be [CA, GB, US], got %v", gr.Items) + } +} + +func TestCloudFrontStructure_flattenGeoRestriction_whitelist(t *testing.T) { + in := geoRestrictionWhitelistConf() + gr := expandGeoRestriction(in) + out := flattenGeoRestriction(gr) + + if reflect.DeepEqual(in, out) != true { + t.Fatalf("Expected out to be %v, got %v", in, out) + } +} + +func TestCloudFrontStructure_expandGeoRestriction_no_items(t *testing.T) { + data := geoRestrictionConfNoItems() + gr := expandGeoRestriction(data) + if *gr.RestrictionType != "none" { + t.Fatalf("Expected RestrictionType to be none, got %v", *gr.RestrictionType) + } + if *gr.Quantity != 0 { + t.Fatalf("Expected Quantity to be 0, got %v", *gr.Quantity) + } + if gr.Items != nil { + t.Fatalf("Expected Items to not be set, got %v", gr.Items) + } +} + +func TestCloudFrontStructure_flattenGeoRestriction_no_items(t *testing.T) { + in := geoRestrictionConfNoItems() + gr := expandGeoRestriction(in) + out := flattenGeoRestriction(gr) + + if reflect.DeepEqual(in, out) != true { + t.Fatalf("Expected out to be %v, got %v", in, out) + } +} + +func TestCloudFrontStructure_expandViewerCertificate_cloudfront_default_certificate(t *testing.T) { + data := viewerCertificateConfSetCloudFrontDefault() + vc := expandViewerCertificate(data) + if vc.ACMCertificateArn != nil { + t.Fatalf("Expected ACMCertificateArn to be unset, got %v", *vc.ACMCertificateArn) + } + if *vc.CloudFrontDefaultCertificate != true { + t.Fatalf("Expected CloudFrontDefaultCertificate to be true, got %v", *vc.CloudFrontDefaultCertificate) + } + if vc.IAMCertificateId != nil { + t.Fatalf("Expected IAMCertificateId to not be set, got %v", *vc.IAMCertificateId) + } + if vc.SSLSupportMethod != nil { + t.Fatalf("Expected IAMCertificateId to not be set, got %v", *vc.SSLSupportMethod) + } + if vc.MinimumProtocolVersion != nil { + t.Fatalf("Expected IAMCertificateId to not be set, got %v", *vc.MinimumProtocolVersion) + } +} + +func TestCloudFrontStructure_flattenViewerCertificate_cloudfront_default_certificate(t *testing.T) { + in := viewerCertificateConfSetCloudFrontDefault() + vc := expandViewerCertificate(in) + out := flattenViewerCertificate(vc) + diff := schema.NewSet(viewerCertificateHash, []interface{}{in}).Difference(out) + + if len(diff.List()) > 0 { + t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff) + } +} + +func TestCloudFrontStructure_expandViewerCertificate_iam_certificate_id(t *testing.T) { + data := viewerCertificateConfSetIAM() + vc := expandViewerCertificate(data) + if vc.ACMCertificateArn != nil { + t.Fatalf("Expected ACMCertificateArn to be unset, got %v", *vc.ACMCertificateArn) + } + if vc.CloudFrontDefaultCertificate != nil { + t.Fatalf("Expected CloudFrontDefaultCertificate to be unset, got %v", *vc.CloudFrontDefaultCertificate) + } + if *vc.IAMCertificateId != "iamcert-01234567" { + t.Fatalf("Expected IAMCertificateId to be iamcert-01234567, got %v", *vc.IAMCertificateId) + } + if *vc.SSLSupportMethod != "vip" { + t.Fatalf("Expected IAMCertificateId to be vip, got %v", *vc.SSLSupportMethod) + } + if *vc.MinimumProtocolVersion != "TLSv1" { + t.Fatalf("Expected IAMCertificateId to be TLSv1, got %v", *vc.MinimumProtocolVersion) + } +} + +func TestCloudFrontStructure_expandViewerCertificate_acm_certificate_arn(t *testing.T) { + data := viewerCertificateConfSetACM() + vc := expandViewerCertificate(data) + if *vc.ACMCertificateArn != "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012" { + t.Fatalf("Expected ACMCertificateArn to be arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012, got %v", *vc.ACMCertificateArn) + } + if vc.CloudFrontDefaultCertificate != nil { + t.Fatalf("Expected CloudFrontDefaultCertificate to be unset, got %v", *vc.CloudFrontDefaultCertificate) + } + if vc.IAMCertificateId != nil { + t.Fatalf("Expected IAMCertificateId to be unset, got %v", *vc.IAMCertificateId) + } + if *vc.SSLSupportMethod != "sni-only" { + t.Fatalf("Expected IAMCertificateId to be sni-only, got %v", *vc.SSLSupportMethod) + } + if *vc.MinimumProtocolVersion != "TLSv1" { + t.Fatalf("Expected IAMCertificateId to be TLSv1, got %v", *vc.MinimumProtocolVersion) + } +} + +func TestCloudFrontStructure_falttenViewerCertificate_iam_certificate_id(t *testing.T) { + in := viewerCertificateConfSetIAM() + vc := expandViewerCertificate(in) + out := flattenViewerCertificate(vc) + diff := schema.NewSet(viewerCertificateHash, []interface{}{in}).Difference(out) + + if len(diff.List()) > 0 { + t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff) + } +} + +func TestCloudFrontStructure_falttenViewerCertificate_acm_certificate_arn(t *testing.T) { + in := viewerCertificateConfSetACM() + vc := expandViewerCertificate(in) + out := flattenViewerCertificate(vc) + diff := schema.NewSet(viewerCertificateHash, []interface{}{in}).Difference(out) + + if len(diff.List()) > 0 { + t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff) + } +} diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go index 78afd92ceafc..040d029ebfc1 100644 --- a/builtin/providers/aws/provider.go +++ b/builtin/providers/aws/provider.go @@ -129,7 +129,8 @@ func Provider() terraform.ResourceProvider { "aws_autoscaling_policy": resourceAwsAutoscalingPolicy(), "aws_autoscaling_schedule": resourceAwsAutoscalingSchedule(), "aws_cloudformation_stack": resourceAwsCloudFormationStack(), - "aws_cloudfront_web_distribution": resourceAwsCloudFrontWebDistribution(), + "aws_cloudfront_distribution": resourceAwsCloudFrontDistribution(), + "aws_cloudfront_origin_access_identity": resourceAwsCloudFrontOriginAccessIdentity(), "aws_cloudtrail": resourceAwsCloudTrail(), "aws_cloudwatch_event_rule": resourceAwsCloudWatchEventRule(), "aws_cloudwatch_event_target": resourceAwsCloudWatchEventTarget(), diff --git a/builtin/providers/aws/resource_aws_cloudfront_distribution.go b/builtin/providers/aws/resource_aws_cloudfront_distribution.go new file mode 100644 index 000000000000..e5889faeea36 --- /dev/null +++ b/builtin/providers/aws/resource_aws_cloudfront_distribution.go @@ -0,0 +1,595 @@ +package aws + +import ( + "log" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/cloudfront" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsCloudFrontDistribution() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsCloudFrontDistributionCreate, + Read: resourceAwsCloudFrontDistributionRead, + Update: resourceAwsCloudFrontDistributionUpdate, + Delete: resourceAwsCloudFrontDistributionDelete, + + Schema: map[string]*schema.Schema{ + "aliases": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: aliasesHash, + }, + "cache_behavior": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Set: cacheBehaviorHash, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "allowed_methods": &schema.Schema{ + Type: schema.TypeList, + Required: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "cached_methods": &schema.Schema{ + Type: schema.TypeList, + Required: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "compress": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + Default: false, + }, + "default_ttl": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "forwarded_values": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + Set: forwardedValuesHash, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "cookies": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Set: cookiePreferenceHash, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "forward": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "whitelisted_names": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + }, + }, + "headers": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "query_string": &schema.Schema{ + Type: schema.TypeBool, + Required: true, + }, + }, + }, + }, + "max_ttl": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "min_ttl": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "path_pattern": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "smooth_streaming": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + }, + "target_origin_id": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "trusted_signers": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "viewer_protocol_policy": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + "comment": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + }, + "custom_error_response": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Set: customErrorResponseHash, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "error_caching_min_ttl": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + }, + "error_code": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "response_code": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + }, + "response_page_path": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + }, + }, + }, + }, + "default_cache_behavior": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + Set: defaultCacheBehaviorHash, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "allowed_methods": &schema.Schema{ + Type: schema.TypeList, + Required: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "cached_methods": &schema.Schema{ + Type: schema.TypeList, + Required: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "compress": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + Default: false, + }, + "default_ttl": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "forwarded_values": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + Set: forwardedValuesHash, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "cookies": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Set: cookiePreferenceHash, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "forward": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "whitelisted_names": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + }, + }, + "headers": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "query_string": &schema.Schema{ + Type: schema.TypeBool, + Required: true, + }, + }, + }, + }, + "max_ttl": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "min_ttl": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "smooth_streaming": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + }, + "target_origin_id": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "trusted_signers": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "viewer_protocol_policy": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + "default_root_object": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + }, + "enabled": &schema.Schema{ + Type: schema.TypeBool, + Required: true, + }, + "logging_config": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Set: loggingConfigHash, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "bucket": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "include_cookies": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + Default: false, + }, + "prefix": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "", + }, + }, + }, + }, + "origin": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + Set: originHash, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "custom_origin_config": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + ConflictsWith: []string{"origin.s3_origin_config"}, + Set: customOriginConfigHash, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "http_port": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "https_port": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "origin_protocol_policy": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "origin_ssl_protocols": &schema.Schema{ + Type: schema.TypeList, + Required: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + }, + }, + "domain_name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "custom_header": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Set: originCustomHeaderHash, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "value": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + "origin_id": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "origin_path": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + }, + "s3_origin_config": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + ConflictsWith: []string{"origin.custom_origin_config"}, + Set: s3OriginConfigHash, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "origin_access_identity": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "", + }, + }, + }, + }, + }, + }, + }, + "price_class": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "PriceClass_All", + }, + "restrictions": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + Set: restrictionsHash, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "geo_restriction": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + Set: geoRestrictionHash, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "locations": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "restriction_type": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, + }, + }, + }, + "viewer_certificate": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + Set: viewerCertificateHash, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "acm_certificate_arn": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ConflictsWith: []string{"viewer_certificate.cloudfront_default_certificate", "viewer_certificate.iam_certificate_id"}, + }, + "cloudfront_default_certificate": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + ConflictsWith: []string{"viewer_certificate.acm_certificate_arn", "viewer_certificate.iam_certificate_id"}, + }, + "iam_certificate_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ConflictsWith: []string{"viewer_certificate.acm_certificate_arn", "viewer_certificate.cloudfront_default_certificate"}, + }, + "minimum_protocol_version": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "SSLv3", + }, + "ssl_support_method": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + }, + }, + }, + }, + "web_acl_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + }, + "caller_reference": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "status": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "active_trusted_signers": &schema.Schema{ + Type: schema.TypeMap, + Computed: true, + }, + "domain_name": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "last_modified_time": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "in_progress_validation_batches": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + }, + "etag": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + // retain_on_delete is a non-API attribute that may help facilitate speedy + // deletion of a resoruce. It's mainly here for testing purposes, so + // enable at your own risk. + "retain_on_delete": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + Default: false, + }, + }, + } +} + +func resourceAwsCloudFrontDistributionCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).cloudfrontconn + params := &cloudfront.CreateDistributionInput{ + DistributionConfig: expandDistributionConfig(d), + } + + resp, err := conn.CreateDistribution(params) + if err != nil { + return err + } + d.SetId(*resp.Distribution.Id) + return resourceAwsCloudFrontDistributionRead(d, meta) +} + +func resourceAwsCloudFrontDistributionRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).cloudfrontconn + params := &cloudfront.GetDistributionInput{ + Id: aws.String(d.Id()), + } + + resp, err := conn.GetDistribution(params) + if err != nil { + return err + } + + // Update attributes from DistributionConfig + flattenDistributionConfig(d, resp.Distribution.DistributionConfig) + // Update other attributes outside of DistributionConfig + d.SetId(*resp.Distribution.Id) + d.Set("active_trusted_signers", flattenActiveTrustedSigners(resp.Distribution.ActiveTrustedSigners)) + d.Set("status", *resp.Distribution.Status) + d.Set("domain_name", *resp.Distribution.DomainName) + d.Set("last_modified_time", aws.String(resp.Distribution.LastModifiedTime.String())) + d.Set("in_progress_validation_batches", *resp.Distribution.InProgressInvalidationBatches) + d.Set("etag", *resp.ETag) + return nil +} + +func resourceAwsCloudFrontDistributionUpdate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).cloudfrontconn + params := &cloudfront.UpdateDistributionInput{ + Id: aws.String(d.Id()), + DistributionConfig: expandDistributionConfig(d), + IfMatch: aws.String(d.Get("etag").(string)), + } + _, err := conn.UpdateDistribution(params) + if err != nil { + return err + } + + return resourceAwsCloudFrontDistributionRead(d, meta) +} + +func resourceAwsCloudFrontDistributionDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).cloudfrontconn + + // manually disable the distribution first + d.Set("enabled", false) + err := resourceAwsCloudFrontDistributionUpdate(d, meta) + if err != nil { + return err + } + + // skip delete if retain_on_delete is enabled + if d.Get("retain_on_delete").(bool) { + log.Printf("[WARN] Removing Distribtuion ID %s with retain_on_delete set. Please delete this distribution manually.", d.Id()) + d.SetId("") + return nil + } + + // Distribution needs to be in deployed state again before it can be deleted. + resourceAwsCloudFrontDistributionWaitUntilDeployed(d.Id(), meta) + + // now delete + params := &cloudfront.DeleteDistributionInput{ + Id: aws.String(d.Id()), + IfMatch: aws.String(d.Get("etag").(string)), + } + + _, err = conn.DeleteDistribution(params) + if err != nil { + return err + } + + // Done + d.SetId("") + return nil +} + +// resourceAwsCloudFrontWebDistributionWaitUntilDeployed blocks until the +// distribution is deployed. It currently takes exactly 15 minutes to deploy +// but that might change in the future. +func resourceAwsCloudFrontDistributionWaitUntilDeployed(id string, meta interface{}) error { + stateConf := &resource.StateChangeConf{ + Pending: []string{"InProgress", "Deployed"}, + Target: []string{"Deployed"}, + Refresh: resourceAwsCloudFrontWebDistributionStateRefreshFunc(id, meta), + Timeout: 40 * time.Minute, + MinTimeout: 15 * time.Second, + Delay: 10 * time.Minute, + } + + _, err := stateConf.WaitForState() + return err +} + +// The refresh function for resourceAwsCloudFrontWebDistributionWaitUntilDeployed. +func resourceAwsCloudFrontWebDistributionStateRefreshFunc(id string, meta interface{}) resource.StateRefreshFunc { + return func() (interface{}, string, error) { + conn := meta.(*AWSClient).cloudfrontconn + params := &cloudfront.GetDistributionInput{ + Id: aws.String(id), + } + + resp, err := conn.GetDistribution(params) + if err != nil { + log.Printf("Error on retrieving CloudFront distribution when waiting: %s", err) + return nil, "", err + } + + if resp == nil { + return nil, "", nil + } + + return resp.Distribution, *resp.Distribution.Status, nil + } +} diff --git a/builtin/providers/aws/resource_aws_cloudfront_distribution_test.go b/builtin/providers/aws/resource_aws_cloudfront_distribution_test.go new file mode 100644 index 000000000000..7972e310bdb7 --- /dev/null +++ b/builtin/providers/aws/resource_aws_cloudfront_distribution_test.go @@ -0,0 +1,388 @@ +package aws + +import ( + "fmt" + "math/rand" + "testing" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/cloudfront" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccAWSCloudFrontDistribution_S3Origin(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckCloudFrontDistributionDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSCloudFrontDistributionS3Config, + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudFrontDistributionExistence( + "aws_cloudfront_distribution.s3_distribution", + ), + ), + }, + }, + }) +} + +func TestAccAWSCloudFrontDistribution_customOrigin(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckCloudFrontDistributionDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSCloudFrontDistributionCustomConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudFrontDistributionExistence( + "aws_cloudfront_distribution.custom_distribution", + ), + ), + }, + }, + }) +} + +func TestAccAWSCloudFrontDistribution_multiOrigin(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckCloudFrontDistributionDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSCloudFrontDistributionMultiOriginConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudFrontDistributionExistence( + "aws_cloudfront_distribution.multi_origin_distribution", + ), + ), + }, + }, + }) +} + +func TestAccAWSCloudFrontDistribution_noOptionalItemsConfig(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckCloudFrontDistributionDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSCloudFrontDistributionNoOptionalItemsConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudFrontDistributionExistence( + "aws_cloudfront_distribution.no_optional_items", + ), + ), + }, + }, + }) +} + +func testAccCheckCloudFrontDistributionDestroy(s *terraform.State) error { + for k, rs := range s.RootModule().Resources { + if rs.Type != "aws_cloudfront_distribution" { + continue + } + dist, _ := testAccAuxCloudFrontGetDistributionConfig(s, k) + + if *dist.DistributionConfig.Enabled != false { + return fmt.Errorf("CloudFront distribution should be disabled") + } + } + return nil +} + +func testAccCheckCloudFrontDistributionExistence(cloudFrontResource string) resource.TestCheckFunc { + return func(s *terraform.State) error { + _, err := testAccAuxCloudFrontGetDistributionConfig(s, cloudFrontResource) + + return err + } +} + +func testAccAuxCloudFrontGetDistributionConfig(s *terraform.State, cloudFrontResource string) (*cloudfront.Distribution, error) { + cf, ok := s.RootModule().Resources[cloudFrontResource] + if !ok { + return nil, fmt.Errorf("Not found: %s", cloudFrontResource) + } + + if cf.Primary.ID == "" { + return nil, fmt.Errorf("No Id is set") + } + + cloudfrontconn := testAccProvider.Meta().(*AWSClient).cloudfrontconn + + req := &cloudfront.GetDistributionInput{ + Id: aws.String(cf.Primary.ID), + } + + res, err := cloudfrontconn.GetDistribution(req) + if err != nil { + return nil, fmt.Errorf("Error retrieving CloudFront distribution: %s", err) + } + + return res.Distribution, nil +} + +var testAccAWSCloudFrontDistributionS3Config = fmt.Sprintf(` +variable rand_id { + default = %d +} + +resource "aws_s3_bucket" "s3_bucket" { + bucket = "mybucket.${var.rand_id}.s3.amazonaws.com" + acl = "public-read" +} + +resource "aws_cloudfront_distribution" "s3_distribution" { + origin { + domain_name = "${aws_s3_bucket.s3_bucket.id}" + origin_id = "myS3Origin" + s3_origin_config {} + } + enabled = true + default_root_object = "index.html" + logging_config { + include_cookies = false + bucket = "mylogs.${var.rand_id}.s3.amazonaws.com" + prefix = "myprefix" + } + aliases = [ "mysite.${var.rand_id}.example.com", "yoursite.${var.rand_id}.example.com" ] + default_cache_behavior { + allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] + cached_methods = [ "GET", "HEAD" ] + target_origin_id = "myS3Origin" + forwarded_values { + query_string = false + cookies { + forward = "none" + } + } + viewer_protocol_policy = "allow-all" + min_ttl = 0 + default_ttl = 3600 + max_ttl = 86400 + } + price_class = "PriceClass_200" + restrictions { + geo_restriction { + restriction_type = "whitelist" + locations = [ "US", "CA", "GB", "DE" ] + } + } + viewer_certificate { + cloudfront_default_certificate = true + } + retain_on_delete = true +} +`, rand.New(rand.NewSource(time.Now().UnixNano())).Int()) + +var testAccAWSCloudFrontDistributionCustomConfig = fmt.Sprintf(` +variable rand_id { + default = %d +} + +resource "aws_cloudfront_distribution" "custom_distribution" { + origin { + domain_name = "www.example.com" + origin_id = "myCustomOrigin" + custom_origin_config { + http_port = 80 + https_port = 443 + origin_protocol_policy = "http-only" + origin_ssl_protocols = [ "SSLv3", "TLSv1" ] + } + } + enabled = true + comment = "Some comment" + default_root_object = "index.html" + logging_config { + include_cookies = false + bucket = "mylogs.${var.rand_id}.s3.amazonaws.com" + prefix = "myprefix" + } + aliases = [ "mysite.${var.rand_id}.example.com", "*.yoursite.${var.rand_id}.example.com" ] + default_cache_behavior { + allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] + cached_methods = [ "GET", "HEAD" ] + target_origin_id = "myCustomOrigin" + smooth_streaming = false + forwarded_values { + query_string = false + cookies { + forward = "all" + } + } + viewer_protocol_policy = "allow-all" + min_ttl = 0 + default_ttl = 3600 + max_ttl = 86400 + } + price_class = "PriceClass_200" + restrictions { + geo_restriction { + restriction_type = "whitelist" + locations = [ "US", "CA", "GB", "DE" ] + } + } + viewer_certificate { + cloudfront_default_certificate = true + } + retain_on_delete = true +} +`, rand.New(rand.NewSource(time.Now().UnixNano())).Int()) + +var testAccAWSCloudFrontDistributionMultiOriginConfig = fmt.Sprintf(` +variable rand_id { + default = %d +} + +resource "aws_s3_bucket" "s3_bucket" { + bucket = "mybucket.${var.rand_id}.s3.amazonaws.com" + acl = "public-read" +} + +resource "aws_cloudfront_distribution" "multi_origin_distribution" { + origin { + domain_name = "${aws_s3_bucket.s3_bucket.id}" + origin_id = "myS3Origin" + s3_origin_config {} + } + origin { + domain_name = "www.example.com" + origin_id = "myCustomOrigin" + custom_origin_config { + http_port = 80 + https_port = 443 + origin_protocol_policy = "http-only" + origin_ssl_protocols = [ "SSLv3", "TLSv1" ] + } + } + enabled = true + comment = "Some comment" + default_root_object = "index.html" + logging_config { + include_cookies = false + bucket = "mylogs.${var.rand_id}.s3.amazonaws.com" + prefix = "myprefix" + } + aliases = [ "mysite.${var.rand_id}.example.com", "*.yoursite.${var.rand_id}.example.com" ] + default_cache_behavior { + allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] + cached_methods = [ "GET", "HEAD" ] + target_origin_id = "myS3Origin" + smooth_streaming = true + forwarded_values { + query_string = false + cookies { + forward = "all" + } + } + min_ttl = 100 + default_ttl = 100 + max_ttl = 100 + viewer_protocol_policy = "allow-all" + } + cache_behavior { + allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] + cached_methods = [ "GET", "HEAD" ] + target_origin_id = "myS3Origin" + forwarded_values { + query_string = true + cookies { + forward = "none" + } + } + min_ttl = 50 + default_ttl = 50 + max_ttl = 50 + viewer_protocol_policy = "allow-all" + path_pattern = "images1/*.jpg" + } + cache_behavior { + allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] + cached_methods = [ "GET", "HEAD" ] + target_origin_id = "myCustomOrigin" + forwarded_values { + query_string = true + cookies { + forward = "none" + } + } + min_ttl = 50 + default_ttl = 50 + max_ttl = 50 + viewer_protocol_policy = "allow-all" + path_pattern = "images2/*.jpg" + } + price_class = "PriceClass_All" + custom_error_response { + error_code = 404 + response_page_path = "/error-pages/404.html" + response_code = 200 + error_caching_min_ttl = 30 + } + restrictions { + geo_restriction { + restriction_type = "none" + } + } + viewer_certificate { + cloudfront_default_certificate = true + } + retain_on_delete = true +} +`, rand.New(rand.NewSource(time.Now().UnixNano())).Int()) + +var testAccAWSCloudFrontDistributionNoOptionalItemsConfig = fmt.Sprintf(` +variable rand_id { + default = %d +} + +resource "aws_cloudfront_distribution" "no_optional_items" { + origin { + domain_name = "www.example.com" + origin_id = "myCustomOrigin" + custom_origin_config { + http_port = 80 + https_port = 443 + origin_protocol_policy = "http-only" + origin_ssl_protocols = [ "SSLv3", "TLSv1" ] + } + } + enabled = true + comment = "Some comment" + default_cache_behavior { + allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] + cached_methods = [ "GET", "HEAD" ] + target_origin_id = "myCustomOrigin" + smooth_streaming = false + forwarded_values { + query_string = false + cookies { + forward = "all" + } + } + viewer_protocol_policy = "allow-all" + min_ttl = 0 + default_ttl = 3600 + max_ttl = 86400 + } + restrictions { + geo_restriction { + restriction_type = "whitelist" + locations = [ "US", "CA", "GB", "DE" ] + } + } + viewer_certificate { + cloudfront_default_certificate = true + } + retain_on_delete = true +} +`, rand.New(rand.NewSource(time.Now().UnixNano())).Int()) diff --git a/builtin/providers/aws/resource_aws_cloudfront_origin_access_identity.go b/builtin/providers/aws/resource_aws_cloudfront_origin_access_identity.go new file mode 100644 index 000000000000..3b367f8f5055 --- /dev/null +++ b/builtin/providers/aws/resource_aws_cloudfront_origin_access_identity.go @@ -0,0 +1,130 @@ +package aws + +import ( + "fmt" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/cloudfront" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsCloudFrontOriginAccessIdentity() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsCloudFrontOriginAccessIdentityCreate, + Read: resourceAwsCloudFrontOriginAccessIdentityRead, + Update: resourceAwsCloudFrontOriginAccessIdentityUpdate, + Delete: resourceAwsCloudFrontOriginAccessIdentityDelete, + + Schema: map[string]*schema.Schema{ + "comment": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "", + }, + "caller_reference": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "cloudfront_access_identity_path": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "etag": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "s3_canonical_user_id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + }, + } +} + +func resourceAwsCloudFrontOriginAccessIdentityCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).cloudfrontconn + params := &cloudfront.CreateCloudFrontOriginAccessIdentityInput{ + CloudFrontOriginAccessIdentityConfig: expandOriginAccessIdentityConfig(d), + } + + resp, err := conn.CreateCloudFrontOriginAccessIdentity(params) + if err != nil { + return err + } + d.SetId(*resp.CloudFrontOriginAccessIdentity.Id) + return resourceAwsCloudFrontOriginAccessIdentityRead(d, meta) +} + +func resourceAwsCloudFrontOriginAccessIdentityRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).cloudfrontconn + params := &cloudfront.GetCloudFrontOriginAccessIdentityInput{ + Id: aws.String(d.Id()), + } + + resp, err := conn.GetCloudFrontOriginAccessIdentity(params) + if err != nil { + return err + } + + // Update attributes from DistributionConfig + flattenOriginAccessIdentityConfig(d, resp.CloudFrontOriginAccessIdentity.CloudFrontOriginAccessIdentityConfig) + // Update other attributes outside of DistributionConfig + d.SetId(*resp.CloudFrontOriginAccessIdentity.Id) + d.Set("etag", *resp.ETag) + d.Set("s3_canonical_user_id", *resp.CloudFrontOriginAccessIdentity.S3CanonicalUserId) + d.Set("cloudfront_access_identity_path", fmt.Sprintf("origin-access-identity/cloudfront/%s", *resp.CloudFrontOriginAccessIdentity.Id)) + return nil +} + +func resourceAwsCloudFrontOriginAccessIdentityUpdate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).cloudfrontconn + params := &cloudfront.UpdateCloudFrontOriginAccessIdentityInput{ + Id: aws.String(d.Id()), + CloudFrontOriginAccessIdentityConfig: expandOriginAccessIdentityConfig(d), + IfMatch: aws.String(d.Get("etag").(string)), + } + _, err := conn.UpdateCloudFrontOriginAccessIdentity(params) + if err != nil { + return err + } + + return resourceAwsCloudFrontOriginAccessIdentityRead(d, meta) +} + +func resourceAwsCloudFrontOriginAccessIdentityDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).cloudfrontconn + params := &cloudfront.DeleteCloudFrontOriginAccessIdentityInput{ + Id: aws.String(d.Id()), + IfMatch: aws.String(d.Get("etag").(string)), + } + + _, err := conn.DeleteCloudFrontOriginAccessIdentity(params) + if err != nil { + return err + } + + // Done + d.SetId("") + return nil +} + +func expandOriginAccessIdentityConfig(d *schema.ResourceData) *cloudfront.OriginAccessIdentityConfig { + originAccessIdentityConfig := &cloudfront.OriginAccessIdentityConfig{ + Comment: aws.String(d.Get("comment").(string)), + } + // This sets CallerReference if it's still pending computation (ie: new resource) + if v, ok := d.GetOk("caller_reference"); ok == false { + originAccessIdentityConfig.CallerReference = aws.String(time.Now().Format(time.RFC3339Nano)) + } else { + originAccessIdentityConfig.CallerReference = aws.String(v.(string)) + } + return originAccessIdentityConfig +} + +func flattenOriginAccessIdentityConfig(d *schema.ResourceData, originAccessIdentityConfig *cloudfront.OriginAccessIdentityConfig) { + if originAccessIdentityConfig.Comment != nil { + d.Set("comment", *originAccessIdentityConfig.Comment) + } + d.Set("caller_reference", *originAccessIdentityConfig.CallerReference) +} diff --git a/builtin/providers/aws/resource_aws_cloudfront_origin_access_identity_test.go b/builtin/providers/aws/resource_aws_cloudfront_origin_access_identity_test.go new file mode 100644 index 000000000000..d73b8e033242 --- /dev/null +++ b/builtin/providers/aws/resource_aws_cloudfront_origin_access_identity_test.go @@ -0,0 +1,119 @@ +package aws + +import ( + "fmt" + "regexp" + "testing" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/cloudfront" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccAWSCloudFrontOriginAccessIdentity_basic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckCloudFrontOriginAccessIdentityDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSCloudFrontOriginAccessIdentityConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudFrontOriginAccessIdentityExistence("aws_cloudfront_origin_access_identity.origin_access_identity"), + resource.TestCheckResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity", "comment", "some comment"), + resource.TestMatchResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity", + "caller_reference", + regexp.MustCompile("^20[0-9]{2}.*")), + resource.TestMatchResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity", + "s3_canonical_user_id", + regexp.MustCompile("^[a-z0-9]+")), + resource.TestMatchResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity", + "cloudfront_access_identity_path", + regexp.MustCompile("^origin-access-identity/cloudfront/[A-Z0-9]+")), + ), + }, + }, + }) +} + +func TestAccAWSCloudFrontOriginAccessIdentity_noComment(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckCloudFrontOriginAccessIdentityDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccAWSCloudFrontOriginAccessIdentityNoCommentConfig, + Check: resource.ComposeTestCheckFunc( + testAccCheckCloudFrontOriginAccessIdentityExistence("aws_cloudfront_origin_access_identity.origin_access_identity"), + resource.TestMatchResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity", + "caller_reference", + regexp.MustCompile("^20[0-9]{2}.*")), + resource.TestMatchResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity", + "s3_canonical_user_id", + regexp.MustCompile("^[a-z0-9]+")), + resource.TestMatchResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity", + "cloudfront_access_identity_path", + regexp.MustCompile("^origin-access-identity/cloudfront/[A-Z0-9]+")), + ), + }, + }, + }) +} + +func testAccCheckCloudFrontOriginAccessIdentityDestroy(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).cloudfrontconn + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_cloudfront_origin_access_identity" { + continue + } + + params := &cloudfront.GetCloudFrontOriginAccessIdentityInput{ + Id: aws.String(rs.Primary.ID), + } + + _, err := conn.GetCloudFrontOriginAccessIdentity(params) + if err == nil { + return fmt.Errorf("CloudFront origin access identity was not deleted") + } + } + + return nil +} + +func testAccCheckCloudFrontOriginAccessIdentityExistence(r string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[r] + if !ok { + return fmt.Errorf("Not found: %s", r) + } + if rs.Primary.ID == "" { + return fmt.Errorf("No Id is set") + } + + conn := testAccProvider.Meta().(*AWSClient).cloudfrontconn + + params := &cloudfront.GetCloudFrontOriginAccessIdentityInput{ + Id: aws.String(rs.Primary.ID), + } + + _, err := conn.GetCloudFrontOriginAccessIdentity(params) + if err != nil { + return fmt.Errorf("Error retrieving CloudFront distribution: %s", err) + } + return nil + } +} + +const testAccAWSCloudFrontOriginAccessIdentityConfig = ` +resource "aws_cloudfront_origin_access_identity" "origin_access_identity" { + comment = "some comment" +} +` + +const testAccAWSCloudFrontOriginAccessIdentityNoCommentConfig = ` +resource "aws_cloudfront_origin_access_identity" "origin_access_identity" { +} +` diff --git a/builtin/providers/aws/resource_aws_cloudfront_web_distribution.go b/builtin/providers/aws/resource_aws_cloudfront_web_distribution.go deleted file mode 100644 index 0b0fb9b567f2..000000000000 --- a/builtin/providers/aws/resource_aws_cloudfront_web_distribution.go +++ /dev/null @@ -1,587 +0,0 @@ -package aws - -import ( - "fmt" - "log" - "time" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/awserr" - "github.com/aws/aws-sdk-go/service/cloudfront" - "github.com/hashicorp/terraform/helper/resource" - "github.com/hashicorp/terraform/helper/schema" -) - -func resourceAwsCloudFrontWebDistribution() *schema.Resource { - return &schema.Resource{ - Create: resourceAwsCloudFrontWebDistributionCreate, - Read: resourceAwsCloudFrontWebDistributionRead, - Update: resourceAwsCloudFrontWebDistributionUpdate, - Delete: resourceAwsCloudFrontWebDistributionDelete, - - Schema: map[string]*schema.Schema{ - "origin_domain_name": &schema.Schema{ - Type: schema.TypeString, - Required: true, - }, - - "origin_http_port": &schema.Schema{ - Type: schema.TypeInt, - Optional: true, - Default: 80, - }, - - "origin_https_port": &schema.Schema{ - Type: schema.TypeInt, - Optional: true, - Default: 443, - }, - - "origin_protocol_policy": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Default: "http-only", - }, - - "origin_path": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Default: "", - }, - - "enabled": &schema.Schema{ - Type: schema.TypeBool, - Optional: true, - Default: true, - }, - - "comment": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - }, - - "price_class": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Default: "PriceClass_All", - }, - - "default_root_object": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - }, - - "domain_name": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - }, - - "status": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - }, - - "viewer_protocol_policy": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Default: "allow-all", - }, - - "forward_cookie": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Default: "none", - }, - - "whitelisted_cookies": &schema.Schema{ - Type: schema.TypeList, - Elem: &schema.Schema{Type: schema.TypeString}, - Optional: true, - }, - - "forward_query_string": &schema.Schema{ - Type: schema.TypeBool, - Optional: true, - Default: false, - }, - - "minimum_ttl": &schema.Schema{ - Type: schema.TypeInt, - Optional: true, - Default: 0, - }, - - "maximum_ttl": &schema.Schema{ - Type: schema.TypeInt, - Optional: true, - Default: 31536000, - }, - - "default_ttl": &schema.Schema{ - Type: schema.TypeInt, - Optional: true, - Default: 86400, - }, - - "smooth_streaming": &schema.Schema{ - Type: schema.TypeBool, - Optional: true, - }, - - "allowed_methods": &schema.Schema{ - Type: schema.TypeList, - Elem: &schema.Schema{Type: schema.TypeString}, - Optional: true, - Computed: true, - }, - - "cached_methods": &schema.Schema{ - Type: schema.TypeList, - Elem: &schema.Schema{Type: schema.TypeString}, - Optional: true, - Computed: true, - }, - - "forwarded_headers": &schema.Schema{ - Type: schema.TypeList, - Elem: &schema.Schema{Type: schema.TypeString}, - Optional: true, - }, - - "logging_enabled": &schema.Schema{ - Type: schema.TypeBool, - Optional: true, - Default: false, - }, - - "logging_include_cookies": &schema.Schema{ - Type: schema.TypeBool, - Optional: true, - Default: false, - }, - - "logging_prefix": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - }, - - "logging_bucket": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - }, - - "minimum_ssl": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Default: "SSLv3", - }, - - "certificate_id": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - }, - - "ssl_support_method": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Default: "vip", - }, - - "aliases": &schema.Schema{ - Type: schema.TypeList, - Elem: &schema.Schema{Type: schema.TypeString}, - Optional: true, - }, - - "geo_restriction_type": &schema.Schema{ - Type: schema.TypeString, - Optional: true, - Default: "none", - }, - - "geo_restrictions": &schema.Schema{ - Type: schema.TypeList, - Elem: &schema.Schema{Type: schema.TypeString}, - Optional: true, - }, - - "zone_id": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - }, - }, - } -} - -func resourceAwsCloudFrontWebDistributionCreate(d *schema.ResourceData, meta interface{}) error { - cloudfrontconn := meta.(*AWSClient).cloudfrontconn - - // CloudFront distribution configurations require a unique Caller Reference - callerReference := time.Now().Format(time.RFC3339Nano) - c, err := resourceAwsCloudFrontWebDistributionDistributionConfig(d, meta, &callerReference) - if err != nil { - return err - } - - res, err := cloudfrontconn.CreateDistribution(&cloudfront.CreateDistributionInput{ - DistributionConfig: c, - }) - - if err != nil { - return fmt.Errorf("Error creating CloudFront distribution: %s", err) - } - - d.SetId(*res.Distribution.Id) - - err = resourceAwsCloudFrontWebDistributionWaitUntilDeployed(d, meta) - if err != nil { - return err - } - - return resourceAwsCloudFrontWebDistributionRead(d, meta) -} - -func resourceAwsCloudFrontWebDistributionRead(d *schema.ResourceData, meta interface{}) error { - v, err := resourceAwsCloudFrontWebDistributionDistributionRetrieve(d, meta) - if err != nil { - if cferr, ok := err.(awserr.Error); ok && cferr.Code() == "NoSuchDistribution" { - // Fail quietly if resource no longer exists - d.SetId("") - return nil - } - return err - } - - c := v.Distribution.DistributionConfig - d.Set("enabled", c.Enabled) - d.Set("comment", c.Comment) - d.Set("price_class", c.PriceClass) - d.Set("default_root_object", c.DefaultRootObject) - d.Set("domain_name", v.Distribution.DomainName) - d.Set("status", v.Distribution.Status) - d.Set("viewer_protocol_policy", c.DefaultCacheBehavior.ViewerProtocolPolicy) - d.Set("forward_cookie", c.DefaultCacheBehavior.ForwardedValues.Cookies) - if c.DefaultCacheBehavior.ForwardedValues.Cookies.WhitelistedNames != nil { - d.Set("whitelisted_cookies", resourceAwsCloudFrontCopyItems(c.DefaultCacheBehavior.ForwardedValues.Cookies.WhitelistedNames.Items)) - } - d.Set("forward_query_string", c.DefaultCacheBehavior.ForwardedValues.QueryString) - d.Set("minimum_ttl", c.DefaultCacheBehavior.MinTTL) - d.Set("maximum_ttl", c.DefaultCacheBehavior.MaxTTL) - d.Set("default_ttl", c.DefaultCacheBehavior.DefaultTTL) - d.Set("smooth_streaming", c.DefaultCacheBehavior.SmoothStreaming) - d.Set("allowed_methods", resourceAwsCloudFrontCopyItems(c.DefaultCacheBehavior.AllowedMethods.Items)) - d.Set("cached_methods", resourceAwsCloudFrontCopyItems(c.DefaultCacheBehavior.AllowedMethods.CachedMethods.Items)) - d.Set("forwarded_headers", resourceAwsCloudFrontCopyItems(c.DefaultCacheBehavior.ForwardedValues.Headers.Items)) - d.Set("logging_enabled", c.Logging.Enabled) - d.Set("logging_include_cookies", c.Logging.IncludeCookies) - d.Set("logging_prefix", c.Logging.Prefix) - d.Set("logging_bucket", c.Logging.Bucket) - d.Set("aliases", c.Aliases.Items) - d.Set("geo_restriction_type", c.Restrictions.GeoRestriction.RestrictionType) - d.Set("geo_restrictions", resourceAwsCloudFrontCopyItems(c.Restrictions.GeoRestriction.Items)) - d.Set("zone_id", "Z2FDTNDATAQYW2") - - d.Set("minimum_ssl", c.ViewerCertificate.MinimumProtocolVersion) - d.Set("ssl_support_method", c.ViewerCertificate.SSLSupportMethod) - if *c.ViewerCertificate.CloudFrontDefaultCertificate == true { - d.Set("certificate_id", "") - } else { - d.Set("certificate_id", c.ViewerCertificate.IAMCertificateId) - } - - // CloudFront distributions supports multiple origins. However most of the above - // configuration options also apply to a single origin which would result in - // an overwhelming API - o := c.Origins.Items[0] - d.Set("origin_domain_name", o.DomainName) - d.Set("origin_path", o.OriginPath) - d.Set("origin_http_port", o.CustomOriginConfig.HTTPPort) - d.Set("origin_https_port", o.CustomOriginConfig.HTTPSPort) - d.Set("origin_protocol_policy", o.CustomOriginConfig.OriginProtocolPolicy) - - return nil -} - -func resourceAwsCloudFrontWebDistributionUpdate(d *schema.ResourceData, meta interface{}) error { - cloudfrontconn := meta.(*AWSClient).cloudfrontconn - - // CloudFront configuration changes requires the ETag of the latest changeset - v, err := resourceAwsCloudFrontWebDistributionDistributionRetrieve(d, meta) - if err != nil { - return err - } - - c, err := resourceAwsCloudFrontWebDistributionDistributionConfig(d, meta, v.Distribution.DistributionConfig.CallerReference) - if err != nil { - return err - } - - params := &cloudfront.UpdateDistributionInput{ - DistributionConfig: c, - Id: aws.String(string(d.Id())), - IfMatch: v.ETag, - } - - _, err = cloudfrontconn.UpdateDistribution(params) - - if err != nil { - return fmt.Errorf("Error updating CloudFront distribution: %s", err) - } - - err = resourceAwsCloudFrontWebDistributionWaitUntilDeployed(d, meta) - if err != nil { - return err - } - - return resourceAwsCloudFrontWebDistributionRead(d, meta) -} - -func resourceAwsCloudFrontWebDistributionDelete(d *schema.ResourceData, meta interface{}) error { - cloudfrontconn := meta.(*AWSClient).cloudfrontconn - - v, err := resourceAwsCloudFrontWebDistributionDistributionRetrieve(d, meta) - if err != nil { - return err - } - - // Do nothing if resource no longer exists - if v == nil { - return nil - } - - // CloudFront distributions must be disabled in order to be deleted - if d.Get("enabled") == true { - d.Set("enabled", false) - - err := resourceAwsCloudFrontWebDistributionUpdate(d, meta) - if err != nil { - return err - } - - // Retrieve the latest ETag again - v, err = resourceAwsCloudFrontWebDistributionDistributionRetrieve(d, meta) - if err != nil { - return err - } - } - - params := &cloudfront.DeleteDistributionInput{ - Id: aws.String(string(d.Id())), - IfMatch: v.ETag, - } - - _, err = cloudfrontconn.DeleteDistribution(params) - - if err != nil { - return fmt.Errorf("Error deleting CloudFront distribution: %s", err) - } - - return nil -} - -func resourceAwsCloudFrontWebDistributionDistributionConfig( - d *schema.ResourceData, meta interface{}, - callerReference *string) (*cloudfront.DistributionConfig, error) { - - originId := fmt.Sprintf("%s-origin", d.Get("origin_domain_name")) - aliases := resourceAwsCloudFrontWebDistributionAwsStringLists( - d.Get("aliases")) - geoRestrictions := resourceAwsCloudFrontWebDistributionAwsStringLists( - d.Get("geo_restrictions")) - allowedMethods := resourceAwsCloudFrontWebDistributionHandleMethods( - d.Get("allowed_methods")) - cachedMethods := resourceAwsCloudFrontWebDistributionHandleMethods( - d.Get("cached_methods")) - forwardedHeaders := resourceAwsCloudFrontWebDistributionAwsStringLists( - d.Get("forwarded_headers")) - cookies := resourceAwsCloudFrontWebDistributionCookies( - d.Get("forward_cookie"), d.Get("whitelisted_cookies")) - viewerCertificate := &cloudfront.ViewerCertificate{ - MinimumProtocolVersion: aws.String(d.Get("minimum_ssl").(string)), - SSLSupportMethod: aws.String(d.Get("ssl_support_method").(string)), - } - if d.Get("certificate_id") == "" { - viewerCertificate.CloudFrontDefaultCertificate = aws.Bool(true) - } else { - viewerCertificate.IAMCertificateId = aws.String(d.Get("certificate_id").(string)) - } - - // PUT DistributionConfig requires, unlike POST, EVERY possible option to be set. - // Except for the configurable options, these are the defaults options. - return &cloudfront.DistributionConfig{ - CallerReference: callerReference, - Enabled: aws.Bool(d.Get("enabled").(bool)), - Comment: aws.String(d.Get("comment").(string)), - PriceClass: aws.String(d.Get("price_class").(string)), - DefaultRootObject: aws.String(d.Get("default_root_object").(string)), - Aliases: &cloudfront.Aliases{ - Quantity: aws.Int64(int64(len(aliases))), - Items: aliases, - }, - Origins: &cloudfront.Origins{ - Quantity: aws.Int64(1), - Items: []*cloudfront.Origin{ - &cloudfront.Origin{ - DomainName: aws.String(d.Get("origin_domain_name").(string)), - Id: aws.String(originId), - OriginPath: aws.String(d.Get("origin_path").(string)), - CustomOriginConfig: &cloudfront.CustomOriginConfig{ - HTTPPort: aws.Int64(int64(d.Get("origin_http_port").(int))), - HTTPSPort: aws.Int64(int64(d.Get("origin_https_port").(int))), - OriginProtocolPolicy: aws.String(d.Get("origin_protocol_policy").(string)), - }, - }, - }, - }, - ViewerCertificate: viewerCertificate, - Logging: &cloudfront.LoggingConfig{ - Enabled: aws.Bool(d.Get("logging_enabled").(bool)), - IncludeCookies: aws.Bool(d.Get("logging_include_cookies").(bool)), - Prefix: aws.String(d.Get("logging_prefix").(string)), - Bucket: aws.String(d.Get("logging_bucket").(string)), - }, - Restrictions: &cloudfront.Restrictions{ - GeoRestriction: &cloudfront.GeoRestriction{ - Quantity: aws.Int64(int64(len(geoRestrictions))), - RestrictionType: aws.String(d.Get("geo_restriction_type").(string)), - Items: geoRestrictions, - }, - }, - DefaultCacheBehavior: &cloudfront.DefaultCacheBehavior{ - ForwardedValues: &cloudfront.ForwardedValues{ - Cookies: cookies, - QueryString: aws.Bool(d.Get("forward_query_string").(bool)), - Headers: &cloudfront.Headers{ - Quantity: aws.Int64(int64(len(forwardedHeaders))), - Items: forwardedHeaders, - }, - }, - TargetOriginId: aws.String(originId), - ViewerProtocolPolicy: aws.String(d.Get("viewer_protocol_policy").(string)), - MinTTL: aws.Int64(int64(d.Get("minimum_ttl").(int))), - MaxTTL: aws.Int64(int64(d.Get("maximum_ttl").(int))), - DefaultTTL: aws.Int64(int64(d.Get("default_ttl").(int))), - TrustedSigners: &cloudfront.TrustedSigners{ - Enabled: aws.Bool(false), - Quantity: aws.Int64(0), - }, - SmoothStreaming: aws.Bool(d.Get("smooth_streaming").(bool)), - AllowedMethods: &cloudfront.AllowedMethods{ - Quantity: aws.Int64(int64(len(allowedMethods))), - Items: allowedMethods, - CachedMethods: &cloudfront.CachedMethods{ - Quantity: aws.Int64(int64(len(cachedMethods))), - Items: cachedMethods, - }, - }, - }, - CacheBehaviors: &cloudfront.CacheBehaviors{ - Quantity: aws.Int64(0), - }, - CustomErrorResponses: &cloudfront.CustomErrorResponses{ - Quantity: aws.Int64(0), - }, - }, nil -} - -// resourceAwsCloudFrontWebDistributionWaitUntilDeployed blocks until the -// distribution is deployed. It currently takes exactly 15 minutes to deploy -// but that might change in the future. -func resourceAwsCloudFrontWebDistributionWaitUntilDeployed( - d *schema.ResourceData, meta interface{}) error { - stateConf := &resource.StateChangeConf{ - Pending: []string{"InProgress", "Deployed"}, - Target: "Deployed", - Refresh: resourceAwsCloudFrontWebDistributionStateRefreshFunc(d, meta), - Timeout: 40 * time.Minute, - MinTimeout: 15 * time.Second, - Delay: 10 * time.Minute, - } - - _, err := stateConf.WaitForState() - return err -} - -func resourceAwsCloudFrontWebDistributionStateRefreshFunc( - d *schema.ResourceData, meta interface{}) resource.StateRefreshFunc { - return func() (interface{}, string, error) { - v, err := resourceAwsCloudFrontWebDistributionDistributionRetrieve(d, meta) - - if err != nil { - log.Printf("Error on retrieving CloudFront distribution when waiting: %s", err) - return nil, "", err - } - - if v == nil { - return nil, "", nil - } - - return v.Distribution, *v.Distribution.Status, nil - } -} - -func resourceAwsCloudFrontWebDistributionDistributionRetrieve( - d *schema.ResourceData, meta interface{}) (*cloudfront.GetDistributionOutput, error) { - cloudfrontconn := meta.(*AWSClient).cloudfrontconn - - req := &cloudfront.GetDistributionInput{ - Id: aws.String(d.Id()), - } - - res, err := cloudfrontconn.GetDistribution(req) - if err != nil { - return nil, fmt.Errorf("Error retrieving CloudFront distribution: %s", err) - } - - return res, nil -} - -func resourceAwsCloudFrontWebDistributionAwsStringLists(in interface{}) []*string { - list := in.([]interface{}) - out := make([]*string, 0, len(list)) - for _, r := range list { - s := r.(string) - out = append(out, aws.String(s)) - } - return out -} - -func resourceAwsCloudFrontWebDistributionHandleMethods(in interface{}) []*string { - // Terraform schemas does not currently support arrays as default values - if len(in.([]interface{})) == 0 { - return []*string{ - aws.String("GET"), - aws.String("HEAD"), - } - } - - return resourceAwsCloudFrontWebDistributionAwsStringLists(in) -} - -func resourceAwsCloudFrontWebDistributionCookies(a, b interface{}) *cloudfront.CookiePreference { - forwardCookie := a.(string) - - if forwardCookie != "whitelist" { - return &cloudfront.CookiePreference{ - Forward: aws.String(forwardCookie), - } - } - - whitelist := resourceAwsCloudFrontWebDistributionAwsStringLists(b) - - return &cloudfront.CookiePreference{ - Forward: aws.String(forwardCookie), - WhitelistedNames: &cloudfront.CookieNames{ - Quantity: aws.Int64(int64(len(whitelist))), - Items: whitelist, - }, - } -} - -func resourceAwsCloudFrontCopyItems(d []*string) []string { - list := make([]string, 0, len(d)) - for _, item := range d { - list = append(list, *item) - } - return list -} diff --git a/builtin/providers/aws/resource_aws_cloudfront_web_distribution_test.go b/builtin/providers/aws/resource_aws_cloudfront_web_distribution_test.go deleted file mode 100644 index d4810d449ca7..000000000000 --- a/builtin/providers/aws/resource_aws_cloudfront_web_distribution_test.go +++ /dev/null @@ -1,124 +0,0 @@ -package aws - -import ( - "fmt" - "math/rand" - "testing" - "time" - - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/cloudfront" - "github.com/hashicorp/terraform/helper/resource" - "github.com/hashicorp/terraform/terraform" -) - -func TestAccAWSCloudFront_basic(t *testing.T) { - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckCloudFrontDestroy, - Steps: []resource.TestStep{ - resource.TestStep{ - Config: testAccAWSCloudFrontConfig, - Check: resource.ComposeTestCheckFunc( - testAccCheckCloudfrontExistance( - "aws_cloudfront_web_distribution.main", - ), - ), - }, - resource.TestStep{ - Config: testAccAWSCloudFrontUpdate, - Check: resource.ComposeTestCheckFunc( - testAccCheckCloudfrontExistance( - "aws_cloudfront_web_distribution.main", - ), - testAccCheckCloudfrontCheckDistributionDisabled( - "aws_cloudfront_web_distribution.main", - ), - testAccCheckCloudfrontCheckDistributionAlias( - "aws_cloudfront_web_distribution.main", - ), - ), - }, - }, - }) -} - -func testAccCheckCloudFrontDestroy(s *terraform.State) error { - if len(s.RootModule().Resources) > 0 { - return fmt.Errorf("Expected all resources to be gone, but found: %#v", s.RootModule().Resources) - } - - return nil -} - -func testAccCheckCloudfrontExistance(cloudFrontResource string) resource.TestCheckFunc { - return func(s *terraform.State) error { - _, err := testAccAuxCloudfrontGetDistributionConfig(s, cloudFrontResource) - - return err - } -} - -func testAccCheckCloudfrontCheckDistributionDisabled(cloudFrontResource string) resource.TestCheckFunc { - return func(s *terraform.State) error { - dist, _ := testAccAuxCloudfrontGetDistributionConfig(s, cloudFrontResource) - - if *dist.DistributionConfig.Enabled != false { - return fmt.Errorf("CloudFront distribution should be disabled") - } - - return nil - } -} - -func testAccCheckCloudfrontCheckDistributionAlias(cloudFrontResource string) resource.TestCheckFunc { - return func(s *terraform.State) error { - dist, _ := testAccAuxCloudfrontGetDistributionConfig(s, cloudFrontResource) - - if len(dist.DistributionConfig.Aliases.Items) != 1 { - return fmt.Errorf("CloudFront failed updating aliases") - } - - return nil - } -} - -func testAccAuxCloudfrontGetDistributionConfig(s *terraform.State, cloudFrontResource string) (*cloudfront.Distribution, error) { - cf, ok := s.RootModule().Resources[cloudFrontResource] - if !ok { - return nil, fmt.Errorf("Not found: %s", cloudFrontResource) - } - - if cf.Primary.ID == "" { - return nil, fmt.Errorf("No Id is set") - } - - cloudfrontconn := testAccProvider.Meta().(*AWSClient).cloudfrontconn - - req := &cloudfront.GetDistributionInput{ - Id: aws.String(cf.Primary.ID), - } - - res, err := cloudfrontconn.GetDistribution(req) - if err != nil { - return nil, fmt.Errorf("Error retrieving CloudFront distribution: %s", err) - } - - return res.Distribution, nil -} - -const testAccAWSCloudFrontConfig = ` -resource "aws_cloudfront_web_distribution" "main" { - origin_domain_name = "fileserver.example.com" -} -` - -// CloudFront does not allow CNAME conflicts on the same account -var testAccAWSCloudFrontUpdate = fmt.Sprintf(` -resource "aws_cloudfront_web_distribution" "main" { - enabled = false - origin_domain_name = "fileserver.example.com" - aliases = ["static-%d.example.com"] -} -`, rand.New(rand.NewSource(time.Now().UnixNano())).Int()) diff --git a/builtin/providers/aws/structure.go b/builtin/providers/aws/structure.go index a23b1ef6ca85..2e186f812004 100644 --- a/builtin/providers/aws/structure.go +++ b/builtin/providers/aws/structure.go @@ -1077,3 +1077,23 @@ func flattenBeanstalkTrigger(list []*elasticbeanstalk.Trigger) []string { } return strs } + +// There are several parts of the AWS API that will sort lists of strings, +// causing diffs inbetweeen resources that use lists. This avoids a bit of +// code duplication for pre-sorts that can be used for things like hash +// functions, etc. +func sortInterfaceSlice(in []interface{}) []interface{} { + a := []string{} + b := []interface{}{} + for _, v := range in { + a = append(a, v.(string)) + } + + sort.Strings(a) + + for _, v := range a { + b = append(b, v) + } + + return b +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/api.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/api.go new file mode 100644 index 000000000000..cfdb35577d71 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/api.go @@ -0,0 +1,3450 @@ +// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. + +// Package cloudfront provides a client for Amazon CloudFront. +package cloudfront + +import ( + "time" + + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/restxml" +) + +const opCreateCloudFrontOriginAccessIdentity = "CreateCloudFrontOriginAccessIdentity2016_01_28" + +// CreateCloudFrontOriginAccessIdentityRequest generates a request for the CreateCloudFrontOriginAccessIdentity operation. +func (c *CloudFront) CreateCloudFrontOriginAccessIdentityRequest(input *CreateCloudFrontOriginAccessIdentityInput) (req *request.Request, output *CreateCloudFrontOriginAccessIdentityOutput) { + op := &request.Operation{ + Name: opCreateCloudFrontOriginAccessIdentity, + HTTPMethod: "POST", + HTTPPath: "/2016-01-28/origin-access-identity/cloudfront", + } + + if input == nil { + input = &CreateCloudFrontOriginAccessIdentityInput{} + } + + req = c.newRequest(op, input, output) + output = &CreateCloudFrontOriginAccessIdentityOutput{} + req.Data = output + return +} + +// Create a new origin access identity. +func (c *CloudFront) CreateCloudFrontOriginAccessIdentity(input *CreateCloudFrontOriginAccessIdentityInput) (*CreateCloudFrontOriginAccessIdentityOutput, error) { + req, out := c.CreateCloudFrontOriginAccessIdentityRequest(input) + err := req.Send() + return out, err +} + +const opCreateDistribution = "CreateDistribution2016_01_28" + +// CreateDistributionRequest generates a request for the CreateDistribution operation. +func (c *CloudFront) CreateDistributionRequest(input *CreateDistributionInput) (req *request.Request, output *CreateDistributionOutput) { + op := &request.Operation{ + Name: opCreateDistribution, + HTTPMethod: "POST", + HTTPPath: "/2016-01-28/distribution", + } + + if input == nil { + input = &CreateDistributionInput{} + } + + req = c.newRequest(op, input, output) + output = &CreateDistributionOutput{} + req.Data = output + return +} + +// Create a new distribution. +func (c *CloudFront) CreateDistribution(input *CreateDistributionInput) (*CreateDistributionOutput, error) { + req, out := c.CreateDistributionRequest(input) + err := req.Send() + return out, err +} + +const opCreateInvalidation = "CreateInvalidation2016_01_28" + +// CreateInvalidationRequest generates a request for the CreateInvalidation operation. +func (c *CloudFront) CreateInvalidationRequest(input *CreateInvalidationInput) (req *request.Request, output *CreateInvalidationOutput) { + op := &request.Operation{ + Name: opCreateInvalidation, + HTTPMethod: "POST", + HTTPPath: "/2016-01-28/distribution/{DistributionId}/invalidation", + } + + if input == nil { + input = &CreateInvalidationInput{} + } + + req = c.newRequest(op, input, output) + output = &CreateInvalidationOutput{} + req.Data = output + return +} + +// Create a new invalidation. +func (c *CloudFront) CreateInvalidation(input *CreateInvalidationInput) (*CreateInvalidationOutput, error) { + req, out := c.CreateInvalidationRequest(input) + err := req.Send() + return out, err +} + +const opCreateStreamingDistribution = "CreateStreamingDistribution2016_01_28" + +// CreateStreamingDistributionRequest generates a request for the CreateStreamingDistribution operation. +func (c *CloudFront) CreateStreamingDistributionRequest(input *CreateStreamingDistributionInput) (req *request.Request, output *CreateStreamingDistributionOutput) { + op := &request.Operation{ + Name: opCreateStreamingDistribution, + HTTPMethod: "POST", + HTTPPath: "/2016-01-28/streaming-distribution", + } + + if input == nil { + input = &CreateStreamingDistributionInput{} + } + + req = c.newRequest(op, input, output) + output = &CreateStreamingDistributionOutput{} + req.Data = output + return +} + +// Create a new streaming distribution. +func (c *CloudFront) CreateStreamingDistribution(input *CreateStreamingDistributionInput) (*CreateStreamingDistributionOutput, error) { + req, out := c.CreateStreamingDistributionRequest(input) + err := req.Send() + return out, err +} + +const opDeleteCloudFrontOriginAccessIdentity = "DeleteCloudFrontOriginAccessIdentity2016_01_28" + +// DeleteCloudFrontOriginAccessIdentityRequest generates a request for the DeleteCloudFrontOriginAccessIdentity operation. +func (c *CloudFront) DeleteCloudFrontOriginAccessIdentityRequest(input *DeleteCloudFrontOriginAccessIdentityInput) (req *request.Request, output *DeleteCloudFrontOriginAccessIdentityOutput) { + op := &request.Operation{ + Name: opDeleteCloudFrontOriginAccessIdentity, + HTTPMethod: "DELETE", + HTTPPath: "/2016-01-28/origin-access-identity/cloudfront/{Id}", + } + + if input == nil { + input = &DeleteCloudFrontOriginAccessIdentityInput{} + } + + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + output = &DeleteCloudFrontOriginAccessIdentityOutput{} + req.Data = output + return +} + +// Delete an origin access identity. +func (c *CloudFront) DeleteCloudFrontOriginAccessIdentity(input *DeleteCloudFrontOriginAccessIdentityInput) (*DeleteCloudFrontOriginAccessIdentityOutput, error) { + req, out := c.DeleteCloudFrontOriginAccessIdentityRequest(input) + err := req.Send() + return out, err +} + +const opDeleteDistribution = "DeleteDistribution2016_01_28" + +// DeleteDistributionRequest generates a request for the DeleteDistribution operation. +func (c *CloudFront) DeleteDistributionRequest(input *DeleteDistributionInput) (req *request.Request, output *DeleteDistributionOutput) { + op := &request.Operation{ + Name: opDeleteDistribution, + HTTPMethod: "DELETE", + HTTPPath: "/2016-01-28/distribution/{Id}", + } + + if input == nil { + input = &DeleteDistributionInput{} + } + + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + output = &DeleteDistributionOutput{} + req.Data = output + return +} + +// Delete a distribution. +func (c *CloudFront) DeleteDistribution(input *DeleteDistributionInput) (*DeleteDistributionOutput, error) { + req, out := c.DeleteDistributionRequest(input) + err := req.Send() + return out, err +} + +const opDeleteStreamingDistribution = "DeleteStreamingDistribution2016_01_28" + +// DeleteStreamingDistributionRequest generates a request for the DeleteStreamingDistribution operation. +func (c *CloudFront) DeleteStreamingDistributionRequest(input *DeleteStreamingDistributionInput) (req *request.Request, output *DeleteStreamingDistributionOutput) { + op := &request.Operation{ + Name: opDeleteStreamingDistribution, + HTTPMethod: "DELETE", + HTTPPath: "/2016-01-28/streaming-distribution/{Id}", + } + + if input == nil { + input = &DeleteStreamingDistributionInput{} + } + + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Remove(restxml.UnmarshalHandler) + req.Handlers.Unmarshal.PushBackNamed(protocol.UnmarshalDiscardBodyHandler) + output = &DeleteStreamingDistributionOutput{} + req.Data = output + return +} + +// Delete a streaming distribution. +func (c *CloudFront) DeleteStreamingDistribution(input *DeleteStreamingDistributionInput) (*DeleteStreamingDistributionOutput, error) { + req, out := c.DeleteStreamingDistributionRequest(input) + err := req.Send() + return out, err +} + +const opGetCloudFrontOriginAccessIdentity = "GetCloudFrontOriginAccessIdentity2016_01_28" + +// GetCloudFrontOriginAccessIdentityRequest generates a request for the GetCloudFrontOriginAccessIdentity operation. +func (c *CloudFront) GetCloudFrontOriginAccessIdentityRequest(input *GetCloudFrontOriginAccessIdentityInput) (req *request.Request, output *GetCloudFrontOriginAccessIdentityOutput) { + op := &request.Operation{ + Name: opGetCloudFrontOriginAccessIdentity, + HTTPMethod: "GET", + HTTPPath: "/2016-01-28/origin-access-identity/cloudfront/{Id}", + } + + if input == nil { + input = &GetCloudFrontOriginAccessIdentityInput{} + } + + req = c.newRequest(op, input, output) + output = &GetCloudFrontOriginAccessIdentityOutput{} + req.Data = output + return +} + +// Get the information about an origin access identity. +func (c *CloudFront) GetCloudFrontOriginAccessIdentity(input *GetCloudFrontOriginAccessIdentityInput) (*GetCloudFrontOriginAccessIdentityOutput, error) { + req, out := c.GetCloudFrontOriginAccessIdentityRequest(input) + err := req.Send() + return out, err +} + +const opGetCloudFrontOriginAccessIdentityConfig = "GetCloudFrontOriginAccessIdentityConfig2016_01_28" + +// GetCloudFrontOriginAccessIdentityConfigRequest generates a request for the GetCloudFrontOriginAccessIdentityConfig operation. +func (c *CloudFront) GetCloudFrontOriginAccessIdentityConfigRequest(input *GetCloudFrontOriginAccessIdentityConfigInput) (req *request.Request, output *GetCloudFrontOriginAccessIdentityConfigOutput) { + op := &request.Operation{ + Name: opGetCloudFrontOriginAccessIdentityConfig, + HTTPMethod: "GET", + HTTPPath: "/2016-01-28/origin-access-identity/cloudfront/{Id}/config", + } + + if input == nil { + input = &GetCloudFrontOriginAccessIdentityConfigInput{} + } + + req = c.newRequest(op, input, output) + output = &GetCloudFrontOriginAccessIdentityConfigOutput{} + req.Data = output + return +} + +// Get the configuration information about an origin access identity. +func (c *CloudFront) GetCloudFrontOriginAccessIdentityConfig(input *GetCloudFrontOriginAccessIdentityConfigInput) (*GetCloudFrontOriginAccessIdentityConfigOutput, error) { + req, out := c.GetCloudFrontOriginAccessIdentityConfigRequest(input) + err := req.Send() + return out, err +} + +const opGetDistribution = "GetDistribution2016_01_28" + +// GetDistributionRequest generates a request for the GetDistribution operation. +func (c *CloudFront) GetDistributionRequest(input *GetDistributionInput) (req *request.Request, output *GetDistributionOutput) { + op := &request.Operation{ + Name: opGetDistribution, + HTTPMethod: "GET", + HTTPPath: "/2016-01-28/distribution/{Id}", + } + + if input == nil { + input = &GetDistributionInput{} + } + + req = c.newRequest(op, input, output) + output = &GetDistributionOutput{} + req.Data = output + return +} + +// Get the information about a distribution. +func (c *CloudFront) GetDistribution(input *GetDistributionInput) (*GetDistributionOutput, error) { + req, out := c.GetDistributionRequest(input) + err := req.Send() + return out, err +} + +const opGetDistributionConfig = "GetDistributionConfig2016_01_28" + +// GetDistributionConfigRequest generates a request for the GetDistributionConfig operation. +func (c *CloudFront) GetDistributionConfigRequest(input *GetDistributionConfigInput) (req *request.Request, output *GetDistributionConfigOutput) { + op := &request.Operation{ + Name: opGetDistributionConfig, + HTTPMethod: "GET", + HTTPPath: "/2016-01-28/distribution/{Id}/config", + } + + if input == nil { + input = &GetDistributionConfigInput{} + } + + req = c.newRequest(op, input, output) + output = &GetDistributionConfigOutput{} + req.Data = output + return +} + +// Get the configuration information about a distribution. +func (c *CloudFront) GetDistributionConfig(input *GetDistributionConfigInput) (*GetDistributionConfigOutput, error) { + req, out := c.GetDistributionConfigRequest(input) + err := req.Send() + return out, err +} + +const opGetInvalidation = "GetInvalidation2016_01_28" + +// GetInvalidationRequest generates a request for the GetInvalidation operation. +func (c *CloudFront) GetInvalidationRequest(input *GetInvalidationInput) (req *request.Request, output *GetInvalidationOutput) { + op := &request.Operation{ + Name: opGetInvalidation, + HTTPMethod: "GET", + HTTPPath: "/2016-01-28/distribution/{DistributionId}/invalidation/{Id}", + } + + if input == nil { + input = &GetInvalidationInput{} + } + + req = c.newRequest(op, input, output) + output = &GetInvalidationOutput{} + req.Data = output + return +} + +// Get the information about an invalidation. +func (c *CloudFront) GetInvalidation(input *GetInvalidationInput) (*GetInvalidationOutput, error) { + req, out := c.GetInvalidationRequest(input) + err := req.Send() + return out, err +} + +const opGetStreamingDistribution = "GetStreamingDistribution2016_01_28" + +// GetStreamingDistributionRequest generates a request for the GetStreamingDistribution operation. +func (c *CloudFront) GetStreamingDistributionRequest(input *GetStreamingDistributionInput) (req *request.Request, output *GetStreamingDistributionOutput) { + op := &request.Operation{ + Name: opGetStreamingDistribution, + HTTPMethod: "GET", + HTTPPath: "/2016-01-28/streaming-distribution/{Id}", + } + + if input == nil { + input = &GetStreamingDistributionInput{} + } + + req = c.newRequest(op, input, output) + output = &GetStreamingDistributionOutput{} + req.Data = output + return +} + +// Get the information about a streaming distribution. +func (c *CloudFront) GetStreamingDistribution(input *GetStreamingDistributionInput) (*GetStreamingDistributionOutput, error) { + req, out := c.GetStreamingDistributionRequest(input) + err := req.Send() + return out, err +} + +const opGetStreamingDistributionConfig = "GetStreamingDistributionConfig2016_01_28" + +// GetStreamingDistributionConfigRequest generates a request for the GetStreamingDistributionConfig operation. +func (c *CloudFront) GetStreamingDistributionConfigRequest(input *GetStreamingDistributionConfigInput) (req *request.Request, output *GetStreamingDistributionConfigOutput) { + op := &request.Operation{ + Name: opGetStreamingDistributionConfig, + HTTPMethod: "GET", + HTTPPath: "/2016-01-28/streaming-distribution/{Id}/config", + } + + if input == nil { + input = &GetStreamingDistributionConfigInput{} + } + + req = c.newRequest(op, input, output) + output = &GetStreamingDistributionConfigOutput{} + req.Data = output + return +} + +// Get the configuration information about a streaming distribution. +func (c *CloudFront) GetStreamingDistributionConfig(input *GetStreamingDistributionConfigInput) (*GetStreamingDistributionConfigOutput, error) { + req, out := c.GetStreamingDistributionConfigRequest(input) + err := req.Send() + return out, err +} + +const opListCloudFrontOriginAccessIdentities = "ListCloudFrontOriginAccessIdentities2016_01_28" + +// ListCloudFrontOriginAccessIdentitiesRequest generates a request for the ListCloudFrontOriginAccessIdentities operation. +func (c *CloudFront) ListCloudFrontOriginAccessIdentitiesRequest(input *ListCloudFrontOriginAccessIdentitiesInput) (req *request.Request, output *ListCloudFrontOriginAccessIdentitiesOutput) { + op := &request.Operation{ + Name: opListCloudFrontOriginAccessIdentities, + HTTPMethod: "GET", + HTTPPath: "/2016-01-28/origin-access-identity/cloudfront", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"CloudFrontOriginAccessIdentityList.NextMarker"}, + LimitToken: "MaxItems", + TruncationToken: "CloudFrontOriginAccessIdentityList.IsTruncated", + }, + } + + if input == nil { + input = &ListCloudFrontOriginAccessIdentitiesInput{} + } + + req = c.newRequest(op, input, output) + output = &ListCloudFrontOriginAccessIdentitiesOutput{} + req.Data = output + return +} + +// List origin access identities. +func (c *CloudFront) ListCloudFrontOriginAccessIdentities(input *ListCloudFrontOriginAccessIdentitiesInput) (*ListCloudFrontOriginAccessIdentitiesOutput, error) { + req, out := c.ListCloudFrontOriginAccessIdentitiesRequest(input) + err := req.Send() + return out, err +} + +func (c *CloudFront) ListCloudFrontOriginAccessIdentitiesPages(input *ListCloudFrontOriginAccessIdentitiesInput, fn func(p *ListCloudFrontOriginAccessIdentitiesOutput, lastPage bool) (shouldContinue bool)) error { + page, _ := c.ListCloudFrontOriginAccessIdentitiesRequest(input) + page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator")) + return page.EachPage(func(p interface{}, lastPage bool) bool { + return fn(p.(*ListCloudFrontOriginAccessIdentitiesOutput), lastPage) + }) +} + +const opListDistributions = "ListDistributions2016_01_28" + +// ListDistributionsRequest generates a request for the ListDistributions operation. +func (c *CloudFront) ListDistributionsRequest(input *ListDistributionsInput) (req *request.Request, output *ListDistributionsOutput) { + op := &request.Operation{ + Name: opListDistributions, + HTTPMethod: "GET", + HTTPPath: "/2016-01-28/distribution", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"DistributionList.NextMarker"}, + LimitToken: "MaxItems", + TruncationToken: "DistributionList.IsTruncated", + }, + } + + if input == nil { + input = &ListDistributionsInput{} + } + + req = c.newRequest(op, input, output) + output = &ListDistributionsOutput{} + req.Data = output + return +} + +// List distributions. +func (c *CloudFront) ListDistributions(input *ListDistributionsInput) (*ListDistributionsOutput, error) { + req, out := c.ListDistributionsRequest(input) + err := req.Send() + return out, err +} + +func (c *CloudFront) ListDistributionsPages(input *ListDistributionsInput, fn func(p *ListDistributionsOutput, lastPage bool) (shouldContinue bool)) error { + page, _ := c.ListDistributionsRequest(input) + page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator")) + return page.EachPage(func(p interface{}, lastPage bool) bool { + return fn(p.(*ListDistributionsOutput), lastPage) + }) +} + +const opListDistributionsByWebACLId = "ListDistributionsByWebACLId2016_01_28" + +// ListDistributionsByWebACLIdRequest generates a request for the ListDistributionsByWebACLId operation. +func (c *CloudFront) ListDistributionsByWebACLIdRequest(input *ListDistributionsByWebACLIdInput) (req *request.Request, output *ListDistributionsByWebACLIdOutput) { + op := &request.Operation{ + Name: opListDistributionsByWebACLId, + HTTPMethod: "GET", + HTTPPath: "/2016-01-28/distributionsByWebACLId/{WebACLId}", + } + + if input == nil { + input = &ListDistributionsByWebACLIdInput{} + } + + req = c.newRequest(op, input, output) + output = &ListDistributionsByWebACLIdOutput{} + req.Data = output + return +} + +// List the distributions that are associated with a specified AWS WAF web ACL. +func (c *CloudFront) ListDistributionsByWebACLId(input *ListDistributionsByWebACLIdInput) (*ListDistributionsByWebACLIdOutput, error) { + req, out := c.ListDistributionsByWebACLIdRequest(input) + err := req.Send() + return out, err +} + +const opListInvalidations = "ListInvalidations2016_01_28" + +// ListInvalidationsRequest generates a request for the ListInvalidations operation. +func (c *CloudFront) ListInvalidationsRequest(input *ListInvalidationsInput) (req *request.Request, output *ListInvalidationsOutput) { + op := &request.Operation{ + Name: opListInvalidations, + HTTPMethod: "GET", + HTTPPath: "/2016-01-28/distribution/{DistributionId}/invalidation", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"InvalidationList.NextMarker"}, + LimitToken: "MaxItems", + TruncationToken: "InvalidationList.IsTruncated", + }, + } + + if input == nil { + input = &ListInvalidationsInput{} + } + + req = c.newRequest(op, input, output) + output = &ListInvalidationsOutput{} + req.Data = output + return +} + +// List invalidation batches. +func (c *CloudFront) ListInvalidations(input *ListInvalidationsInput) (*ListInvalidationsOutput, error) { + req, out := c.ListInvalidationsRequest(input) + err := req.Send() + return out, err +} + +func (c *CloudFront) ListInvalidationsPages(input *ListInvalidationsInput, fn func(p *ListInvalidationsOutput, lastPage bool) (shouldContinue bool)) error { + page, _ := c.ListInvalidationsRequest(input) + page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator")) + return page.EachPage(func(p interface{}, lastPage bool) bool { + return fn(p.(*ListInvalidationsOutput), lastPage) + }) +} + +const opListStreamingDistributions = "ListStreamingDistributions2016_01_28" + +// ListStreamingDistributionsRequest generates a request for the ListStreamingDistributions operation. +func (c *CloudFront) ListStreamingDistributionsRequest(input *ListStreamingDistributionsInput) (req *request.Request, output *ListStreamingDistributionsOutput) { + op := &request.Operation{ + Name: opListStreamingDistributions, + HTTPMethod: "GET", + HTTPPath: "/2016-01-28/streaming-distribution", + Paginator: &request.Paginator{ + InputTokens: []string{"Marker"}, + OutputTokens: []string{"StreamingDistributionList.NextMarker"}, + LimitToken: "MaxItems", + TruncationToken: "StreamingDistributionList.IsTruncated", + }, + } + + if input == nil { + input = &ListStreamingDistributionsInput{} + } + + req = c.newRequest(op, input, output) + output = &ListStreamingDistributionsOutput{} + req.Data = output + return +} + +// List streaming distributions. +func (c *CloudFront) ListStreamingDistributions(input *ListStreamingDistributionsInput) (*ListStreamingDistributionsOutput, error) { + req, out := c.ListStreamingDistributionsRequest(input) + err := req.Send() + return out, err +} + +func (c *CloudFront) ListStreamingDistributionsPages(input *ListStreamingDistributionsInput, fn func(p *ListStreamingDistributionsOutput, lastPage bool) (shouldContinue bool)) error { + page, _ := c.ListStreamingDistributionsRequest(input) + page.Handlers.Build.PushBack(request.MakeAddToUserAgentFreeFormHandler("Paginator")) + return page.EachPage(func(p interface{}, lastPage bool) bool { + return fn(p.(*ListStreamingDistributionsOutput), lastPage) + }) +} + +const opUpdateCloudFrontOriginAccessIdentity = "UpdateCloudFrontOriginAccessIdentity2016_01_28" + +// UpdateCloudFrontOriginAccessIdentityRequest generates a request for the UpdateCloudFrontOriginAccessIdentity operation. +func (c *CloudFront) UpdateCloudFrontOriginAccessIdentityRequest(input *UpdateCloudFrontOriginAccessIdentityInput) (req *request.Request, output *UpdateCloudFrontOriginAccessIdentityOutput) { + op := &request.Operation{ + Name: opUpdateCloudFrontOriginAccessIdentity, + HTTPMethod: "PUT", + HTTPPath: "/2016-01-28/origin-access-identity/cloudfront/{Id}/config", + } + + if input == nil { + input = &UpdateCloudFrontOriginAccessIdentityInput{} + } + + req = c.newRequest(op, input, output) + output = &UpdateCloudFrontOriginAccessIdentityOutput{} + req.Data = output + return +} + +// Update an origin access identity. +func (c *CloudFront) UpdateCloudFrontOriginAccessIdentity(input *UpdateCloudFrontOriginAccessIdentityInput) (*UpdateCloudFrontOriginAccessIdentityOutput, error) { + req, out := c.UpdateCloudFrontOriginAccessIdentityRequest(input) + err := req.Send() + return out, err +} + +const opUpdateDistribution = "UpdateDistribution2016_01_28" + +// UpdateDistributionRequest generates a request for the UpdateDistribution operation. +func (c *CloudFront) UpdateDistributionRequest(input *UpdateDistributionInput) (req *request.Request, output *UpdateDistributionOutput) { + op := &request.Operation{ + Name: opUpdateDistribution, + HTTPMethod: "PUT", + HTTPPath: "/2016-01-28/distribution/{Id}/config", + } + + if input == nil { + input = &UpdateDistributionInput{} + } + + req = c.newRequest(op, input, output) + output = &UpdateDistributionOutput{} + req.Data = output + return +} + +// Update a distribution. +func (c *CloudFront) UpdateDistribution(input *UpdateDistributionInput) (*UpdateDistributionOutput, error) { + req, out := c.UpdateDistributionRequest(input) + err := req.Send() + return out, err +} + +const opUpdateStreamingDistribution = "UpdateStreamingDistribution2016_01_28" + +// UpdateStreamingDistributionRequest generates a request for the UpdateStreamingDistribution operation. +func (c *CloudFront) UpdateStreamingDistributionRequest(input *UpdateStreamingDistributionInput) (req *request.Request, output *UpdateStreamingDistributionOutput) { + op := &request.Operation{ + Name: opUpdateStreamingDistribution, + HTTPMethod: "PUT", + HTTPPath: "/2016-01-28/streaming-distribution/{Id}/config", + } + + if input == nil { + input = &UpdateStreamingDistributionInput{} + } + + req = c.newRequest(op, input, output) + output = &UpdateStreamingDistributionOutput{} + req.Data = output + return +} + +// Update a streaming distribution. +func (c *CloudFront) UpdateStreamingDistribution(input *UpdateStreamingDistributionInput) (*UpdateStreamingDistributionOutput, error) { + req, out := c.UpdateStreamingDistributionRequest(input) + err := req.Send() + return out, err +} + +// A complex type that lists the AWS accounts, if any, that you included in +// the TrustedSigners complex type for the default cache behavior or for any +// of the other cache behaviors for this distribution. These are accounts that +// you want to allow to create signed URLs for private content. +type ActiveTrustedSigners struct { + _ struct{} `type:"structure"` + + // Each active trusted signer. + Enabled *bool `type:"boolean" required:"true"` + + // A complex type that contains one Signer complex type for each unique trusted + // signer that is specified in the TrustedSigners complex type, including trusted + // signers in the default cache behavior and in all of the other cache behaviors. + Items []*Signer `locationNameList:"Signer" type:"list"` + + // The number of unique trusted signers included in all cache behaviors. For + // example, if three cache behaviors all list the same three AWS accounts, the + // value of Quantity for ActiveTrustedSigners will be 3. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s ActiveTrustedSigners) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ActiveTrustedSigners) GoString() string { + return s.String() +} + +// A complex type that contains information about CNAMEs (alternate domain names), +// if any, for this distribution. +type Aliases struct { + _ struct{} `type:"structure"` + + // Optional: A complex type that contains CNAME elements, if any, for this distribution. + // If Quantity is 0, you can omit Items. + Items []*string `locationNameList:"CNAME" type:"list"` + + // The number of CNAMEs, if any, for this distribution. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s Aliases) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Aliases) GoString() string { + return s.String() +} + +// A complex type that controls which HTTP methods CloudFront processes and +// forwards to your Amazon S3 bucket or your custom origin. There are three +// choices: - CloudFront forwards only GET and HEAD requests. - CloudFront forwards +// only GET, HEAD and OPTIONS requests. - CloudFront forwards GET, HEAD, OPTIONS, +// PUT, PATCH, POST, and DELETE requests. If you pick the third choice, you +// may need to restrict access to your Amazon S3 bucket or to your custom origin +// so users can't perform operations that you don't want them to. For example, +// you may not want users to have permission to delete objects from your origin. +type AllowedMethods struct { + _ struct{} `type:"structure"` + + // A complex type that controls whether CloudFront caches the response to requests + // using the specified HTTP methods. There are two choices: - CloudFront caches + // responses to GET and HEAD requests. - CloudFront caches responses to GET, + // HEAD, and OPTIONS requests. If you pick the second choice for your S3 Origin, + // you may need to forward Access-Control-Request-Method, Access-Control-Request-Headers + // and Origin headers for the responses to be cached correctly. + CachedMethods *CachedMethods `type:"structure"` + + // A complex type that contains the HTTP methods that you want CloudFront to + // process and forward to your origin. + Items []*string `locationNameList:"Method" type:"list" required:"true"` + + // The number of HTTP methods that you want CloudFront to forward to your origin. + // Valid values are 2 (for GET and HEAD requests), 3 (for GET, HEAD and OPTIONS + // requests) and 7 (for GET, HEAD, OPTIONS, PUT, PATCH, POST, and DELETE requests). + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s AllowedMethods) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AllowedMethods) GoString() string { + return s.String() +} + +// A complex type that describes how CloudFront processes requests. You can +// create up to 10 cache behaviors.You must create at least as many cache behaviors +// (including the default cache behavior) as you have origins if you want CloudFront +// to distribute objects from all of the origins. Each cache behavior specifies +// the one origin from which you want CloudFront to get objects. If you have +// two origins and only the default cache behavior, the default cache behavior +// will cause CloudFront to get objects from one of the origins, but the other +// origin will never be used. If you don't want to specify any cache behaviors, +// include only an empty CacheBehaviors element. Don't include an empty CacheBehavior +// element, or CloudFront returns a MalformedXML error. To delete all cache +// behaviors in an existing distribution, update the distribution configuration +// and include only an empty CacheBehaviors element. To add, change, or remove +// one or more cache behaviors, update the distribution configuration and specify +// all of the cache behaviors that you want to include in the updated distribution. +type CacheBehavior struct { + _ struct{} `type:"structure"` + + // A complex type that controls which HTTP methods CloudFront processes and + // forwards to your Amazon S3 bucket or your custom origin. There are three + // choices: - CloudFront forwards only GET and HEAD requests. - CloudFront forwards + // only GET, HEAD and OPTIONS requests. - CloudFront forwards GET, HEAD, OPTIONS, + // PUT, PATCH, POST, and DELETE requests. If you pick the third choice, you + // may need to restrict access to your Amazon S3 bucket or to your custom origin + // so users can't perform operations that you don't want them to. For example, + // you may not want users to have permission to delete objects from your origin. + AllowedMethods *AllowedMethods `type:"structure"` + + // Whether you want CloudFront to automatically compress content for web requests + // that include Accept-Encoding: gzip in the request header. If so, specify + // true; if not, specify false. CloudFront compresses files larger than 1000 + // bytes and less than 1 megabyte for both Amazon S3 and custom origins. When + // a CloudFront edge location is unusually busy, some files might not be compressed. + // The value of the Content-Type header must be on the list of file types that + // CloudFront will compress. For the current list, see Serving Compressed Content + // (http://docs.aws.amazon.com/console/cloudfront/compressed-content) in the + // Amazon CloudFront Developer Guide. If you configure CloudFront to compress + // content, CloudFront removes the ETag response header from the objects that + // it compresses. The ETag header indicates that the version in a CloudFront + // edge cache is identical to the version on the origin server, but after compression + // the two versions are no longer identical. As a result, for compressed objects, + // CloudFront can't use the ETag header to determine whether an expired object + // in the CloudFront edge cache is still the latest version. + Compress *bool `type:"boolean"` + + // If you don't configure your origin to add a Cache-Control max-age directive + // or an Expires header, DefaultTTL is the default amount of time (in seconds) + // that an object is in a CloudFront cache before CloudFront forwards another + // request to your origin to determine whether the object has been updated. + // The value that you specify applies only when your origin does not add HTTP + // headers such as Cache-Control max-age, Cache-Control s-maxage, and Expires + // to objects. You can specify a value from 0 to 3,153,600,000 seconds (100 + // years). + DefaultTTL *int64 `type:"long"` + + // A complex type that specifies how CloudFront handles query strings, cookies + // and headers. + ForwardedValues *ForwardedValues `type:"structure" required:"true"` + + // The maximum amount of time (in seconds) that an object is in a CloudFront + // cache before CloudFront forwards another request to your origin to determine + // whether the object has been updated. The value that you specify applies only + // when your origin adds HTTP headers such as Cache-Control max-age, Cache-Control + // s-maxage, and Expires to objects. You can specify a value from 0 to 3,153,600,000 + // seconds (100 years). + MaxTTL *int64 `type:"long"` + + // The minimum amount of time that you want objects to stay in CloudFront caches + // before CloudFront queries your origin to see whether the object has been + // updated.You can specify a value from 0 to 3,153,600,000 seconds (100 years). + MinTTL *int64 `type:"long" required:"true"` + + // The pattern (for example, images/*.jpg) that specifies which requests you + // want this cache behavior to apply to. When CloudFront receives an end-user + // request, the requested path is compared with path patterns in the order in + // which cache behaviors are listed in the distribution. The path pattern for + // the default cache behavior is * and cannot be changed. If the request for + // an object does not match the path pattern for any cache behaviors, CloudFront + // applies the behavior in the default cache behavior. + PathPattern *string `type:"string" required:"true"` + + // Indicates whether you want to distribute media files in Microsoft Smooth + // Streaming format using the origin that is associated with this cache behavior. + // If so, specify true; if not, specify false. + SmoothStreaming *bool `type:"boolean"` + + // The value of ID for the origin that you want CloudFront to route requests + // to when a request matches the path pattern either for a cache behavior or + // for the default cache behavior. + TargetOriginId *string `type:"string" required:"true"` + + // A complex type that specifies the AWS accounts, if any, that you want to + // allow to create signed URLs for private content. If you want to require signed + // URLs in requests for objects in the target origin that match the PathPattern + // for this cache behavior, specify true for Enabled, and specify the applicable + // values for Quantity and Items. For more information, go to Using a Signed + // URL to Serve Private Content in the Amazon CloudFront Developer Guide. If + // you don't want to require signed URLs in requests for objects that match + // PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To + // add, change, or remove one or more trusted signers, change Enabled to true + // (if it's currently false), change Quantity as applicable, and specify all + // of the trusted signers that you want to include in the updated distribution. + TrustedSigners *TrustedSigners `type:"structure" required:"true"` + + // Use this element to specify the protocol that users can use to access the + // files in the origin specified by TargetOriginId when a request matches the + // path pattern in PathPattern. If you want CloudFront to allow end users to + // use any available protocol, specify allow-all. If you want CloudFront to + // require HTTPS, specify https. If you want CloudFront to respond to an HTTP + // request with an HTTP status code of 301 (Moved Permanently) and the HTTPS + // URL, specify redirect-to-https. The viewer then resubmits the request using + // the HTTPS URL. + ViewerProtocolPolicy *string `type:"string" required:"true" enum:"ViewerProtocolPolicy"` +} + +// String returns the string representation +func (s CacheBehavior) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CacheBehavior) GoString() string { + return s.String() +} + +// A complex type that contains zero or more CacheBehavior elements. +type CacheBehaviors struct { + _ struct{} `type:"structure"` + + // Optional: A complex type that contains cache behaviors for this distribution. + // If Quantity is 0, you can omit Items. + Items []*CacheBehavior `locationNameList:"CacheBehavior" type:"list"` + + // The number of cache behaviors for this distribution. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s CacheBehaviors) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CacheBehaviors) GoString() string { + return s.String() +} + +// A complex type that controls whether CloudFront caches the response to requests +// using the specified HTTP methods. There are two choices: - CloudFront caches +// responses to GET and HEAD requests. - CloudFront caches responses to GET, +// HEAD, and OPTIONS requests. If you pick the second choice for your S3 Origin, +// you may need to forward Access-Control-Request-Method, Access-Control-Request-Headers +// and Origin headers for the responses to be cached correctly. +type CachedMethods struct { + _ struct{} `type:"structure"` + + // A complex type that contains the HTTP methods that you want CloudFront to + // cache responses to. + Items []*string `locationNameList:"Method" type:"list" required:"true"` + + // The number of HTTP methods for which you want CloudFront to cache responses. + // Valid values are 2 (for caching responses to GET and HEAD requests) and 3 + // (for caching responses to GET, HEAD, and OPTIONS requests). + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s CachedMethods) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CachedMethods) GoString() string { + return s.String() +} + +// A complex type that specifies the whitelisted cookies, if any, that you want +// CloudFront to forward to your origin that is associated with this cache behavior. +type CookieNames struct { + _ struct{} `type:"structure"` + + // Optional: A complex type that contains whitelisted cookies for this cache + // behavior. If Quantity is 0, you can omit Items. + Items []*string `locationNameList:"Name" type:"list"` + + // The number of whitelisted cookies for this cache behavior. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s CookieNames) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CookieNames) GoString() string { + return s.String() +} + +// A complex type that specifies the cookie preferences associated with this +// cache behavior. +type CookiePreference struct { + _ struct{} `type:"structure"` + + // Use this element to specify whether you want CloudFront to forward cookies + // to the origin that is associated with this cache behavior. You can specify + // all, none or whitelist. If you choose All, CloudFront forwards all cookies + // regardless of how many your application uses. + Forward *string `type:"string" required:"true" enum:"ItemSelection"` + + // A complex type that specifies the whitelisted cookies, if any, that you want + // CloudFront to forward to your origin that is associated with this cache behavior. + WhitelistedNames *CookieNames `type:"structure"` +} + +// String returns the string representation +func (s CookiePreference) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CookiePreference) GoString() string { + return s.String() +} + +// The request to create a new origin access identity. +type CreateCloudFrontOriginAccessIdentityInput struct { + _ struct{} `type:"structure" payload:"CloudFrontOriginAccessIdentityConfig"` + + // The origin access identity's configuration information. + CloudFrontOriginAccessIdentityConfig *OriginAccessIdentityConfig `locationName:"CloudFrontOriginAccessIdentityConfig" type:"structure" required:"true"` +} + +// String returns the string representation +func (s CreateCloudFrontOriginAccessIdentityInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateCloudFrontOriginAccessIdentityInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type CreateCloudFrontOriginAccessIdentityOutput struct { + _ struct{} `type:"structure" payload:"CloudFrontOriginAccessIdentity"` + + // The origin access identity's information. + CloudFrontOriginAccessIdentity *OriginAccessIdentity `type:"structure"` + + // The current version of the origin access identity created. + ETag *string `location:"header" locationName:"ETag" type:"string"` + + // The fully qualified URI of the new origin access identity just created. For + // example: https://cloudfront.amazonaws.com/2010-11-01/origin-access-identity/cloudfront/E74FTE3AJFJ256A. + Location *string `location:"header" locationName:"Location" type:"string"` +} + +// String returns the string representation +func (s CreateCloudFrontOriginAccessIdentityOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateCloudFrontOriginAccessIdentityOutput) GoString() string { + return s.String() +} + +// The request to create a new distribution. +type CreateDistributionInput struct { + _ struct{} `type:"structure" payload:"DistributionConfig"` + + // The distribution's configuration information. + DistributionConfig *DistributionConfig `locationName:"DistributionConfig" type:"structure" required:"true"` +} + +// String returns the string representation +func (s CreateDistributionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateDistributionInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type CreateDistributionOutput struct { + _ struct{} `type:"structure" payload:"Distribution"` + + // The distribution's information. + Distribution *Distribution `type:"structure"` + + // The current version of the distribution created. + ETag *string `location:"header" locationName:"ETag" type:"string"` + + // The fully qualified URI of the new distribution resource just created. For + // example: https://cloudfront.amazonaws.com/2010-11-01/distribution/EDFDVBD632BHDS5. + Location *string `location:"header" locationName:"Location" type:"string"` +} + +// String returns the string representation +func (s CreateDistributionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateDistributionOutput) GoString() string { + return s.String() +} + +// The request to create an invalidation. +type CreateInvalidationInput struct { + _ struct{} `type:"structure" payload:"InvalidationBatch"` + + // The distribution's id. + DistributionId *string `location:"uri" locationName:"DistributionId" type:"string" required:"true"` + + // The batch information for the invalidation. + InvalidationBatch *InvalidationBatch `locationName:"InvalidationBatch" type:"structure" required:"true"` +} + +// String returns the string representation +func (s CreateInvalidationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateInvalidationInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type CreateInvalidationOutput struct { + _ struct{} `type:"structure" payload:"Invalidation"` + + // The invalidation's information. + Invalidation *Invalidation `type:"structure"` + + // The fully qualified URI of the distribution and invalidation batch request, + // including the Invalidation ID. + Location *string `location:"header" locationName:"Location" type:"string"` +} + +// String returns the string representation +func (s CreateInvalidationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateInvalidationOutput) GoString() string { + return s.String() +} + +// The request to create a new streaming distribution. +type CreateStreamingDistributionInput struct { + _ struct{} `type:"structure" payload:"StreamingDistributionConfig"` + + // The streaming distribution's configuration information. + StreamingDistributionConfig *StreamingDistributionConfig `locationName:"StreamingDistributionConfig" type:"structure" required:"true"` +} + +// String returns the string representation +func (s CreateStreamingDistributionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateStreamingDistributionInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type CreateStreamingDistributionOutput struct { + _ struct{} `type:"structure" payload:"StreamingDistribution"` + + // The current version of the streaming distribution created. + ETag *string `location:"header" locationName:"ETag" type:"string"` + + // The fully qualified URI of the new streaming distribution resource just created. + // For example: https://cloudfront.amazonaws.com/2010-11-01/streaming-distribution/EGTXBD79H29TRA8. + Location *string `location:"header" locationName:"Location" type:"string"` + + // The streaming distribution's information. + StreamingDistribution *StreamingDistribution `type:"structure"` +} + +// String returns the string representation +func (s CreateStreamingDistributionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateStreamingDistributionOutput) GoString() string { + return s.String() +} + +// A complex type that describes how you'd prefer CloudFront to respond to requests +// that result in either a 4xx or 5xx response. You can control whether a custom +// error page should be displayed, what the desired response code should be +// for this error page and how long should the error response be cached by CloudFront. +// If you don't want to specify any custom error responses, include only an +// empty CustomErrorResponses element. To delete all custom error responses +// in an existing distribution, update the distribution configuration and include +// only an empty CustomErrorResponses element. To add, change, or remove one +// or more custom error responses, update the distribution configuration and +// specify all of the custom error responses that you want to include in the +// updated distribution. +type CustomErrorResponse struct { + _ struct{} `type:"structure"` + + // The minimum amount of time you want HTTP error codes to stay in CloudFront + // caches before CloudFront queries your origin to see whether the object has + // been updated. You can specify a value from 0 to 31,536,000. + ErrorCachingMinTTL *int64 `type:"long"` + + // The 4xx or 5xx HTTP status code that you want to customize. For a list of + // HTTP status codes that you can customize, see CloudFront documentation. + ErrorCode *int64 `type:"integer" required:"true"` + + // The HTTP status code that you want CloudFront to return with the custom error + // page to the viewer. For a list of HTTP status codes that you can replace, + // see CloudFront Documentation. + ResponseCode *string `type:"string"` + + // The path of the custom error page (for example, /custom_404.html). The path + // is relative to the distribution and must begin with a slash (/). If the path + // includes any non-ASCII characters or unsafe characters as defined in RFC + // 1783 (http://www.ietf.org/rfc/rfc1738.txt), URL encode those characters. + // Do not URL encode any other characters in the path, or CloudFront will not + // return the custom error page to the viewer. + ResponsePagePath *string `type:"string"` +} + +// String returns the string representation +func (s CustomErrorResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CustomErrorResponse) GoString() string { + return s.String() +} + +// A complex type that contains zero or more CustomErrorResponse elements. +type CustomErrorResponses struct { + _ struct{} `type:"structure"` + + // Optional: A complex type that contains custom error responses for this distribution. + // If Quantity is 0, you can omit Items. + Items []*CustomErrorResponse `locationNameList:"CustomErrorResponse" type:"list"` + + // The number of custom error responses for this distribution. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s CustomErrorResponses) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CustomErrorResponses) GoString() string { + return s.String() +} + +// A complex type that contains the list of Custom Headers for each origin. +type CustomHeaders struct { + _ struct{} `type:"structure"` + + // A complex type that contains the custom headers for this Origin. + Items []*OriginCustomHeader `locationNameList:"OriginCustomHeader" type:"list"` + + // The number of custom headers for this origin. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s CustomHeaders) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CustomHeaders) GoString() string { + return s.String() +} + +// A customer origin. +type CustomOriginConfig struct { + _ struct{} `type:"structure"` + + // The HTTP port the custom origin listens on. + HTTPPort *int64 `type:"integer" required:"true"` + + // The HTTPS port the custom origin listens on. + HTTPSPort *int64 `type:"integer" required:"true"` + + // The origin protocol policy to apply to your origin. + OriginProtocolPolicy *string `type:"string" required:"true" enum:"OriginProtocolPolicy"` + + // The SSL/TLS protocols that you want CloudFront to use when communicating + // with your origin over HTTPS. + OriginSslProtocols *OriginSslProtocols `type:"structure"` +} + +// String returns the string representation +func (s CustomOriginConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CustomOriginConfig) GoString() string { + return s.String() +} + +// A complex type that describes the default cache behavior if you do not specify +// a CacheBehavior element or if files don't match any of the values of PathPattern +// in CacheBehavior elements.You must create exactly one default cache behavior. +type DefaultCacheBehavior struct { + _ struct{} `type:"structure"` + + // A complex type that controls which HTTP methods CloudFront processes and + // forwards to your Amazon S3 bucket or your custom origin. There are three + // choices: - CloudFront forwards only GET and HEAD requests. - CloudFront forwards + // only GET, HEAD and OPTIONS requests. - CloudFront forwards GET, HEAD, OPTIONS, + // PUT, PATCH, POST, and DELETE requests. If you pick the third choice, you + // may need to restrict access to your Amazon S3 bucket or to your custom origin + // so users can't perform operations that you don't want them to. For example, + // you may not want users to have permission to delete objects from your origin. + AllowedMethods *AllowedMethods `type:"structure"` + + // Whether you want CloudFront to automatically compress content for web requests + // that include Accept-Encoding: gzip in the request header. If so, specify + // true; if not, specify false. CloudFront compresses files larger than 1000 + // bytes and less than 1 megabyte for both Amazon S3 and custom origins. When + // a CloudFront edge location is unusually busy, some files might not be compressed. + // The value of the Content-Type header must be on the list of file types that + // CloudFront will compress. For the current list, see Serving Compressed Content + // (http://docs.aws.amazon.com/console/cloudfront/compressed-content) in the + // Amazon CloudFront Developer Guide. If you configure CloudFront to compress + // content, CloudFront removes the ETag response header from the objects that + // it compresses. The ETag header indicates that the version in a CloudFront + // edge cache is identical to the version on the origin server, but after compression + // the two versions are no longer identical. As a result, for compressed objects, + // CloudFront can't use the ETag header to determine whether an expired object + // in the CloudFront edge cache is still the latest version. + Compress *bool `type:"boolean"` + + // If you don't configure your origin to add a Cache-Control max-age directive + // or an Expires header, DefaultTTL is the default amount of time (in seconds) + // that an object is in a CloudFront cache before CloudFront forwards another + // request to your origin to determine whether the object has been updated. + // The value that you specify applies only when your origin does not add HTTP + // headers such as Cache-Control max-age, Cache-Control s-maxage, and Expires + // to objects. You can specify a value from 0 to 3,153,600,000 seconds (100 + // years). + DefaultTTL *int64 `type:"long"` + + // A complex type that specifies how CloudFront handles query strings, cookies + // and headers. + ForwardedValues *ForwardedValues `type:"structure" required:"true"` + + // The maximum amount of time (in seconds) that an object is in a CloudFront + // cache before CloudFront forwards another request to your origin to determine + // whether the object has been updated. The value that you specify applies only + // when your origin adds HTTP headers such as Cache-Control max-age, Cache-Control + // s-maxage, and Expires to objects. You can specify a value from 0 to 3,153,600,000 + // seconds (100 years). + MaxTTL *int64 `type:"long"` + + // The minimum amount of time that you want objects to stay in CloudFront caches + // before CloudFront queries your origin to see whether the object has been + // updated.You can specify a value from 0 to 3,153,600,000 seconds (100 years). + MinTTL *int64 `type:"long" required:"true"` + + // Indicates whether you want to distribute media files in Microsoft Smooth + // Streaming format using the origin that is associated with this cache behavior. + // If so, specify true; if not, specify false. + SmoothStreaming *bool `type:"boolean"` + + // The value of ID for the origin that you want CloudFront to route requests + // to when a request matches the path pattern either for a cache behavior or + // for the default cache behavior. + TargetOriginId *string `type:"string" required:"true"` + + // A complex type that specifies the AWS accounts, if any, that you want to + // allow to create signed URLs for private content. If you want to require signed + // URLs in requests for objects in the target origin that match the PathPattern + // for this cache behavior, specify true for Enabled, and specify the applicable + // values for Quantity and Items. For more information, go to Using a Signed + // URL to Serve Private Content in the Amazon CloudFront Developer Guide. If + // you don't want to require signed URLs in requests for objects that match + // PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To + // add, change, or remove one or more trusted signers, change Enabled to true + // (if it's currently false), change Quantity as applicable, and specify all + // of the trusted signers that you want to include in the updated distribution. + TrustedSigners *TrustedSigners `type:"structure" required:"true"` + + // Use this element to specify the protocol that users can use to access the + // files in the origin specified by TargetOriginId when a request matches the + // path pattern in PathPattern. If you want CloudFront to allow end users to + // use any available protocol, specify allow-all. If you want CloudFront to + // require HTTPS, specify https. If you want CloudFront to respond to an HTTP + // request with an HTTP status code of 301 (Moved Permanently) and the HTTPS + // URL, specify redirect-to-https. The viewer then resubmits the request using + // the HTTPS URL. + ViewerProtocolPolicy *string `type:"string" required:"true" enum:"ViewerProtocolPolicy"` +} + +// String returns the string representation +func (s DefaultCacheBehavior) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DefaultCacheBehavior) GoString() string { + return s.String() +} + +// The request to delete a origin access identity. +type DeleteCloudFrontOriginAccessIdentityInput struct { + _ struct{} `type:"structure"` + + // The origin access identity's id. + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` + + // The value of the ETag header you received from a previous GET or PUT request. + // For example: E2QWRUHAPOMQZL. + IfMatch *string `location:"header" locationName:"If-Match" type:"string"` +} + +// String returns the string representation +func (s DeleteCloudFrontOriginAccessIdentityInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteCloudFrontOriginAccessIdentityInput) GoString() string { + return s.String() +} + +type DeleteCloudFrontOriginAccessIdentityOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DeleteCloudFrontOriginAccessIdentityOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteCloudFrontOriginAccessIdentityOutput) GoString() string { + return s.String() +} + +// The request to delete a distribution. +type DeleteDistributionInput struct { + _ struct{} `type:"structure"` + + // The distribution id. + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` + + // The value of the ETag header you received when you disabled the distribution. + // For example: E2QWRUHAPOMQZL. + IfMatch *string `location:"header" locationName:"If-Match" type:"string"` +} + +// String returns the string representation +func (s DeleteDistributionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteDistributionInput) GoString() string { + return s.String() +} + +type DeleteDistributionOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DeleteDistributionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteDistributionOutput) GoString() string { + return s.String() +} + +// The request to delete a streaming distribution. +type DeleteStreamingDistributionInput struct { + _ struct{} `type:"structure"` + + // The distribution id. + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` + + // The value of the ETag header you received when you disabled the streaming + // distribution. For example: E2QWRUHAPOMQZL. + IfMatch *string `location:"header" locationName:"If-Match" type:"string"` +} + +// String returns the string representation +func (s DeleteStreamingDistributionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteStreamingDistributionInput) GoString() string { + return s.String() +} + +type DeleteStreamingDistributionOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DeleteStreamingDistributionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteStreamingDistributionOutput) GoString() string { + return s.String() +} + +// A distribution. +type Distribution struct { + _ struct{} `type:"structure"` + + // CloudFront automatically adds this element to the response only if you've + // set up the distribution to serve private content with signed URLs. The element + // lists the key pair IDs that CloudFront is aware of for each trusted signer. + // The Signer child element lists the AWS account number of the trusted signer + // (or an empty Self element if the signer is you). The Signer element also + // includes the IDs of any active key pairs associated with the trusted signer's + // AWS account. If no KeyPairId element appears for a Signer, that signer can't + // create working signed URLs. + ActiveTrustedSigners *ActiveTrustedSigners `type:"structure" required:"true"` + + // The current configuration information for the distribution. + DistributionConfig *DistributionConfig `type:"structure" required:"true"` + + // The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net. + DomainName *string `type:"string" required:"true"` + + // The identifier for the distribution. For example: EDFDVBD632BHDS5. + Id *string `type:"string" required:"true"` + + // The number of invalidation batches currently in progress. + InProgressInvalidationBatches *int64 `type:"integer" required:"true"` + + // The date and time the distribution was last modified. + LastModifiedTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // This response element indicates the current status of the distribution. When + // the status is Deployed, the distribution's information is fully propagated + // throughout the Amazon CloudFront system. + Status *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s Distribution) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Distribution) GoString() string { + return s.String() +} + +// A distribution Configuration. +type DistributionConfig struct { + _ struct{} `type:"structure"` + + // A complex type that contains information about CNAMEs (alternate domain names), + // if any, for this distribution. + Aliases *Aliases `type:"structure"` + + // A complex type that contains zero or more CacheBehavior elements. + CacheBehaviors *CacheBehaviors `type:"structure"` + + // A unique number that ensures the request can't be replayed. If the CallerReference + // is new (no matter the content of the DistributionConfig object), a new distribution + // is created. If the CallerReference is a value you already sent in a previous + // request to create a distribution, and the content of the DistributionConfig + // is identical to the original request (ignoring white space), the response + // includes the same information returned to the original request. If the CallerReference + // is a value you already sent in a previous request to create a distribution + // but the content of the DistributionConfig is different from the original + // request, CloudFront returns a DistributionAlreadyExists error. + CallerReference *string `type:"string" required:"true"` + + // Any comments you want to include about the distribution. + Comment *string `type:"string" required:"true"` + + // A complex type that contains zero or more CustomErrorResponse elements. + CustomErrorResponses *CustomErrorResponses `type:"structure"` + + // A complex type that describes the default cache behavior if you do not specify + // a CacheBehavior element or if files don't match any of the values of PathPattern + // in CacheBehavior elements.You must create exactly one default cache behavior. + DefaultCacheBehavior *DefaultCacheBehavior `type:"structure" required:"true"` + + // The object that you want CloudFront to return (for example, index.html) when + // an end user requests the root URL for your distribution (http://www.example.com) + // instead of an object in your distribution (http://www.example.com/index.html). + // Specifying a default root object avoids exposing the contents of your distribution. + // If you don't want to specify a default root object when you create a distribution, + // include an empty DefaultRootObject element. To delete the default root object + // from an existing distribution, update the distribution configuration and + // include an empty DefaultRootObject element. To replace the default root object, + // update the distribution configuration and specify the new object. + DefaultRootObject *string `type:"string"` + + // Whether the distribution is enabled to accept end user requests for content. + Enabled *bool `type:"boolean" required:"true"` + + // A complex type that controls whether access logs are written for the distribution. + Logging *LoggingConfig `type:"structure"` + + // A complex type that contains information about origins for this distribution. + Origins *Origins `type:"structure" required:"true"` + + // A complex type that contains information about price class for this distribution. + PriceClass *string `type:"string" enum:"PriceClass"` + + // A complex type that identifies ways in which you want to restrict distribution + // of your content. + Restrictions *Restrictions `type:"structure"` + + // A complex type that contains information about viewer certificates for this + // distribution. + ViewerCertificate *ViewerCertificate `type:"structure"` + + // (Optional) If you're using AWS WAF to filter CloudFront requests, the Id + // of the AWS WAF web ACL that is associated with the distribution. + WebACLId *string `type:"string"` +} + +// String returns the string representation +func (s DistributionConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DistributionConfig) GoString() string { + return s.String() +} + +// A distribution list. +type DistributionList struct { + _ struct{} `type:"structure"` + + // A flag that indicates whether more distributions remain to be listed. If + // your results were truncated, you can make a follow-up pagination request + // using the Marker request parameter to retrieve more distributions in the + // list. + IsTruncated *bool `type:"boolean" required:"true"` + + // A complex type that contains one DistributionSummary element for each distribution + // that was created by the current AWS account. + Items []*DistributionSummary `locationNameList:"DistributionSummary" type:"list"` + + // The value you provided for the Marker request parameter. + Marker *string `type:"string" required:"true"` + + // The value you provided for the MaxItems request parameter. + MaxItems *int64 `type:"integer" required:"true"` + + // If IsTruncated is true, this element is present and contains the value you + // can use for the Marker request parameter to continue listing your distributions + // where they left off. + NextMarker *string `type:"string"` + + // The number of distributions that were created by the current AWS account. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s DistributionList) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DistributionList) GoString() string { + return s.String() +} + +// A summary of the information for an Amazon CloudFront distribution. +type DistributionSummary struct { + _ struct{} `type:"structure"` + + // A complex type that contains information about CNAMEs (alternate domain names), + // if any, for this distribution. + Aliases *Aliases `type:"structure" required:"true"` + + // A complex type that contains zero or more CacheBehavior elements. + CacheBehaviors *CacheBehaviors `type:"structure" required:"true"` + + // The comment originally specified when this distribution was created. + Comment *string `type:"string" required:"true"` + + // A complex type that contains zero or more CustomErrorResponses elements. + CustomErrorResponses *CustomErrorResponses `type:"structure" required:"true"` + + // A complex type that describes the default cache behavior if you do not specify + // a CacheBehavior element or if files don't match any of the values of PathPattern + // in CacheBehavior elements.You must create exactly one default cache behavior. + DefaultCacheBehavior *DefaultCacheBehavior `type:"structure" required:"true"` + + // The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net. + DomainName *string `type:"string" required:"true"` + + // Whether the distribution is enabled to accept end user requests for content. + Enabled *bool `type:"boolean" required:"true"` + + // The identifier for the distribution. For example: EDFDVBD632BHDS5. + Id *string `type:"string" required:"true"` + + // The date and time the distribution was last modified. + LastModifiedTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // A complex type that contains information about origins for this distribution. + Origins *Origins `type:"structure" required:"true"` + + PriceClass *string `type:"string" required:"true" enum:"PriceClass"` + + // A complex type that identifies ways in which you want to restrict distribution + // of your content. + Restrictions *Restrictions `type:"structure" required:"true"` + + // This response element indicates the current status of the distribution. When + // the status is Deployed, the distribution's information is fully propagated + // throughout the Amazon CloudFront system. + Status *string `type:"string" required:"true"` + + // A complex type that contains information about viewer certificates for this + // distribution. + ViewerCertificate *ViewerCertificate `type:"structure" required:"true"` + + // The Web ACL Id (if any) associated with the distribution. + WebACLId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s DistributionSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DistributionSummary) GoString() string { + return s.String() +} + +// A complex type that specifies how CloudFront handles query strings, cookies +// and headers. +type ForwardedValues struct { + _ struct{} `type:"structure"` + + // A complex type that specifies how CloudFront handles cookies. + Cookies *CookiePreference `type:"structure" required:"true"` + + // A complex type that specifies the Headers, if any, that you want CloudFront + // to vary upon for this cache behavior. + Headers *Headers `type:"structure"` + + // Indicates whether you want CloudFront to forward query strings to the origin + // that is associated with this cache behavior. If so, specify true; if not, + // specify false. + QueryString *bool `type:"boolean" required:"true"` +} + +// String returns the string representation +func (s ForwardedValues) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ForwardedValues) GoString() string { + return s.String() +} + +// A complex type that controls the countries in which your content is distributed. +// For more information about geo restriction, go to Customizing Error Responses +// in the Amazon CloudFront Developer Guide. CloudFront determines the location +// of your users using MaxMind GeoIP databases. For information about the accuracy +// of these databases, see How accurate are your GeoIP databases? on the MaxMind +// website. +type GeoRestriction struct { + _ struct{} `type:"structure"` + + // A complex type that contains a Location element for each country in which + // you want CloudFront either to distribute your content (whitelist) or not + // distribute your content (blacklist). The Location element is a two-letter, + // uppercase country code for a country that you want to include in your blacklist + // or whitelist. Include one Location element for each country. CloudFront and + // MaxMind both use ISO 3166 country codes. For the current list of countries + // and the corresponding codes, see ISO 3166-1-alpha-2 code on the International + // Organization for Standardization website. You can also refer to the country + // list in the CloudFront console, which includes both country names and codes. + Items []*string `locationNameList:"Location" type:"list"` + + // When geo restriction is enabled, this is the number of countries in your + // whitelist or blacklist. Otherwise, when it is not enabled, Quantity is 0, + // and you can omit Items. + Quantity *int64 `type:"integer" required:"true"` + + // The method that you want to use to restrict distribution of your content + // by country: - none: No geo restriction is enabled, meaning access to content + // is not restricted by client geo location. - blacklist: The Location elements + // specify the countries in which you do not want CloudFront to distribute your + // content. - whitelist: The Location elements specify the countries in which + // you want CloudFront to distribute your content. + RestrictionType *string `type:"string" required:"true" enum:"GeoRestrictionType"` +} + +// String returns the string representation +func (s GeoRestriction) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GeoRestriction) GoString() string { + return s.String() +} + +// The request to get an origin access identity's configuration. +type GetCloudFrontOriginAccessIdentityConfigInput struct { + _ struct{} `type:"structure"` + + // The identity's id. + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetCloudFrontOriginAccessIdentityConfigInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetCloudFrontOriginAccessIdentityConfigInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type GetCloudFrontOriginAccessIdentityConfigOutput struct { + _ struct{} `type:"structure" payload:"CloudFrontOriginAccessIdentityConfig"` + + // The origin access identity's configuration information. + CloudFrontOriginAccessIdentityConfig *OriginAccessIdentityConfig `type:"structure"` + + // The current version of the configuration. For example: E2QWRUHAPOMQZL. + ETag *string `location:"header" locationName:"ETag" type:"string"` +} + +// String returns the string representation +func (s GetCloudFrontOriginAccessIdentityConfigOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetCloudFrontOriginAccessIdentityConfigOutput) GoString() string { + return s.String() +} + +// The request to get an origin access identity's information. +type GetCloudFrontOriginAccessIdentityInput struct { + _ struct{} `type:"structure"` + + // The identity's id. + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetCloudFrontOriginAccessIdentityInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetCloudFrontOriginAccessIdentityInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type GetCloudFrontOriginAccessIdentityOutput struct { + _ struct{} `type:"structure" payload:"CloudFrontOriginAccessIdentity"` + + // The origin access identity's information. + CloudFrontOriginAccessIdentity *OriginAccessIdentity `type:"structure"` + + // The current version of the origin access identity's information. For example: + // E2QWRUHAPOMQZL. + ETag *string `location:"header" locationName:"ETag" type:"string"` +} + +// String returns the string representation +func (s GetCloudFrontOriginAccessIdentityOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetCloudFrontOriginAccessIdentityOutput) GoString() string { + return s.String() +} + +// The request to get a distribution configuration. +type GetDistributionConfigInput struct { + _ struct{} `type:"structure"` + + // The distribution's id. + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetDistributionConfigInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetDistributionConfigInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type GetDistributionConfigOutput struct { + _ struct{} `type:"structure" payload:"DistributionConfig"` + + // The distribution's configuration information. + DistributionConfig *DistributionConfig `type:"structure"` + + // The current version of the configuration. For example: E2QWRUHAPOMQZL. + ETag *string `location:"header" locationName:"ETag" type:"string"` +} + +// String returns the string representation +func (s GetDistributionConfigOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetDistributionConfigOutput) GoString() string { + return s.String() +} + +// The request to get a distribution's information. +type GetDistributionInput struct { + _ struct{} `type:"structure"` + + // The distribution's id. + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetDistributionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetDistributionInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type GetDistributionOutput struct { + _ struct{} `type:"structure" payload:"Distribution"` + + // The distribution's information. + Distribution *Distribution `type:"structure"` + + // The current version of the distribution's information. For example: E2QWRUHAPOMQZL. + ETag *string `location:"header" locationName:"ETag" type:"string"` +} + +// String returns the string representation +func (s GetDistributionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetDistributionOutput) GoString() string { + return s.String() +} + +// The request to get an invalidation's information. +type GetInvalidationInput struct { + _ struct{} `type:"structure"` + + // The distribution's id. + DistributionId *string `location:"uri" locationName:"DistributionId" type:"string" required:"true"` + + // The invalidation's id. + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetInvalidationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetInvalidationInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type GetInvalidationOutput struct { + _ struct{} `type:"structure" payload:"Invalidation"` + + // The invalidation's information. + Invalidation *Invalidation `type:"structure"` +} + +// String returns the string representation +func (s GetInvalidationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetInvalidationOutput) GoString() string { + return s.String() +} + +// To request to get a streaming distribution configuration. +type GetStreamingDistributionConfigInput struct { + _ struct{} `type:"structure"` + + // The streaming distribution's id. + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetStreamingDistributionConfigInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetStreamingDistributionConfigInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type GetStreamingDistributionConfigOutput struct { + _ struct{} `type:"structure" payload:"StreamingDistributionConfig"` + + // The current version of the configuration. For example: E2QWRUHAPOMQZL. + ETag *string `location:"header" locationName:"ETag" type:"string"` + + // The streaming distribution's configuration information. + StreamingDistributionConfig *StreamingDistributionConfig `type:"structure"` +} + +// String returns the string representation +func (s GetStreamingDistributionConfigOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetStreamingDistributionConfigOutput) GoString() string { + return s.String() +} + +// The request to get a streaming distribution's information. +type GetStreamingDistributionInput struct { + _ struct{} `type:"structure"` + + // The streaming distribution's id. + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetStreamingDistributionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetStreamingDistributionInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type GetStreamingDistributionOutput struct { + _ struct{} `type:"structure" payload:"StreamingDistribution"` + + // The current version of the streaming distribution's information. For example: + // E2QWRUHAPOMQZL. + ETag *string `location:"header" locationName:"ETag" type:"string"` + + // The streaming distribution's information. + StreamingDistribution *StreamingDistribution `type:"structure"` +} + +// String returns the string representation +func (s GetStreamingDistributionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetStreamingDistributionOutput) GoString() string { + return s.String() +} + +// A complex type that specifies the headers that you want CloudFront to forward +// to the origin for this cache behavior. For the headers that you specify, +// CloudFront also caches separate versions of a given object based on the header +// values in viewer requests; this is known as varying on headers. For example, +// suppose viewer requests for logo.jpg contain a custom Product header that +// has a value of either Acme or Apex, and you configure CloudFront to vary +// on the Product header. CloudFront forwards the Product header to the origin +// and caches the response from the origin once for each header value. +type Headers struct { + _ struct{} `type:"structure"` + + // Optional: A complex type that contains a Name element for each header that + // you want CloudFront to forward to the origin and to vary on for this cache + // behavior. If Quantity is 0, omit Items. + Items []*string `locationNameList:"Name" type:"list"` + + // The number of different headers that you want CloudFront to forward to the + // origin and to vary on for this cache behavior. The maximum number of headers + // that you can specify by name is 10. If you want CloudFront to forward all + // headers to the origin and vary on all of them, specify 1 for Quantity and + // * for Name. If you don't want CloudFront to forward any additional headers + // to the origin or to vary on any headers, specify 0 for Quantity and omit + // Items. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s Headers) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Headers) GoString() string { + return s.String() +} + +// An invalidation. +type Invalidation struct { + _ struct{} `type:"structure"` + + // The date and time the invalidation request was first made. + CreateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // The identifier for the invalidation request. For example: IDFDVBD632BHDS5. + Id *string `type:"string" required:"true"` + + // The current invalidation information for the batch request. + InvalidationBatch *InvalidationBatch `type:"structure" required:"true"` + + // The status of the invalidation request. When the invalidation batch is finished, + // the status is Completed. + Status *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s Invalidation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Invalidation) GoString() string { + return s.String() +} + +// An invalidation batch. +type InvalidationBatch struct { + _ struct{} `type:"structure"` + + // A unique name that ensures the request can't be replayed. If the CallerReference + // is new (no matter the content of the Path object), a new distribution is + // created. If the CallerReference is a value you already sent in a previous + // request to create an invalidation batch, and the content of each Path element + // is identical to the original request, the response includes the same information + // returned to the original request. If the CallerReference is a value you already + // sent in a previous request to create a distribution but the content of any + // Path is different from the original request, CloudFront returns an InvalidationBatchAlreadyExists + // error. + CallerReference *string `type:"string" required:"true"` + + // The path of the object to invalidate. The path is relative to the distribution + // and must begin with a slash (/). You must enclose each invalidation object + // with the Path element tags. If the path includes non-ASCII characters or + // unsafe characters as defined in RFC 1783 (http://www.ietf.org/rfc/rfc1738.txt), + // URL encode those characters. Do not URL encode any other characters in the + // path, or CloudFront will not invalidate the old version of the updated object. + Paths *Paths `type:"structure" required:"true"` +} + +// String returns the string representation +func (s InvalidationBatch) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidationBatch) GoString() string { + return s.String() +} + +// An invalidation list. +type InvalidationList struct { + _ struct{} `type:"structure"` + + // A flag that indicates whether more invalidation batch requests remain to + // be listed. If your results were truncated, you can make a follow-up pagination + // request using the Marker request parameter to retrieve more invalidation + // batches in the list. + IsTruncated *bool `type:"boolean" required:"true"` + + // A complex type that contains one InvalidationSummary element for each invalidation + // batch that was created by the current AWS account. + Items []*InvalidationSummary `locationNameList:"InvalidationSummary" type:"list"` + + // The value you provided for the Marker request parameter. + Marker *string `type:"string" required:"true"` + + // The value you provided for the MaxItems request parameter. + MaxItems *int64 `type:"integer" required:"true"` + + // If IsTruncated is true, this element is present and contains the value you + // can use for the Marker request parameter to continue listing your invalidation + // batches where they left off. + NextMarker *string `type:"string"` + + // The number of invalidation batches that were created by the current AWS account. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s InvalidationList) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidationList) GoString() string { + return s.String() +} + +// Summary of an invalidation request. +type InvalidationSummary struct { + _ struct{} `type:"structure"` + + CreateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // The unique ID for an invalidation request. + Id *string `type:"string" required:"true"` + + // The status of an invalidation request. + Status *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s InvalidationSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s InvalidationSummary) GoString() string { + return s.String() +} + +// A complex type that lists the active CloudFront key pairs, if any, that are +// associated with AwsAccountNumber. +type KeyPairIds struct { + _ struct{} `type:"structure"` + + // A complex type that lists the active CloudFront key pairs, if any, that are + // associated with AwsAccountNumber. + Items []*string `locationNameList:"KeyPairId" type:"list"` + + // The number of active CloudFront key pairs for AwsAccountNumber. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s KeyPairIds) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s KeyPairIds) GoString() string { + return s.String() +} + +// The request to list origin access identities. +type ListCloudFrontOriginAccessIdentitiesInput struct { + _ struct{} `type:"structure"` + + // Use this when paginating results to indicate where to begin in your list + // of origin access identities. The results include identities in the list that + // occur after the marker. To get the next page of results, set the Marker to + // the value of the NextMarker from the current page's response (which is also + // the ID of the last identity on that page). + Marker *string `location:"querystring" locationName:"Marker" type:"string"` + + // The maximum number of origin access identities you want in the response body. + MaxItems *int64 `location:"querystring" locationName:"MaxItems" type:"integer"` +} + +// String returns the string representation +func (s ListCloudFrontOriginAccessIdentitiesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListCloudFrontOriginAccessIdentitiesInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type ListCloudFrontOriginAccessIdentitiesOutput struct { + _ struct{} `type:"structure" payload:"CloudFrontOriginAccessIdentityList"` + + // The CloudFrontOriginAccessIdentityList type. + CloudFrontOriginAccessIdentityList *OriginAccessIdentityList `type:"structure"` +} + +// String returns the string representation +func (s ListCloudFrontOriginAccessIdentitiesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListCloudFrontOriginAccessIdentitiesOutput) GoString() string { + return s.String() +} + +// The request to list distributions that are associated with a specified AWS +// WAF web ACL. +type ListDistributionsByWebACLIdInput struct { + _ struct{} `type:"structure"` + + // Use Marker and MaxItems to control pagination of results. If you have more + // than MaxItems distributions that satisfy the request, the response includes + // a NextMarker element. To get the next page of results, submit another request. + // For the value of Marker, specify the value of NextMarker from the last response. + // (For the first request, omit Marker.) + Marker *string `location:"querystring" locationName:"Marker" type:"string"` + + // The maximum number of distributions that you want CloudFront to return in + // the response body. The maximum and default values are both 100. + MaxItems *int64 `location:"querystring" locationName:"MaxItems" type:"integer"` + + // The Id of the AWS WAF web ACL for which you want to list the associated distributions. + // If you specify "null" for the Id, the request returns a list of the distributions + // that aren't associated with a web ACL. + WebACLId *string `location:"uri" locationName:"WebACLId" type:"string" required:"true"` +} + +// String returns the string representation +func (s ListDistributionsByWebACLIdInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListDistributionsByWebACLIdInput) GoString() string { + return s.String() +} + +// The response to a request to list the distributions that are associated with +// a specified AWS WAF web ACL. +type ListDistributionsByWebACLIdOutput struct { + _ struct{} `type:"structure" payload:"DistributionList"` + + // The DistributionList type. + DistributionList *DistributionList `type:"structure"` +} + +// String returns the string representation +func (s ListDistributionsByWebACLIdOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListDistributionsByWebACLIdOutput) GoString() string { + return s.String() +} + +// The request to list your distributions. +type ListDistributionsInput struct { + _ struct{} `type:"structure"` + + // Use Marker and MaxItems to control pagination of results. If you have more + // than MaxItems distributions that satisfy the request, the response includes + // a NextMarker element. To get the next page of results, submit another request. + // For the value of Marker, specify the value of NextMarker from the last response. + // (For the first request, omit Marker.) + Marker *string `location:"querystring" locationName:"Marker" type:"string"` + + // The maximum number of distributions that you want CloudFront to return in + // the response body. The maximum and default values are both 100. + MaxItems *int64 `location:"querystring" locationName:"MaxItems" type:"integer"` +} + +// String returns the string representation +func (s ListDistributionsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListDistributionsInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type ListDistributionsOutput struct { + _ struct{} `type:"structure" payload:"DistributionList"` + + // The DistributionList type. + DistributionList *DistributionList `type:"structure"` +} + +// String returns the string representation +func (s ListDistributionsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListDistributionsOutput) GoString() string { + return s.String() +} + +// The request to list invalidations. +type ListInvalidationsInput struct { + _ struct{} `type:"structure"` + + // The distribution's id. + DistributionId *string `location:"uri" locationName:"DistributionId" type:"string" required:"true"` + + // Use this parameter when paginating results to indicate where to begin in + // your list of invalidation batches. Because the results are returned in decreasing + // order from most recent to oldest, the most recent results are on the first + // page, the second page will contain earlier results, and so on. To get the + // next page of results, set the Marker to the value of the NextMarker from + // the current page's response. This value is the same as the ID of the last + // invalidation batch on that page. + Marker *string `location:"querystring" locationName:"Marker" type:"string"` + + // The maximum number of invalidation batches you want in the response body. + MaxItems *int64 `location:"querystring" locationName:"MaxItems" type:"integer"` +} + +// String returns the string representation +func (s ListInvalidationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListInvalidationsInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type ListInvalidationsOutput struct { + _ struct{} `type:"structure" payload:"InvalidationList"` + + // Information about invalidation batches. + InvalidationList *InvalidationList `type:"structure"` +} + +// String returns the string representation +func (s ListInvalidationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListInvalidationsOutput) GoString() string { + return s.String() +} + +// The request to list your streaming distributions. +type ListStreamingDistributionsInput struct { + _ struct{} `type:"structure"` + + // Use this when paginating results to indicate where to begin in your list + // of streaming distributions. The results include distributions in the list + // that occur after the marker. To get the next page of results, set the Marker + // to the value of the NextMarker from the current page's response (which is + // also the ID of the last distribution on that page). + Marker *string `location:"querystring" locationName:"Marker" type:"string"` + + // The maximum number of streaming distributions you want in the response body. + MaxItems *int64 `location:"querystring" locationName:"MaxItems" type:"integer"` +} + +// String returns the string representation +func (s ListStreamingDistributionsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListStreamingDistributionsInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type ListStreamingDistributionsOutput struct { + _ struct{} `type:"structure" payload:"StreamingDistributionList"` + + // The StreamingDistributionList type. + StreamingDistributionList *StreamingDistributionList `type:"structure"` +} + +// String returns the string representation +func (s ListStreamingDistributionsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListStreamingDistributionsOutput) GoString() string { + return s.String() +} + +// A complex type that controls whether access logs are written for the distribution. +type LoggingConfig struct { + _ struct{} `type:"structure"` + + // The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com. + Bucket *string `type:"string" required:"true"` + + // Specifies whether you want CloudFront to save access logs to an Amazon S3 + // bucket. If you do not want to enable logging when you create a distribution + // or if you want to disable logging for an existing distribution, specify false + // for Enabled, and specify empty Bucket and Prefix elements. If you specify + // false for Enabled but you specify values for Bucket, prefix and IncludeCookies, + // the values are automatically deleted. + Enabled *bool `type:"boolean" required:"true"` + + // Specifies whether you want CloudFront to include cookies in access logs, + // specify true for IncludeCookies. If you choose to include cookies in logs, + // CloudFront logs all cookies regardless of how you configure the cache behaviors + // for this distribution. If you do not want to include cookies when you create + // a distribution or if you want to disable include cookies for an existing + // distribution, specify false for IncludeCookies. + IncludeCookies *bool `type:"boolean" required:"true"` + + // An optional string that you want CloudFront to prefix to the access log filenames + // for this distribution, for example, myprefix/. If you want to enable logging, + // but you do not want to specify a prefix, you still must include an empty + // Prefix element in the Logging element. + Prefix *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s LoggingConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LoggingConfig) GoString() string { + return s.String() +} + +// A complex type that describes the Amazon S3 bucket or the HTTP server (for +// example, a web server) from which CloudFront gets your files.You must create +// at least one origin. +type Origin struct { + _ struct{} `type:"structure"` + + // A complex type that contains information about the custom headers associated + // with this Origin. + CustomHeaders *CustomHeaders `type:"structure"` + + // A complex type that contains information about a custom origin. If the origin + // is an Amazon S3 bucket, use the S3OriginConfig element instead. + CustomOriginConfig *CustomOriginConfig `type:"structure"` + + // Amazon S3 origins: The DNS name of the Amazon S3 bucket from which you want + // CloudFront to get objects for this origin, for example, myawsbucket.s3.amazonaws.com. + // Custom origins: The DNS domain name for the HTTP server from which you want + // CloudFront to get objects for this origin, for example, www.example.com. + DomainName *string `type:"string" required:"true"` + + // A unique identifier for the origin. The value of Id must be unique within + // the distribution. You use the value of Id when you create a cache behavior. + // The Id identifies the origin that CloudFront routes a request to when the + // request matches the path pattern for that cache behavior. + Id *string `type:"string" required:"true"` + + // An optional element that causes CloudFront to request your content from a + // directory in your Amazon S3 bucket or your custom origin. When you include + // the OriginPath element, specify the directory name, beginning with a /. CloudFront + // appends the directory name to the value of DomainName. + OriginPath *string `type:"string"` + + // A complex type that contains information about the Amazon S3 origin. If the + // origin is a custom origin, use the CustomOriginConfig element instead. + S3OriginConfig *S3OriginConfig `type:"structure"` +} + +// String returns the string representation +func (s Origin) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Origin) GoString() string { + return s.String() +} + +// CloudFront origin access identity. +type OriginAccessIdentity struct { + _ struct{} `type:"structure"` + + // The current configuration information for the identity. + CloudFrontOriginAccessIdentityConfig *OriginAccessIdentityConfig `type:"structure"` + + // The ID for the origin access identity. For example: E74FTE3AJFJ256A. + Id *string `type:"string" required:"true"` + + // The Amazon S3 canonical user ID for the origin access identity, which you + // use when giving the origin access identity read permission to an object in + // Amazon S3. + S3CanonicalUserId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s OriginAccessIdentity) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s OriginAccessIdentity) GoString() string { + return s.String() +} + +// Origin access identity configuration. +type OriginAccessIdentityConfig struct { + _ struct{} `type:"structure"` + + // A unique number that ensures the request can't be replayed. If the CallerReference + // is new (no matter the content of the CloudFrontOriginAccessIdentityConfig + // object), a new origin access identity is created. If the CallerReference + // is a value you already sent in a previous request to create an identity, + // and the content of the CloudFrontOriginAccessIdentityConfig is identical + // to the original request (ignoring white space), the response includes the + // same information returned to the original request. If the CallerReference + // is a value you already sent in a previous request to create an identity but + // the content of the CloudFrontOriginAccessIdentityConfig is different from + // the original request, CloudFront returns a CloudFrontOriginAccessIdentityAlreadyExists + // error. + CallerReference *string `type:"string" required:"true"` + + // Any comments you want to include about the origin access identity. + Comment *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s OriginAccessIdentityConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s OriginAccessIdentityConfig) GoString() string { + return s.String() +} + +// The CloudFrontOriginAccessIdentityList type. +type OriginAccessIdentityList struct { + _ struct{} `type:"structure"` + + // A flag that indicates whether more origin access identities remain to be + // listed. If your results were truncated, you can make a follow-up pagination + // request using the Marker request parameter to retrieve more items in the + // list. + IsTruncated *bool `type:"boolean" required:"true"` + + // A complex type that contains one CloudFrontOriginAccessIdentitySummary element + // for each origin access identity that was created by the current AWS account. + Items []*OriginAccessIdentitySummary `locationNameList:"CloudFrontOriginAccessIdentitySummary" type:"list"` + + // The value you provided for the Marker request parameter. + Marker *string `type:"string" required:"true"` + + // The value you provided for the MaxItems request parameter. + MaxItems *int64 `type:"integer" required:"true"` + + // If IsTruncated is true, this element is present and contains the value you + // can use for the Marker request parameter to continue listing your origin + // access identities where they left off. + NextMarker *string `type:"string"` + + // The number of CloudFront origin access identities that were created by the + // current AWS account. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s OriginAccessIdentityList) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s OriginAccessIdentityList) GoString() string { + return s.String() +} + +// Summary of the information about a CloudFront origin access identity. +type OriginAccessIdentitySummary struct { + _ struct{} `type:"structure"` + + // The comment for this origin access identity, as originally specified when + // created. + Comment *string `type:"string" required:"true"` + + // The ID for the origin access identity. For example: E74FTE3AJFJ256A. + Id *string `type:"string" required:"true"` + + // The Amazon S3 canonical user ID for the origin access identity, which you + // use when giving the origin access identity read permission to an object in + // Amazon S3. + S3CanonicalUserId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s OriginAccessIdentitySummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s OriginAccessIdentitySummary) GoString() string { + return s.String() +} + +// A complex type that contains information related to a Header +type OriginCustomHeader struct { + _ struct{} `type:"structure"` + + // The header's name. + HeaderName *string `type:"string" required:"true"` + + // The header's value. + HeaderValue *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s OriginCustomHeader) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s OriginCustomHeader) GoString() string { + return s.String() +} + +// A complex type that contains the list of SSL/TLS protocols that you want +// CloudFront to use when communicating with your origin over HTTPS. +type OriginSslProtocols struct { + _ struct{} `type:"structure"` + + // A complex type that contains one SslProtocol element for each SSL/TLS protocol + // that you want to allow CloudFront to use when establishing an HTTPS connection + // with this origin. + Items []*string `locationNameList:"SslProtocol" type:"list" required:"true"` + + // The number of SSL/TLS protocols that you want to allow CloudFront to use + // when establishing an HTTPS connection with this origin. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s OriginSslProtocols) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s OriginSslProtocols) GoString() string { + return s.String() +} + +// A complex type that contains information about origins for this distribution. +type Origins struct { + _ struct{} `type:"structure"` + + // A complex type that contains origins for this distribution. + Items []*Origin `locationNameList:"Origin" min:"1" type:"list"` + + // The number of origins for this distribution. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s Origins) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Origins) GoString() string { + return s.String() +} + +// A complex type that contains information about the objects that you want +// to invalidate. +type Paths struct { + _ struct{} `type:"structure"` + + // A complex type that contains a list of the objects that you want to invalidate. + Items []*string `locationNameList:"Path" type:"list"` + + // The number of objects that you want to invalidate. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s Paths) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Paths) GoString() string { + return s.String() +} + +// A complex type that identifies ways in which you want to restrict distribution +// of your content. +type Restrictions struct { + _ struct{} `type:"structure"` + + // A complex type that controls the countries in which your content is distributed. + // For more information about geo restriction, go to Customizing Error Responses + // in the Amazon CloudFront Developer Guide. CloudFront determines the location + // of your users using MaxMind GeoIP databases. For information about the accuracy + // of these databases, see How accurate are your GeoIP databases? on the MaxMind + // website. + GeoRestriction *GeoRestriction `type:"structure" required:"true"` +} + +// String returns the string representation +func (s Restrictions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Restrictions) GoString() string { + return s.String() +} + +// A complex type that contains information about the Amazon S3 bucket from +// which you want CloudFront to get your media files for distribution. +type S3Origin struct { + _ struct{} `type:"structure"` + + // The DNS name of the S3 origin. + DomainName *string `type:"string" required:"true"` + + // Your S3 origin's origin access identity. + OriginAccessIdentity *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s S3Origin) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s S3Origin) GoString() string { + return s.String() +} + +// A complex type that contains information about the Amazon S3 origin. If the +// origin is a custom origin, use the CustomOriginConfig element instead. +type S3OriginConfig struct { + _ struct{} `type:"structure"` + + // The CloudFront origin access identity to associate with the origin. Use an + // origin access identity to configure the origin so that end users can only + // access objects in an Amazon S3 bucket through CloudFront. If you want end + // users to be able to access objects using either the CloudFront URL or the + // Amazon S3 URL, specify an empty OriginAccessIdentity element. To delete the + // origin access identity from an existing distribution, update the distribution + // configuration and include an empty OriginAccessIdentity element. To replace + // the origin access identity, update the distribution configuration and specify + // the new origin access identity. Use the format origin-access-identity/cloudfront/Id + // where Id is the value that CloudFront returned in the Id element when you + // created the origin access identity. + OriginAccessIdentity *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s S3OriginConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s S3OriginConfig) GoString() string { + return s.String() +} + +// A complex type that lists the AWS accounts that were included in the TrustedSigners +// complex type, as well as their active CloudFront key pair IDs, if any. +type Signer struct { + _ struct{} `type:"structure"` + + // Specifies an AWS account that can create signed URLs. Values: self, which + // indicates that the AWS account that was used to create the distribution can + // created signed URLs, or an AWS account number. Omit the dashes in the account + // number. + AwsAccountNumber *string `type:"string"` + + // A complex type that lists the active CloudFront key pairs, if any, that are + // associated with AwsAccountNumber. + KeyPairIds *KeyPairIds `type:"structure"` +} + +// String returns the string representation +func (s Signer) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Signer) GoString() string { + return s.String() +} + +// A streaming distribution. +type StreamingDistribution struct { + _ struct{} `type:"structure"` + + // CloudFront automatically adds this element to the response only if you've + // set up the distribution to serve private content with signed URLs. The element + // lists the key pair IDs that CloudFront is aware of for each trusted signer. + // The Signer child element lists the AWS account number of the trusted signer + // (or an empty Self element if the signer is you). The Signer element also + // includes the IDs of any active key pairs associated with the trusted signer's + // AWS account. If no KeyPairId element appears for a Signer, that signer can't + // create working signed URLs. + ActiveTrustedSigners *ActiveTrustedSigners `type:"structure" required:"true"` + + // The domain name corresponding to the streaming distribution. For example: + // s5c39gqb8ow64r.cloudfront.net. + DomainName *string `type:"string" required:"true"` + + // The identifier for the streaming distribution. For example: EGTXBD79H29TRA8. + Id *string `type:"string" required:"true"` + + // The date and time the distribution was last modified. + LastModifiedTime *time.Time `type:"timestamp" timestampFormat:"iso8601"` + + // The current status of the streaming distribution. When the status is Deployed, + // the distribution's information is fully propagated throughout the Amazon + // CloudFront system. + Status *string `type:"string" required:"true"` + + // The current configuration information for the streaming distribution. + StreamingDistributionConfig *StreamingDistributionConfig `type:"structure" required:"true"` +} + +// String returns the string representation +func (s StreamingDistribution) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s StreamingDistribution) GoString() string { + return s.String() +} + +// The configuration for the streaming distribution. +type StreamingDistributionConfig struct { + _ struct{} `type:"structure"` + + // A complex type that contains information about CNAMEs (alternate domain names), + // if any, for this streaming distribution. + Aliases *Aliases `type:"structure"` + + // A unique number that ensures the request can't be replayed. If the CallerReference + // is new (no matter the content of the StreamingDistributionConfig object), + // a new streaming distribution is created. If the CallerReference is a value + // you already sent in a previous request to create a streaming distribution, + // and the content of the StreamingDistributionConfig is identical to the original + // request (ignoring white space), the response includes the same information + // returned to the original request. If the CallerReference is a value you already + // sent in a previous request to create a streaming distribution but the content + // of the StreamingDistributionConfig is different from the original request, + // CloudFront returns a DistributionAlreadyExists error. + CallerReference *string `type:"string" required:"true"` + + // Any comments you want to include about the streaming distribution. + Comment *string `type:"string" required:"true"` + + // Whether the streaming distribution is enabled to accept end user requests + // for content. + Enabled *bool `type:"boolean" required:"true"` + + // A complex type that controls whether access logs are written for the streaming + // distribution. + Logging *StreamingLoggingConfig `type:"structure"` + + // A complex type that contains information about price class for this streaming + // distribution. + PriceClass *string `type:"string" enum:"PriceClass"` + + // A complex type that contains information about the Amazon S3 bucket from + // which you want CloudFront to get your media files for distribution. + S3Origin *S3Origin `type:"structure" required:"true"` + + // A complex type that specifies the AWS accounts, if any, that you want to + // allow to create signed URLs for private content. If you want to require signed + // URLs in requests for objects in the target origin that match the PathPattern + // for this cache behavior, specify true for Enabled, and specify the applicable + // values for Quantity and Items. For more information, go to Using a Signed + // URL to Serve Private Content in the Amazon CloudFront Developer Guide. If + // you don't want to require signed URLs in requests for objects that match + // PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To + // add, change, or remove one or more trusted signers, change Enabled to true + // (if it's currently false), change Quantity as applicable, and specify all + // of the trusted signers that you want to include in the updated distribution. + TrustedSigners *TrustedSigners `type:"structure" required:"true"` +} + +// String returns the string representation +func (s StreamingDistributionConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s StreamingDistributionConfig) GoString() string { + return s.String() +} + +// A streaming distribution list. +type StreamingDistributionList struct { + _ struct{} `type:"structure"` + + // A flag that indicates whether more streaming distributions remain to be listed. + // If your results were truncated, you can make a follow-up pagination request + // using the Marker request parameter to retrieve more distributions in the + // list. + IsTruncated *bool `type:"boolean" required:"true"` + + // A complex type that contains one StreamingDistributionSummary element for + // each distribution that was created by the current AWS account. + Items []*StreamingDistributionSummary `locationNameList:"StreamingDistributionSummary" type:"list"` + + // The value you provided for the Marker request parameter. + Marker *string `type:"string" required:"true"` + + // The value you provided for the MaxItems request parameter. + MaxItems *int64 `type:"integer" required:"true"` + + // If IsTruncated is true, this element is present and contains the value you + // can use for the Marker request parameter to continue listing your streaming + // distributions where they left off. + NextMarker *string `type:"string"` + + // The number of streaming distributions that were created by the current AWS + // account. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s StreamingDistributionList) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s StreamingDistributionList) GoString() string { + return s.String() +} + +// A summary of the information for an Amazon CloudFront streaming distribution. +type StreamingDistributionSummary struct { + _ struct{} `type:"structure"` + + // A complex type that contains information about CNAMEs (alternate domain names), + // if any, for this streaming distribution. + Aliases *Aliases `type:"structure" required:"true"` + + // The comment originally specified when this distribution was created. + Comment *string `type:"string" required:"true"` + + // The domain name corresponding to the distribution. For example: d604721fxaaqy9.cloudfront.net. + DomainName *string `type:"string" required:"true"` + + // Whether the distribution is enabled to accept end user requests for content. + Enabled *bool `type:"boolean" required:"true"` + + // The identifier for the distribution. For example: EDFDVBD632BHDS5. + Id *string `type:"string" required:"true"` + + // The date and time the distribution was last modified. + LastModifiedTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` + + PriceClass *string `type:"string" required:"true" enum:"PriceClass"` + + // A complex type that contains information about the Amazon S3 bucket from + // which you want CloudFront to get your media files for distribution. + S3Origin *S3Origin `type:"structure" required:"true"` + + // Indicates the current status of the distribution. When the status is Deployed, + // the distribution's information is fully propagated throughout the Amazon + // CloudFront system. + Status *string `type:"string" required:"true"` + + // A complex type that specifies the AWS accounts, if any, that you want to + // allow to create signed URLs for private content. If you want to require signed + // URLs in requests for objects in the target origin that match the PathPattern + // for this cache behavior, specify true for Enabled, and specify the applicable + // values for Quantity and Items. For more information, go to Using a Signed + // URL to Serve Private Content in the Amazon CloudFront Developer Guide. If + // you don't want to require signed URLs in requests for objects that match + // PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To + // add, change, or remove one or more trusted signers, change Enabled to true + // (if it's currently false), change Quantity as applicable, and specify all + // of the trusted signers that you want to include in the updated distribution. + TrustedSigners *TrustedSigners `type:"structure" required:"true"` +} + +// String returns the string representation +func (s StreamingDistributionSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s StreamingDistributionSummary) GoString() string { + return s.String() +} + +// A complex type that controls whether access logs are written for this streaming +// distribution. +type StreamingLoggingConfig struct { + _ struct{} `type:"structure"` + + // The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com. + Bucket *string `type:"string" required:"true"` + + // Specifies whether you want CloudFront to save access logs to an Amazon S3 + // bucket. If you do not want to enable logging when you create a streaming + // distribution or if you want to disable logging for an existing streaming + // distribution, specify false for Enabled, and specify empty Bucket and Prefix + // elements. If you specify false for Enabled but you specify values for Bucket + // and Prefix, the values are automatically deleted. + Enabled *bool `type:"boolean" required:"true"` + + // An optional string that you want CloudFront to prefix to the access log filenames + // for this streaming distribution, for example, myprefix/. If you want to enable + // logging, but you do not want to specify a prefix, you still must include + // an empty Prefix element in the Logging element. + Prefix *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s StreamingLoggingConfig) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s StreamingLoggingConfig) GoString() string { + return s.String() +} + +// A complex type that specifies the AWS accounts, if any, that you want to +// allow to create signed URLs for private content. If you want to require signed +// URLs in requests for objects in the target origin that match the PathPattern +// for this cache behavior, specify true for Enabled, and specify the applicable +// values for Quantity and Items. For more information, go to Using a Signed +// URL to Serve Private Content in the Amazon CloudFront Developer Guide. If +// you don't want to require signed URLs in requests for objects that match +// PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To +// add, change, or remove one or more trusted signers, change Enabled to true +// (if it's currently false), change Quantity as applicable, and specify all +// of the trusted signers that you want to include in the updated distribution. +type TrustedSigners struct { + _ struct{} `type:"structure"` + + // Specifies whether you want to require end users to use signed URLs to access + // the files specified by PathPattern and TargetOriginId. + Enabled *bool `type:"boolean" required:"true"` + + // Optional: A complex type that contains trusted signers for this cache behavior. + // If Quantity is 0, you can omit Items. + Items []*string `locationNameList:"AwsAccountNumber" type:"list"` + + // The number of trusted signers for this cache behavior. + Quantity *int64 `type:"integer" required:"true"` +} + +// String returns the string representation +func (s TrustedSigners) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TrustedSigners) GoString() string { + return s.String() +} + +// The request to update an origin access identity. +type UpdateCloudFrontOriginAccessIdentityInput struct { + _ struct{} `type:"structure" payload:"CloudFrontOriginAccessIdentityConfig"` + + // The identity's configuration information. + CloudFrontOriginAccessIdentityConfig *OriginAccessIdentityConfig `locationName:"CloudFrontOriginAccessIdentityConfig" type:"structure" required:"true"` + + // The identity's id. + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` + + // The value of the ETag header you received when retrieving the identity's + // configuration. For example: E2QWRUHAPOMQZL. + IfMatch *string `location:"header" locationName:"If-Match" type:"string"` +} + +// String returns the string representation +func (s UpdateCloudFrontOriginAccessIdentityInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateCloudFrontOriginAccessIdentityInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type UpdateCloudFrontOriginAccessIdentityOutput struct { + _ struct{} `type:"structure" payload:"CloudFrontOriginAccessIdentity"` + + // The origin access identity's information. + CloudFrontOriginAccessIdentity *OriginAccessIdentity `type:"structure"` + + // The current version of the configuration. For example: E2QWRUHAPOMQZL. + ETag *string `location:"header" locationName:"ETag" type:"string"` +} + +// String returns the string representation +func (s UpdateCloudFrontOriginAccessIdentityOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateCloudFrontOriginAccessIdentityOutput) GoString() string { + return s.String() +} + +// The request to update a distribution. +type UpdateDistributionInput struct { + _ struct{} `type:"structure" payload:"DistributionConfig"` + + // The distribution's configuration information. + DistributionConfig *DistributionConfig `locationName:"DistributionConfig" type:"structure" required:"true"` + + // The distribution's id. + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` + + // The value of the ETag header you received when retrieving the distribution's + // configuration. For example: E2QWRUHAPOMQZL. + IfMatch *string `location:"header" locationName:"If-Match" type:"string"` +} + +// String returns the string representation +func (s UpdateDistributionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateDistributionInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type UpdateDistributionOutput struct { + _ struct{} `type:"structure" payload:"Distribution"` + + // The distribution's information. + Distribution *Distribution `type:"structure"` + + // The current version of the configuration. For example: E2QWRUHAPOMQZL. + ETag *string `location:"header" locationName:"ETag" type:"string"` +} + +// String returns the string representation +func (s UpdateDistributionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateDistributionOutput) GoString() string { + return s.String() +} + +// The request to update a streaming distribution. +type UpdateStreamingDistributionInput struct { + _ struct{} `type:"structure" payload:"StreamingDistributionConfig"` + + // The streaming distribution's id. + Id *string `location:"uri" locationName:"Id" type:"string" required:"true"` + + // The value of the ETag header you received when retrieving the streaming distribution's + // configuration. For example: E2QWRUHAPOMQZL. + IfMatch *string `location:"header" locationName:"If-Match" type:"string"` + + // The streaming distribution's configuration information. + StreamingDistributionConfig *StreamingDistributionConfig `locationName:"StreamingDistributionConfig" type:"structure" required:"true"` +} + +// String returns the string representation +func (s UpdateStreamingDistributionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateStreamingDistributionInput) GoString() string { + return s.String() +} + +// The returned result of the corresponding request. +type UpdateStreamingDistributionOutput struct { + _ struct{} `type:"structure" payload:"StreamingDistribution"` + + // The current version of the configuration. For example: E2QWRUHAPOMQZL. + ETag *string `location:"header" locationName:"ETag" type:"string"` + + // The streaming distribution's information. + StreamingDistribution *StreamingDistribution `type:"structure"` +} + +// String returns the string representation +func (s UpdateStreamingDistributionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UpdateStreamingDistributionOutput) GoString() string { + return s.String() +} + +// A complex type that contains information about viewer certificates for this +// distribution. +type ViewerCertificate struct { + _ struct{} `type:"structure"` + + // If you want viewers to use HTTPS to request your objects and you're using + // an alternate domain name in your object URLs (for example, https://example.com/logo.jpg), + // specify the ACM certificate ARN of the custom viewer certificate for this + // distribution. Specify either this value, IAMCertificateId, or CloudFrontDefaultCertificate. + ACMCertificateArn *string `type:"string"` + + // Note: this field is deprecated. Please use one of [ACMCertificateArn, IAMCertificateId, + // CloudFrontDefaultCertificate]. + Certificate *string `deprecated:"true" type:"string"` + + // Note: this field is deprecated. Please use one of [ACMCertificateArn, IAMCertificateId, + // CloudFrontDefaultCertificate]. + CertificateSource *string `deprecated:"true" type:"string" enum:"CertificateSource"` + + // If you want viewers to use HTTPS to request your objects and you're using + // the CloudFront domain name of your distribution in your object URLs (for + // example, https://d111111abcdef8.cloudfront.net/logo.jpg), set to true. Omit + // this value if you are setting an ACMCertificateArn or IAMCertificateId. + CloudFrontDefaultCertificate *bool `type:"boolean"` + + // If you want viewers to use HTTPS to request your objects and you're using + // an alternate domain name in your object URLs (for example, https://example.com/logo.jpg), + // specify the IAM certificate identifier of the custom viewer certificate for + // this distribution. Specify either this value, ACMCertificateArn, or CloudFrontDefaultCertificate. + IAMCertificateId *string `type:"string"` + + // Specify the minimum version of the SSL protocol that you want CloudFront + // to use, SSLv3 or TLSv1, for HTTPS connections. CloudFront will serve your + // objects only to browsers or devices that support at least the SSL version + // that you specify. The TLSv1 protocol is more secure, so we recommend that + // you specify SSLv3 only if your users are using browsers or devices that don't + // support TLSv1. If you're using a custom certificate (if you specify a value + // for IAMCertificateId) and if you're using dedicated IP (if you specify vip + // for SSLSupportMethod), you can choose SSLv3 or TLSv1 as the MinimumProtocolVersion. + // If you're using a custom certificate (if you specify a value for IAMCertificateId) + // and if you're using SNI (if you specify sni-only for SSLSupportMethod), you + // must specify TLSv1 for MinimumProtocolVersion. + MinimumProtocolVersion *string `type:"string" enum:"MinimumProtocolVersion"` + + // If you specify a value for IAMCertificateId, you must also specify how you + // want CloudFront to serve HTTPS requests. Valid values are vip and sni-only. + // If you specify vip, CloudFront uses dedicated IP addresses for your content + // and can respond to HTTPS requests from any viewer. However, you must request + // permission to use this feature, and you incur additional monthly charges. + // If you specify sni-only, CloudFront can only respond to HTTPS requests from + // viewers that support Server Name Indication (SNI). All modern browsers support + // SNI, but some browsers still in use don't support SNI. Do not specify a value + // for SSLSupportMethod if you specified true for CloudFrontDefaultCertificate. + SSLSupportMethod *string `type:"string" enum:"SSLSupportMethod"` +} + +// String returns the string representation +func (s ViewerCertificate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ViewerCertificate) GoString() string { + return s.String() +} + +const ( + // @enum CertificateSource + CertificateSourceCloudfront = "cloudfront" + // @enum CertificateSource + CertificateSourceIam = "iam" + // @enum CertificateSource + CertificateSourceAcm = "acm" +) + +const ( + // @enum GeoRestrictionType + GeoRestrictionTypeBlacklist = "blacklist" + // @enum GeoRestrictionType + GeoRestrictionTypeWhitelist = "whitelist" + // @enum GeoRestrictionType + GeoRestrictionTypeNone = "none" +) + +const ( + // @enum ItemSelection + ItemSelectionNone = "none" + // @enum ItemSelection + ItemSelectionWhitelist = "whitelist" + // @enum ItemSelection + ItemSelectionAll = "all" +) + +const ( + // @enum Method + MethodGet = "GET" + // @enum Method + MethodHead = "HEAD" + // @enum Method + MethodPost = "POST" + // @enum Method + MethodPut = "PUT" + // @enum Method + MethodPatch = "PATCH" + // @enum Method + MethodOptions = "OPTIONS" + // @enum Method + MethodDelete = "DELETE" +) + +const ( + // @enum MinimumProtocolVersion + MinimumProtocolVersionSslv3 = "SSLv3" + // @enum MinimumProtocolVersion + MinimumProtocolVersionTlsv1 = "TLSv1" +) + +const ( + // @enum OriginProtocolPolicy + OriginProtocolPolicyHttpOnly = "http-only" + // @enum OriginProtocolPolicy + OriginProtocolPolicyMatchViewer = "match-viewer" + // @enum OriginProtocolPolicy + OriginProtocolPolicyHttpsOnly = "https-only" +) + +const ( + // @enum PriceClass + PriceClassPriceClass100 = "PriceClass_100" + // @enum PriceClass + PriceClassPriceClass200 = "PriceClass_200" + // @enum PriceClass + PriceClassPriceClassAll = "PriceClass_All" +) + +const ( + // @enum SSLSupportMethod + SSLSupportMethodSniOnly = "sni-only" + // @enum SSLSupportMethod + SSLSupportMethodVip = "vip" +) + +const ( + // @enum SslProtocol + SslProtocolSslv3 = "SSLv3" + // @enum SslProtocol + SslProtocolTlsv1 = "TLSv1" + // @enum SslProtocol + SslProtocolTlsv11 = "TLSv1.1" + // @enum SslProtocol + SslProtocolTlsv12 = "TLSv1.2" +) + +const ( + // @enum ViewerProtocolPolicy + ViewerProtocolPolicyAllowAll = "allow-all" + // @enum ViewerProtocolPolicy + ViewerProtocolPolicyHttpsOnly = "https-only" + // @enum ViewerProtocolPolicy + ViewerProtocolPolicyRedirectToHttps = "redirect-to-https" +) diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/service.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/service.go new file mode 100644 index 000000000000..51b73c6efef8 --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/service.go @@ -0,0 +1,86 @@ +// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. + +package cloudfront + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol/restxml" + "github.com/aws/aws-sdk-go/private/signer/v4" +) + +// CloudFront is a client for CloudFront. +//The service client's operations are safe to be used concurrently. +// It is not safe to mutate any of the client's properties though. +type CloudFront struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// A ServiceName is the name of the service the client will make API calls to. +const ServiceName = "cloudfront" + +// New creates a new instance of the CloudFront client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// // Create a CloudFront client from just a session. +// svc := cloudfront.New(mySession) +// +// // Create a CloudFront client with additional configuration +// svc := cloudfront.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *CloudFront { + c := p.ClientConfig(ServiceName, cfgs...) + return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion string) *CloudFront { + svc := &CloudFront{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + SigningRegion: signingRegion, + Endpoint: endpoint, + APIVersion: "2016-01-28", + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBack(v4.Sign) + svc.Handlers.Build.PushBackNamed(restxml.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(restxml.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(restxml.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed(restxml.UnmarshalErrorHandler) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a CloudFront operation and runs any +// custom request initialization. +func (c *CloudFront) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +} diff --git a/vendor/github.com/aws/aws-sdk-go/service/cloudfront/waiters.go b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/waiters.go new file mode 100644 index 000000000000..7a0525d1770b --- /dev/null +++ b/vendor/github.com/aws/aws-sdk-go/service/cloudfront/waiters.go @@ -0,0 +1,76 @@ +// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. + +package cloudfront + +import ( + "github.com/aws/aws-sdk-go/private/waiter" +) + +func (c *CloudFront) WaitUntilDistributionDeployed(input *GetDistributionInput) error { + waiterCfg := waiter.Config{ + Operation: "GetDistribution", + Delay: 60, + MaxAttempts: 25, + Acceptors: []waiter.WaitAcceptor{ + { + State: "success", + Matcher: "path", + Argument: "Distribution.Status", + Expected: "Deployed", + }, + }, + } + + w := waiter.Waiter{ + Client: c, + Input: input, + Config: waiterCfg, + } + return w.Wait() +} + +func (c *CloudFront) WaitUntilInvalidationCompleted(input *GetInvalidationInput) error { + waiterCfg := waiter.Config{ + Operation: "GetInvalidation", + Delay: 20, + MaxAttempts: 30, + Acceptors: []waiter.WaitAcceptor{ + { + State: "success", + Matcher: "path", + Argument: "Invalidation.Status", + Expected: "Completed", + }, + }, + } + + w := waiter.Waiter{ + Client: c, + Input: input, + Config: waiterCfg, + } + return w.Wait() +} + +func (c *CloudFront) WaitUntilStreamingDistributionDeployed(input *GetStreamingDistributionInput) error { + waiterCfg := waiter.Config{ + Operation: "GetStreamingDistribution", + Delay: 60, + MaxAttempts: 25, + Acceptors: []waiter.WaitAcceptor{ + { + State: "success", + Matcher: "path", + Argument: "StreamingDistribution.Status", + Expected: "Deployed", + }, + }, + } + + w := waiter.Waiter{ + Client: c, + Input: input, + Config: waiterCfg, + } + return w.Wait() +} diff --git a/website/source/docs/providers/aws/r/cloudfront_distribution.html.markdown b/website/source/docs/providers/aws/r/cloudfront_distribution.html.markdown new file mode 100644 index 000000000000..6c9f10a099a7 --- /dev/null +++ b/website/source/docs/providers/aws/r/cloudfront_distribution.html.markdown @@ -0,0 +1,197 @@ +--- +layout: "aws" +page_title: "AWS: cloudfront_distribution" +sidebar_current: "docs-aws-resource-cloudfront-distribution" +description: |- + Provides a CloudFront web distribution resource. +--- + +# aws\_cloudfront\_distribution + +Creates an Amazon CloudFront web distribution. + +For information about CloudFront distributions, see the +[Amazon CloudFront Developer Guide][1]. For specific information about creating +CloudFront web distributions, see the [POST Distribution][2] page in the Amazon +CloudFront API Reference. + +~> **NOTE:** CloudFront distributions take about 15 minutes to a deployed state +after creation or modification. During this time, deletes to resources will be +blocked. If you need to delete a distribution that is enabled and you do not +want to wait, you need to use the `retain_on_delete` flag. + +## Example Usage + +The following example below creates a CloudFront distribution with an S3 origin. + +``` +resource "aws_cloudfront_distribution" "s3_distribution" { + origin { + domain_name = "mybucket.s3.amazonaws.com" + origin_id = "myS3Origin" + s3_origin_config { + origin_access_identity = "origin-access-identity/cloudfront/ABCDEFG1234567" + } + } + enabled = true + comment = "Some comment" + default_root_object = "index.html" + logging_config { + include_cookies = false + bucket = "mylogs.s3.amazonaws.com" + prefix = "myprefix" + } + aliases = [ "mysite.example.com", "yoursite.example.com" ] + default_cache_behavior { + allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ] + cached_methods = [ "GET", "HEAD" ] + target_origin_id = "myS3Origin" + forwarded_values { + query_string = false + cookies { + forward = "none" + } + } + viewer_protocol_policy = "allow-all" + min_ttl = 0 + default_ttl = 3600 + max_ttl = 86400 + } + price_class = "PriceClass_200" + restrictions { + geo_restriction { + restriction_type = "whitelist" + locations = [ "US", "CA", "GB", "DE" ] + } + } + viewer_certificate { + cloudfront_default_certificate = true + } +} +``` + +## Argument Reference + +The CloudFront distribution argument layout is a complex structure composed +of several sub-resources - these resources are laid out below. + +### Top-Level Arguments + +* `aliases` (Optional) - Extra CNAMEs (alternate domain names), if any, for this distribution. +* `cache_behavior` (Optional) - A [cache behavior](#cache_behavior) resource for this distribution (multiples allowed). +* `comment` (Optional) - Any comments you want to include about the distribution. +* `custom_error_response` (Optional) - One or more [custom error response](#custom_error_response) elements (multiples allowed). +* `default_cache_behavior` (Required) - The [default cache behavior](#default_cache_behavior) for this distribution (maximum one). +* `default_root_object` (Optional) - The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL. +* `enabled` (Required) - Whether the distribution is enabled to accept end user requests for content. +* `logging_config` (Optional) - The [logging configuration](#logging_config) that controls how logs are written to your distribution (maximum one). +* `origin` (Required) - One or more [origins](#origin) for this distribution (multiples allowed). +* `price_class` (Optional) - The price class for this distribution. +* `restrictions` (Required) - The [restriction configuration](#restrictions) for this distribution (maximum one). +* `viewer_certificate` (Required) - The [SSL configuration](#viewer_certificate) for this distribution (maximum one). +* `web_acl_id` (Optional) - If you're using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. +* `retain_on_delete` (Optional) - Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. Default: `false`. + +#### `cache_behavior` Arguments + +* `allowed_methods` (Required) - Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. +* `cached_methods` (Required) - Controls whether CloudFront caches the response to requests using the specified HTTP methods. +* `compress` (Optional) - Whether you want CloudFront to automatically compress content for web requests that include `Accept-Encoding: gzip` in the request header (default: `false`). +* `default_ttl` (Required) - The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an `Cache-Control max-age` or `Expires` header. +* `forwarded_values` (Required) - The [forwarded values configuration](#forwarded_values) that specifies how CloudFront handles query strings, cookies and headers (maximum one). +* `max_ttl` (Required) - The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of `Cache-Control max-age`, `Cache-Control s-maxage`, and `Expires` headers. +* `min_ttl` (Required) - The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. +* `path_pattern` (Required) - The pattern (for example, `images/*.jpg)` that specifies which requests you want this cache behavior to apply to. +* `smooth_streaming` (Optional) - Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. +* `target_origin_id` (Required) - The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior. +* `trusted_signers` (Optional) - The AWS accounts, if any, that you want to allow to create signed URLs for private content. +* `viewer_protocol_policy` (Required) - Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of `allow-all`, `https-only`, or `redirect-to-https`. + +##### `forwarded_values` Arguments + +* `cookies` (Optional) - The [forwarded values cookies](#cookies) that specifies how CloudFront handles cookies (maximum one). +* `headers` (Optional) - Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify `*` to include all headers. +* `query_string` (Required) - Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior. + +##### `cookies` Arguments + +* `forward` (Required) - Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify `all`, `none` or `whitelist`. +* `whitelisted_names` (Optional) - If you have specified `whitelist` to `forward`, the whitelisted cookies that you want CloudFront to forward to your origin. + +#### `custom_error_response` Arguments + +* `error_caching_min_ttl` (Optional) - The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. +* `error_code` (Required) - The 4xx or 5xx HTTP status code that you want to customize. +* `response_code` (Optional) - The HTTP status code that you want CloudFront to return with the custom error page to the viewer. +* `response_page_path` (Optional) - The path of the custom error page (for example, `/custom_404.html`). + +#### `default_cache_behavior` Arguments + +The arguments for `default_cache_behavior` are the same as for +[`cache_behavior`](#cache_behavior), except for the `path_pattern` argument is +not required. + +#### `logging_config` Arguments + +* `bucket` (Required) - The Amazon S3 bucket to store the access logs in, for example, `myawslogbucket.s3.amazonaws.com`. +* `include_cookies` (Optional) - Specifies whether you want CloudFront to include cookies in access logs (default: `false`). +* `prefix` (Optional) - An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, `myprefix/`. + +#### `origin` Arguments + +* `custom_origin_config` - The [CloudFront custom origin](#custom_origin_config) configuration information. If an S3 origin is required, use `s3_origin_config` instead. +* `domain_name` (Required) - The DNS domain name of either the S3 bucket, or web site of your custom origin. +* `custom_header` (Optional) - One or more sub-resources with `name` and `value` parameters that specify header data that will be sent to the origin (multiples allowed). +* `origin_id` (Required) - A unique identifier for the origin. +* `origin_path` (Optional) - An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. +* `s3_origin_config` - The [CloudFront S3 origin](#s3_origin_config) configuration information. If a custom origin is required, use `s3_origin_config` instead. + +##### `custom_origin_config` Arguments + +* `http_port` (Required) - The HTTP port the custom origin listens on. +* `https_port` (Required) - The HTTPS port the custom origin listens on. +* `origin_protocol_policy` (Required) - The origin protocol policy to apply to your origin. One of `http-only`, `https-only`, or `match-viewer`. +* `origin_ssl_protocols` (Required) - The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of `SSLv3`, `TLSv1`, `TLSv1.1`, and `TLSv1.2`. + +##### `s3_origin_config` Arguments + +* `origin_access_identity` (Optional) - The [CloudFront origin access identity][5] to associate with the origin. + +#### `restrictions` Arguments + +The `restrictions` sub-resource takes another single sub-resource named +`geo_restriction` (see the example for usage). + +The arguments of `geo_restriction` are: + +* `locations` (Optional) - The [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (`whitelist`) or not distribute your content (`blacklist`). +* `restriction_type` (Required) - The method that you want to use to restrict distribution of your content by country: `none`, `whitelist`, or `blacklist`. + +#### `viewer_certificate` Arguments + +* `acm_certificate_arn` - The ARN of the [AWS Certificate Manager][6] certificate that you wish to use with this distribution. Specify this, `cloudfront_default_certificate`, or `iam_certificate_id`. +* `cloudfront_default_certificate` - `true` if you want viewers to use HTTPS to request your objects and you're using the CloudFront domain name for your distribution. Specify this, `acm_certificate_arn`, or `iam_certificate_id`. +* `iam_certificate_id` - The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, `acm_certificate_arn`, or `cloudfront_default_certificate`. +* `minimum_protocol_version` - The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of `SSLv3` or `TLSv1`. Default: `SSLv3`. **NOTE**: If you are using a custom certificate (specified with `acm_certificate_arn` or `iam_certificate_id`), and have specified `sni-only` in `ssl_support_method`, `TLSv1` must be specified. +* `ssl_support_method`: Specifies how you want CloudFront to serve HTTPS requests. One of `vip` or `sni-only`. Required if you specify `acm_certificate_arn` or `iam_certificate_id`. **NOTE:** `vip` causes CloudFront to use a dedicated IP address and may incur extra charges. + +## Attribute Reference + +The following attributes are exported: + +* `id` - The identifier for the distribution. For example: `EDFDVBD632BHDS5`. +* `caller_reference` - Internal value used by CloudFront to allow future updates to the distribution configuration. +* `status` - The current status of the distribution. `Deployed` if the distribution's information is fully propagated throughout the Amazon CloudFront system. +* `active_trusted_signers` - The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs. +* `domain_name` - The domain name corresponding to the distribution. For example: `d604721fxaaqy9.cloudfront.net`. +* `last_modified_time` - The date and time the distribution was last modified. +* `in_progress_validation_batches` - The number of invalidation batches currently in progress. +* `etag` - The current version of the distribution's information. For example: `E2QWRUHAPOMQZL`. + + +[1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html +[2]: http://docs.aws.amazon.com/AmazonCloudFront/latest/APIReference/CreateDistribution.html +[3]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html +[4]: http://www.iso.org/iso/country_codes/iso_3166_code_lists/country_names_and_code_elements.htm +[5]: /docs/providers/aws/r/cloudfront_origin_access_identity.html +[6]: https://aws.amazon.com/certificate-manager/ diff --git a/website/source/docs/providers/aws/r/cloudfront_origin_access_identity.html.markdown b/website/source/docs/providers/aws/r/cloudfront_origin_access_identity.html.markdown new file mode 100644 index 000000000000..0587aa533245 --- /dev/null +++ b/website/source/docs/providers/aws/r/cloudfront_origin_access_identity.html.markdown @@ -0,0 +1,58 @@ +--- +layout: "aws" +page_title: "AWS: cloudfront_origin_access_identity" +sidebar_current: "docs-aws-resource-cloudfront-origin-access-identity" +description: |- + Provides a CloudFront origin access identity. +--- + +# aws\_cloudfront\_origin\_access\_identity + +Creates an Amazon CloudFront origin access identity. + +For information about CloudFront distributions, see the +[Amazon CloudFront Developer Guide][1]. For more information on generating +origin access identities, see +[Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content][2]. + +## Example Usage + +The following example below creates a CloudFront origin access identity. + +``` +resource "aws_cloudfront_origin_access_identity" "origin_access_identity" { + comment = "Some comment" +} +``` + +## Argument Reference + +* `comment` (Optional) - An optional comment for the origin access identity. + +## Attribute Reference + +The following attributes are exported: + +* `id` - The identifier for the distribution. For example: `EDFDVBD632BHDS5`. +* `caller_reference` - Internal value used by CloudFront to allow future updates to the origin access identity. +* `cloudfront_access_identity_path` - A shortcut to the full path for the origin access identity to use in CloudFront, see below. +* `etag` - The current version of the origin access identity's information. For example: E2QWRUHAPOMQZL. +* `s3_canonical_user_id` - The Amazon S3 canonical user ID for the origin access identity, which you use when giving the origin access identity read permission to an object in Amazon S3. + +## Using With CloudFront + +Normally, when referencing an origin access identity in CloudFront, you need to +prefix the ID with the `origin-access-identity/cloudfront/` special path. +The `cloudfront_access_identity_path` allows this to be circumvented. +The below snippet demonstrates use with the `s3_origin_config` structure for the +[`aws_cloudfront_web_distribution`][3] resource: + +``` +s3_origin_config { + origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}" +} +``` + +[1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html +[2]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html +[3]: /docs/providers/aws/r/cloudfront_distribution.html diff --git a/website/source/docs/providers/aws/r/cloudfront_web_distribution.html.markdown b/website/source/docs/providers/aws/r/cloudfront_web_distribution.html.markdown deleted file mode 100644 index 84a0c1b48ece..000000000000 --- a/website/source/docs/providers/aws/r/cloudfront_web_distribution.html.markdown +++ /dev/null @@ -1,64 +0,0 @@ ---- -layout: "aws" -page_title: "AWS: cloudfront_web_distribution" -sidebar_current: "docs-aws-resource-cloudfront-web-distribution" -description: |- - Provides a CloudFront web distribution resource. ---- - -# cloudfront\_web\_distribution - -Provides a CloudFront distribution resource. Distributions takes approximately -15 minutes to deploy. - -## Example Usage - -``` -resource "aws_cloudfront_web_distribution" "static" { - origin_domain_name = "bucket.s3.amazonaws.com" -} -``` - -## Argument Reference - -The following arguments are supported: - -* `origin_domain_name` - (Required) The Amazon S3 bucket or web server from which you want CloudFront to fetch your web content. -* `origin_http_port` - (Optional) Default: `80`. -* `origin_https_port` - (Optional) Default: `443`. -* `origin_protocol_policy` - (Optional) Default: `"http-only"`. -* `origin_path` - (Optional) Request the content from a directory in your Amazon S3 bucket or your custom origin. -* `enabled` - (Optional) Default: `true`. -* `comment` - (Optional) -* `price_class` - (Optional) Default: `"PriceClass_All"`. -* `default_root_object` - (Optional) -* `status` - (Optional) -* `viewer_protocol_policy` - (Optional) Default: `"allow-all"`. -* `forward_cookie` - (Optional) Include all user cookies in the request URLs that it forwards to your origin. Default: `"none"`. -* `whitelisted_cookies` - (Optional) -* `forward_query_string` - (Optional) Include query strings in the request URLs that it forwards to your origin. Default: `false`. -* `minimum_ttl` - (Optional) The minimum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether an updated version is available. Default: `0`. -* `maximum_ttl` - (Optional) Default: `31536000`. -* `default_ttl` - (Optional) Default: `86400`. -* `smooth_streaming` - (Optional) -* `allowed_methods` - (Optional) -* `cached_methods` - (Optional) -* `forwarded_headers` - (Optional) -* `logging_enabled` - (Optional) Log all viewer requests for files in your distribution. Default: `false`. -* `logging_include_cookies` - (Optional) Include cookies in access logs. Default: `false`. -* `logging_prefix` - (Optional) Prefix for the names of log files. -* `logging_bucket` - (Optional) Destination bucket in the format of `bucketname.s3.amazonaws.com`. -* `minimum_ssl` - (Optional) -* `certificate_id` - (Optional) -* `ssl_support_method` - (Optional) -* `aliases` - (Optional) A list alternate domain names(CNAMES). -* `geo_restriction_type` - (Optional) Type of restriction. Default `"none"`. -* `geo_restrictions` - (Optional) A list of two-letter country codes. - -## Attributes Reference - -The following attributes are exported: - -* `id` - The unique identifier of the distribution. -* `domain_name` - Unique domain of the resource. -* `zone_id` - The canonical hosted zone ID of CloudFront(to be used in a Route 53 Alias record) diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb index 05345e66f247..aac78dcdc3ce 100644 --- a/website/source/layouts/aws.erb +++ b/website/source/layouts/aws.erb @@ -55,8 +55,11 @@ > CloudFront Resources