provider/aws: Fixed the SNS password-protected HTTPS endpoints autoconfirm

[Ninir]

Hi everyone,

Just suggesting a fix for the SNS autoconfirm for HTTPs endpoints having a Basic authentication.
The suggested change makes the user-defined endpoint obfuscating the password.

Related issue:

• Terraform does not handle SNS subscription for HTTPS w/ Basic Authentication #11108

[radeksimko]

Thanks for raising this PR @Ninir

I think you uncovered a few more issues which we'll need to address, namely

1. If we can't find the subscription we don't error out -> we should.
2. Even when we manage to find the right subscription via ARN I think we'll have another issue with spurious diff because Read() will be setting endpoint to "obfuscated" version of the URL which won't match with the config/state. I think this is a candidate for DiffSuppressFunc. I don't have a valid URL on hand to test and verify this, but I'm fairly confident it's a problem.

For the detection/parsing I think we should use net/url instead of regular expressions. It should provide much cleaner API to work with. The url.Userinfo is immutable, but I think it should be easy to reconstruct it with obfuscated password, modify the url.URL and turn it back into string for comparison purposes.

It would be awesome if we had acceptance tests for a confirming http(s) endpoint - I'll see if I can put something together with API Gateway & Lambda.

Feel free to ask if there's anything unclear in the meantime.

[Ninir]

Hi @radeksimko

This was probably my very first contribution... a lot to improve :)

Will work on this... thanks for your inputs :) 👍

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.