From f6d49240973359d0c0eb9e54bbc7e7ef5914c6e5 Mon Sep 17 00:00:00 2001 From: Zuhaib Siddique Date: Fri, 3 Jan 2020 18:03:38 -0800 Subject: [PATCH 01/14] Add client_ip_preservation_enabled to global accelerator --- aws/resource_aws_globalaccelerator_endpoint_group.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/aws/resource_aws_globalaccelerator_endpoint_group.go b/aws/resource_aws_globalaccelerator_endpoint_group.go index 8fc270ccdbe7..3de37ee4c455 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group.go @@ -87,6 +87,10 @@ func resourceAwsGlobalAcceleratorEndpointGroup() *schema.Resource { Type: schema.TypeInt, Optional: true, }, + "client_ip_preservation_enabled": { + Type: schema.TypeBool, + Optional: true, + }, }, }, }, @@ -213,6 +217,7 @@ func resourceAwsGlobalAcceleratorEndpointGroupExpandEndpointConfigurations(confi m.EndpointId = aws.String(configuration["endpoint_id"].(string)) m.Weight = aws.Int64(int64(configuration["weight"].(int))) + m.ClientIPPreservationEnabled = aws.Bool(configuration["client_ip_preservation_enabled"].(bool)) out[i] = &m } @@ -229,6 +234,7 @@ func resourceAwsGlobalAcceleratorEndpointGroupFlattenEndpointDescriptions(config m["endpoint_id"] = aws.StringValue(configuration.EndpointId) m["weight"] = aws.Int64Value(configuration.Weight) + m["client_ip_preservation_enabled"] = aws.BoolValue(configuration.ClientIPPreservationEnabled) out[i] = m } From cc0ddf9b2c417c8dd39c2e21fc858a735a5fa4c4 Mon Sep 17 00:00:00 2001 From: Zuhaib Siddique Date: Fri, 3 Jan 2020 18:39:16 -0800 Subject: [PATCH 02/14] commit test --- ...s_globalaccelerator_endpoint_group_test.go | 168 ++++++++++++++++++ 1 file changed, 168 insertions(+) diff --git a/aws/resource_aws_globalaccelerator_endpoint_group_test.go b/aws/resource_aws_globalaccelerator_endpoint_group_test.go index c1f966306f4e..aab9a3c6509b 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group_test.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group_test.go @@ -2,6 +2,7 @@ package aws import ( "fmt" + "regexp" "testing" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" @@ -40,6 +41,39 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_basic(t *testing.T) { }) } +func TestAccAwsGlobalAcceleratorEndpointGroup_alb_clientip(t *testing.T) { + resourceName := "aws_globalaccelerator_endpoint_group.example" + rInt := acctest.RandInt() + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccGlobalAcceleratorEndpointGroup_alb_clientip(rInt), + Check: resource.ComposeTestCheckFunc( + testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), + resource.TestCheckResourceAttr(resourceName, "health_check_path", "/"), + resource.TestCheckResourceAttr(resourceName, "health_check_port", "80"), + resource.TestCheckResourceAttr(resourceName, "health_check_protocol", "HTTP"), + resource.TestCheckResourceAttr(resourceName, "threshold_count", "3"), + resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "100"), + resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), + testAccCheckGlobalAcceleratorEndpointGroupConfig(resourceName, "client_ip_preservation_enabled", + "false"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func TestAccAwsGlobalAcceleratorEndpointGroup_update(t *testing.T) { resourceName := "aws_globalaccelerator_endpoint_group.example" rInt := acctest.RandInt() @@ -161,6 +195,112 @@ resource "aws_globalaccelerator_endpoint_group" "example" { `, rInt) } +func testAccGlobalAcceleratorEndpointGroup_alb_clientip(rInt int) string { + return fmt.Sprintf(` +resource "aws_lb" "lb_test" { + name = "%d" + internal = false + security_groups = ["${aws_security_group.alb_test.id}"] + subnets = ["${aws_subnet.alb_test.*.id[0]}", "${aws_subnet.alb_test.*.id[1]}"] + + idle_timeout = 30 + enable_deletion_protection = false + + tags = { + Name = "TestAccAWSALB_basic" + } +} + +variable "subnets" { + default = ["10.0.1.0/24", "10.0.2.0/24"] + type = "list" +} + +data "aws_availability_zones" "available" {} + +resource "aws_vpc" "alb_test" { + cidr_block = "10.0.0.0/16" + + tags = { + Name = "terraform-testacc-lb-basic" + } +} + +resource "aws_subnet" "alb_test" { + count = 2 + vpc_id = "${aws_vpc.alb_test.id}" + cidr_block = "${element(var.subnets, count.index)}" + map_public_ip_on_launch = true + availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}" + + tags = { + Name = "tf-acc-lb-basic" + } +} + +resource "aws_security_group" "alb_test" { + name = "allow_all_alb_test" + description = "Used for ALB Testing" + vpc_id = "${aws_vpc.alb_test.id}" + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "TestAccAWSALB_basic" + } +} + +resource "aws_internet_gateway" "example" { + vpc_id = "${aws_vpc.alb_test.id}" +} + +resource "aws_globalaccelerator_accelerator" "example" { + name = "tf-%d" + ip_address_type = "IPV4" + enabled = false +} + +resource "aws_globalaccelerator_listener" "example" { + accelerator_arn = "${aws_globalaccelerator_accelerator.example.id}" + protocol = "TCP" + + port_range { + from_port = 80 + to_port = 80 + } +} + +resource "aws_globalaccelerator_endpoint_group" "example" { + listener_arn = "${aws_globalaccelerator_listener.example.id}" + + endpoint_configuration { + endpoint_id = "${aws_lb.lb_test.id}" + weight = 20 + client_ip_preservation_enabled = false + } + + health_check_interval_seconds = 30 + health_check_path = "/" + health_check_port = 80 + health_check_protocol = "HTTP" + threshold_count = 3 + traffic_dial_percentage = 100 +} +`, rInt, rInt) +} + func testAccGlobalAcceleratorEndpointGroup_update(rInt int) string { return fmt.Sprintf(` resource "aws_globalaccelerator_accelerator" "example" { @@ -201,3 +341,31 @@ resource "aws_globalaccelerator_endpoint_group" "example" { } `, rInt) } + +func testAccCheckGlobalAcceleratorEndpointGroupConfig(n, k, v string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + r := fmt.Sprintf(`endpoint_configuration.\d+.%s`, k) + reg, err := regexp.Compile(r) + if err != nil { + return fmt.Errorf("Regular Express not correct err: %+v", err) + } + for configKey, configValue := range rs.Primary.Attributes { + if reg.MatchString(configKey) { + if configValue == v { + return nil + } else { + return fmt.Errorf("endpoint_configuration key: %s value does not match. Expected: %s,"+ + " Got: %s", configKey, v, configValue) + } + } + } + + // Failed to find value + return fmt.Errorf("endpoint_configuration is missing key: %s", k) + } +} From 07e66b9f7d997476769afe6c882fe88168789ecd Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 21 Jul 2020 14:37:24 -0400 Subject: [PATCH 03/14] r/aws_globalaccelerator_endpoint_group: Use 'tfawsresource.TestCheckTypeSetElemNestedAttrs'. --- ...s_globalaccelerator_endpoint_group_test.go | 114 ++++++++---------- 1 file changed, 48 insertions(+), 66 deletions(-) diff --git a/aws/resource_aws_globalaccelerator_endpoint_group_test.go b/aws/resource_aws_globalaccelerator_endpoint_group_test.go index aab9a3c6509b..5fa372831a16 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group_test.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group_test.go @@ -2,12 +2,12 @@ package aws import ( "fmt" - "regexp" "testing" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + "github.com/terraform-providers/terraform-provider-aws/aws/internal/tfawsresource" ) func TestAccAwsGlobalAcceleratorEndpointGroup_basic(t *testing.T) { @@ -42,8 +42,8 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_basic(t *testing.T) { } func TestAccAwsGlobalAcceleratorEndpointGroup_alb_clientip(t *testing.T) { - resourceName := "aws_globalaccelerator_endpoint_group.example" - rInt := acctest.RandInt() + resourceName := "aws_globalaccelerator_endpoint_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -51,7 +51,7 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_alb_clientip(t *testing.T) { CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, Steps: []resource.TestStep{ { - Config: testAccGlobalAcceleratorEndpointGroup_alb_clientip(rInt), + Config: testAccGlobalAcceleratorEndpointGroup_alb_clientip(rName), Check: resource.ComposeTestCheckFunc( testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), @@ -61,8 +61,9 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_alb_clientip(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "threshold_count", "3"), resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "100"), resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), - testAccCheckGlobalAcceleratorEndpointGroupConfig(resourceName, "client_ip_preservation_enabled", - "false"), + tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "endpoint_configuration.*", map[string]string{ + "client_ip_preservation_enabled": "true", + }), ), }, { @@ -195,19 +196,19 @@ resource "aws_globalaccelerator_endpoint_group" "example" { `, rInt) } -func testAccGlobalAcceleratorEndpointGroup_alb_clientip(rInt int) string { +func testAccGlobalAcceleratorEndpointGroup_alb_clientip(rName string) string { return fmt.Sprintf(` -resource "aws_lb" "lb_test" { - name = "%d" +resource "aws_lb" "test" { + name = %[1]q internal = false - security_groups = ["${aws_security_group.alb_test.id}"] - subnets = ["${aws_subnet.alb_test.*.id[0]}", "${aws_subnet.alb_test.*.id[1]}"] + security_groups = ["${aws_security_group.test.id}"] + subnets = ["${aws_subnet.test.*.id[0]}", "${aws_subnet.test.*.id[1]}"] idle_timeout = 30 enable_deletion_protection = false tags = { - Name = "TestAccAWSALB_basic" + Name = %[1]q } } @@ -216,32 +217,37 @@ variable "subnets" { type = "list" } -data "aws_availability_zones" "available" {} +data "aws_availability_zones" "available" { + state = "available" + + filter { + name = "opt-in-status" + values = ["opt-in-not-required"] + } +} -resource "aws_vpc" "alb_test" { +resource "aws_vpc" "test" { cidr_block = "10.0.0.0/16" tags = { - Name = "terraform-testacc-lb-basic" + Name = %[1]q } } -resource "aws_subnet" "alb_test" { - count = 2 - vpc_id = "${aws_vpc.alb_test.id}" - cidr_block = "${element(var.subnets, count.index)}" - map_public_ip_on_launch = true - availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}" +resource "aws_subnet" "test" { + count = 2 + vpc_id = "${aws_vpc.test.id}" + cidr_block = "${element(var.subnets, count.index)}" + availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}" tags = { - Name = "tf-acc-lb-basic" + Name = %[1]q } } -resource "aws_security_group" "alb_test" { - name = "allow_all_alb_test" - description = "Used for ALB Testing" - vpc_id = "${aws_vpc.alb_test.id}" +resource "aws_security_group" "test" { + name = %[1]q + vpc_id = "${aws_vpc.test.id}" ingress { from_port = 0 @@ -258,22 +264,26 @@ resource "aws_security_group" "alb_test" { } tags = { - Name = "TestAccAWSALB_basic" + Name = %[1]q } } -resource "aws_internet_gateway" "example" { - vpc_id = "${aws_vpc.alb_test.id}" +resource "aws_internet_gateway" "test" { + vpc_id = "${aws_vpc.test.id}" + + tags = { + Name = %[1]q + } } -resource "aws_globalaccelerator_accelerator" "example" { - name = "tf-%d" +resource "aws_globalaccelerator_accelerator" "test" { + name = %[1]q ip_address_type = "IPV4" enabled = false } -resource "aws_globalaccelerator_listener" "example" { - accelerator_arn = "${aws_globalaccelerator_accelerator.example.id}" +resource "aws_globalaccelerator_listener" "test" { + accelerator_arn = "${aws_globalaccelerator_accelerator.test.id}" protocol = "TCP" port_range { @@ -282,13 +292,13 @@ resource "aws_globalaccelerator_listener" "example" { } } -resource "aws_globalaccelerator_endpoint_group" "example" { - listener_arn = "${aws_globalaccelerator_listener.example.id}" +resource "aws_globalaccelerator_endpoint_group" "test" { + listener_arn = "${aws_globalaccelerator_listener.test.id}" endpoint_configuration { - endpoint_id = "${aws_lb.lb_test.id}" + endpoint_id = "${aws_lb.test.id}" weight = 20 - client_ip_preservation_enabled = false + client_ip_preservation_enabled = true } health_check_interval_seconds = 30 @@ -298,7 +308,7 @@ resource "aws_globalaccelerator_endpoint_group" "example" { threshold_count = 3 traffic_dial_percentage = 100 } -`, rInt, rInt) +`, rName) } func testAccGlobalAcceleratorEndpointGroup_update(rInt int) string { @@ -341,31 +351,3 @@ resource "aws_globalaccelerator_endpoint_group" "example" { } `, rInt) } - -func testAccCheckGlobalAcceleratorEndpointGroupConfig(n, k, v string) resource.TestCheckFunc { - return func(s *terraform.State) error { - rs, ok := s.RootModule().Resources[n] - if !ok { - return fmt.Errorf("Not found: %s", n) - } - - r := fmt.Sprintf(`endpoint_configuration.\d+.%s`, k) - reg, err := regexp.Compile(r) - if err != nil { - return fmt.Errorf("Regular Express not correct err: %+v", err) - } - for configKey, configValue := range rs.Primary.Attributes { - if reg.MatchString(configKey) { - if configValue == v { - return nil - } else { - return fmt.Errorf("endpoint_configuration key: %s value does not match. Expected: %s,"+ - " Got: %s", configKey, v, configValue) - } - } - } - - // Failed to find value - return fmt.Errorf("endpoint_configuration is missing key: %s", k) - } -} From fc7431d7eb30fe140a292db5b81fe0973b7db452 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 21 Jul 2020 14:38:07 -0400 Subject: [PATCH 04/14] r/aws_globalaccelerator_endpoint: Increase deployment wait time (#14161). --- aws/resource_aws_globalaccelerator_accelerator.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/resource_aws_globalaccelerator_accelerator.go b/aws/resource_aws_globalaccelerator_accelerator.go index 482f8b352be7..cde58e2dc996 100644 --- a/aws/resource_aws_globalaccelerator_accelerator.go +++ b/aws/resource_aws_globalaccelerator_accelerator.go @@ -312,7 +312,7 @@ func resourceAwsGlobalAcceleratorAcceleratorWaitForDeployedState(conn *globalacc Pending: []string{globalaccelerator.AcceleratorStatusInProgress}, Target: []string{globalaccelerator.AcceleratorStatusDeployed}, Refresh: resourceAwsGlobalAcceleratorAcceleratorStateRefreshFunc(conn, acceleratorArn), - Timeout: 5 * time.Minute, + Timeout: 10 * time.Minute, } log.Printf("[DEBUG] Waiting for Global Accelerator accelerator (%s) availability", acceleratorArn) From eb188b0d9bd4c0509759754629d74356d5942dfa Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 3 Aug 2020 16:35:39 -0400 Subject: [PATCH 05/14] r/aws_globalaccelerator_endpoint_group: Make 'client_ip_preservation_enabled' computed. --- ...ce_aws_globalaccelerator_endpoint_group.go | 1 + ...s_globalaccelerator_endpoint_group_test.go | 65 +++++++++++-------- 2 files changed, 38 insertions(+), 28 deletions(-) diff --git a/aws/resource_aws_globalaccelerator_endpoint_group.go b/aws/resource_aws_globalaccelerator_endpoint_group.go index 3de37ee4c455..fb74d604a21d 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group.go @@ -90,6 +90,7 @@ func resourceAwsGlobalAcceleratorEndpointGroup() *schema.Resource { "client_ip_preservation_enabled": { Type: schema.TypeBool, Optional: true, + Computed: true, }, }, }, diff --git a/aws/resource_aws_globalaccelerator_endpoint_group_test.go b/aws/resource_aws_globalaccelerator_endpoint_group_test.go index 5fa372831a16..7942e097c1d7 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group_test.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group_test.go @@ -41,7 +41,7 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_basic(t *testing.T) { }) } -func TestAccAwsGlobalAcceleratorEndpointGroup_alb_clientip(t *testing.T) { +func TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP(t *testing.T) { resourceName := "aws_globalaccelerator_endpoint_group.test" rName := acctest.RandomWithPrefix("tf-acc-test") @@ -51,7 +51,7 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_alb_clientip(t *testing.T) { CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, Steps: []resource.TestStep{ { - Config: testAccGlobalAcceleratorEndpointGroup_alb_clientip(rName), + Config: testAccGlobalAcceleratorEndpointGroupConfigALBClientIP(rName, true), Check: resource.ComposeTestCheckFunc( testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), @@ -63,6 +63,7 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_alb_clientip(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "endpoint_configuration.*", map[string]string{ "client_ip_preservation_enabled": "true", + "weight": "20", }), ), }, @@ -71,6 +72,23 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_alb_clientip(t *testing.T) { ImportState: true, ImportStateVerify: true, }, + { + Config: testAccGlobalAcceleratorEndpointGroupConfigALBClientIP(rName, false), + Check: resource.ComposeTestCheckFunc( + testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), + resource.TestCheckResourceAttr(resourceName, "health_check_path", "/"), + resource.TestCheckResourceAttr(resourceName, "health_check_port", "80"), + resource.TestCheckResourceAttr(resourceName, "health_check_protocol", "HTTP"), + resource.TestCheckResourceAttr(resourceName, "threshold_count", "3"), + resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "100"), + resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), + tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "endpoint_configuration.*", map[string]string{ + "client_ip_preservation_enabled": "false", + "weight": "20", + }), + ), + }, }, }) } @@ -196,13 +214,13 @@ resource "aws_globalaccelerator_endpoint_group" "example" { `, rInt) } -func testAccGlobalAcceleratorEndpointGroup_alb_clientip(rName string) string { - return fmt.Sprintf(` +func testAccGlobalAcceleratorEndpointGroupConfigALBClientIP(rName string, clientIP bool) string { + return composeConfig(testAccAvailableAZsNoOptInDefaultExcludeConfig(), fmt.Sprintf(` resource "aws_lb" "test" { name = %[1]q internal = false - security_groups = ["${aws_security_group.test.id}"] - subnets = ["${aws_subnet.test.*.id[0]}", "${aws_subnet.test.*.id[1]}"] + security_groups = [aws_security_group.test.id] + subnets = [aws_subnet.test.*.id[0], aws_subnet.test.*.id[1]] idle_timeout = 30 enable_deletion_protection = false @@ -214,16 +232,7 @@ resource "aws_lb" "test" { variable "subnets" { default = ["10.0.1.0/24", "10.0.2.0/24"] - type = "list" -} - -data "aws_availability_zones" "available" { - state = "available" - - filter { - name = "opt-in-status" - values = ["opt-in-not-required"] - } + type = list } resource "aws_vpc" "test" { @@ -235,10 +244,10 @@ resource "aws_vpc" "test" { } resource "aws_subnet" "test" { - count = 2 - vpc_id = "${aws_vpc.test.id}" - cidr_block = "${element(var.subnets, count.index)}" - availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}" + count = length(var.subnets) + vpc_id = aws_vpc.test.id + cidr_block = element(var.subnets, count.index) + availability_zone = element(data.aws_availability_zones.available.names, count.index) tags = { Name = %[1]q @@ -247,7 +256,7 @@ resource "aws_subnet" "test" { resource "aws_security_group" "test" { name = %[1]q - vpc_id = "${aws_vpc.test.id}" + vpc_id = aws_vpc.test.id ingress { from_port = 0 @@ -269,7 +278,7 @@ resource "aws_security_group" "test" { } resource "aws_internet_gateway" "test" { - vpc_id = "${aws_vpc.test.id}" + vpc_id = aws_vpc.test.id tags = { Name = %[1]q @@ -283,7 +292,7 @@ resource "aws_globalaccelerator_accelerator" "test" { } resource "aws_globalaccelerator_listener" "test" { - accelerator_arn = "${aws_globalaccelerator_accelerator.test.id}" + accelerator_arn = aws_globalaccelerator_accelerator.test.id protocol = "TCP" port_range { @@ -293,12 +302,12 @@ resource "aws_globalaccelerator_listener" "test" { } resource "aws_globalaccelerator_endpoint_group" "test" { - listener_arn = "${aws_globalaccelerator_listener.test.id}" + listener_arn = aws_globalaccelerator_listener.test.id endpoint_configuration { - endpoint_id = "${aws_lb.test.id}" - weight = 20 - client_ip_preservation_enabled = true + endpoint_id = aws_lb.test.id + weight = 20 + client_ip_preservation_enabled = %[2]t } health_check_interval_seconds = 30 @@ -308,7 +317,7 @@ resource "aws_globalaccelerator_endpoint_group" "test" { threshold_count = 3 traffic_dial_percentage = 100 } -`, rName) +`, rName, clientIP)) } func testAccGlobalAcceleratorEndpointGroup_update(rInt int) string { From 9a1f13a59c14a00c7676c52bed822393abab3fee Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Wed, 5 Aug 2020 17:31:51 -0400 Subject: [PATCH 06/14] r/aws_globalaccelerator_endpoint_group: Delete security group created by Global Accelerator service in acceptance tests. Acceptance test output: $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP -timeout 120m === RUN TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP === PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP === CONT TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP --- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP (650.27s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 650.320s --- ...s_globalaccelerator_endpoint_group_test.go | 72 ++++++++++++++++--- 1 file changed, 63 insertions(+), 9 deletions(-) diff --git a/aws/resource_aws_globalaccelerator_endpoint_group_test.go b/aws/resource_aws_globalaccelerator_endpoint_group_test.go index 7942e097c1d7..3524e426dddd 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group_test.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group_test.go @@ -4,6 +4,8 @@ import ( "fmt" "testing" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ec2" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" @@ -42,7 +44,9 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_basic(t *testing.T) { } func TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP(t *testing.T) { + var vpc ec2.Vpc resourceName := "aws_globalaccelerator_endpoint_group.test" + vpcResourceName := "aws_vpc.test" rName := acctest.RandomWithPrefix("tf-acc-test") resource.ParallelTest(t, resource.TestCase{ @@ -89,6 +93,13 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP(t *testing.T) { }), ), }, + { + Config: testAccGlobalAcceleratorEndpointGroupConfigBaseVpc(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckVpcExists(vpcResourceName, &vpc), + testAccCheckGlobalAcceleratorEndpointGroupDeleteGlobalAcceleratorSecurityGroup(&vpc), + ), + }, }, }) } @@ -173,6 +184,42 @@ func testAccCheckGlobalAcceleratorEndpointGroupDestroy(s *terraform.State) error return nil } +// testAccCheckGlobalAcceleratorEndpointGroupDeleteGlobalAcceleratorSecurityGroup deletes the security group +// placed into the VPC when Global Accelerator client IP address preservation is enabled. +func testAccCheckGlobalAcceleratorEndpointGroupDeleteGlobalAcceleratorSecurityGroup(vpc *ec2.Vpc) resource.TestCheckFunc { + return func(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).ec2conn + + input := &ec2.DescribeSecurityGroupsInput{ + Filters: buildEC2AttributeFilterList( + map[string]string{ + "group-name": "GlobalAccelerator", + "vpc-id": aws.StringValue(vpc.VpcId), + }, + ), + } + + output, err := conn.DescribeSecurityGroups(input) + if err != nil { + return err + } + + if len(output.SecurityGroups) == 0 { + // Already gone. + return nil + } + + _, err = conn.DeleteSecurityGroup(&ec2.DeleteSecurityGroupInput{ + GroupId: output.SecurityGroups[0].GroupId, + }) + if err != nil { + return err + } + + return nil + } +} + func testAccGlobalAcceleratorEndpointGroup_basic(rInt int) string { return fmt.Sprintf(` resource "aws_globalaccelerator_accelerator" "example" { @@ -214,8 +261,23 @@ resource "aws_globalaccelerator_endpoint_group" "example" { `, rInt) } +func testAccGlobalAcceleratorEndpointGroupConfigBaseVpc(rName string) string { + return fmt.Sprintf(` +resource "aws_vpc" "test" { + cidr_block = "10.0.0.0/16" + + tags = { + Name = %[1]q + } +} +`, rName) +} + func testAccGlobalAcceleratorEndpointGroupConfigALBClientIP(rName string, clientIP bool) string { - return composeConfig(testAccAvailableAZsNoOptInDefaultExcludeConfig(), fmt.Sprintf(` + return composeConfig( + testAccAvailableAZsNoOptInDefaultExcludeConfig(), + testAccGlobalAcceleratorEndpointGroupConfigBaseVpc(rName), + fmt.Sprintf(` resource "aws_lb" "test" { name = %[1]q internal = false @@ -235,14 +297,6 @@ variable "subnets" { type = list } -resource "aws_vpc" "test" { - cidr_block = "10.0.0.0/16" - - tags = { - Name = %[1]q - } -} - resource "aws_subnet" "test" { count = length(var.subnets) vpc_id = aws_vpc.test.id From 02be4bc692c6526f44adb2ff569d800883ee0edc Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 6 Aug 2020 15:35:16 -0400 Subject: [PATCH 07/14] r/aws_globalaccelerator_endpoint_group: Document 'client_ip_preservation_enabled'. --- website/docs/r/globalaccelerator_endpoint_group.html.markdown | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/docs/r/globalaccelerator_endpoint_group.html.markdown b/website/docs/r/globalaccelerator_endpoint_group.html.markdown index 5b34143b13ee..7dc71c0f39dc 100644 --- a/website/docs/r/globalaccelerator_endpoint_group.html.markdown +++ b/website/docs/r/globalaccelerator_endpoint_group.html.markdown @@ -39,8 +39,10 @@ The following arguments are supported: **endpoint_configuration** supports the following attributes: +* `client_ip_preservation_enabled` - (Optional) Indicates whether client IP address preservation is enabled for an Application Load Balancer endpoint. See the [AWS documentation](https://docs.aws.amazon.com/global-accelerator/latest/dg/preserve-client-ip-address.html) for more details. +**Note:** when client IP address preservation is enabled, the Global Accelerator service creates a security group that is not deleted when the accelerator is deleted. * `endpoint_id` - (Optional) An ID for the endpoint. If the endpoint is a Network Load Balancer or Application Load Balancer, this is the Amazon Resource Name (ARN) of the resource. If the endpoint is an Elastic IP address, this is the Elastic IP address allocation ID. -* `weight` - (Optional) The weight associated with the endpoint. When you add weights to endpoints, you configure AWS Global Accelerator to route traffic based on proportions that you specify. +* `weight` - (Optional) The weight associated with the endpoint. When you add weights to endpoints, you configure AWS Global Accelerator to route traffic based on proportions that you specify. ## Attributes Reference From 9a444bed825c23ec8de236831c6dc24d4d78d75d Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 6 Aug 2020 16:33:04 -0400 Subject: [PATCH 08/14] r/aws_globalaccelerator_endpoint_group: Add 'TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint'. Acceptance test output: $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint -timeout 120m === RUN TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint === PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint === CONT TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint testing.go:684: Step 0 error: errors during apply: Error: Error creating Global Accelerator endpoint group: InvalidArgumentException: Client IP Preservation cannot be set to false for EC2 instances on /tmp/tf-test004466997/main.tf line 86: (source code not available) --- FAIL: TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint (133.29s) FAIL FAIL github.com/terraform-providers/terraform-provider-aws/aws 133.338s FAIL GNUmakefile:26: recipe for target 'testacc' failed make: *** [testacc] Error 1 --- ...s_globalaccelerator_endpoint_group_test.go | 117 +++++++++++++++++- 1 file changed, 111 insertions(+), 6 deletions(-) diff --git a/aws/resource_aws_globalaccelerator_endpoint_group_test.go b/aws/resource_aws_globalaccelerator_endpoint_group_test.go index 3524e426dddd..e6b026eb86d5 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group_test.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group_test.go @@ -43,7 +43,7 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_basic(t *testing.T) { }) } -func TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP(t *testing.T) { +func TestAccAwsGlobalAcceleratorEndpointGroup_ALBEndpoint_ClientIP(t *testing.T) { var vpc ec2.Vpc resourceName := "aws_globalaccelerator_endpoint_group.test" vpcResourceName := "aws_vpc.test" @@ -55,7 +55,7 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP(t *testing.T) { CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, Steps: []resource.TestStep{ { - Config: testAccGlobalAcceleratorEndpointGroupConfigALBClientIP(rName, true), + Config: testAccGlobalAcceleratorEndpointGroupConfigALBEndpointClientIP(rName, false), Check: resource.ComposeTestCheckFunc( testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), @@ -66,7 +66,7 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "100"), resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "endpoint_configuration.*", map[string]string{ - "client_ip_preservation_enabled": "true", + "client_ip_preservation_enabled": "false", "weight": "20", }), ), @@ -77,7 +77,7 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccGlobalAcceleratorEndpointGroupConfigALBClientIP(rName, false), + Config: testAccGlobalAcceleratorEndpointGroupConfigALBEndpointClientIP(rName, true), Check: resource.ComposeTestCheckFunc( testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), @@ -88,11 +88,55 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_ALB_ClientIP(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "100"), resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "endpoint_configuration.*", map[string]string{ - "client_ip_preservation_enabled": "false", + "client_ip_preservation_enabled": "true", + "weight": "20", + }), + ), + }, + { + Config: testAccGlobalAcceleratorEndpointGroupConfigBaseVpc(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckVpcExists(vpcResourceName, &vpc), + testAccCheckGlobalAcceleratorEndpointGroupDeleteGlobalAcceleratorSecurityGroup(&vpc), + ), + }, + }, + }) +} + +func TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint(t *testing.T) { + var vpc ec2.Vpc + resourceName := "aws_globalaccelerator_endpoint_group.test" + vpcResourceName := "aws_vpc.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccGlobalAcceleratorEndpointGroupConfigInstanceEndpoint(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), + resource.TestCheckResourceAttr(resourceName, "health_check_path", "/"), + resource.TestCheckResourceAttr(resourceName, "health_check_port", "80"), + resource.TestCheckResourceAttr(resourceName, "health_check_protocol", "HTTP"), + resource.TestCheckResourceAttr(resourceName, "threshold_count", "3"), + resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "100"), + resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), + tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "endpoint_configuration.*", map[string]string{ + "client_ip_preservation_enabled": "true", "weight": "20", }), ), }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, { Config: testAccGlobalAcceleratorEndpointGroupConfigBaseVpc(rName), Check: resource.ComposeTestCheckFunc( @@ -273,7 +317,7 @@ resource "aws_vpc" "test" { `, rName) } -func testAccGlobalAcceleratorEndpointGroupConfigALBClientIP(rName string, clientIP bool) string { +func testAccGlobalAcceleratorEndpointGroupConfigALBEndpointClientIP(rName string, clientIP bool) string { return composeConfig( testAccAvailableAZsNoOptInDefaultExcludeConfig(), testAccGlobalAcceleratorEndpointGroupConfigBaseVpc(rName), @@ -374,6 +418,67 @@ resource "aws_globalaccelerator_endpoint_group" "test" { `, rName, clientIP)) } +func testAccGlobalAcceleratorEndpointGroupConfigInstanceEndpoint(rName string) string { + return composeConfig( + testAccAvailableAZsNoOptInDefaultExcludeConfig(), + testAccAvailableEc2InstanceTypeForAvailabilityZone("data.aws_availability_zones.available.names[0]", "t3.micro", "t2.micro"), + testAccLatestAmazonLinuxHvmEbsAmiConfig(), + testAccGlobalAcceleratorEndpointGroupConfigBaseVpc(rName), + fmt.Sprintf(` +resource "aws_subnet" "test" { + vpc_id = aws_vpc.test.id + cidr_block = "10.0.1.0/24" + availability_zone = data.aws_availability_zones.available.names[0] + + tags = { + Name = %[1]q + } +} + +resource "aws_instance" "test" { + ami = data.aws_ami.amzn-ami-minimal-hvm-ebs.id + instance_type = data.aws_ec2_instance_type_offering.available.instance_type + subnet_id = aws_subnet.test.id + + tags = { + Name = %[1]q + } +} + +resource "aws_globalaccelerator_accelerator" "test" { + name = %[1]q + ip_address_type = "IPV4" + enabled = false +} + +resource "aws_globalaccelerator_listener" "test" { + accelerator_arn = aws_globalaccelerator_accelerator.test.id + protocol = "TCP" + + port_range { + from_port = 80 + to_port = 80 + } +} + +resource "aws_globalaccelerator_endpoint_group" "test" { + listener_arn = aws_globalaccelerator_listener.test.id + + endpoint_configuration { + endpoint_id = aws_instance.test.id + weight = 20 + } + + health_check_interval_seconds = 30 + health_check_path = "/" + health_check_port = 80 + health_check_protocol = "HTTP" + threshold_count = 3 + traffic_dial_percentage = 100 +} +`, rName)) +} + func testAccGlobalAcceleratorEndpointGroup_update(rInt int) string { return fmt.Sprintf(` resource "aws_globalaccelerator_accelerator" "example" { From 68df99d950d0e6ee8c39dcf3be43d32c8bf96ead Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Thu, 6 Aug 2020 17:20:04 -0400 Subject: [PATCH 09/14] r/aws_globalaccelerator_endpoint_group: Simplify 'TestAccAwsGlobalAcceleratorEndpointGroup_basic'. Acceptance test output: $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_basic' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_basic -timeout 120m === RUN TestAccAwsGlobalAcceleratorEndpointGroup_basic === PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_basic === CONT TestAccAwsGlobalAcceleratorEndpointGroup_basic testing.go:684: Step 0 error: After applying this step, the plan was not empty: DIFF: UPDATE: aws_globalaccelerator_endpoint_group.test endpoint_configuration.#: "0" => "0" endpoint_group_region: "us-west-2" => "us-west-2" health_check_interval_seconds: "30" => "30" health_check_path: "" => "/" health_check_port: "80" => "" health_check_protocol: "TCP" => "TCP" id: "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59/endpoint-group/e84317b2d005" => "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59/endpoint-group/e84317b2d005" listener_arn: "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59" => "arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59" threshold_count: "3" => "3" traffic_dial_percentage: "100" => "100" STATE: aws_globalaccelerator_accelerator.test: ID = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0 provider = provider.aws attributes.# = 1 attributes.0.flow_logs_enabled = false attributes.0.flow_logs_s3_bucket = attributes.0.flow_logs_s3_prefix = dns_name = a9225ffbbaaf25cce.awsglobalaccelerator.com enabled = false hosted_zone_id = Z2BJ6XQ5FK7U4H ip_address_type = IPV4 ip_sets.# = 1 ip_sets.0.ip_addresses.# = 2 ip_sets.0.ip_addresses.0 = 75.2.20.133 ip_sets.0.ip_addresses.1 = 99.83.169.50 ip_sets.0.ip_family = IPv4 name = tf-acc-test-809980946792323534 aws_globalaccelerator_endpoint_group.test: ID = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59/endpoint-group/e84317b2d005 provider = provider.aws endpoint_group_region = us-west-2 health_check_interval_seconds = 30 health_check_path = health_check_port = 80 health_check_protocol = TCP listener_arn = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59 threshold_count = 3 traffic_dial_percentage = 100 Dependencies: aws_globalaccelerator_listener.test aws_globalaccelerator_listener.test: ID = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0/listener/38d2eb59 provider = provider.aws accelerator_arn = arn:aws:globalaccelerator::xxxxxxxxxxxx:accelerator/9e848383-b09a-4439-ac4f-eacb46aa04c0 client_affinity = NONE port_range.# = 1 port_range.0.from_port = 80 port_range.0.to_port = 80 protocol = TCP Dependencies: aws_globalaccelerator_accelerator.test --- FAIL: TestAccAwsGlobalAcceleratorEndpointGroup_basic (179.82s) FAIL FAIL github.com/terraform-providers/terraform-provider-aws/aws 179.872s FAIL GNUmakefile:26: recipe for target 'testacc' failed make: *** [testacc] Error 1 --- ...s_globalaccelerator_endpoint_group_test.go | 85 ++++++++----------- 1 file changed, 37 insertions(+), 48 deletions(-) diff --git a/aws/resource_aws_globalaccelerator_endpoint_group_test.go b/aws/resource_aws_globalaccelerator_endpoint_group_test.go index e6b026eb86d5..11ed51d3b469 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group_test.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group_test.go @@ -13,8 +13,8 @@ import ( ) func TestAccAwsGlobalAcceleratorEndpointGroup_basic(t *testing.T) { - resourceName := "aws_globalaccelerator_endpoint_group.example" - rInt := acctest.RandInt() + resourceName := "aws_globalaccelerator_endpoint_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -22,16 +22,17 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_basic(t *testing.T) { CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, Steps: []resource.TestStep{ { - Config: testAccGlobalAcceleratorEndpointGroup_basic(rInt), + Config: testAccGlobalAcceleratorEndpointGroupConfigBasic(rName), Check: resource.ComposeTestCheckFunc( testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), - resource.TestCheckResourceAttr(resourceName, "health_check_path", "/"), + resource.TestCheckResourceAttr(resourceName, "health_check_path", ""), resource.TestCheckResourceAttr(resourceName, "health_check_port", "80"), - resource.TestCheckResourceAttr(resourceName, "health_check_protocol", "HTTP"), + resource.TestCheckResourceAttr(resourceName, "health_check_protocol", "TCP"), resource.TestCheckResourceAttr(resourceName, "threshold_count", "3"), resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "100"), - resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), + resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "0"), + resource.TestCheckResourceAttr(resourceName, "endpoint_group_region", testAccGetRegion()), ), }, { @@ -149,8 +150,8 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_InstanceEndpoint(t *testing.T) { } func TestAccAwsGlobalAcceleratorEndpointGroup_update(t *testing.T) { - resourceName := "aws_globalaccelerator_endpoint_group.example" - rInt := acctest.RandInt() + resourceName := "aws_globalaccelerator_endpoint_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -158,10 +159,10 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_update(t *testing.T) { CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, Steps: []resource.TestStep{ { - Config: testAccGlobalAcceleratorEndpointGroup_basic(rInt), + Config: testAccGlobalAcceleratorEndpointGroupConfigBasic(rName), }, { - Config: testAccGlobalAcceleratorEndpointGroup_update(rInt), + Config: testAccGlobalAcceleratorEndpointGroupConfigUpdated(rName), Check: resource.ComposeTestCheckFunc( testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "10"), @@ -171,6 +172,10 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_update(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "threshold_count", "1"), resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "0"), resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), + tfawsresource.TestCheckTypeSetElemNestedAttrs(resourceName, "endpoint_configuration.*", map[string]string{ + "client_ip_preservation_enabled": "false", + "weight": "20", + }), ), }, { @@ -264,16 +269,16 @@ func testAccCheckGlobalAcceleratorEndpointGroupDeleteGlobalAcceleratorSecurityGr } } -func testAccGlobalAcceleratorEndpointGroup_basic(rInt int) string { +func testAccGlobalAcceleratorEndpointGroupConfigBasic(rName string) string { return fmt.Sprintf(` -resource "aws_globalaccelerator_accelerator" "example" { - name = "tf-%d" +resource "aws_globalaccelerator_accelerator" "test" { + name = %[1]q ip_address_type = "IPV4" enabled = false } -resource "aws_globalaccelerator_listener" "example" { - accelerator_arn = aws_globalaccelerator_accelerator.example.id +resource "aws_globalaccelerator_listener" "test" { + accelerator_arn = aws_globalaccelerator_accelerator.test.id protocol = "TCP" port_range { @@ -282,27 +287,10 @@ resource "aws_globalaccelerator_listener" "example" { } } -data "aws_region" "current" {} - -resource "aws_eip" "example" {} - -resource "aws_globalaccelerator_endpoint_group" "example" { - listener_arn = aws_globalaccelerator_listener.example.id - - endpoint_configuration { - endpoint_id = aws_eip.example.id - weight = 10 - } - - endpoint_group_region = data.aws_region.current.name - health_check_interval_seconds = 30 - health_check_path = "/" - health_check_port = 80 - health_check_protocol = "HTTP" - threshold_count = 3 - traffic_dial_percentage = 100 +resource "aws_globalaccelerator_endpoint_group" "test" { + listener_arn = aws_globalaccelerator_listener.test.id } -`, rInt) +`, rName) } func testAccGlobalAcceleratorEndpointGroupConfigBaseVpc(rName string) string { @@ -479,16 +467,16 @@ resource "aws_globalaccelerator_endpoint_group" "test" { `, rName)) } -func testAccGlobalAcceleratorEndpointGroup_update(rInt int) string { +func testAccGlobalAcceleratorEndpointGroupConfigUpdated(rName string) string { return fmt.Sprintf(` -resource "aws_globalaccelerator_accelerator" "example" { - name = "tf-%d" +resource "aws_globalaccelerator_accelerator" "test" { + name = %[1]q ip_address_type = "IPV4" enabled = false } -resource "aws_globalaccelerator_listener" "example" { - accelerator_arn = aws_globalaccelerator_accelerator.example.id +resource "aws_globalaccelerator_listener" "test" { + accelerator_arn = aws_globalaccelerator_accelerator.test.id protocol = "TCP" port_range { @@ -497,19 +485,20 @@ resource "aws_globalaccelerator_listener" "example" { } } -data "aws_region" "current" {} - -resource "aws_eip" "example" {} +resource "aws_eip" "test" { + tags = { + Name = %[1]q + } +} -resource "aws_globalaccelerator_endpoint_group" "example" { - listener_arn = aws_globalaccelerator_listener.example.id +resource "aws_globalaccelerator_endpoint_group" "test" { + listener_arn = aws_globalaccelerator_listener.test.id endpoint_configuration { - endpoint_id = aws_eip.example.id + endpoint_id = aws_eip.test.id weight = 20 } - endpoint_group_region = data.aws_region.current.name health_check_interval_seconds = 10 health_check_path = "/foo" health_check_port = 8080 @@ -517,5 +506,5 @@ resource "aws_globalaccelerator_endpoint_group" "example" { threshold_count = 1 traffic_dial_percentage = 0 } -`, rInt) +`, rName) } From 55b0325a27ef898931d0846148eb44075195b1da Mon Sep 17 00:00:00 2001 From: LOU Xun Date: Thu, 5 Mar 2020 11:45:34 +0000 Subject: [PATCH 10/14] Fix health_check_path for GA TCP endpoint group - Set `health_check_path` to Computed without Default - Update documentation --- ...ce_aws_globalaccelerator_endpoint_group.go | 2 +- ...s_globalaccelerator_endpoint_group_test.go | 70 +++++++++++++++++++ ...alaccelerator_endpoint_group.html.markdown | 2 +- 3 files changed, 72 insertions(+), 2 deletions(-) diff --git a/aws/resource_aws_globalaccelerator_endpoint_group.go b/aws/resource_aws_globalaccelerator_endpoint_group.go index fb74d604a21d..965826f69db2 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group.go @@ -45,7 +45,7 @@ func resourceAwsGlobalAcceleratorEndpointGroup() *schema.Resource { "health_check_path": { Type: schema.TypeString, Optional: true, - Default: "/", + Computed: true, }, "health_check_port": { Type: schema.TypeInt, diff --git a/aws/resource_aws_globalaccelerator_endpoint_group_test.go b/aws/resource_aws_globalaccelerator_endpoint_group_test.go index 11ed51d3b469..79936cceacd7 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group_test.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group_test.go @@ -187,6 +187,36 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_update(t *testing.T) { }) } +func TestAccAwsGlobalAcceleratorEndpointGroup_tcp(t *testing.T) { + resourceName := "aws_globalaccelerator_endpoint_group.example" + rInt := acctest.RandInt() + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccGlobalAcceleratorEndpointGroup_tcp(rInt), + Check: resource.ComposeTestCheckFunc( + testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "health_check_interval_seconds", "30"), + resource.TestCheckResourceAttr(resourceName, "health_check_port", "1234"), + resource.TestCheckResourceAttr(resourceName, "health_check_protocol", "TCP"), + resource.TestCheckResourceAttr(resourceName, "threshold_count", "3"), + resource.TestCheckResourceAttr(resourceName, "traffic_dial_percentage", "100"), + resource.TestCheckResourceAttr(resourceName, "endpoint_configuration.#", "1"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func testAccCheckGlobalAcceleratorEndpointGroupExists(name string) resource.TestCheckFunc { return func(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).globalacceleratorconn @@ -508,3 +538,43 @@ resource "aws_globalaccelerator_endpoint_group" "test" { } `, rName) } + +func testAccGlobalAcceleratorEndpointGroup_tcp(rInt int) string { + return fmt.Sprintf(` +resource "aws_globalaccelerator_accelerator" "example" { + name = "tf-%d" + ip_address_type = "IPV4" + enabled = false +} + +resource "aws_globalaccelerator_listener" "example" { + accelerator_arn = "${aws_globalaccelerator_accelerator.example.id}" + protocol = "TCP" + + port_range { + from_port = 80 + to_port = 80 + } +} + +data "aws_region" "current" {} + +resource "aws_eip" "example" {} + +resource "aws_globalaccelerator_endpoint_group" "example" { + listener_arn = "${aws_globalaccelerator_listener.example.id}" + + endpoint_configuration { + endpoint_id = "${aws_eip.example.id}" + weight = 10 + } + + endpoint_group_region = "${data.aws_region.current.name}" + health_check_interval_seconds = 30 + health_check_port = 1234 + health_check_protocol = "TCP" + threshold_count = 3 + traffic_dial_percentage = 100 +} +`, rInt) +} diff --git a/website/docs/r/globalaccelerator_endpoint_group.html.markdown b/website/docs/r/globalaccelerator_endpoint_group.html.markdown index 7dc71c0f39dc..9b20fedc8c0f 100644 --- a/website/docs/r/globalaccelerator_endpoint_group.html.markdown +++ b/website/docs/r/globalaccelerator_endpoint_group.html.markdown @@ -30,7 +30,7 @@ The following arguments are supported: * `listener_arn` - (Required) The Amazon Resource Name (ARN) of the listener. * `endpoint_group_region` (Optional) - The name of the AWS Region where the endpoint group is located. * `health_check_interval_seconds` - (Optional) The time—10 seconds or 30 seconds—between each health check for an endpoint. The default value is 30. -* `health_check_path` - (Optional) If the protocol is HTTP/S, then this specifies the path that is the destination for health check targets. The default value is slash (/). +* `health_check_path` - (Optional) If the protocol is HTTP/S, then this specifies the path that is the destination for health check targets. The default value is slash (`/`). Terraform will only perform drift detection of its value when present in a configuration. * `health_check_port` - (Optional) The port that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default port is the listener port that this endpoint group is associated with. If listener port is a list of ports, Global Accelerator uses the first port in the list. * `health_check_protocol` - (Optional) The protocol that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default value is TCP. * `threshold_count` - (Optional) The number of consecutive health checks required to set the state of a healthy endpoint to unhealthy, or to set an unhealthy endpoint to healthy. The default value is 3. From f8a112a89f7b515e05535c4e0fc0094ad8d7faae Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 7 Aug 2020 08:46:32 -0400 Subject: [PATCH 11/14] Update website/docs/r/globalaccelerator_endpoint_group.html.markdown Co-authored-by: Brian Flad --- website/docs/r/globalaccelerator_endpoint_group.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/globalaccelerator_endpoint_group.html.markdown b/website/docs/r/globalaccelerator_endpoint_group.html.markdown index 9b20fedc8c0f..0490530f1ea5 100644 --- a/website/docs/r/globalaccelerator_endpoint_group.html.markdown +++ b/website/docs/r/globalaccelerator_endpoint_group.html.markdown @@ -40,7 +40,7 @@ The following arguments are supported: **endpoint_configuration** supports the following attributes: * `client_ip_preservation_enabled` - (Optional) Indicates whether client IP address preservation is enabled for an Application Load Balancer endpoint. See the [AWS documentation](https://docs.aws.amazon.com/global-accelerator/latest/dg/preserve-client-ip-address.html) for more details. -**Note:** when client IP address preservation is enabled, the Global Accelerator service creates a security group that is not deleted when the accelerator is deleted. +**Note:** When client IP address preservation is enabled, the Global Accelerator service creates an EC2 Security Group in the VPC named `GlobalAccelerator` that must be deleted (potentially outside of Terraform) before the VPC will successfully delete. If this EC2 Security Group is not deleted, Terraform will retry the VPC deletion for a few minutes before reporting a `DependencyViolation` error. This cannot be resolved by re-running Terraform. * `endpoint_id` - (Optional) An ID for the endpoint. If the endpoint is a Network Load Balancer or Application Load Balancer, this is the Amazon Resource Name (ARN) of the resource. If the endpoint is an Elastic IP address, this is the Elastic IP address allocation ID. * `weight` - (Optional) The weight associated with the endpoint. When you add weights to endpoints, you configure AWS Global Accelerator to route traffic based on proportions that you specify. From fe4ef66253ca56bfcab9d7ce937d159de55aad28 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 7 Aug 2020 09:32:47 -0400 Subject: [PATCH 12/14] r/aws_globalaccelerator_endpoint_group: Change 'health_check_port' to Computed (#12882). Acceptance test output: $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_basic' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_basic -timeout 120m === RUN TestAccAwsGlobalAcceleratorEndpointGroup_basic === PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_basic === CONT TestAccAwsGlobalAcceleratorEndpointGroup_basic --- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_basic (183.26s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 183.312s $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_update' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_update -timeout 120m === RUN TestAccAwsGlobalAcceleratorEndpointGroup_update === PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_update === CONT TestAccAwsGlobalAcceleratorEndpointGroup_update --- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_update (241.78s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 241.856s --- aws/resource_aws_globalaccelerator_endpoint_group.go | 1 + website/docs/r/globalaccelerator_endpoint_group.html.markdown | 1 + 2 files changed, 2 insertions(+) diff --git a/aws/resource_aws_globalaccelerator_endpoint_group.go b/aws/resource_aws_globalaccelerator_endpoint_group.go index 965826f69db2..408a9f359242 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group.go @@ -50,6 +50,7 @@ func resourceAwsGlobalAcceleratorEndpointGroup() *schema.Resource { "health_check_port": { Type: schema.TypeInt, Optional: true, + Computed: true, }, "health_check_protocol": { Type: schema.TypeString, diff --git a/website/docs/r/globalaccelerator_endpoint_group.html.markdown b/website/docs/r/globalaccelerator_endpoint_group.html.markdown index 0490530f1ea5..7c18d2bf5140 100644 --- a/website/docs/r/globalaccelerator_endpoint_group.html.markdown +++ b/website/docs/r/globalaccelerator_endpoint_group.html.markdown @@ -32,6 +32,7 @@ The following arguments are supported: * `health_check_interval_seconds` - (Optional) The time—10 seconds or 30 seconds—between each health check for an endpoint. The default value is 30. * `health_check_path` - (Optional) If the protocol is HTTP/S, then this specifies the path that is the destination for health check targets. The default value is slash (`/`). Terraform will only perform drift detection of its value when present in a configuration. * `health_check_port` - (Optional) The port that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default port is the listener port that this endpoint group is associated with. If listener port is a list of ports, Global Accelerator uses the first port in the list. +Terraform will only perform drift detection of its value when present in a configuration. * `health_check_protocol` - (Optional) The protocol that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default value is TCP. * `threshold_count` - (Optional) The number of consecutive health checks required to set the state of a healthy endpoint to unhealthy, or to set an unhealthy endpoint to healthy. The default value is 3. * `traffic_dial_percentage` - (Optional) The percentage of traffic to send to an AWS Region. Additional traffic is distributed to other endpoint groups for this listener. The default value is 100. From 0c49a065a83c16dcb7bf284c88fec94fdcced14c Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 7 Aug 2020 10:11:11 -0400 Subject: [PATCH 13/14] r/aws_globalaccelerator_endpoint_group: Add '_disappears' acceptance test (#13527, #13826). Acceptance test output: $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsGlobalAcceleratorEndpointGroup_disappears' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAwsGlobalAcceleratorEndpointGroup_disappears -timeout 120m === RUN TestAccAwsGlobalAcceleratorEndpointGroup_disappears === PAUSE TestAccAwsGlobalAcceleratorEndpointGroup_disappears === CONT TestAccAwsGlobalAcceleratorEndpointGroup_disappears --- PASS: TestAccAwsGlobalAcceleratorEndpointGroup_disappears (191.83s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 191.883s --- ...s_globalaccelerator_endpoint_group_test.go | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/aws/resource_aws_globalaccelerator_endpoint_group_test.go b/aws/resource_aws_globalaccelerator_endpoint_group_test.go index 79936cceacd7..584fdf7c125d 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group_test.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group_test.go @@ -44,6 +44,27 @@ func TestAccAwsGlobalAcceleratorEndpointGroup_basic(t *testing.T) { }) } +func TestAccAwsGlobalAcceleratorEndpointGroup_disappears(t *testing.T) { + resourceName := "aws_globalaccelerator_endpoint_group.test" + rName := acctest.RandomWithPrefix("tf-acc-test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckGlobalAcceleratorEndpointGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccGlobalAcceleratorEndpointGroupConfigBasic(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckGlobalAcceleratorEndpointGroupExists(resourceName), + testAccCheckResourceDisappears(testAccProvider, resourceAwsGlobalAcceleratorEndpointGroup(), resourceName), + ), + ExpectNonEmptyPlan: true, + }, + }, + }) +} + func TestAccAwsGlobalAcceleratorEndpointGroup_ALBEndpoint_ClientIP(t *testing.T) { var vpc ec2.Vpc resourceName := "aws_globalaccelerator_endpoint_group.test" From 4178c8407297f62af864656ab1d48592e51e550c Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 7 Aug 2020 10:43:17 -0400 Subject: [PATCH 14/14] r/aws_globalaccelerator_endpoint_group: Set 'client_ip_preservation_enabled' to 'true' for EC2 instance endpoint test. --- ...rce_aws_globalaccelerator_endpoint_group_test.go | 13 +++++++++++-- .../globalaccelerator_endpoint_group.html.markdown | 2 +- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/aws/resource_aws_globalaccelerator_endpoint_group_test.go b/aws/resource_aws_globalaccelerator_endpoint_group_test.go index 584fdf7c125d..078359cd62b5 100644 --- a/aws/resource_aws_globalaccelerator_endpoint_group_test.go +++ b/aws/resource_aws_globalaccelerator_endpoint_group_test.go @@ -474,6 +474,14 @@ resource "aws_subnet" "test" { } } +resource "aws_internet_gateway" "test" { + vpc_id = aws_vpc.test.id + + tags = { + Name = %[1]q + } +} + resource "aws_instance" "test" { ami = data.aws_ami.amzn-ami-minimal-hvm-ebs.id instance_type = data.aws_ec2_instance_type_offering.available.instance_type @@ -504,8 +512,9 @@ resource "aws_globalaccelerator_endpoint_group" "test" { listener_arn = aws_globalaccelerator_listener.test.id endpoint_configuration { - endpoint_id = aws_instance.test.id - weight = 20 + endpoint_id = aws_instance.test.id + weight = 20 + client_ip_preservation_enabled = true } health_check_interval_seconds = 30 diff --git a/website/docs/r/globalaccelerator_endpoint_group.html.markdown b/website/docs/r/globalaccelerator_endpoint_group.html.markdown index 7c18d2bf5140..7c7e27ebdfbe 100644 --- a/website/docs/r/globalaccelerator_endpoint_group.html.markdown +++ b/website/docs/r/globalaccelerator_endpoint_group.html.markdown @@ -40,7 +40,7 @@ Terraform will only perform drift detection of its value when present in a confi **endpoint_configuration** supports the following attributes: -* `client_ip_preservation_enabled` - (Optional) Indicates whether client IP address preservation is enabled for an Application Load Balancer endpoint. See the [AWS documentation](https://docs.aws.amazon.com/global-accelerator/latest/dg/preserve-client-ip-address.html) for more details. +* `client_ip_preservation_enabled` - (Optional) Indicates whether client IP address preservation is enabled for an Application Load Balancer endpoint. See the [AWS documentation](https://docs.aws.amazon.com/global-accelerator/latest/dg/preserve-client-ip-address.html) for more details. The default value is `false`. **Note:** When client IP address preservation is enabled, the Global Accelerator service creates an EC2 Security Group in the VPC named `GlobalAccelerator` that must be deleted (potentially outside of Terraform) before the VPC will successfully delete. If this EC2 Security Group is not deleted, Terraform will retry the VPC deletion for a few minutes before reporting a `DependencyViolation` error. This cannot be resolved by re-running Terraform. * `endpoint_id` - (Optional) An ID for the endpoint. If the endpoint is a Network Load Balancer or Application Load Balancer, this is the Amazon Resource Name (ARN) of the resource. If the endpoint is an Elastic IP address, this is the Elastic IP address allocation ID. * `weight` - (Optional) The weight associated with the endpoint. When you add weights to endpoints, you configure AWS Global Accelerator to route traffic based on proportions that you specify.