ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #3887 from hashicorp/elb-ssl-cert-fix 

providers/aws: Document and validate ELB ssl_cert and protocol require
This commit is contained in:
Clint 2015-11-12 14:28:12 -06:00
parent dcf40661c8 5cafe740ff
commit 1488bbf6c7
3 changed files with 58 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
builtin/providers/aws/structure.go
View File

@ -44,8 +44,24 @@ func expandListeners(configured []interface{}) ([]*elb.Listener, error) {
l.SSLCertificateId = aws.String(v.(string)) l.SSLCertificateId = aws.String(v.(string))
} }
listeners = append(listeners, l) var valid bool
} if l.SSLCertificateId != nil && *l.SSLCertificateId != "" {
// validate the protocol is correct
for _, p := range []string{"https", "ssl"} {
if (*l.InstanceProtocol == p) || (*l.Protocol == p) {
valid = true
}
}
} else {
valid = true
}
if valid {
listeners = append(listeners, l)
} else {
return nil, fmt.Errorf("[ERR] ELB Listener: ssl_certificate_id may be set only when protocol is 'https' or 'ssl'")
}
}
return listeners, nil return listeners, nil
} }

32
builtin/providers/aws/structure_test.go
View File

@ -2,6 +2,7 @@ package aws
import ( import (
"reflect" "reflect"
"strings"
"testing" "testing"
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws"
@ -295,6 +296,13 @@ func TestExpandListeners(t *testing.T) {
"instance_protocol": "http", "instance_protocol": "http",
"lb_protocol": "http", "lb_protocol": "http",
}, },
map[string]interface{}{
"instance_port": 8000,
"lb_port": 80,
"instance_protocol": "https",
"lb_protocol": "https",
"ssl_certificate_id": "something",
},
} }
listeners, err := expandListeners(expanded) listeners, err := expandListeners(expanded)
if err != nil { if err != nil {
@ -314,7 +322,31 @@ func TestExpandListeners(t *testing.T) {
listeners[0], listeners[0],
expected) expected)
} }
}
// this test should produce an error from expandlisteners on an invalid
// combination
func TestExpandListeners_invalid(t *testing.T) {
expanded := []interface{}{
map[string]interface{}{
"instance_port": 8000,
"lb_port": 80,
"instance_protocol": "http",
"lb_protocol": "http",
"ssl_certificate_id": "something",
},
}
_, err := expandListeners(expanded)
if err != nil {
// Check the error we got
if !strings.Contains(err.Error(), "ssl_certificate_id may be set only when protocol") {
t.Fatalf("Got error in TestExpandListeners_invalid, but not what we expected: %s", err)
}
}
if err == nil {
t.Fatalf("Expected TestExpandListeners_invalid to fail, but passed")
}
} }
func TestFlattenHealthCheck(t *testing.T) { func TestFlattenHealthCheck(t *testing.T) {

12
website/source/docs/providers/aws/r/elb.html.markdown
View File

@ -33,7 +33,7 @@ resource "aws_elb" "bar" {
listener { listener {
instance_port = 8000 instance_port = 8000
instance_protocol = "http" instance_protocol = "https"
lb_port = 443 lb_port = 443
lb_protocol = "https" lb_protocol = "https"
ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName" ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
@ -90,10 +90,14 @@ Access Logs support the following:
Listeners support the following: Listeners support the following:
* `instance_port` - (Required) The port on the instance to route to * `instance_port` - (Required) The port on the instance to route to
* `instance_protocol` - (Required) The protocol to use to the instance. * `instance_protocol` - (Required) The protocol to use to the instance. Valid
values are `HTTP`, `HTTPS`, `TCP`, or `SSL`
* `lb_port` - (Required) The port to listen on for the load balancer * `lb_port` - (Required) The port to listen on for the load balancer
* `lb_protocol` - (Required) The protocol to listen on. * `lb_protocol` - (Required) The protocol to listen on. Valid values are `HTTP`,
* `ssl_certificate_id` - (Optional) The id of an SSL certificate you have uploaded to AWS IAM. `HTTPS`, `TCP`, or `SSL`
* `ssl_certificate_id` - (Optional) The id of an SSL certificate you have
uploaded to AWS IAM. **Only valid when `instance_protocol` and
`lb_protocol` are either HTTPS or SSL**
Health Check supports the following: Health Check supports the following: