From 8d97c3656ce3a539d6902fef671fd4060a8a5c40 Mon Sep 17 00:00:00 2001 From: Jason Padvorac Date: Sun, 10 Aug 2014 16:09:05 -0700 Subject: [PATCH 1/2] Add listener.ssl_certificate_id support to AWS ELB --- builtin/providers/aws/resource_aws_elb.go | 1 + .../providers/aws/resource_aws_elb_test.go | 18 +++++++++++ builtin/providers/aws/structure.go | 5 +++ builtin/providers/aws/structure_test.go | 32 +++++++++---------- .../docs/providers/aws/r/elb.html.markdown | 9 ++++++ 5 files changed, 49 insertions(+), 16 deletions(-) diff --git a/builtin/providers/aws/resource_aws_elb.go b/builtin/providers/aws/resource_aws_elb.go index 036968c62..6c5989e27 100644 --- a/builtin/providers/aws/resource_aws_elb.go +++ b/builtin/providers/aws/resource_aws_elb.go @@ -325,6 +325,7 @@ func resource_aws_elb_validation() *config.Validator { }, Optional: []string{ "instances.*", + "listener.*.ssl_certificate_id", "availability_zones.*", "health_check.#", "health_check.0.healthy_threshold", diff --git a/builtin/providers/aws/resource_aws_elb_test.go b/builtin/providers/aws/resource_aws_elb_test.go index 7edeb6d85..ac93d56c0 100644 --- a/builtin/providers/aws/resource_aws_elb_test.go +++ b/builtin/providers/aws/resource_aws_elb_test.go @@ -35,6 +35,8 @@ func TestAccAWSELB_basic(t *testing.T) { "aws_elb.bar", "listener.0.instance_port", "8000"), resource.TestCheckResourceAttr( "aws_elb.bar", "listener.0.instance_protocol", "http"), + resource.TestCheckResourceAttr( + "aws_elb.bar", "listener.0.ssl_certificate_id", "arn:aws:iam::123456789012:server-certificate/certName"), resource.TestCheckResourceAttr( "aws_elb.bar", "listener.0.lb_port", "80"), resource.TestCheckResourceAttr( @@ -277,6 +279,22 @@ resource "aws_instance" "foo" { } ` + +const testAccAWSELBConfigListenerSSLCertificateId = ` +resource "aws_elb" "bar" { + name = "foobar-terraform-test" + availability_zones = ["us-west-2a"] + + listener { + instance_port = 8000 + instance_protocol = "http" + ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName" + lb_port = 443 + lb_protocol = "https" + } +} +` + const testAccAWSELBConfigHealthCheck = ` resource "aws_elb" "bar" { name = "foobar-terraform-test" diff --git a/builtin/providers/aws/structure.go b/builtin/providers/aws/structure.go index a8be14675..e952d3158 100644 --- a/builtin/providers/aws/structure.go +++ b/builtin/providers/aws/structure.go @@ -33,6 +33,11 @@ func expandListeners(configured []interface{}) ([]elb.Listener, error) { Protocol: newL["lb_protocol"].(string), } + if attr, ok := newL["ssl_certificate_id"].(string); ok { + l.SSLCertificateId = attr + } + + listeners = append(listeners, l) } diff --git a/builtin/providers/aws/structure_test.go b/builtin/providers/aws/structure_test.go index 9d438da2c..e071df616 100644 --- a/builtin/providers/aws/structure_test.go +++ b/builtin/providers/aws/structure_test.go @@ -12,22 +12,22 @@ import ( // Returns test configuration func testConf() map[string]string { return map[string]string{ - "listener.#": "1", - "listener.0.lb_port": "80", - "listener.0.lb_protocol": "http", - "listener.0.instance_port": "8000", - "listener.0.instance_protocol": "http", - "availability_zones.#": "2", - "availability_zones.0": "us-east-1a", - "availability_zones.1": "us-east-1b", - "ingress.#": "1", - "ingress.0.protocol": "icmp", - "ingress.0.from_port": "1", - "ingress.0.to_port": "-1", - "ingress.0.cidr_blocks.#": "1", - "ingress.0.cidr_blocks.0": "0.0.0.0/0", - "ingress.0.security_groups.#": "1", - "ingress.0.security_groups.0": "sg-11111", + "listener.#": "1", + "listener.0.lb_port": "80", + "listener.0.lb_protocol": "http", + "listener.0.instance_port": "8000", + "listener.0.instance_protocol": "http", + "availability_zones.#": "2", + "availability_zones.0": "us-east-1a", + "availability_zones.1": "us-east-1b", + "ingress.#": "1", + "ingress.0.protocol": "icmp", + "ingress.0.from_port": "1", + "ingress.0.to_port": "-1", + "ingress.0.cidr_blocks.#": "1", + "ingress.0.cidr_blocks.0": "0.0.0.0/0", + "ingress.0.security_groups.#": "1", + "ingress.0.security_groups.0": "sg-11111", } } diff --git a/website/source/docs/providers/aws/r/elb.html.markdown b/website/source/docs/providers/aws/r/elb.html.markdown index b2b4a699a..93ce707bc 100644 --- a/website/source/docs/providers/aws/r/elb.html.markdown +++ b/website/source/docs/providers/aws/r/elb.html.markdown @@ -23,6 +23,14 @@ resource "aws_elb" "bar" { lb_protocol = "http" } + listener { + instance_port = 8000 + instance_protocol = "http" + lb_port = 443 + lb_protocol = "https" + ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName" + } + health_check { healthy_threshold = 2 unhealthy_threshold = 2 @@ -51,6 +59,7 @@ Listeners support the following: * `instance_protocol` - (Required) The the protocol to use to the instance. * `lb_port` - (Required) The port to listen on for the load balancer * `lb_protocol` - (Required) The protocol to listen on. +* `ssl_certificate_id` - (Optional) The id of an SSL certificate you have uploaded to AWS IAM. Health Check supports the following: From 175b10b90e3c9bb168c27b7023fb251306ccd648 Mon Sep 17 00:00:00 2001 From: Panagiotis Moustafellos Date: Thu, 2 Oct 2014 05:30:30 +0300 Subject: [PATCH 2/2] Updated changelog for [GH-350] (AWS ELB listener.ssl_certificate_id) --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd7062138..23fc30245 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,8 +28,9 @@ IMPROVEMENTS: * providers/aws: New resource `db_subnet_group`. [GH-295] * providers/aws: Add `map_public_ip_on_launch` for subnets. [GH-285] * providers/aws: Add `iam_instance_profile` for instances. [GH-319] - * providers/aws: add `internal` option for ELBs. [GH-303] - * providers/aws: add `self` option for security groups for ingress + * providers/aws: Add `internal` option for ELBs. [GH-303] + * providers/aws: Add `ssl_certificate_id` for ELB listeners. [GH-350] + * providers/aws: Add `self` option for security groups for ingress rules with self as source. [GH-303] * providers/google: Support `target_tags` for firewalls. [GH-324]