Merge pull request #350 from pmoust/elb_ssl_certificate_id
Add listener.ssl_certificate_id support to AWS ELB
This commit is contained in:
commit
1759fdeeed
|
@ -28,8 +28,9 @@ IMPROVEMENTS:
|
||||||
* providers/aws: New resource `db_subnet_group`. [GH-295]
|
* providers/aws: New resource `db_subnet_group`. [GH-295]
|
||||||
* providers/aws: Add `map_public_ip_on_launch` for subnets. [GH-285]
|
* providers/aws: Add `map_public_ip_on_launch` for subnets. [GH-285]
|
||||||
* providers/aws: Add `iam_instance_profile` for instances. [GH-319]
|
* providers/aws: Add `iam_instance_profile` for instances. [GH-319]
|
||||||
* providers/aws: add `internal` option for ELBs. [GH-303]
|
* providers/aws: Add `internal` option for ELBs. [GH-303]
|
||||||
* providers/aws: add `self` option for security groups for ingress
|
* providers/aws: Add `ssl_certificate_id` for ELB listeners. [GH-350]
|
||||||
|
* providers/aws: Add `self` option for security groups for ingress
|
||||||
rules with self as source. [GH-303]
|
rules with self as source. [GH-303]
|
||||||
* providers/google: Support `target_tags` for firewalls. [GH-324]
|
* providers/google: Support `target_tags` for firewalls. [GH-324]
|
||||||
|
|
||||||
|
|
|
@ -353,6 +353,7 @@ func resource_aws_elb_validation() *config.Validator {
|
||||||
},
|
},
|
||||||
Optional: []string{
|
Optional: []string{
|
||||||
"instances.*",
|
"instances.*",
|
||||||
|
"listener.*.ssl_certificate_id",
|
||||||
"internal",
|
"internal",
|
||||||
"availability_zones.*",
|
"availability_zones.*",
|
||||||
"security_groups.*",
|
"security_groups.*",
|
||||||
|
|
|
@ -2,6 +2,7 @@ package aws
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"os"
|
||||||
"reflect"
|
"reflect"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
@ -12,6 +13,7 @@ import (
|
||||||
|
|
||||||
func TestAccAWSELB_basic(t *testing.T) {
|
func TestAccAWSELB_basic(t *testing.T) {
|
||||||
var conf elb.LoadBalancer
|
var conf elb.LoadBalancer
|
||||||
|
ssl_certificate_id := os.Getenv("AWS_SSL_CERTIFICATE_ID")
|
||||||
|
|
||||||
resource.Test(t, resource.TestCase{
|
resource.Test(t, resource.TestCase{
|
||||||
PreCheck: func() { testAccPreCheck(t) },
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
@ -35,6 +37,8 @@ func TestAccAWSELB_basic(t *testing.T) {
|
||||||
"aws_elb.bar", "listener.0.instance_port", "8000"),
|
"aws_elb.bar", "listener.0.instance_port", "8000"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_elb.bar", "listener.0.instance_protocol", "http"),
|
"aws_elb.bar", "listener.0.instance_protocol", "http"),
|
||||||
|
resource.TestCheckResourceAttr(
|
||||||
|
"aws_elb.bar", "listener.0.ssl_certificate_id", ssl_certificate_id),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
"aws_elb.bar", "listener.0.lb_port", "80"),
|
"aws_elb.bar", "listener.0.lb_port", "80"),
|
||||||
resource.TestCheckResourceAttr(
|
resource.TestCheckResourceAttr(
|
||||||
|
@ -277,6 +281,21 @@ resource "aws_instance" "foo" {
|
||||||
}
|
}
|
||||||
`
|
`
|
||||||
|
|
||||||
|
const testAccAWSELBConfigListenerSSLCertificateId = `
|
||||||
|
resource "aws_elb" "bar" {
|
||||||
|
name = "foobar-terraform-test"
|
||||||
|
availability_zones = ["us-west-2a"]
|
||||||
|
|
||||||
|
listener {
|
||||||
|
instance_port = 8000
|
||||||
|
instance_protocol = "http"
|
||||||
|
ssl_certificate_id = "%s"
|
||||||
|
lb_port = 443
|
||||||
|
lb_protocol = "https"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
`
|
||||||
|
|
||||||
const testAccAWSELBConfigHealthCheck = `
|
const testAccAWSELBConfigHealthCheck = `
|
||||||
resource "aws_elb" "bar" {
|
resource "aws_elb" "bar" {
|
||||||
name = "foobar-terraform-test"
|
name = "foobar-terraform-test"
|
||||||
|
|
|
@ -92,4 +92,7 @@ func testAccPreCheck(t *testing.T) {
|
||||||
log.Println("[INFO] Test: Using us-west-2 as test region")
|
log.Println("[INFO] Test: Using us-west-2 as test region")
|
||||||
os.Setenv("AWS_REGION", "us-west-2")
|
os.Setenv("AWS_REGION", "us-west-2")
|
||||||
}
|
}
|
||||||
|
if v := os.Getenv("AWS_SSL_CERTIFICATE_ID"); v == "" {
|
||||||
|
t.Fatal("AWS_SSL_CERTIFICATE_ID must be set for acceptance tests")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,6 +33,11 @@ func expandListeners(configured []interface{}) ([]elb.Listener, error) {
|
||||||
Protocol: newL["lb_protocol"].(string),
|
Protocol: newL["lb_protocol"].(string),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if attr, ok := newL["ssl_certificate_id"].(string); ok {
|
||||||
|
l.SSLCertificateId = attr
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
listeners = append(listeners, l)
|
listeners = append(listeners, l)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -70,9 +70,9 @@ func Test_expandIPPerms(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
ec2.IPPerm{
|
ec2.IPPerm{
|
||||||
Protocol: "icmp",
|
Protocol: "icmp",
|
||||||
FromPort: 1,
|
FromPort: 1,
|
||||||
ToPort: -1,
|
ToPort: -1,
|
||||||
SourceGroups: []ec2.UserSecurityGroup{
|
SourceGroups: []ec2.UserSecurityGroup{
|
||||||
ec2.UserSecurityGroup{
|
ec2.UserSecurityGroup{
|
||||||
Id: "foo",
|
Id: "foo",
|
||||||
|
|
|
@ -23,6 +23,14 @@ resource "aws_elb" "bar" {
|
||||||
lb_protocol = "http"
|
lb_protocol = "http"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
listener {
|
||||||
|
instance_port = 8000
|
||||||
|
instance_protocol = "http"
|
||||||
|
lb_port = 443
|
||||||
|
lb_protocol = "https"
|
||||||
|
ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
|
||||||
|
}
|
||||||
|
|
||||||
health_check {
|
health_check {
|
||||||
healthy_threshold = 2
|
healthy_threshold = 2
|
||||||
unhealthy_threshold = 2
|
unhealthy_threshold = 2
|
||||||
|
@ -54,6 +62,7 @@ Listeners support the following:
|
||||||
* `instance_protocol` - (Required) The the protocol to use to the instance.
|
* `instance_protocol` - (Required) The the protocol to use to the instance.
|
||||||
* `lb_port` - (Required) The port to listen on for the load balancer
|
* `lb_port` - (Required) The port to listen on for the load balancer
|
||||||
* `lb_protocol` - (Required) The protocol to listen on.
|
* `lb_protocol` - (Required) The protocol to listen on.
|
||||||
|
* `ssl_certificate_id` - (Optional) The id of an SSL certificate you have uploaded to AWS IAM.
|
||||||
|
|
||||||
Health Check supports the following:
|
Health Check supports the following:
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue