Merge pull request #350 from pmoust/elb_ssl_certificate_id

Add listener.ssl_certificate_id support to AWS ELB
This commit is contained in:
Jack Pearkes 2014-10-01 20:53:44 -07:00
commit 1759fdeeed
7 changed files with 43 additions and 5 deletions

View File

@ -28,8 +28,9 @@ IMPROVEMENTS:
* providers/aws: New resource `db_subnet_group`. [GH-295] * providers/aws: New resource `db_subnet_group`. [GH-295]
* providers/aws: Add `map_public_ip_on_launch` for subnets. [GH-285] * providers/aws: Add `map_public_ip_on_launch` for subnets. [GH-285]
* providers/aws: Add `iam_instance_profile` for instances. [GH-319] * providers/aws: Add `iam_instance_profile` for instances. [GH-319]
* providers/aws: add `internal` option for ELBs. [GH-303] * providers/aws: Add `internal` option for ELBs. [GH-303]
* providers/aws: add `self` option for security groups for ingress * providers/aws: Add `ssl_certificate_id` for ELB listeners. [GH-350]
* providers/aws: Add `self` option for security groups for ingress
rules with self as source. [GH-303] rules with self as source. [GH-303]
* providers/google: Support `target_tags` for firewalls. [GH-324] * providers/google: Support `target_tags` for firewalls. [GH-324]

View File

@ -353,6 +353,7 @@ func resource_aws_elb_validation() *config.Validator {
}, },
Optional: []string{ Optional: []string{
"instances.*", "instances.*",
"listener.*.ssl_certificate_id",
"internal", "internal",
"availability_zones.*", "availability_zones.*",
"security_groups.*", "security_groups.*",

View File

@ -2,6 +2,7 @@ package aws
import ( import (
"fmt" "fmt"
"os"
"reflect" "reflect"
"testing" "testing"
@ -12,6 +13,7 @@ import (
func TestAccAWSELB_basic(t *testing.T) { func TestAccAWSELB_basic(t *testing.T) {
var conf elb.LoadBalancer var conf elb.LoadBalancer
ssl_certificate_id := os.Getenv("AWS_SSL_CERTIFICATE_ID")
resource.Test(t, resource.TestCase{ resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) }, PreCheck: func() { testAccPreCheck(t) },
@ -35,6 +37,8 @@ func TestAccAWSELB_basic(t *testing.T) {
"aws_elb.bar", "listener.0.instance_port", "8000"), "aws_elb.bar", "listener.0.instance_port", "8000"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_elb.bar", "listener.0.instance_protocol", "http"), "aws_elb.bar", "listener.0.instance_protocol", "http"),
resource.TestCheckResourceAttr(
"aws_elb.bar", "listener.0.ssl_certificate_id", ssl_certificate_id),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
"aws_elb.bar", "listener.0.lb_port", "80"), "aws_elb.bar", "listener.0.lb_port", "80"),
resource.TestCheckResourceAttr( resource.TestCheckResourceAttr(
@ -277,6 +281,21 @@ resource "aws_instance" "foo" {
} }
` `
const testAccAWSELBConfigListenerSSLCertificateId = `
resource "aws_elb" "bar" {
name = "foobar-terraform-test"
availability_zones = ["us-west-2a"]
listener {
instance_port = 8000
instance_protocol = "http"
ssl_certificate_id = "%s"
lb_port = 443
lb_protocol = "https"
}
}
`
const testAccAWSELBConfigHealthCheck = ` const testAccAWSELBConfigHealthCheck = `
resource "aws_elb" "bar" { resource "aws_elb" "bar" {
name = "foobar-terraform-test" name = "foobar-terraform-test"

View File

@ -92,4 +92,7 @@ func testAccPreCheck(t *testing.T) {
log.Println("[INFO] Test: Using us-west-2 as test region") log.Println("[INFO] Test: Using us-west-2 as test region")
os.Setenv("AWS_REGION", "us-west-2") os.Setenv("AWS_REGION", "us-west-2")
} }
if v := os.Getenv("AWS_SSL_CERTIFICATE_ID"); v == "" {
t.Fatal("AWS_SSL_CERTIFICATE_ID must be set for acceptance tests")
}
} }

View File

@ -33,6 +33,11 @@ func expandListeners(configured []interface{}) ([]elb.Listener, error) {
Protocol: newL["lb_protocol"].(string), Protocol: newL["lb_protocol"].(string),
} }
if attr, ok := newL["ssl_certificate_id"].(string); ok {
l.SSLCertificateId = attr
}
listeners = append(listeners, l) listeners = append(listeners, l)
} }

View File

@ -70,9 +70,9 @@ func Test_expandIPPerms(t *testing.T) {
}, },
}, },
ec2.IPPerm{ ec2.IPPerm{
Protocol: "icmp", Protocol: "icmp",
FromPort: 1, FromPort: 1,
ToPort: -1, ToPort: -1,
SourceGroups: []ec2.UserSecurityGroup{ SourceGroups: []ec2.UserSecurityGroup{
ec2.UserSecurityGroup{ ec2.UserSecurityGroup{
Id: "foo", Id: "foo",

View File

@ -23,6 +23,14 @@ resource "aws_elb" "bar" {
lb_protocol = "http" lb_protocol = "http"
} }
listener {
instance_port = 8000
instance_protocol = "http"
lb_port = 443
lb_protocol = "https"
ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
}
health_check { health_check {
healthy_threshold = 2 healthy_threshold = 2
unhealthy_threshold = 2 unhealthy_threshold = 2
@ -54,6 +62,7 @@ Listeners support the following:
* `instance_protocol` - (Required) The the protocol to use to the instance. * `instance_protocol` - (Required) The the protocol to use to the instance.
* `lb_port` - (Required) The port to listen on for the load balancer * `lb_port` - (Required) The port to listen on for the load balancer
* `lb_protocol` - (Required) The protocol to listen on. * `lb_protocol` - (Required) The protocol to listen on.
* `ssl_certificate_id` - (Optional) The id of an SSL certificate you have uploaded to AWS IAM.
Health Check supports the following: Health Check supports the following: