CloudFront distribution and origin access identity support (#5221)
* CloudFront implementation v3 * Update tests * Refactor - new resource: aws_cloudfront_distribution * Includes a complete re-write of the old aws_cloudfront_web_distribution resource to bring it to feature parity with API and CloudFormation. * Also includes the aws_cloudfront_origin_access_identity resource to generate origin access identities for use with S3.
This commit is contained in:
parent
eed8733ee3
commit
a38ccbe074
|
@ -365,6 +365,11 @@
|
|||
"Comment": "v1.1.14",
|
||||
"Rev": "6876e9922ff299adf36e43e04c94820077968b3b"
|
||||
},
|
||||
{
|
||||
"ImportPath": "github.com/aws/aws-sdk-go/service/cloudfront",
|
||||
"Comment": "v1.1.14",
|
||||
"Rev": "6876e9922ff299adf36e43e04c94820077968b3b"
|
||||
},
|
||||
{
|
||||
"ImportPath": "github.com/aws/aws-sdk-go/service/cloudtrail",
|
||||
"Comment": "v1.1.14",
|
||||
|
|
|
@ -0,0 +1,942 @@
|
|||
// CloudFront DistributionConfig structure helpers.
|
||||
//
|
||||
// These functions assist in pulling in data from Terraform resource
|
||||
// configuration for the aws_cloudfront_distribution resource, as there are
|
||||
// several sub-fields that require their own data type, and do not necessarily
|
||||
// 1-1 translate to resource configuration.
|
||||
|
||||
package aws
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"reflect"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/service/cloudfront"
|
||||
"github.com/hashicorp/terraform/flatmap"
|
||||
"github.com/hashicorp/terraform/helper/hashcode"
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
)
|
||||
|
||||
// Assemble the *cloudfront.DistributionConfig variable. Calls out to various
|
||||
// expander functions to convert attributes and sub-attributes to the various
|
||||
// complex structures which are necessary to properly build the
|
||||
// DistributionConfig structure.
|
||||
//
|
||||
// Used by the aws_cloudfront_distribution Create and Update functions.
|
||||
func expandDistributionConfig(d *schema.ResourceData) *cloudfront.DistributionConfig {
|
||||
distributionConfig := &cloudfront.DistributionConfig{
|
||||
CacheBehaviors: expandCacheBehaviors(d.Get("cache_behavior").(*schema.Set)),
|
||||
CustomErrorResponses: expandCustomErrorResponses(d.Get("custom_error_response").(*schema.Set)),
|
||||
DefaultCacheBehavior: expandDefaultCacheBehavior(d.Get("default_cache_behavior").(*schema.Set).List()[0].(map[string]interface{})),
|
||||
Enabled: aws.Bool(d.Get("enabled").(bool)),
|
||||
Origins: expandOrigins(d.Get("origin").(*schema.Set)),
|
||||
PriceClass: aws.String(d.Get("price_class").(string)),
|
||||
}
|
||||
// This sets CallerReference if it's still pending computation (ie: new resource)
|
||||
if v, ok := d.GetOk("caller_reference"); ok == false {
|
||||
distributionConfig.CallerReference = aws.String(time.Now().Format(time.RFC3339Nano))
|
||||
} else {
|
||||
distributionConfig.CallerReference = aws.String(v.(string))
|
||||
}
|
||||
if v, ok := d.GetOk("comment"); ok {
|
||||
distributionConfig.Comment = aws.String(v.(string))
|
||||
} else {
|
||||
distributionConfig.Comment = aws.String("")
|
||||
}
|
||||
if v, ok := d.GetOk("default_root_object"); ok {
|
||||
distributionConfig.DefaultRootObject = aws.String(v.(string))
|
||||
} else {
|
||||
distributionConfig.DefaultRootObject = aws.String("")
|
||||
}
|
||||
if v, ok := d.GetOk("logging_config"); ok {
|
||||
distributionConfig.Logging = expandLoggingConfig(v.(*schema.Set).List()[0].(map[string]interface{}))
|
||||
} else {
|
||||
distributionConfig.Logging = expandLoggingConfig(nil)
|
||||
}
|
||||
if v, ok := d.GetOk("aliases"); ok {
|
||||
distributionConfig.Aliases = expandAliases(v.(*schema.Set))
|
||||
} else {
|
||||
distributionConfig.Aliases = expandAliases(schema.NewSet(aliasesHash, []interface{}{}))
|
||||
}
|
||||
if v, ok := d.GetOk("restrictions"); ok {
|
||||
distributionConfig.Restrictions = expandRestrictions(v.(*schema.Set).List()[0].(map[string]interface{}))
|
||||
}
|
||||
if v, ok := d.GetOk("viewer_certificate"); ok {
|
||||
distributionConfig.ViewerCertificate = expandViewerCertificate(v.(*schema.Set).List()[0].(map[string]interface{}))
|
||||
}
|
||||
if v, ok := d.GetOk("web_acl_id"); ok {
|
||||
distributionConfig.WebACLId = aws.String(v.(string))
|
||||
} else {
|
||||
distributionConfig.WebACLId = aws.String("")
|
||||
}
|
||||
return distributionConfig
|
||||
}
|
||||
|
||||
// Unpack the *cloudfront.DistributionConfig variable and set resource data.
|
||||
// Calls out to flatten functions to convert the DistributionConfig
|
||||
// sub-structures to their respective attributes in the
|
||||
// aws_cloudfront_distribution resource.
|
||||
//
|
||||
// Used by the aws_cloudfront_distribution Read function.
|
||||
func flattenDistributionConfig(d *schema.ResourceData, distributionConfig *cloudfront.DistributionConfig) {
|
||||
d.Set("origins", flattenOrigins(distributionConfig.Origins))
|
||||
d.Set("enabled", *distributionConfig.Enabled)
|
||||
d.Set("default_cache_behavior", flattenDefaultCacheBehavior(distributionConfig.DefaultCacheBehavior))
|
||||
d.Set("viewer_certificate", flattenViewerCertificate(distributionConfig.ViewerCertificate))
|
||||
d.Set("price_class", *distributionConfig.PriceClass)
|
||||
|
||||
if distributionConfig.CallerReference != nil {
|
||||
d.Set("caller_reference", *distributionConfig.CallerReference)
|
||||
}
|
||||
if distributionConfig.Comment != nil {
|
||||
if *distributionConfig.Comment != "" {
|
||||
d.Set("comment", *distributionConfig.Comment)
|
||||
}
|
||||
}
|
||||
if distributionConfig.DefaultRootObject != nil {
|
||||
d.Set("default_root_object", *distributionConfig.DefaultRootObject)
|
||||
}
|
||||
if distributionConfig.CustomErrorResponses != nil {
|
||||
d.Set("custom_error_response", flattenCustomErrorResponses(distributionConfig.CustomErrorResponses))
|
||||
}
|
||||
if distributionConfig.CacheBehaviors != nil {
|
||||
d.Set("cache_behavior", flattenCacheBehaviors(distributionConfig.CacheBehaviors))
|
||||
}
|
||||
if distributionConfig.Logging != nil && *distributionConfig.Logging.Enabled {
|
||||
d.Set("logging_config", flattenLoggingConfig(distributionConfig.Logging))
|
||||
}
|
||||
if distributionConfig.Aliases != nil {
|
||||
d.Set("aliases", flattenAliases(distributionConfig.Aliases))
|
||||
}
|
||||
if distributionConfig.Restrictions != nil {
|
||||
d.Set("restrictions", flattenRestrictions(distributionConfig.Restrictions))
|
||||
}
|
||||
if distributionConfig.WebACLId != nil {
|
||||
d.Set("web_acl_id", *distributionConfig.WebACLId)
|
||||
}
|
||||
}
|
||||
|
||||
func expandDefaultCacheBehavior(m map[string]interface{}) *cloudfront.DefaultCacheBehavior {
|
||||
cb := expandCacheBehavior(m)
|
||||
var dcb cloudfront.DefaultCacheBehavior
|
||||
|
||||
simpleCopyStruct(cb, &dcb)
|
||||
return &dcb
|
||||
}
|
||||
|
||||
func flattenDefaultCacheBehavior(dcb *cloudfront.DefaultCacheBehavior) *schema.Set {
|
||||
m := make(map[string]interface{})
|
||||
var cb cloudfront.CacheBehavior
|
||||
|
||||
simpleCopyStruct(dcb, &cb)
|
||||
m = flattenCacheBehavior(&cb)
|
||||
return schema.NewSet(defaultCacheBehaviorHash, []interface{}{m})
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution default_cache_behavior
|
||||
// TypeSet attribute.
|
||||
func defaultCacheBehaviorHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
buf.WriteString(fmt.Sprintf("%t-", m["compress"].(bool)))
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["viewer_protocol_policy"].(string)))
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["target_origin_id"].(string)))
|
||||
buf.WriteString(fmt.Sprintf("%d-", forwardedValuesHash(m["forwarded_values"].(*schema.Set).List()[0].(map[string]interface{}))))
|
||||
buf.WriteString(fmt.Sprintf("%d-", m["min_ttl"].(int)))
|
||||
if d, ok := m["trusted_signers"]; ok {
|
||||
for _, e := range sortInterfaceSlice(d.([]interface{})) {
|
||||
buf.WriteString(fmt.Sprintf("%s-", e.(string)))
|
||||
}
|
||||
}
|
||||
if d, ok := m["max_ttl"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%d-", d.(int)))
|
||||
}
|
||||
if d, ok := m["smooth_streaming"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%t-", d.(bool)))
|
||||
}
|
||||
if d, ok := m["default_ttl"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%d-", d.(int)))
|
||||
}
|
||||
if d, ok := m["allowed_methods"]; ok {
|
||||
for _, e := range sortInterfaceSlice(d.([]interface{})) {
|
||||
buf.WriteString(fmt.Sprintf("%s-", e.(string)))
|
||||
}
|
||||
}
|
||||
if d, ok := m["cached_methods"]; ok {
|
||||
for _, e := range sortInterfaceSlice(d.([]interface{})) {
|
||||
buf.WriteString(fmt.Sprintf("%s-", e.(string)))
|
||||
}
|
||||
}
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
func expandCacheBehaviors(s *schema.Set) *cloudfront.CacheBehaviors {
|
||||
var qty int64
|
||||
var items []*cloudfront.CacheBehavior
|
||||
for _, v := range s.List() {
|
||||
items = append(items, expandCacheBehavior(v.(map[string]interface{})))
|
||||
qty++
|
||||
}
|
||||
return &cloudfront.CacheBehaviors{
|
||||
Quantity: aws.Int64(qty),
|
||||
Items: items,
|
||||
}
|
||||
}
|
||||
|
||||
func flattenCacheBehaviors(cbs *cloudfront.CacheBehaviors) *schema.Set {
|
||||
s := []interface{}{}
|
||||
for _, v := range cbs.Items {
|
||||
s = append(s, flattenCacheBehavior(v))
|
||||
}
|
||||
return schema.NewSet(cacheBehaviorHash, s)
|
||||
}
|
||||
|
||||
func expandCacheBehavior(m map[string]interface{}) *cloudfront.CacheBehavior {
|
||||
cb := &cloudfront.CacheBehavior{
|
||||
Compress: aws.Bool(m["compress"].(bool)),
|
||||
ViewerProtocolPolicy: aws.String(m["viewer_protocol_policy"].(string)),
|
||||
TargetOriginId: aws.String(m["target_origin_id"].(string)),
|
||||
ForwardedValues: expandForwardedValues(m["forwarded_values"].(*schema.Set).List()[0].(map[string]interface{})),
|
||||
MinTTL: aws.Int64(int64(m["min_ttl"].(int))),
|
||||
MaxTTL: aws.Int64(int64(m["max_ttl"].(int))),
|
||||
DefaultTTL: aws.Int64(int64(m["default_ttl"].(int))),
|
||||
}
|
||||
if v, ok := m["trusted_signers"]; ok {
|
||||
cb.TrustedSigners = expandTrustedSigners(v.([]interface{}))
|
||||
} else {
|
||||
cb.TrustedSigners = expandTrustedSigners([]interface{}{})
|
||||
}
|
||||
if v, ok := m["smooth_streaming"]; ok {
|
||||
cb.SmoothStreaming = aws.Bool(v.(bool))
|
||||
}
|
||||
if v, ok := m["allowed_methods"]; ok {
|
||||
cb.AllowedMethods = expandAllowedMethods(v.([]interface{}))
|
||||
}
|
||||
if v, ok := m["cached_methods"]; ok {
|
||||
cb.AllowedMethods.CachedMethods = expandCachedMethods(v.([]interface{}))
|
||||
}
|
||||
if v, ok := m["path_pattern"]; ok {
|
||||
cb.PathPattern = aws.String(v.(string))
|
||||
}
|
||||
return cb
|
||||
}
|
||||
|
||||
func flattenCacheBehavior(cb *cloudfront.CacheBehavior) map[string]interface{} {
|
||||
m := make(map[string]interface{})
|
||||
|
||||
m["compress"] = *cb.Compress
|
||||
m["viewer_protocol_policy"] = *cb.ViewerProtocolPolicy
|
||||
m["target_origin_id"] = *cb.TargetOriginId
|
||||
m["forwarded_values"] = schema.NewSet(forwardedValuesHash, []interface{}{flattenForwardedValues(cb.ForwardedValues)})
|
||||
m["min_ttl"] = int(*cb.MinTTL)
|
||||
|
||||
if len(cb.TrustedSigners.Items) > 0 {
|
||||
m["trusted_signers"] = flattenTrustedSigners(cb.TrustedSigners)
|
||||
}
|
||||
if cb.MaxTTL != nil {
|
||||
m["max_ttl"] = int(*cb.MaxTTL)
|
||||
}
|
||||
if cb.SmoothStreaming != nil {
|
||||
m["smooth_streaming"] = *cb.SmoothStreaming
|
||||
}
|
||||
if cb.DefaultTTL != nil {
|
||||
m["default_ttl"] = int(*cb.DefaultTTL)
|
||||
}
|
||||
if cb.AllowedMethods != nil {
|
||||
m["allowed_methods"] = flattenAllowedMethods(cb.AllowedMethods)
|
||||
}
|
||||
if cb.AllowedMethods.CachedMethods != nil {
|
||||
m["cached_methods"] = flattenCachedMethods(cb.AllowedMethods.CachedMethods)
|
||||
}
|
||||
if cb.PathPattern != nil {
|
||||
m["path_pattern"] = *cb.PathPattern
|
||||
}
|
||||
return m
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution cache_behavior
|
||||
// TypeSet attribute.
|
||||
func cacheBehaviorHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
buf.WriteString(fmt.Sprintf("%t-", m["compress"].(bool)))
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["viewer_protocol_policy"].(string)))
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["target_origin_id"].(string)))
|
||||
buf.WriteString(fmt.Sprintf("%d-", forwardedValuesHash(m["forwarded_values"].(*schema.Set).List()[0].(map[string]interface{}))))
|
||||
buf.WriteString(fmt.Sprintf("%d-", m["min_ttl"].(int)))
|
||||
if d, ok := m["trusted_signers"]; ok {
|
||||
for _, e := range sortInterfaceSlice(d.([]interface{})) {
|
||||
buf.WriteString(fmt.Sprintf("%s-", e.(string)))
|
||||
}
|
||||
}
|
||||
if d, ok := m["max_ttl"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%d-", d.(int)))
|
||||
}
|
||||
if d, ok := m["smooth_streaming"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%t-", d.(bool)))
|
||||
}
|
||||
if d, ok := m["default_ttl"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%d-", d.(int)))
|
||||
}
|
||||
if d, ok := m["allowed_methods"]; ok {
|
||||
for _, e := range sortInterfaceSlice(d.([]interface{})) {
|
||||
buf.WriteString(fmt.Sprintf("%s-", e.(string)))
|
||||
}
|
||||
}
|
||||
if d, ok := m["cached_methods"]; ok {
|
||||
for _, e := range sortInterfaceSlice(d.([]interface{})) {
|
||||
buf.WriteString(fmt.Sprintf("%s-", e.(string)))
|
||||
}
|
||||
}
|
||||
if d, ok := m["path_pattern"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%s-", d))
|
||||
}
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
func expandTrustedSigners(s []interface{}) *cloudfront.TrustedSigners {
|
||||
var ts cloudfront.TrustedSigners
|
||||
if len(s) > 0 {
|
||||
ts.Quantity = aws.Int64(int64(len(s)))
|
||||
ts.Items = expandStringList(s)
|
||||
ts.Enabled = aws.Bool(true)
|
||||
} else {
|
||||
ts.Quantity = aws.Int64(0)
|
||||
ts.Enabled = aws.Bool(false)
|
||||
}
|
||||
return &ts
|
||||
}
|
||||
|
||||
func flattenTrustedSigners(ts *cloudfront.TrustedSigners) []interface{} {
|
||||
if ts.Items != nil {
|
||||
return flattenStringList(ts.Items)
|
||||
}
|
||||
return []interface{}{}
|
||||
}
|
||||
|
||||
func expandForwardedValues(m map[string]interface{}) *cloudfront.ForwardedValues {
|
||||
fv := &cloudfront.ForwardedValues{
|
||||
QueryString: aws.Bool(m["query_string"].(bool)),
|
||||
}
|
||||
if v, ok := m["cookies"]; ok {
|
||||
fv.Cookies = expandCookiePreference(v.(*schema.Set).List()[0].(map[string]interface{}))
|
||||
}
|
||||
if v, ok := m["headers"]; ok {
|
||||
fv.Headers = expandHeaders(v.([]interface{}))
|
||||
}
|
||||
return fv
|
||||
}
|
||||
|
||||
func flattenForwardedValues(fv *cloudfront.ForwardedValues) map[string]interface{} {
|
||||
m := make(map[string]interface{})
|
||||
m["query_string"] = *fv.QueryString
|
||||
if fv.Cookies != nil {
|
||||
m["cookies"] = schema.NewSet(cookiePreferenceHash, []interface{}{flattenCookiePreference(fv.Cookies)})
|
||||
}
|
||||
if fv.Headers != nil {
|
||||
m["headers"] = flattenHeaders(fv.Headers)
|
||||
}
|
||||
return m
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution forwarded_values
|
||||
// TypeSet attribute.
|
||||
func forwardedValuesHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
buf.WriteString(fmt.Sprintf("%t-", m["query_string"].(bool)))
|
||||
if d, ok := m["cookies"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%d-", cookiePreferenceHash(d.(*schema.Set).List()[0].(map[string]interface{}))))
|
||||
}
|
||||
if d, ok := m["headers"]; ok {
|
||||
for _, e := range sortInterfaceSlice(d.([]interface{})) {
|
||||
buf.WriteString(fmt.Sprintf("%s-", e.(string)))
|
||||
}
|
||||
}
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
func expandHeaders(d []interface{}) *cloudfront.Headers {
|
||||
return &cloudfront.Headers{
|
||||
Quantity: aws.Int64(int64(len(d))),
|
||||
Items: expandStringList(d),
|
||||
}
|
||||
}
|
||||
|
||||
func flattenHeaders(h *cloudfront.Headers) []interface{} {
|
||||
if h.Items != nil {
|
||||
return flattenStringList(h.Items)
|
||||
}
|
||||
return []interface{}{}
|
||||
}
|
||||
|
||||
func expandCookiePreference(m map[string]interface{}) *cloudfront.CookiePreference {
|
||||
cp := &cloudfront.CookiePreference{
|
||||
Forward: aws.String(m["forward"].(string)),
|
||||
}
|
||||
if v, ok := m["whitelisted_names"]; ok {
|
||||
cp.WhitelistedNames = expandCookieNames(v.([]interface{}))
|
||||
}
|
||||
return cp
|
||||
}
|
||||
|
||||
func flattenCookiePreference(cp *cloudfront.CookiePreference) map[string]interface{} {
|
||||
m := make(map[string]interface{})
|
||||
m["forward"] = *cp.Forward
|
||||
if cp.WhitelistedNames != nil {
|
||||
m["whitelisted_names"] = flattenCookieNames(cp.WhitelistedNames)
|
||||
}
|
||||
return m
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution cookies
|
||||
// TypeSet attribute.
|
||||
func cookiePreferenceHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["forward"].(string)))
|
||||
if d, ok := m["whitelisted_names"]; ok {
|
||||
for _, e := range sortInterfaceSlice(d.([]interface{})) {
|
||||
buf.WriteString(fmt.Sprintf("%s-", e.(string)))
|
||||
}
|
||||
}
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
func expandCookieNames(d []interface{}) *cloudfront.CookieNames {
|
||||
return &cloudfront.CookieNames{
|
||||
Quantity: aws.Int64(int64(len(d))),
|
||||
Items: expandStringList(d),
|
||||
}
|
||||
}
|
||||
|
||||
func flattenCookieNames(cn *cloudfront.CookieNames) []interface{} {
|
||||
if cn.Items != nil {
|
||||
return flattenStringList(cn.Items)
|
||||
}
|
||||
return []interface{}{}
|
||||
}
|
||||
|
||||
func expandAllowedMethods(s []interface{}) *cloudfront.AllowedMethods {
|
||||
return &cloudfront.AllowedMethods{
|
||||
Quantity: aws.Int64(int64(len(s))),
|
||||
Items: expandStringList(s),
|
||||
}
|
||||
}
|
||||
|
||||
func flattenAllowedMethods(am *cloudfront.AllowedMethods) []interface{} {
|
||||
if am.Items != nil {
|
||||
return flattenStringList(am.Items)
|
||||
}
|
||||
return []interface{}{}
|
||||
}
|
||||
|
||||
func expandCachedMethods(s []interface{}) *cloudfront.CachedMethods {
|
||||
return &cloudfront.CachedMethods{
|
||||
Quantity: aws.Int64(int64(len(s))),
|
||||
Items: expandStringList(s),
|
||||
}
|
||||
}
|
||||
|
||||
func flattenCachedMethods(cm *cloudfront.CachedMethods) []interface{} {
|
||||
if cm.Items != nil {
|
||||
return flattenStringList(cm.Items)
|
||||
}
|
||||
return []interface{}{}
|
||||
}
|
||||
|
||||
func expandOrigins(s *schema.Set) *cloudfront.Origins {
|
||||
qty := 0
|
||||
items := []*cloudfront.Origin{}
|
||||
for _, v := range s.List() {
|
||||
items = append(items, expandOrigin(v.(map[string]interface{})))
|
||||
qty++
|
||||
}
|
||||
return &cloudfront.Origins{
|
||||
Quantity: aws.Int64(int64(qty)),
|
||||
Items: items,
|
||||
}
|
||||
}
|
||||
|
||||
func flattenOrigins(ors *cloudfront.Origins) *schema.Set {
|
||||
s := []interface{}{}
|
||||
for _, v := range ors.Items {
|
||||
s = append(s, flattenOrigin(v))
|
||||
}
|
||||
return schema.NewSet(originHash, s)
|
||||
}
|
||||
|
||||
func expandOrigin(m map[string]interface{}) *cloudfront.Origin {
|
||||
origin := &cloudfront.Origin{
|
||||
Id: aws.String(m["origin_id"].(string)),
|
||||
DomainName: aws.String(m["domain_name"].(string)),
|
||||
}
|
||||
if v, ok := m["custom_header"]; ok {
|
||||
origin.CustomHeaders = expandCustomHeaders(v.(*schema.Set))
|
||||
}
|
||||
if v, ok := m["custom_origin_config"]; ok {
|
||||
if s := v.(*schema.Set).List(); len(s) > 0 {
|
||||
origin.CustomOriginConfig = expandCustomOriginConfig(s[0].(map[string]interface{}))
|
||||
}
|
||||
}
|
||||
if v, ok := m["origin_path"]; ok {
|
||||
origin.OriginPath = aws.String(v.(string))
|
||||
}
|
||||
if v, ok := m["s3_origin_config"]; ok {
|
||||
if s := v.(*schema.Set).List(); len(s) > 0 {
|
||||
origin.S3OriginConfig = expandS3OriginConfig(s[0].(map[string]interface{}))
|
||||
}
|
||||
}
|
||||
return origin
|
||||
}
|
||||
|
||||
func flattenOrigin(or *cloudfront.Origin) map[string]interface{} {
|
||||
m := make(map[string]interface{})
|
||||
m["origin_id"] = *or.Id
|
||||
m["domain_name"] = *or.DomainName
|
||||
if or.CustomHeaders != nil {
|
||||
m["custom_header"] = flattenCustomHeaders(or.CustomHeaders)
|
||||
}
|
||||
if or.CustomOriginConfig != nil {
|
||||
m["custom_origin_config"] = schema.NewSet(customOriginConfigHash, []interface{}{flattenCustomOriginConfig(or.CustomOriginConfig)})
|
||||
}
|
||||
if or.OriginPath != nil {
|
||||
m["origin_path"] = *or.OriginPath
|
||||
}
|
||||
if or.S3OriginConfig != nil {
|
||||
m["s3_origin_config"] = schema.NewSet(s3OriginConfigHash, []interface{}{flattenS3OriginConfig(or.S3OriginConfig)})
|
||||
}
|
||||
return m
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution origin
|
||||
// TypeSet attribute.
|
||||
func originHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["origin_id"].(string)))
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["domain_name"].(string)))
|
||||
if v, ok := m["custom_header"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%d-", customHeadersHash(v.(*schema.Set))))
|
||||
}
|
||||
if v, ok := m["custom_origin_config"]; ok {
|
||||
if s := v.(*schema.Set).List(); len(s) > 0 {
|
||||
buf.WriteString(fmt.Sprintf("%d-", customOriginConfigHash((s[0].(map[string]interface{})))))
|
||||
}
|
||||
}
|
||||
if v, ok := m["origin_path"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%s-", v.(string)))
|
||||
}
|
||||
if v, ok := m["s3_origin_config"]; ok {
|
||||
if s := v.(*schema.Set).List(); len(s) > 0 {
|
||||
buf.WriteString(fmt.Sprintf("%d-", s3OriginConfigHash((s[0].(map[string]interface{})))))
|
||||
}
|
||||
}
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
func expandCustomHeaders(s *schema.Set) *cloudfront.CustomHeaders {
|
||||
qty := 0
|
||||
items := []*cloudfront.OriginCustomHeader{}
|
||||
for _, v := range s.List() {
|
||||
items = append(items, expandOriginCustomHeader(v.(map[string]interface{})))
|
||||
qty++
|
||||
}
|
||||
return &cloudfront.CustomHeaders{
|
||||
Quantity: aws.Int64(int64(qty)),
|
||||
Items: items,
|
||||
}
|
||||
}
|
||||
|
||||
func flattenCustomHeaders(chs *cloudfront.CustomHeaders) *schema.Set {
|
||||
s := []interface{}{}
|
||||
for _, v := range chs.Items {
|
||||
s = append(s, flattenOriginCustomHeader(v))
|
||||
}
|
||||
return schema.NewSet(originCustomHeaderHash, s)
|
||||
}
|
||||
|
||||
func expandOriginCustomHeader(m map[string]interface{}) *cloudfront.OriginCustomHeader {
|
||||
return &cloudfront.OriginCustomHeader{
|
||||
HeaderName: aws.String(m["name"].(string)),
|
||||
HeaderValue: aws.String(m["value"].(string)),
|
||||
}
|
||||
}
|
||||
|
||||
func flattenOriginCustomHeader(och *cloudfront.OriginCustomHeader) map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"name": *och.HeaderName,
|
||||
"value": *och.HeaderValue,
|
||||
}
|
||||
}
|
||||
|
||||
// Helper function used by originHash to get a composite hash for all
|
||||
// aws_cloudfront_distribution custom_header attributes.
|
||||
func customHeadersHash(s *schema.Set) int {
|
||||
var buf bytes.Buffer
|
||||
for _, v := range s.List() {
|
||||
buf.WriteString(fmt.Sprintf("%d-", originCustomHeaderHash(v)))
|
||||
}
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution custom_header
|
||||
// TypeSet attribute.
|
||||
func originCustomHeaderHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["name"].(string)))
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["value"].(string)))
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
func expandCustomOriginConfig(m map[string]interface{}) *cloudfront.CustomOriginConfig {
|
||||
return &cloudfront.CustomOriginConfig{
|
||||
OriginProtocolPolicy: aws.String(m["origin_protocol_policy"].(string)),
|
||||
HTTPPort: aws.Int64(int64(m["http_port"].(int))),
|
||||
HTTPSPort: aws.Int64(int64(m["https_port"].(int))),
|
||||
OriginSslProtocols: expandCustomOriginConfigSSL(m["origin_ssl_protocols"].([]interface{})),
|
||||
}
|
||||
}
|
||||
|
||||
func flattenCustomOriginConfig(cor *cloudfront.CustomOriginConfig) map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"origin_protocol_policy": *cor.OriginProtocolPolicy,
|
||||
"http_port": int(*cor.HTTPPort),
|
||||
"https_port": int(*cor.HTTPSPort),
|
||||
"origin_ssl_protocols": flattenCustomOriginConfigSSL(cor.OriginSslProtocols),
|
||||
}
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution custom_origin_config
|
||||
// TypeSet attribute.
|
||||
func customOriginConfigHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["origin_protocol_policy"].(string)))
|
||||
buf.WriteString(fmt.Sprintf("%d-", m["http_port"].(int)))
|
||||
buf.WriteString(fmt.Sprintf("%d-", m["https_port"].(int)))
|
||||
for _, v := range sortInterfaceSlice(m["origin_ssl_protocols"].([]interface{})) {
|
||||
buf.WriteString(fmt.Sprintf("%s-", v.(string)))
|
||||
}
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
func expandCustomOriginConfigSSL(s []interface{}) *cloudfront.OriginSslProtocols {
|
||||
items := expandStringList(s)
|
||||
return &cloudfront.OriginSslProtocols{
|
||||
Quantity: aws.Int64(int64(len(items))),
|
||||
Items: items,
|
||||
}
|
||||
}
|
||||
|
||||
func flattenCustomOriginConfigSSL(osp *cloudfront.OriginSslProtocols) []interface{} {
|
||||
return flattenStringList(osp.Items)
|
||||
}
|
||||
|
||||
func expandS3OriginConfig(m map[string]interface{}) *cloudfront.S3OriginConfig {
|
||||
return &cloudfront.S3OriginConfig{
|
||||
OriginAccessIdentity: aws.String(m["origin_access_identity"].(string)),
|
||||
}
|
||||
}
|
||||
|
||||
func flattenS3OriginConfig(s3o *cloudfront.S3OriginConfig) map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"origin_access_identity": *s3o.OriginAccessIdentity,
|
||||
}
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution s3_origin_config
|
||||
// TypeSet attribute.
|
||||
func s3OriginConfigHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["origin_access_identity"].(string)))
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
func expandCustomErrorResponses(s *schema.Set) *cloudfront.CustomErrorResponses {
|
||||
qty := 0
|
||||
items := []*cloudfront.CustomErrorResponse{}
|
||||
for _, v := range s.List() {
|
||||
items = append(items, expandCustomErrorResponse(v.(map[string]interface{})))
|
||||
qty++
|
||||
}
|
||||
return &cloudfront.CustomErrorResponses{
|
||||
Quantity: aws.Int64(int64(qty)),
|
||||
Items: items,
|
||||
}
|
||||
}
|
||||
|
||||
func flattenCustomErrorResponses(ers *cloudfront.CustomErrorResponses) *schema.Set {
|
||||
s := []interface{}{}
|
||||
for _, v := range ers.Items {
|
||||
s = append(s, flattenCustomErrorResponse(v))
|
||||
}
|
||||
return schema.NewSet(customErrorResponseHash, s)
|
||||
}
|
||||
|
||||
func expandCustomErrorResponse(m map[string]interface{}) *cloudfront.CustomErrorResponse {
|
||||
er := cloudfront.CustomErrorResponse{
|
||||
ErrorCode: aws.Int64(int64(m["error_code"].(int))),
|
||||
}
|
||||
if v, ok := m["error_caching_min_ttl"]; ok {
|
||||
er.ErrorCachingMinTTL = aws.Int64(int64(v.(int)))
|
||||
}
|
||||
if v, ok := m["response_code"]; ok {
|
||||
er.ResponseCode = aws.String(strconv.Itoa(v.(int)))
|
||||
}
|
||||
if v, ok := m["response_page_path"]; ok {
|
||||
er.ResponsePagePath = aws.String(v.(string))
|
||||
}
|
||||
return &er
|
||||
}
|
||||
|
||||
func flattenCustomErrorResponse(er *cloudfront.CustomErrorResponse) map[string]interface{} {
|
||||
m := make(map[string]interface{})
|
||||
m["error_code"] = int(*er.ErrorCode)
|
||||
if er.ErrorCachingMinTTL != nil {
|
||||
m["error_caching_min_ttl"] = int(*er.ErrorCachingMinTTL)
|
||||
}
|
||||
if er.ResponseCode != nil {
|
||||
m["response_code"], _ = strconv.Atoi(*er.ResponseCode)
|
||||
}
|
||||
if er.ResponsePagePath != nil {
|
||||
m["response_page_path"] = *er.ResponsePagePath
|
||||
}
|
||||
return m
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution custom_error_response
|
||||
// TypeSet attribute.
|
||||
func customErrorResponseHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
buf.WriteString(fmt.Sprintf("%d-", m["error_code"].(int)))
|
||||
if v, ok := m["error_caching_min_ttl"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%d-", v.(int)))
|
||||
}
|
||||
if v, ok := m["response_code"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%d-", v.(int)))
|
||||
}
|
||||
if v, ok := m["response_page_path"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%s-", v.(string)))
|
||||
}
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
func expandLoggingConfig(m map[string]interface{}) *cloudfront.LoggingConfig {
|
||||
var lc cloudfront.LoggingConfig
|
||||
if m != nil {
|
||||
lc.Prefix = aws.String(m["prefix"].(string))
|
||||
lc.Bucket = aws.String(m["bucket"].(string))
|
||||
lc.IncludeCookies = aws.Bool(m["include_cookies"].(bool))
|
||||
lc.Enabled = aws.Bool(true)
|
||||
} else {
|
||||
lc.Prefix = aws.String("")
|
||||
lc.Bucket = aws.String("")
|
||||
lc.IncludeCookies = aws.Bool(false)
|
||||
lc.Enabled = aws.Bool(false)
|
||||
}
|
||||
return &lc
|
||||
}
|
||||
|
||||
func flattenLoggingConfig(lc *cloudfront.LoggingConfig) *schema.Set {
|
||||
m := make(map[string]interface{})
|
||||
m["prefix"] = *lc.Prefix
|
||||
m["bucket"] = *lc.Bucket
|
||||
m["include_cookies"] = *lc.IncludeCookies
|
||||
return schema.NewSet(loggingConfigHash, []interface{}{m})
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution logging_config
|
||||
// TypeSet attribute.
|
||||
func loggingConfigHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["prefix"].(string)))
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["bucket"].(string)))
|
||||
buf.WriteString(fmt.Sprintf("%t-", m["include_cookies"].(bool)))
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
func expandAliases(as *schema.Set) *cloudfront.Aliases {
|
||||
s := as.List()
|
||||
var aliases cloudfront.Aliases
|
||||
if len(s) > 0 {
|
||||
aliases.Quantity = aws.Int64(int64(len(s)))
|
||||
aliases.Items = expandStringList(s)
|
||||
} else {
|
||||
aliases.Quantity = aws.Int64(0)
|
||||
}
|
||||
return &aliases
|
||||
}
|
||||
|
||||
func flattenAliases(aliases *cloudfront.Aliases) *schema.Set {
|
||||
if aliases.Items != nil {
|
||||
return schema.NewSet(aliasesHash, flattenStringList(aliases.Items))
|
||||
}
|
||||
return schema.NewSet(aliasesHash, []interface{}{})
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution aliases
|
||||
// TypeSet attribute.
|
||||
func aliasesHash(v interface{}) int {
|
||||
return hashcode.String(v.(string))
|
||||
}
|
||||
|
||||
func expandRestrictions(m map[string]interface{}) *cloudfront.Restrictions {
|
||||
return &cloudfront.Restrictions{
|
||||
GeoRestriction: expandGeoRestriction(m["geo_restriction"].(*schema.Set).List()[0].(map[string]interface{})),
|
||||
}
|
||||
}
|
||||
|
||||
func flattenRestrictions(r *cloudfront.Restrictions) *schema.Set {
|
||||
m := make(map[string]interface{})
|
||||
s := schema.NewSet(geoRestrictionHash, []interface{}{flattenGeoRestriction(r.GeoRestriction)})
|
||||
m["geo_restriction"] = s
|
||||
return schema.NewSet(restrictionsHash, []interface{}{m})
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution restrictions
|
||||
// TypeSet attribute.
|
||||
func restrictionsHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
buf.WriteString(fmt.Sprintf("%d-", geoRestrictionHash(m["geo_restriction"].(*schema.Set).List()[0].(map[string]interface{}))))
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
func expandGeoRestriction(m map[string]interface{}) *cloudfront.GeoRestriction {
|
||||
gr := cloudfront.GeoRestriction{
|
||||
RestrictionType: aws.String(m["restriction_type"].(string)),
|
||||
}
|
||||
if v, ok := m["locations"]; ok {
|
||||
gr.Quantity = aws.Int64(int64(len(v.([]interface{}))))
|
||||
gr.Items = expandStringList(v.([]interface{}))
|
||||
} else {
|
||||
gr.Quantity = aws.Int64(0)
|
||||
}
|
||||
return &gr
|
||||
}
|
||||
|
||||
func flattenGeoRestriction(gr *cloudfront.GeoRestriction) map[string]interface{} {
|
||||
m := make(map[string]interface{})
|
||||
|
||||
m["restriction_type"] = *gr.RestrictionType
|
||||
if gr.Items != nil {
|
||||
m["locations"] = flattenStringList(gr.Items)
|
||||
}
|
||||
return m
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution geo_restriction
|
||||
// TypeSet attribute.
|
||||
func geoRestrictionHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
// All keys added in alphabetical order.
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["restriction_type"].(string)))
|
||||
if v, ok := m["locations"]; ok {
|
||||
for _, w := range sortInterfaceSlice(v.([]interface{})) {
|
||||
buf.WriteString(fmt.Sprintf("%s-", w.(string)))
|
||||
}
|
||||
}
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
func expandViewerCertificate(m map[string]interface{}) *cloudfront.ViewerCertificate {
|
||||
var vc cloudfront.ViewerCertificate
|
||||
if v, ok := m["iam_certificate_id"]; ok && v != "" {
|
||||
vc.IAMCertificateId = aws.String(v.(string))
|
||||
vc.SSLSupportMethod = aws.String(m["ssl_support_method"].(string))
|
||||
} else if v, ok := m["acm_certificate_arn"]; ok && v != "" {
|
||||
vc.ACMCertificateArn = aws.String(v.(string))
|
||||
vc.SSLSupportMethod = aws.String(m["ssl_support_method"].(string))
|
||||
} else {
|
||||
vc.CloudFrontDefaultCertificate = aws.Bool(m["cloudfront_default_certificate"].(bool))
|
||||
}
|
||||
if v, ok := m["minimum_protocol_version"]; ok && v != "" {
|
||||
vc.MinimumProtocolVersion = aws.String(v.(string))
|
||||
}
|
||||
return &vc
|
||||
}
|
||||
|
||||
func flattenViewerCertificate(vc *cloudfront.ViewerCertificate) *schema.Set {
|
||||
m := make(map[string]interface{})
|
||||
|
||||
if vc.IAMCertificateId != nil {
|
||||
m["iam_certificate_id"] = *vc.IAMCertificateId
|
||||
m["ssl_support_method"] = *vc.SSLSupportMethod
|
||||
} else if vc.ACMCertificateArn != nil {
|
||||
m["acm_certificate_arn"] = *vc.ACMCertificateArn
|
||||
m["ssl_support_method"] = *vc.SSLSupportMethod
|
||||
} else {
|
||||
m["cloudfront_default_certificate"] = *vc.CloudFrontDefaultCertificate
|
||||
}
|
||||
if vc.MinimumProtocolVersion != nil {
|
||||
m["minimum_protocol_version"] = *vc.MinimumProtocolVersion
|
||||
}
|
||||
return schema.NewSet(viewerCertificateHash, []interface{}{m})
|
||||
}
|
||||
|
||||
// Assemble the hash for the aws_cloudfront_distribution viewer_certificate
|
||||
// TypeSet attribute.
|
||||
func viewerCertificateHash(v interface{}) int {
|
||||
var buf bytes.Buffer
|
||||
m := v.(map[string]interface{})
|
||||
if v, ok := m["iam_certificate_id"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%s-", v.(string)))
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["ssl_support_method"].(string)))
|
||||
} else if v, ok := m["acm_certificate_arn"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%s-", v.(string)))
|
||||
buf.WriteString(fmt.Sprintf("%s-", m["ssl_support_method"].(string)))
|
||||
} else {
|
||||
buf.WriteString(fmt.Sprintf("%t-", m["cloudfront_default_certificate"].(bool)))
|
||||
}
|
||||
if v, ok := m["minimum_protocol_version"]; ok {
|
||||
buf.WriteString(fmt.Sprintf("%s-", v.(string)))
|
||||
}
|
||||
return hashcode.String(buf.String())
|
||||
}
|
||||
|
||||
// Do a top-level copy of struct fields from one struct to another. Used to
|
||||
// copy fields between CacheBehavior and DefaultCacheBehavior structs.
|
||||
func simpleCopyStruct(src, dst interface{}) {
|
||||
s := reflect.ValueOf(src).Elem()
|
||||
d := reflect.ValueOf(dst).Elem()
|
||||
|
||||
for i := 0; i < s.NumField(); i++ {
|
||||
if s.Field(i).CanSet() == true {
|
||||
if s.Field(i).Interface() != nil {
|
||||
for j := 0; j < d.NumField(); j++ {
|
||||
if d.Type().Field(j).Name == s.Type().Field(i).Name {
|
||||
d.Field(j).Set(s.Field(i))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Convert *cloudfront.ActiveTrustedSigners to a flatmap.Map type, which ensures
|
||||
// it can probably be inserted into the schema.TypeMap type used by the
|
||||
// active_trusted_signers attribute.
|
||||
func flattenActiveTrustedSigners(ats *cloudfront.ActiveTrustedSigners) flatmap.Map {
|
||||
m := make(map[string]interface{})
|
||||
s := []interface{}{}
|
||||
m["enabled"] = *ats.Enabled
|
||||
|
||||
for _, v := range ats.Items {
|
||||
signer := make(map[string]interface{})
|
||||
signer["aws_account_number"] = *v.AwsAccountNumber
|
||||
signer["key_pair_ids"] = aws.StringValueSlice(v.KeyPairIds.Items)
|
||||
s = append(s, signer)
|
||||
}
|
||||
m["items"] = s
|
||||
return flatmap.Flatten(m)
|
||||
}
|
|
@ -0,0 +1,989 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
)
|
||||
|
||||
func defaultCacheBehaviorConf() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"viewer_protocol_policy": "allow-all",
|
||||
"target_origin_id": "myS3Origin",
|
||||
"forwarded_values": schema.NewSet(forwardedValuesHash, []interface{}{forwardedValuesConf()}),
|
||||
"min_ttl": 86400,
|
||||
"trusted_signers": trustedSignersConf(),
|
||||
"max_ttl": 365000000,
|
||||
"smooth_streaming": false,
|
||||
"default_ttl": 86400,
|
||||
"allowed_methods": allowedMethodsConf(),
|
||||
"cached_methods": cachedMethodsConf(),
|
||||
"compress": true,
|
||||
}
|
||||
}
|
||||
|
||||
func cacheBehaviorConf1() map[string]interface{} {
|
||||
cb := defaultCacheBehaviorConf()
|
||||
cb["path_pattern"] = "/path1"
|
||||
return cb
|
||||
}
|
||||
|
||||
func cacheBehaviorConf2() map[string]interface{} {
|
||||
cb := defaultCacheBehaviorConf()
|
||||
cb["path_pattern"] = "/path2"
|
||||
return cb
|
||||
}
|
||||
|
||||
func cacheBehaviorsConf() *schema.Set {
|
||||
return schema.NewSet(cacheBehaviorHash, []interface{}{cacheBehaviorConf1(), cacheBehaviorConf2()})
|
||||
}
|
||||
|
||||
func trustedSignersConf() []interface{} {
|
||||
return []interface{}{"1234567890EX", "1234567891EX"}
|
||||
}
|
||||
|
||||
func forwardedValuesConf() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"query_string": true,
|
||||
"cookies": schema.NewSet(cookiePreferenceHash, []interface{}{cookiePreferenceConf()}),
|
||||
"headers": headersConf(),
|
||||
}
|
||||
}
|
||||
|
||||
func headersConf() []interface{} {
|
||||
return []interface{}{"X-Example1", "X-Example2"}
|
||||
}
|
||||
|
||||
func cookiePreferenceConf() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"forward": "whitelist",
|
||||
"whitelisted_names": cookieNamesConf(),
|
||||
}
|
||||
}
|
||||
|
||||
func cookieNamesConf() []interface{} {
|
||||
return []interface{}{"Example1", "Example2"}
|
||||
}
|
||||
|
||||
func allowedMethodsConf() []interface{} {
|
||||
return []interface{}{"DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"}
|
||||
}
|
||||
|
||||
func cachedMethodsConf() []interface{} {
|
||||
return []interface{}{"GET", "HEAD", "OPTIONS"}
|
||||
}
|
||||
|
||||
func originCustomHeadersConf() *schema.Set {
|
||||
return schema.NewSet(originCustomHeaderHash, []interface{}{originCustomHeaderConf1(), originCustomHeaderConf2()})
|
||||
}
|
||||
|
||||
func originCustomHeaderConf1() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"name": "X-Custom-Header1",
|
||||
"value": "samplevalue",
|
||||
}
|
||||
}
|
||||
|
||||
func originCustomHeaderConf2() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"name": "X-Custom-Header2",
|
||||
"value": "samplevalue",
|
||||
}
|
||||
}
|
||||
|
||||
func customOriginConf() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"origin_protocol_policy": "http-only",
|
||||
"http_port": 80,
|
||||
"https_port": 443,
|
||||
"origin_ssl_protocols": customOriginSslProtocolsConf(),
|
||||
}
|
||||
}
|
||||
|
||||
func customOriginSslProtocolsConf() []interface{} {
|
||||
return []interface{}{"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"}
|
||||
}
|
||||
|
||||
func s3OriginConf() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"origin_access_identity": "origin-access-identity/cloudfront/E127EXAMPLE51Z",
|
||||
}
|
||||
}
|
||||
|
||||
func originWithCustomConf() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"origin_id": "CustomOrigin",
|
||||
"domain_name": "www.example.com",
|
||||
"origin_path": "/",
|
||||
"custom_origin_config": schema.NewSet(customOriginConfigHash, []interface{}{customOriginConf()}),
|
||||
"custom_header": originCustomHeadersConf(),
|
||||
}
|
||||
}
|
||||
func originWithS3Conf() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"origin_id": "S3Origin",
|
||||
"domain_name": "s3.example.com",
|
||||
"origin_path": "/",
|
||||
"s3_origin_config": schema.NewSet(s3OriginConfigHash, []interface{}{s3OriginConf()}),
|
||||
"custom_header": originCustomHeadersConf(),
|
||||
}
|
||||
}
|
||||
|
||||
func multiOriginConf() *schema.Set {
|
||||
return schema.NewSet(originHash, []interface{}{originWithCustomConf(), originWithS3Conf()})
|
||||
}
|
||||
|
||||
func geoRestrictionWhitelistConf() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"restriction_type": "whitelist",
|
||||
"locations": []interface{}{"CA", "GB", "US"},
|
||||
}
|
||||
}
|
||||
|
||||
func geoRestrictionsConf() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"geo_restriction": schema.NewSet(geoRestrictionHash, []interface{}{geoRestrictionWhitelistConf()}),
|
||||
}
|
||||
}
|
||||
|
||||
func geoRestrictionConfNoItems() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"restriction_type": "none",
|
||||
}
|
||||
}
|
||||
|
||||
func customErrorResponsesConf() []interface{} {
|
||||
return []interface{}{
|
||||
map[string]interface{}{
|
||||
"error_code": 404,
|
||||
"error_caching_min_ttl": 30,
|
||||
"response_code": 200,
|
||||
"response_page_path": "/error-pages/404.html",
|
||||
},
|
||||
map[string]interface{}{
|
||||
"error_code": 403,
|
||||
"error_caching_min_ttl": 15,
|
||||
"response_code": 404,
|
||||
"response_page_path": "/error-pages/404.html",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func aliasesConf() *schema.Set {
|
||||
return schema.NewSet(aliasesHash, []interface{}{"example.com", "www.example.com"})
|
||||
}
|
||||
|
||||
func loggingConfigConf() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"include_cookies": false,
|
||||
"bucket": "mylogs.s3.amazonaws.com",
|
||||
"prefix": "myprefix",
|
||||
}
|
||||
}
|
||||
|
||||
func customErrorResponsesConfSet() *schema.Set {
|
||||
return schema.NewSet(customErrorResponseHash, customErrorResponsesConf())
|
||||
}
|
||||
|
||||
func customErrorResponsesConfFirst() map[string]interface{} {
|
||||
return customErrorResponsesConf()[0].(map[string]interface{})
|
||||
}
|
||||
|
||||
func viewerCertificateConfSetCloudFrontDefault() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"cloudfront_default_certificate": true,
|
||||
}
|
||||
}
|
||||
|
||||
func viewerCertificateConfSetIAM() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"iam_certificate_id": "iamcert-01234567",
|
||||
"ssl_support_method": "vip",
|
||||
"minimum_protocol_version": "TLSv1",
|
||||
}
|
||||
}
|
||||
|
||||
func viewerCertificateConfSetACM() map[string]interface{} {
|
||||
return map[string]interface{}{
|
||||
"acm_certificate_arn": "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012",
|
||||
"ssl_support_method": "sni-only",
|
||||
"minimum_protocol_version": "TLSv1",
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandDefaultCacheBehavior(t *testing.T) {
|
||||
data := defaultCacheBehaviorConf()
|
||||
dcb := expandDefaultCacheBehavior(data)
|
||||
if *dcb.Compress != true {
|
||||
t.Fatalf("Expected Compress to be true, got %v", *dcb.Compress)
|
||||
}
|
||||
if *dcb.ViewerProtocolPolicy != "allow-all" {
|
||||
t.Fatalf("Expected ViewerProtocolPolicy to be allow-all, got %v", *dcb.ViewerProtocolPolicy)
|
||||
}
|
||||
if *dcb.TargetOriginId != "myS3Origin" {
|
||||
t.Fatalf("Expected TargetOriginId to be allow-all, got %v", *dcb.TargetOriginId)
|
||||
}
|
||||
if reflect.DeepEqual(dcb.ForwardedValues.Headers.Items, expandStringList(headersConf())) != true {
|
||||
t.Fatalf("Expected Items to be %v, got %v", headersConf(), dcb.ForwardedValues.Headers.Items)
|
||||
}
|
||||
if *dcb.MinTTL != 86400 {
|
||||
t.Fatalf("Expected MinTTL to be 86400, got %v", *dcb.MinTTL)
|
||||
}
|
||||
if reflect.DeepEqual(dcb.TrustedSigners.Items, expandStringList(trustedSignersConf())) != true {
|
||||
t.Fatalf("Expected TrustedSigners.Items to be %v, got %v", trustedSignersConf(), dcb.TrustedSigners.Items)
|
||||
}
|
||||
if *dcb.MaxTTL != 365000000 {
|
||||
t.Fatalf("Expected MaxTTL to be 86400, got %v", *dcb.MaxTTL)
|
||||
}
|
||||
if *dcb.SmoothStreaming != false {
|
||||
t.Fatalf("Expected SmoothStreaming to be false, got %v", *dcb.SmoothStreaming)
|
||||
}
|
||||
if *dcb.DefaultTTL != 86400 {
|
||||
t.Fatalf("Expected DefaultTTL to be 86400, got %v", *dcb.DefaultTTL)
|
||||
}
|
||||
if reflect.DeepEqual(dcb.AllowedMethods.Items, expandStringList(allowedMethodsConf())) != true {
|
||||
t.Fatalf("Expected TrustedSigners.Items to be %v, got %v", allowedMethodsConf(), dcb.AllowedMethods.Items)
|
||||
}
|
||||
if reflect.DeepEqual(dcb.AllowedMethods.CachedMethods.Items, expandStringList(cachedMethodsConf())) != true {
|
||||
t.Fatalf("Expected TrustedSigners.Items to be %v, got %v", cachedMethodsConf(), dcb.AllowedMethods.CachedMethods.Items)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenDefaultCacheBehavior(t *testing.T) {
|
||||
in := defaultCacheBehaviorConf()
|
||||
dcb := expandDefaultCacheBehavior(in)
|
||||
out := flattenDefaultCacheBehavior(dcb)
|
||||
diff := schema.NewSet(defaultCacheBehaviorHash, []interface{}{in}).Difference(out)
|
||||
|
||||
if len(diff.List()) > 0 {
|
||||
t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandCacheBehavior(t *testing.T) {
|
||||
data := cacheBehaviorConf1()
|
||||
cb := expandCacheBehavior(data)
|
||||
if *cb.Compress != true {
|
||||
t.Fatalf("Expected Compress to be true, got %v", *cb.Compress)
|
||||
}
|
||||
if *cb.ViewerProtocolPolicy != "allow-all" {
|
||||
t.Fatalf("Expected ViewerProtocolPolicy to be allow-all, got %v", *cb.ViewerProtocolPolicy)
|
||||
}
|
||||
if *cb.TargetOriginId != "myS3Origin" {
|
||||
t.Fatalf("Expected TargetOriginId to be myS3Origin, got %v", *cb.TargetOriginId)
|
||||
}
|
||||
if reflect.DeepEqual(cb.ForwardedValues.Headers.Items, expandStringList(headersConf())) != true {
|
||||
t.Fatalf("Expected Items to be %v, got %v", headersConf(), cb.ForwardedValues.Headers.Items)
|
||||
}
|
||||
if *cb.MinTTL != 86400 {
|
||||
t.Fatalf("Expected MinTTL to be 86400, got %v", *cb.MinTTL)
|
||||
}
|
||||
if reflect.DeepEqual(cb.TrustedSigners.Items, expandStringList(trustedSignersConf())) != true {
|
||||
t.Fatalf("Expected TrustedSigners.Items to be %v, got %v", trustedSignersConf(), cb.TrustedSigners.Items)
|
||||
}
|
||||
if *cb.MaxTTL != 365000000 {
|
||||
t.Fatalf("Expected MaxTTL to be 365000000, got %v", *cb.MaxTTL)
|
||||
}
|
||||
if *cb.SmoothStreaming != false {
|
||||
t.Fatalf("Expected SmoothStreaming to be false, got %v", *cb.SmoothStreaming)
|
||||
}
|
||||
if *cb.DefaultTTL != 86400 {
|
||||
t.Fatalf("Expected DefaultTTL to be 86400, got %v", *cb.DefaultTTL)
|
||||
}
|
||||
if reflect.DeepEqual(cb.AllowedMethods.Items, expandStringList(allowedMethodsConf())) != true {
|
||||
t.Fatalf("Expected AllowedMethods.Items to be %v, got %v", allowedMethodsConf(), cb.AllowedMethods.Items)
|
||||
}
|
||||
if reflect.DeepEqual(cb.AllowedMethods.CachedMethods.Items, expandStringList(cachedMethodsConf())) != true {
|
||||
t.Fatalf("Expected AllowedMethods.CachedMethods.Items to be %v, got %v", cachedMethodsConf(), cb.AllowedMethods.CachedMethods.Items)
|
||||
}
|
||||
if *cb.PathPattern != "/path1" {
|
||||
t.Fatalf("Expected PathPattern to be /path1, got %v", *cb.PathPattern)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenCacheBehavior(t *testing.T) {
|
||||
in := cacheBehaviorConf1()
|
||||
cb := expandCacheBehavior(in)
|
||||
out := flattenCacheBehavior(cb)
|
||||
var diff *schema.Set
|
||||
if out["compress"] != true {
|
||||
t.Fatalf("Expected out[compress] to be true, got %v", out["compress"])
|
||||
}
|
||||
if out["viewer_protocol_policy"] != "allow-all" {
|
||||
t.Fatalf("Expected out[viewer_protocol_policy] to be allow-all, got %v", out["viewer_protocol_policy"])
|
||||
}
|
||||
if out["target_origin_id"] != "myS3Origin" {
|
||||
t.Fatalf("Expected out[target_origin_id] to be myS3Origin, got %v", out["target_origin_id"])
|
||||
}
|
||||
diff = out["forwarded_values"].(*schema.Set).Difference(in["forwarded_values"].(*schema.Set))
|
||||
if len(diff.List()) > 0 {
|
||||
t.Fatalf("Expected out[forwarded_values] to be %v, got %v, diff: %v", out["forwarded_values"], in["forwarded_values"], diff)
|
||||
}
|
||||
if out["min_ttl"] != int(86400) {
|
||||
t.Fatalf("Expected out[min_ttl] to be 86400 (int), got %v", out["forwarded_values"])
|
||||
}
|
||||
if reflect.DeepEqual(out["trusted_signers"], in["trusted_signers"]) != true {
|
||||
t.Fatalf("Expected out[trusted_signers] to be %v, got %v", in["trusted_signers"], out["trusted_signers"])
|
||||
}
|
||||
if out["max_ttl"] != int(365000000) {
|
||||
t.Fatalf("Expected out[max_ttl] to be 365000000 (int), got %v", out["max_ttl"])
|
||||
}
|
||||
if out["smooth_streaming"] != false {
|
||||
t.Fatalf("Expected out[smooth_streaming] to be false, got %v", out["smooth_streaming"])
|
||||
}
|
||||
if out["default_ttl"] != int(86400) {
|
||||
t.Fatalf("Expected out[default_ttl] to be 86400 (int), got %v", out["default_ttl"])
|
||||
}
|
||||
if reflect.DeepEqual(out["allowed_methods"], in["allowed_methods"]) != true {
|
||||
t.Fatalf("Expected out[allowed_methods] to be %v, got %v", in["allowed_methods"], out["allowed_methods"])
|
||||
}
|
||||
if reflect.DeepEqual(out["cached_methods"], in["cached_methods"]) != true {
|
||||
t.Fatalf("Expected out[cached_methods] to be %v, got %v", in["cached_methods"], out["cached_methods"])
|
||||
}
|
||||
if out["path_pattern"] != "/path1" {
|
||||
t.Fatalf("Expected out[path_pattern] to be /path1, got %v", out["path_pattern"])
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandCacheBehaviors(t *testing.T) {
|
||||
data := cacheBehaviorsConf()
|
||||
cbs := expandCacheBehaviors(data)
|
||||
if *cbs.Quantity != 2 {
|
||||
t.Fatalf("Expected Quantity to be 2, got %v", *cbs.Quantity)
|
||||
}
|
||||
if *cbs.Items[0].TargetOriginId != "myS3Origin" {
|
||||
t.Fatalf("Expected first Item's TargetOriginId to be myS3Origin, got %v", *cbs.Items[0].TargetOriginId)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenCacheBehaviors(t *testing.T) {
|
||||
in := cacheBehaviorsConf()
|
||||
cbs := expandCacheBehaviors(in)
|
||||
out := flattenCacheBehaviors(cbs)
|
||||
diff := in.Difference(out)
|
||||
|
||||
if len(diff.List()) > 0 {
|
||||
t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandTrustedSigners(t *testing.T) {
|
||||
data := trustedSignersConf()
|
||||
ts := expandTrustedSigners(data)
|
||||
if *ts.Quantity != 2 {
|
||||
t.Fatalf("Expected Quantity to be 2, got %v", *ts.Quantity)
|
||||
}
|
||||
if *ts.Enabled != true {
|
||||
t.Fatalf("Expected Enabled to be true, got %v", *ts.Enabled)
|
||||
}
|
||||
if reflect.DeepEqual(ts.Items, expandStringList(data)) != true {
|
||||
t.Fatalf("Expected Items to be %v, got %v", data, ts.Items)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenTrustedSigners(t *testing.T) {
|
||||
in := trustedSignersConf()
|
||||
ts := expandTrustedSigners(in)
|
||||
out := flattenTrustedSigners(ts)
|
||||
|
||||
if reflect.DeepEqual(in, out) != true {
|
||||
t.Fatalf("Expected out to be %v, got %v", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandTrustedSigners_empty(t *testing.T) {
|
||||
data := []interface{}{}
|
||||
ts := expandTrustedSigners(data)
|
||||
if *ts.Quantity != 0 {
|
||||
t.Fatalf("Expected Quantity to be 2, got %v", *ts.Quantity)
|
||||
}
|
||||
if *ts.Enabled != false {
|
||||
t.Fatalf("Expected Enabled to be true, got %v", *ts.Enabled)
|
||||
}
|
||||
if ts.Items != nil {
|
||||
t.Fatalf("Expected Items to be nil, got %v", ts.Items)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandForwardedValues(t *testing.T) {
|
||||
data := forwardedValuesConf()
|
||||
fv := expandForwardedValues(data)
|
||||
if *fv.QueryString != true {
|
||||
t.Fatalf("Expected QueryString to be true, got %v", *fv.QueryString)
|
||||
}
|
||||
if reflect.DeepEqual(fv.Cookies.WhitelistedNames.Items, expandStringList(cookieNamesConf())) != true {
|
||||
t.Fatalf("Expected Cookies.WhitelistedNames.Items to be %v, got %v", cookieNamesConf(), fv.Cookies.WhitelistedNames.Items)
|
||||
}
|
||||
if reflect.DeepEqual(fv.Headers.Items, expandStringList(headersConf())) != true {
|
||||
t.Fatalf("Expected Headers.Items to be %v, got %v", headersConf(), fv.Headers.Items)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenForwardedValues(t *testing.T) {
|
||||
in := forwardedValuesConf()
|
||||
fv := expandForwardedValues(in)
|
||||
out := flattenForwardedValues(fv)
|
||||
|
||||
if out["query_string"] != true {
|
||||
t.Fatalf("Expected out[query_string] to be true, got %v", out["query_string"])
|
||||
}
|
||||
if out["cookies"].(*schema.Set).Equal(in["cookies"].(*schema.Set)) != true {
|
||||
t.Fatalf("Expected out[cookies] to be %v, got %v", in["cookies"], out["cookies"])
|
||||
}
|
||||
if reflect.DeepEqual(out["headers"], in["headers"]) != true {
|
||||
t.Fatalf("Expected out[headers] to be %v, got %v", in["headers"], out["headers"])
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandHeaders(t *testing.T) {
|
||||
data := headersConf()
|
||||
h := expandHeaders(data)
|
||||
if *h.Quantity != 2 {
|
||||
t.Fatalf("Expected Quantity to be 2, got %v", *h.Quantity)
|
||||
}
|
||||
if reflect.DeepEqual(h.Items, expandStringList(data)) != true {
|
||||
t.Fatalf("Expected Items to be %v, got %v", data, h.Items)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenHeaders(t *testing.T) {
|
||||
in := headersConf()
|
||||
h := expandHeaders(in)
|
||||
out := flattenHeaders(h)
|
||||
|
||||
if reflect.DeepEqual(in, out) != true {
|
||||
t.Fatalf("Expected out to be %v, got %v", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandCookiePreference(t *testing.T) {
|
||||
data := cookiePreferenceConf()
|
||||
cp := expandCookiePreference(data)
|
||||
if *cp.Forward != "whitelist" {
|
||||
t.Fatalf("Expected Forward to be whitelist, got %v", *cp.Forward)
|
||||
}
|
||||
if reflect.DeepEqual(cp.WhitelistedNames.Items, expandStringList(cookieNamesConf())) != true {
|
||||
t.Fatalf("Expected WhitelistedNames.Items to be %v, got %v", cookieNamesConf(), cp.WhitelistedNames.Items)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenCookiePreference(t *testing.T) {
|
||||
in := cookiePreferenceConf()
|
||||
cp := expandCookiePreference(in)
|
||||
out := flattenCookiePreference(cp)
|
||||
|
||||
if reflect.DeepEqual(in, out) != true {
|
||||
t.Fatalf("Expected out to be %v, got %v", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandCookieNames(t *testing.T) {
|
||||
data := cookieNamesConf()
|
||||
cn := expandCookieNames(data)
|
||||
if *cn.Quantity != 2 {
|
||||
t.Fatalf("Expected Quantity to be 2, got %v", *cn.Quantity)
|
||||
}
|
||||
if reflect.DeepEqual(cn.Items, expandStringList(data)) != true {
|
||||
t.Fatalf("Expected Items to be %v, got %v", data, cn.Items)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenCookieNames(t *testing.T) {
|
||||
in := cookieNamesConf()
|
||||
cn := expandCookieNames(in)
|
||||
out := flattenCookieNames(cn)
|
||||
|
||||
if reflect.DeepEqual(in, out) != true {
|
||||
t.Fatalf("Expected out to be %v, got %v", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandAllowedMethods(t *testing.T) {
|
||||
data := allowedMethodsConf()
|
||||
am := expandAllowedMethods(data)
|
||||
if *am.Quantity != 7 {
|
||||
t.Fatalf("Expected Quantity to be 3, got %v", *am.Quantity)
|
||||
}
|
||||
if reflect.DeepEqual(am.Items, expandStringList(data)) != true {
|
||||
t.Fatalf("Expected Items to be %v, got %v", data, am.Items)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenAllowedMethods(t *testing.T) {
|
||||
in := allowedMethodsConf()
|
||||
am := expandAllowedMethods(in)
|
||||
out := flattenAllowedMethods(am)
|
||||
|
||||
if reflect.DeepEqual(in, out) != true {
|
||||
t.Fatalf("Expected out to be %v, got %v", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandCachedMethods(t *testing.T) {
|
||||
data := cachedMethodsConf()
|
||||
cm := expandCachedMethods(data)
|
||||
if *cm.Quantity != 3 {
|
||||
t.Fatalf("Expected Quantity to be 3, got %v", *cm.Quantity)
|
||||
}
|
||||
if reflect.DeepEqual(cm.Items, expandStringList(data)) != true {
|
||||
t.Fatalf("Expected Items to be %v, got %v", data, cm.Items)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenCachedMethods(t *testing.T) {
|
||||
in := cachedMethodsConf()
|
||||
cm := expandCachedMethods(in)
|
||||
out := flattenCachedMethods(cm)
|
||||
|
||||
if reflect.DeepEqual(in, out) != true {
|
||||
t.Fatalf("Expected out to be %v, got %v", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandOrigins(t *testing.T) {
|
||||
data := multiOriginConf()
|
||||
origins := expandOrigins(data)
|
||||
if *origins.Quantity != 2 {
|
||||
t.Fatalf("Expected Quantity to be 2, got %v", *origins.Quantity)
|
||||
}
|
||||
if *origins.Items[0].OriginPath != "/" {
|
||||
t.Fatalf("Expected first Item's OriginPath to be /, got %v", *origins.Items[0].OriginPath)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenOrigins(t *testing.T) {
|
||||
in := multiOriginConf()
|
||||
origins := expandOrigins(in)
|
||||
out := flattenOrigins(origins)
|
||||
diff := in.Difference(out)
|
||||
|
||||
if len(diff.List()) > 0 {
|
||||
t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandOrigin(t *testing.T) {
|
||||
data := originWithCustomConf()
|
||||
or := expandOrigin(data)
|
||||
if *or.Id != "CustomOrigin" {
|
||||
t.Fatalf("Expected Id to be CustomOrigin, got %v", *or.Id)
|
||||
}
|
||||
if *or.DomainName != "www.example.com" {
|
||||
t.Fatalf("Expected DomainName to be www.example.com, got %v", *or.DomainName)
|
||||
}
|
||||
if *or.OriginPath != "/" {
|
||||
t.Fatalf("Expected OriginPath to be /, got %v", *or.OriginPath)
|
||||
}
|
||||
if *or.CustomOriginConfig.OriginProtocolPolicy != "http-only" {
|
||||
t.Fatalf("Expected CustomOriginConfig.OriginProtocolPolicy to be http-only, got %v", *or.CustomOriginConfig.OriginProtocolPolicy)
|
||||
}
|
||||
if *or.CustomHeaders.Items[0].HeaderValue != "samplevalue" {
|
||||
t.Fatalf("Expected CustomHeaders.Items[0].HeaderValue to be samplevalue, got %v", *or.CustomHeaders.Items[0].HeaderValue)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenOrigin(t *testing.T) {
|
||||
in := originWithCustomConf()
|
||||
or := expandOrigin(in)
|
||||
out := flattenOrigin(or)
|
||||
|
||||
if out["origin_id"] != "CustomOrigin" {
|
||||
t.Fatalf("Expected out[origin_id] to be CustomOrigin, got %v", out["origin_id"])
|
||||
}
|
||||
if out["domain_name"] != "www.example.com" {
|
||||
t.Fatalf("Expected out[domain_name] to be www.example.com, got %v", out["domain_name"])
|
||||
}
|
||||
if out["origin_path"] != "/" {
|
||||
t.Fatalf("Expected out[origin_path] to be /, got %v", out["origin_path"])
|
||||
}
|
||||
if out["custom_origin_config"].(*schema.Set).Equal(in["custom_origin_config"].(*schema.Set)) != true {
|
||||
t.Fatalf("Expected out[custom_origin_config] to be %v, got %v", in["custom_origin_config"], out["custom_origin_config"])
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandCustomHeaders(t *testing.T) {
|
||||
in := originCustomHeadersConf()
|
||||
chs := expandCustomHeaders(in)
|
||||
if *chs.Quantity != 2 {
|
||||
t.Fatalf("Expected Quantity to be 2, got %v", *chs.Quantity)
|
||||
}
|
||||
if *chs.Items[0].HeaderValue != "samplevalue" {
|
||||
t.Fatalf("Expected first Item's HeaderValue to be samplevalue, got %v", *chs.Items[0].HeaderValue)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenCustomHeaders(t *testing.T) {
|
||||
in := originCustomHeadersConf()
|
||||
chs := expandCustomHeaders(in)
|
||||
out := flattenCustomHeaders(chs)
|
||||
diff := in.Difference(out)
|
||||
|
||||
if len(diff.List()) > 0 {
|
||||
t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenOriginCustomHeader(t *testing.T) {
|
||||
in := originCustomHeaderConf1()
|
||||
och := expandOriginCustomHeader(in)
|
||||
out := flattenOriginCustomHeader(och)
|
||||
|
||||
if out["name"] != "X-Custom-Header1" {
|
||||
t.Fatalf("Expected out[name] to be X-Custom-Header1, got %v", out["name"])
|
||||
}
|
||||
if out["value"] != "samplevalue" {
|
||||
t.Fatalf("Expected out[value] to be samplevalue, got %v", out["value"])
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandOriginCustomHeader(t *testing.T) {
|
||||
in := originCustomHeaderConf1()
|
||||
och := expandOriginCustomHeader(in)
|
||||
|
||||
if *och.HeaderName != "X-Custom-Header1" {
|
||||
t.Fatalf("Expected HeaderName to be X-Custom-Header1, got %v", *och.HeaderName)
|
||||
}
|
||||
if *och.HeaderValue != "samplevalue" {
|
||||
t.Fatalf("Expected HeaderValue to be samplevalue, got %v", *och.HeaderValue)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandCustomOriginConfig(t *testing.T) {
|
||||
data := customOriginConf()
|
||||
co := expandCustomOriginConfig(data)
|
||||
if *co.OriginProtocolPolicy != "http-only" {
|
||||
t.Fatalf("Expected OriginProtocolPolicy to be http-only, got %v", *co.OriginProtocolPolicy)
|
||||
}
|
||||
if *co.HTTPPort != 80 {
|
||||
t.Fatalf("Expected HTTPPort to be 80, got %v", *co.HTTPPort)
|
||||
}
|
||||
if *co.HTTPSPort != 443 {
|
||||
t.Fatalf("Expected HTTPSPort to be 443, got %v", *co.HTTPSPort)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenCustomOriginConfig(t *testing.T) {
|
||||
in := customOriginConf()
|
||||
co := expandCustomOriginConfig(in)
|
||||
out := flattenCustomOriginConfig(co)
|
||||
|
||||
if reflect.DeepEqual(in, out) != true {
|
||||
t.Fatalf("Expected out to be %v, got %v", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandCustomOriginConfigSSL(t *testing.T) {
|
||||
in := customOriginSslProtocolsConf()
|
||||
ocs := expandCustomOriginConfigSSL(in)
|
||||
if *ocs.Quantity != 4 {
|
||||
t.Fatalf("Expected Quantity to be 4, got %v", *ocs.Quantity)
|
||||
}
|
||||
if *ocs.Items[0] != "SSLv3" {
|
||||
t.Fatalf("Expected first Item to be SSLv3, got %v", *ocs.Items[0])
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenCustomOriginConfigSSL(t *testing.T) {
|
||||
in := customOriginSslProtocolsConf()
|
||||
ocs := expandCustomOriginConfigSSL(in)
|
||||
out := flattenCustomOriginConfigSSL(ocs)
|
||||
|
||||
if reflect.DeepEqual(in, out) != true {
|
||||
t.Fatalf("Expected out to be %v, got %v", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandS3OriginConfig(t *testing.T) {
|
||||
data := s3OriginConf()
|
||||
s3o := expandS3OriginConfig(data)
|
||||
if *s3o.OriginAccessIdentity != "origin-access-identity/cloudfront/E127EXAMPLE51Z" {
|
||||
t.Fatalf("Expected OriginAccessIdentity to be origin-access-identity/cloudfront/E127EXAMPLE51Z, got %v", *s3o.OriginAccessIdentity)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenS3OriginConfig(t *testing.T) {
|
||||
in := s3OriginConf()
|
||||
s3o := expandS3OriginConfig(in)
|
||||
out := flattenS3OriginConfig(s3o)
|
||||
|
||||
if reflect.DeepEqual(in, out) != true {
|
||||
t.Fatalf("Expected out to be %v, got %v", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandCustomErrorResponses(t *testing.T) {
|
||||
data := customErrorResponsesConfSet()
|
||||
ers := expandCustomErrorResponses(data)
|
||||
if *ers.Quantity != 2 {
|
||||
t.Fatalf("Expected Quantity to be 2, got %v", *ers.Quantity)
|
||||
}
|
||||
if *ers.Items[0].ResponsePagePath != "/error-pages/404.html" {
|
||||
t.Fatalf("Expected ResponsePagePath in first Item to be /error-pages/404.html, got %v", *ers.Items[0].ResponsePagePath)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenCustomErrorResponses(t *testing.T) {
|
||||
in := customErrorResponsesConfSet()
|
||||
ers := expandCustomErrorResponses(in)
|
||||
out := flattenCustomErrorResponses(ers)
|
||||
|
||||
if in.Equal(out) != true {
|
||||
t.Fatalf("Expected out to be %v, got %v", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandCustomErrorResponse(t *testing.T) {
|
||||
data := customErrorResponsesConfFirst()
|
||||
er := expandCustomErrorResponse(data)
|
||||
if *er.ErrorCode != 404 {
|
||||
t.Fatalf("Expected ErrorCode to be 404, got %v", *er.ErrorCode)
|
||||
}
|
||||
if *er.ErrorCachingMinTTL != 30 {
|
||||
t.Fatalf("Expected ErrorCachingMinTTL to be 30, got %v", *er.ErrorCachingMinTTL)
|
||||
}
|
||||
if *er.ResponseCode != "200" {
|
||||
t.Fatalf("Expected ResponseCode to be 200 (as string), got %v", *er.ResponseCode)
|
||||
}
|
||||
if *er.ResponsePagePath != "/error-pages/404.html" {
|
||||
t.Fatalf("Expected ResponsePagePath to be /error-pages/404.html, got %v", *er.ResponsePagePath)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenCustomErrorResponse(t *testing.T) {
|
||||
in := customErrorResponsesConfFirst()
|
||||
er := expandCustomErrorResponse(in)
|
||||
out := flattenCustomErrorResponse(er)
|
||||
|
||||
if reflect.DeepEqual(in, out) != true {
|
||||
t.Fatalf("Expected out to be %v, got %v", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandLoggingConfig(t *testing.T) {
|
||||
data := loggingConfigConf()
|
||||
|
||||
lc := expandLoggingConfig(data)
|
||||
if *lc.Enabled != true {
|
||||
t.Fatalf("Expected Enabled to be true, got %v", *lc.Enabled)
|
||||
}
|
||||
if *lc.Prefix != "myprefix" {
|
||||
t.Fatalf("Expected Prefix to be myprefix, got %v", *lc.Prefix)
|
||||
}
|
||||
if *lc.Bucket != "mylogs.s3.amazonaws.com" {
|
||||
t.Fatalf("Expected Bucket to be mylogs.s3.amazonaws.com, got %v", *lc.Bucket)
|
||||
}
|
||||
if *lc.IncludeCookies != false {
|
||||
t.Fatalf("Expected IncludeCookies to be false, got %v", *lc.IncludeCookies)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandLoggingConfig_nilValue(t *testing.T) {
|
||||
lc := expandLoggingConfig(nil)
|
||||
if *lc.Enabled != false {
|
||||
t.Fatalf("Expected Enabled to be false, got %v", *lc.Enabled)
|
||||
}
|
||||
if *lc.Prefix != "" {
|
||||
t.Fatalf("Expected Prefix to be blank, got %v", *lc.Prefix)
|
||||
}
|
||||
if *lc.Bucket != "" {
|
||||
t.Fatalf("Expected Bucket to be blank, got %v", *lc.Bucket)
|
||||
}
|
||||
if *lc.IncludeCookies != false {
|
||||
t.Fatalf("Expected IncludeCookies to be false, got %v", *lc.IncludeCookies)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenLoggingConfig(t *testing.T) {
|
||||
in := loggingConfigConf()
|
||||
lc := expandLoggingConfig(in)
|
||||
out := flattenLoggingConfig(lc)
|
||||
diff := schema.NewSet(loggingConfigHash, []interface{}{in}).Difference(out)
|
||||
|
||||
if len(diff.List()) > 0 {
|
||||
t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandAliases(t *testing.T) {
|
||||
data := aliasesConf()
|
||||
a := expandAliases(data)
|
||||
if *a.Quantity != 2 {
|
||||
t.Fatalf("Expected Quantity to be 2, got %v", *a.Quantity)
|
||||
}
|
||||
if reflect.DeepEqual(a.Items, expandStringList(data.List())) != true {
|
||||
t.Fatalf("Expected Items to be [example.com www.example.com], got %v", a.Items)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenAliases(t *testing.T) {
|
||||
in := aliasesConf()
|
||||
a := expandAliases(in)
|
||||
out := flattenAliases(a)
|
||||
diff := in.Difference(out)
|
||||
|
||||
if len(diff.List()) > 0 {
|
||||
t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandRestrictions(t *testing.T) {
|
||||
data := geoRestrictionsConf()
|
||||
r := expandRestrictions(data)
|
||||
if *r.GeoRestriction.RestrictionType != "whitelist" {
|
||||
t.Fatalf("Expected GeoRestriction.RestrictionType to be whitelist, got %v", *r.GeoRestriction.RestrictionType)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenRestrictions(t *testing.T) {
|
||||
in := geoRestrictionsConf()
|
||||
r := expandRestrictions(in)
|
||||
out := flattenRestrictions(r)
|
||||
diff := schema.NewSet(restrictionsHash, []interface{}{in}).Difference(out)
|
||||
|
||||
if len(diff.List()) > 0 {
|
||||
t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandGeoRestriction_whitelist(t *testing.T) {
|
||||
data := geoRestrictionWhitelistConf()
|
||||
gr := expandGeoRestriction(data)
|
||||
if *gr.RestrictionType != "whitelist" {
|
||||
t.Fatalf("Expected RestrictionType to be whitelist, got %v", *gr.RestrictionType)
|
||||
}
|
||||
if *gr.Quantity != 3 {
|
||||
t.Fatalf("Expected Quantity to be 3, got %v", *gr.Quantity)
|
||||
}
|
||||
if reflect.DeepEqual(gr.Items, aws.StringSlice([]string{"CA", "GB", "US"})) != true {
|
||||
t.Fatalf("Expected Items be [CA, GB, US], got %v", gr.Items)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenGeoRestriction_whitelist(t *testing.T) {
|
||||
in := geoRestrictionWhitelistConf()
|
||||
gr := expandGeoRestriction(in)
|
||||
out := flattenGeoRestriction(gr)
|
||||
|
||||
if reflect.DeepEqual(in, out) != true {
|
||||
t.Fatalf("Expected out to be %v, got %v", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandGeoRestriction_no_items(t *testing.T) {
|
||||
data := geoRestrictionConfNoItems()
|
||||
gr := expandGeoRestriction(data)
|
||||
if *gr.RestrictionType != "none" {
|
||||
t.Fatalf("Expected RestrictionType to be none, got %v", *gr.RestrictionType)
|
||||
}
|
||||
if *gr.Quantity != 0 {
|
||||
t.Fatalf("Expected Quantity to be 0, got %v", *gr.Quantity)
|
||||
}
|
||||
if gr.Items != nil {
|
||||
t.Fatalf("Expected Items to not be set, got %v", gr.Items)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenGeoRestriction_no_items(t *testing.T) {
|
||||
in := geoRestrictionConfNoItems()
|
||||
gr := expandGeoRestriction(in)
|
||||
out := flattenGeoRestriction(gr)
|
||||
|
||||
if reflect.DeepEqual(in, out) != true {
|
||||
t.Fatalf("Expected out to be %v, got %v", in, out)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandViewerCertificate_cloudfront_default_certificate(t *testing.T) {
|
||||
data := viewerCertificateConfSetCloudFrontDefault()
|
||||
vc := expandViewerCertificate(data)
|
||||
if vc.ACMCertificateArn != nil {
|
||||
t.Fatalf("Expected ACMCertificateArn to be unset, got %v", *vc.ACMCertificateArn)
|
||||
}
|
||||
if *vc.CloudFrontDefaultCertificate != true {
|
||||
t.Fatalf("Expected CloudFrontDefaultCertificate to be true, got %v", *vc.CloudFrontDefaultCertificate)
|
||||
}
|
||||
if vc.IAMCertificateId != nil {
|
||||
t.Fatalf("Expected IAMCertificateId to not be set, got %v", *vc.IAMCertificateId)
|
||||
}
|
||||
if vc.SSLSupportMethod != nil {
|
||||
t.Fatalf("Expected IAMCertificateId to not be set, got %v", *vc.SSLSupportMethod)
|
||||
}
|
||||
if vc.MinimumProtocolVersion != nil {
|
||||
t.Fatalf("Expected IAMCertificateId to not be set, got %v", *vc.MinimumProtocolVersion)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_flattenViewerCertificate_cloudfront_default_certificate(t *testing.T) {
|
||||
in := viewerCertificateConfSetCloudFrontDefault()
|
||||
vc := expandViewerCertificate(in)
|
||||
out := flattenViewerCertificate(vc)
|
||||
diff := schema.NewSet(viewerCertificateHash, []interface{}{in}).Difference(out)
|
||||
|
||||
if len(diff.List()) > 0 {
|
||||
t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandViewerCertificate_iam_certificate_id(t *testing.T) {
|
||||
data := viewerCertificateConfSetIAM()
|
||||
vc := expandViewerCertificate(data)
|
||||
if vc.ACMCertificateArn != nil {
|
||||
t.Fatalf("Expected ACMCertificateArn to be unset, got %v", *vc.ACMCertificateArn)
|
||||
}
|
||||
if vc.CloudFrontDefaultCertificate != nil {
|
||||
t.Fatalf("Expected CloudFrontDefaultCertificate to be unset, got %v", *vc.CloudFrontDefaultCertificate)
|
||||
}
|
||||
if *vc.IAMCertificateId != "iamcert-01234567" {
|
||||
t.Fatalf("Expected IAMCertificateId to be iamcert-01234567, got %v", *vc.IAMCertificateId)
|
||||
}
|
||||
if *vc.SSLSupportMethod != "vip" {
|
||||
t.Fatalf("Expected IAMCertificateId to be vip, got %v", *vc.SSLSupportMethod)
|
||||
}
|
||||
if *vc.MinimumProtocolVersion != "TLSv1" {
|
||||
t.Fatalf("Expected IAMCertificateId to be TLSv1, got %v", *vc.MinimumProtocolVersion)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_expandViewerCertificate_acm_certificate_arn(t *testing.T) {
|
||||
data := viewerCertificateConfSetACM()
|
||||
vc := expandViewerCertificate(data)
|
||||
if *vc.ACMCertificateArn != "arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012" {
|
||||
t.Fatalf("Expected ACMCertificateArn to be arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012, got %v", *vc.ACMCertificateArn)
|
||||
}
|
||||
if vc.CloudFrontDefaultCertificate != nil {
|
||||
t.Fatalf("Expected CloudFrontDefaultCertificate to be unset, got %v", *vc.CloudFrontDefaultCertificate)
|
||||
}
|
||||
if vc.IAMCertificateId != nil {
|
||||
t.Fatalf("Expected IAMCertificateId to be unset, got %v", *vc.IAMCertificateId)
|
||||
}
|
||||
if *vc.SSLSupportMethod != "sni-only" {
|
||||
t.Fatalf("Expected IAMCertificateId to be sni-only, got %v", *vc.SSLSupportMethod)
|
||||
}
|
||||
if *vc.MinimumProtocolVersion != "TLSv1" {
|
||||
t.Fatalf("Expected IAMCertificateId to be TLSv1, got %v", *vc.MinimumProtocolVersion)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_falttenViewerCertificate_iam_certificate_id(t *testing.T) {
|
||||
in := viewerCertificateConfSetIAM()
|
||||
vc := expandViewerCertificate(in)
|
||||
out := flattenViewerCertificate(vc)
|
||||
diff := schema.NewSet(viewerCertificateHash, []interface{}{in}).Difference(out)
|
||||
|
||||
if len(diff.List()) > 0 {
|
||||
t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudFrontStructure_falttenViewerCertificate_acm_certificate_arn(t *testing.T) {
|
||||
in := viewerCertificateConfSetACM()
|
||||
vc := expandViewerCertificate(in)
|
||||
out := flattenViewerCertificate(vc)
|
||||
diff := schema.NewSet(viewerCertificateHash, []interface{}{in}).Difference(out)
|
||||
|
||||
if len(diff.List()) > 0 {
|
||||
t.Fatalf("Expected out to be %v, got %v, diff: %v", in, out, diff)
|
||||
}
|
||||
}
|
|
@ -25,6 +25,7 @@ import (
|
|||
"github.com/aws/aws-sdk-go/service/apigateway"
|
||||
"github.com/aws/aws-sdk-go/service/autoscaling"
|
||||
"github.com/aws/aws-sdk-go/service/cloudformation"
|
||||
"github.com/aws/aws-sdk-go/service/cloudfront"
|
||||
"github.com/aws/aws-sdk-go/service/cloudtrail"
|
||||
"github.com/aws/aws-sdk-go/service/cloudwatch"
|
||||
"github.com/aws/aws-sdk-go/service/cloudwatchevents"
|
||||
|
@ -78,6 +79,7 @@ type Config struct {
|
|||
|
||||
type AWSClient struct {
|
||||
cfconn *cloudformation.CloudFormation
|
||||
cloudfrontconn *cloudfront.CloudFront
|
||||
cloudtrailconn *cloudtrail.CloudTrail
|
||||
cloudwatchconn *cloudwatch.CloudWatch
|
||||
cloudwatchlogsconn *cloudwatchlogs.CloudWatchLogs
|
||||
|
@ -188,6 +190,9 @@ func (c *Config) Client() (interface{}, error) {
|
|||
dynamoSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.DynamoDBEndpoint)})
|
||||
client.dynamodbconn = dynamodb.New(dynamoSess)
|
||||
|
||||
log.Println("[INFO] Initializing Cloudfront connection")
|
||||
client.cloudfrontconn = cloudfront.New(sess)
|
||||
|
||||
log.Println("[INFO] Initializing ELB connection")
|
||||
awsElbSess := sess.Copy(&aws.Config{Endpoint: aws.String(c.ElbEndpoint)})
|
||||
client.elbconn = elb.New(awsElbSess)
|
||||
|
|
|
@ -129,6 +129,8 @@ func Provider() terraform.ResourceProvider {
|
|||
"aws_autoscaling_policy": resourceAwsAutoscalingPolicy(),
|
||||
"aws_autoscaling_schedule": resourceAwsAutoscalingSchedule(),
|
||||
"aws_cloudformation_stack": resourceAwsCloudFormationStack(),
|
||||
"aws_cloudfront_distribution": resourceAwsCloudFrontDistribution(),
|
||||
"aws_cloudfront_origin_access_identity": resourceAwsCloudFrontOriginAccessIdentity(),
|
||||
"aws_cloudtrail": resourceAwsCloudTrail(),
|
||||
"aws_cloudwatch_event_rule": resourceAwsCloudWatchEventRule(),
|
||||
"aws_cloudwatch_event_target": resourceAwsCloudWatchEventTarget(),
|
||||
|
|
|
@ -0,0 +1,595 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"log"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/service/cloudfront"
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
)
|
||||
|
||||
func resourceAwsCloudFrontDistribution() *schema.Resource {
|
||||
return &schema.Resource{
|
||||
Create: resourceAwsCloudFrontDistributionCreate,
|
||||
Read: resourceAwsCloudFrontDistributionRead,
|
||||
Update: resourceAwsCloudFrontDistributionUpdate,
|
||||
Delete: resourceAwsCloudFrontDistributionDelete,
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
"aliases": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
Set: aliasesHash,
|
||||
},
|
||||
"cache_behavior": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
Set: cacheBehaviorHash,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"allowed_methods": &schema.Schema{
|
||||
Type: schema.TypeList,
|
||||
Required: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
},
|
||||
"cached_methods": &schema.Schema{
|
||||
Type: schema.TypeList,
|
||||
Required: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
},
|
||||
"compress": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
Default: false,
|
||||
},
|
||||
"default_ttl": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Required: true,
|
||||
},
|
||||
"forwarded_values": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Required: true,
|
||||
Set: forwardedValuesHash,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"cookies": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
Set: cookiePreferenceHash,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"forward": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"whitelisted_names": &schema.Schema{
|
||||
Type: schema.TypeList,
|
||||
Optional: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"headers": &schema.Schema{
|
||||
Type: schema.TypeList,
|
||||
Optional: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
},
|
||||
"query_string": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Required: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"max_ttl": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Required: true,
|
||||
},
|
||||
"min_ttl": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Required: true,
|
||||
},
|
||||
"path_pattern": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"smooth_streaming": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
},
|
||||
"target_origin_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"trusted_signers": &schema.Schema{
|
||||
Type: schema.TypeList,
|
||||
Optional: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
},
|
||||
"viewer_protocol_policy": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"comment": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
},
|
||||
"custom_error_response": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
Set: customErrorResponseHash,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"error_caching_min_ttl": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Optional: true,
|
||||
},
|
||||
"error_code": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Required: true,
|
||||
},
|
||||
"response_code": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Optional: true,
|
||||
},
|
||||
"response_page_path": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"default_cache_behavior": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Required: true,
|
||||
Set: defaultCacheBehaviorHash,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"allowed_methods": &schema.Schema{
|
||||
Type: schema.TypeList,
|
||||
Required: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
},
|
||||
"cached_methods": &schema.Schema{
|
||||
Type: schema.TypeList,
|
||||
Required: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
},
|
||||
"compress": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
Default: false,
|
||||
},
|
||||
"default_ttl": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Required: true,
|
||||
},
|
||||
"forwarded_values": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Required: true,
|
||||
Set: forwardedValuesHash,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"cookies": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
Set: cookiePreferenceHash,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"forward": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"whitelisted_names": &schema.Schema{
|
||||
Type: schema.TypeList,
|
||||
Optional: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"headers": &schema.Schema{
|
||||
Type: schema.TypeList,
|
||||
Optional: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
},
|
||||
"query_string": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Required: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"max_ttl": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Required: true,
|
||||
},
|
||||
"min_ttl": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Required: true,
|
||||
},
|
||||
"smooth_streaming": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
},
|
||||
"target_origin_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"trusted_signers": &schema.Schema{
|
||||
Type: schema.TypeList,
|
||||
Optional: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
},
|
||||
"viewer_protocol_policy": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"default_root_object": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
},
|
||||
"enabled": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Required: true,
|
||||
},
|
||||
"logging_config": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
Set: loggingConfigHash,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"bucket": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"include_cookies": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
Default: false,
|
||||
},
|
||||
"prefix": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"origin": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Required: true,
|
||||
Set: originHash,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"custom_origin_config": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
ConflictsWith: []string{"origin.s3_origin_config"},
|
||||
Set: customOriginConfigHash,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"http_port": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Required: true,
|
||||
},
|
||||
"https_port": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Required: true,
|
||||
},
|
||||
"origin_protocol_policy": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"origin_ssl_protocols": &schema.Schema{
|
||||
Type: schema.TypeList,
|
||||
Required: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"domain_name": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"custom_header": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
Set: originCustomHeaderHash,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"name": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"value": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"origin_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
"origin_path": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
},
|
||||
"s3_origin_config": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
ConflictsWith: []string{"origin.custom_origin_config"},
|
||||
Set: s3OriginConfigHash,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"origin_access_identity": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"price_class": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "PriceClass_All",
|
||||
},
|
||||
"restrictions": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Required: true,
|
||||
Set: restrictionsHash,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"geo_restriction": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Required: true,
|
||||
Set: geoRestrictionHash,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"locations": &schema.Schema{
|
||||
Type: schema.TypeList,
|
||||
Optional: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
},
|
||||
"restriction_type": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"viewer_certificate": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Required: true,
|
||||
Set: viewerCertificateHash,
|
||||
MaxItems: 1,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"acm_certificate_arn": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ConflictsWith: []string{"viewer_certificate.cloudfront_default_certificate", "viewer_certificate.iam_certificate_id"},
|
||||
},
|
||||
"cloudfront_default_certificate": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
ConflictsWith: []string{"viewer_certificate.acm_certificate_arn", "viewer_certificate.iam_certificate_id"},
|
||||
},
|
||||
"iam_certificate_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ConflictsWith: []string{"viewer_certificate.acm_certificate_arn", "viewer_certificate.cloudfront_default_certificate"},
|
||||
},
|
||||
"minimum_protocol_version": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "SSLv3",
|
||||
},
|
||||
"ssl_support_method": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"web_acl_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
},
|
||||
"caller_reference": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
"status": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
"active_trusted_signers": &schema.Schema{
|
||||
Type: schema.TypeMap,
|
||||
Computed: true,
|
||||
},
|
||||
"domain_name": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
"last_modified_time": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
"in_progress_validation_batches": &schema.Schema{
|
||||
Type: schema.TypeInt,
|
||||
Computed: true,
|
||||
},
|
||||
"etag": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
// retain_on_delete is a non-API attribute that may help facilitate speedy
|
||||
// deletion of a resoruce. It's mainly here for testing purposes, so
|
||||
// enable at your own risk.
|
||||
"retain_on_delete": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
Default: false,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func resourceAwsCloudFrontDistributionCreate(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).cloudfrontconn
|
||||
params := &cloudfront.CreateDistributionInput{
|
||||
DistributionConfig: expandDistributionConfig(d),
|
||||
}
|
||||
|
||||
resp, err := conn.CreateDistribution(params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
d.SetId(*resp.Distribution.Id)
|
||||
return resourceAwsCloudFrontDistributionRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceAwsCloudFrontDistributionRead(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).cloudfrontconn
|
||||
params := &cloudfront.GetDistributionInput{
|
||||
Id: aws.String(d.Id()),
|
||||
}
|
||||
|
||||
resp, err := conn.GetDistribution(params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Update attributes from DistributionConfig
|
||||
flattenDistributionConfig(d, resp.Distribution.DistributionConfig)
|
||||
// Update other attributes outside of DistributionConfig
|
||||
d.SetId(*resp.Distribution.Id)
|
||||
d.Set("active_trusted_signers", flattenActiveTrustedSigners(resp.Distribution.ActiveTrustedSigners))
|
||||
d.Set("status", *resp.Distribution.Status)
|
||||
d.Set("domain_name", *resp.Distribution.DomainName)
|
||||
d.Set("last_modified_time", aws.String(resp.Distribution.LastModifiedTime.String()))
|
||||
d.Set("in_progress_validation_batches", *resp.Distribution.InProgressInvalidationBatches)
|
||||
d.Set("etag", *resp.ETag)
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceAwsCloudFrontDistributionUpdate(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).cloudfrontconn
|
||||
params := &cloudfront.UpdateDistributionInput{
|
||||
Id: aws.String(d.Id()),
|
||||
DistributionConfig: expandDistributionConfig(d),
|
||||
IfMatch: aws.String(d.Get("etag").(string)),
|
||||
}
|
||||
_, err := conn.UpdateDistribution(params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return resourceAwsCloudFrontDistributionRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceAwsCloudFrontDistributionDelete(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).cloudfrontconn
|
||||
|
||||
// manually disable the distribution first
|
||||
d.Set("enabled", false)
|
||||
err := resourceAwsCloudFrontDistributionUpdate(d, meta)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// skip delete if retain_on_delete is enabled
|
||||
if d.Get("retain_on_delete").(bool) {
|
||||
log.Printf("[WARN] Removing Distribtuion ID %s with retain_on_delete set. Please delete this distribution manually.", d.Id())
|
||||
d.SetId("")
|
||||
return nil
|
||||
}
|
||||
|
||||
// Distribution needs to be in deployed state again before it can be deleted.
|
||||
resourceAwsCloudFrontDistributionWaitUntilDeployed(d.Id(), meta)
|
||||
|
||||
// now delete
|
||||
params := &cloudfront.DeleteDistributionInput{
|
||||
Id: aws.String(d.Id()),
|
||||
IfMatch: aws.String(d.Get("etag").(string)),
|
||||
}
|
||||
|
||||
_, err = conn.DeleteDistribution(params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Done
|
||||
d.SetId("")
|
||||
return nil
|
||||
}
|
||||
|
||||
// resourceAwsCloudFrontWebDistributionWaitUntilDeployed blocks until the
|
||||
// distribution is deployed. It currently takes exactly 15 minutes to deploy
|
||||
// but that might change in the future.
|
||||
func resourceAwsCloudFrontDistributionWaitUntilDeployed(id string, meta interface{}) error {
|
||||
stateConf := &resource.StateChangeConf{
|
||||
Pending: []string{"InProgress", "Deployed"},
|
||||
Target: []string{"Deployed"},
|
||||
Refresh: resourceAwsCloudFrontWebDistributionStateRefreshFunc(id, meta),
|
||||
Timeout: 40 * time.Minute,
|
||||
MinTimeout: 15 * time.Second,
|
||||
Delay: 10 * time.Minute,
|
||||
}
|
||||
|
||||
_, err := stateConf.WaitForState()
|
||||
return err
|
||||
}
|
||||
|
||||
// The refresh function for resourceAwsCloudFrontWebDistributionWaitUntilDeployed.
|
||||
func resourceAwsCloudFrontWebDistributionStateRefreshFunc(id string, meta interface{}) resource.StateRefreshFunc {
|
||||
return func() (interface{}, string, error) {
|
||||
conn := meta.(*AWSClient).cloudfrontconn
|
||||
params := &cloudfront.GetDistributionInput{
|
||||
Id: aws.String(id),
|
||||
}
|
||||
|
||||
resp, err := conn.GetDistribution(params)
|
||||
if err != nil {
|
||||
log.Printf("Error on retrieving CloudFront distribution when waiting: %s", err)
|
||||
return nil, "", err
|
||||
}
|
||||
|
||||
if resp == nil {
|
||||
return nil, "", nil
|
||||
}
|
||||
|
||||
return resp.Distribution, *resp.Distribution.Status, nil
|
||||
}
|
||||
}
|
|
@ -0,0 +1,388 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"math/rand"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/service/cloudfront"
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/terraform"
|
||||
)
|
||||
|
||||
func TestAccAWSCloudFrontDistribution_S3Origin(t *testing.T) {
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckCloudFrontDistributionDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccAWSCloudFrontDistributionS3Config,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckCloudFrontDistributionExistence(
|
||||
"aws_cloudfront_distribution.s3_distribution",
|
||||
),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccAWSCloudFrontDistribution_customOrigin(t *testing.T) {
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckCloudFrontDistributionDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccAWSCloudFrontDistributionCustomConfig,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckCloudFrontDistributionExistence(
|
||||
"aws_cloudfront_distribution.custom_distribution",
|
||||
),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccAWSCloudFrontDistribution_multiOrigin(t *testing.T) {
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckCloudFrontDistributionDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccAWSCloudFrontDistributionMultiOriginConfig,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckCloudFrontDistributionExistence(
|
||||
"aws_cloudfront_distribution.multi_origin_distribution",
|
||||
),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccAWSCloudFrontDistribution_noOptionalItemsConfig(t *testing.T) {
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckCloudFrontDistributionDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccAWSCloudFrontDistributionNoOptionalItemsConfig,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckCloudFrontDistributionExistence(
|
||||
"aws_cloudfront_distribution.no_optional_items",
|
||||
),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccCheckCloudFrontDistributionDestroy(s *terraform.State) error {
|
||||
for k, rs := range s.RootModule().Resources {
|
||||
if rs.Type != "aws_cloudfront_distribution" {
|
||||
continue
|
||||
}
|
||||
dist, _ := testAccAuxCloudFrontGetDistributionConfig(s, k)
|
||||
|
||||
if *dist.DistributionConfig.Enabled != false {
|
||||
return fmt.Errorf("CloudFront distribution should be disabled")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func testAccCheckCloudFrontDistributionExistence(cloudFrontResource string) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
_, err := testAccAuxCloudFrontGetDistributionConfig(s, cloudFrontResource)
|
||||
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
func testAccAuxCloudFrontGetDistributionConfig(s *terraform.State, cloudFrontResource string) (*cloudfront.Distribution, error) {
|
||||
cf, ok := s.RootModule().Resources[cloudFrontResource]
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("Not found: %s", cloudFrontResource)
|
||||
}
|
||||
|
||||
if cf.Primary.ID == "" {
|
||||
return nil, fmt.Errorf("No Id is set")
|
||||
}
|
||||
|
||||
cloudfrontconn := testAccProvider.Meta().(*AWSClient).cloudfrontconn
|
||||
|
||||
req := &cloudfront.GetDistributionInput{
|
||||
Id: aws.String(cf.Primary.ID),
|
||||
}
|
||||
|
||||
res, err := cloudfrontconn.GetDistribution(req)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Error retrieving CloudFront distribution: %s", err)
|
||||
}
|
||||
|
||||
return res.Distribution, nil
|
||||
}
|
||||
|
||||
var testAccAWSCloudFrontDistributionS3Config = fmt.Sprintf(`
|
||||
variable rand_id {
|
||||
default = %d
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket" "s3_bucket" {
|
||||
bucket = "mybucket.${var.rand_id}.s3.amazonaws.com"
|
||||
acl = "public-read"
|
||||
}
|
||||
|
||||
resource "aws_cloudfront_distribution" "s3_distribution" {
|
||||
origin {
|
||||
domain_name = "${aws_s3_bucket.s3_bucket.id}"
|
||||
origin_id = "myS3Origin"
|
||||
s3_origin_config {}
|
||||
}
|
||||
enabled = true
|
||||
default_root_object = "index.html"
|
||||
logging_config {
|
||||
include_cookies = false
|
||||
bucket = "mylogs.${var.rand_id}.s3.amazonaws.com"
|
||||
prefix = "myprefix"
|
||||
}
|
||||
aliases = [ "mysite.${var.rand_id}.example.com", "yoursite.${var.rand_id}.example.com" ]
|
||||
default_cache_behavior {
|
||||
allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ]
|
||||
cached_methods = [ "GET", "HEAD" ]
|
||||
target_origin_id = "myS3Origin"
|
||||
forwarded_values {
|
||||
query_string = false
|
||||
cookies {
|
||||
forward = "none"
|
||||
}
|
||||
}
|
||||
viewer_protocol_policy = "allow-all"
|
||||
min_ttl = 0
|
||||
default_ttl = 3600
|
||||
max_ttl = 86400
|
||||
}
|
||||
price_class = "PriceClass_200"
|
||||
restrictions {
|
||||
geo_restriction {
|
||||
restriction_type = "whitelist"
|
||||
locations = [ "US", "CA", "GB", "DE" ]
|
||||
}
|
||||
}
|
||||
viewer_certificate {
|
||||
cloudfront_default_certificate = true
|
||||
}
|
||||
retain_on_delete = true
|
||||
}
|
||||
`, rand.New(rand.NewSource(time.Now().UnixNano())).Int())
|
||||
|
||||
var testAccAWSCloudFrontDistributionCustomConfig = fmt.Sprintf(`
|
||||
variable rand_id {
|
||||
default = %d
|
||||
}
|
||||
|
||||
resource "aws_cloudfront_distribution" "custom_distribution" {
|
||||
origin {
|
||||
domain_name = "www.example.com"
|
||||
origin_id = "myCustomOrigin"
|
||||
custom_origin_config {
|
||||
http_port = 80
|
||||
https_port = 443
|
||||
origin_protocol_policy = "http-only"
|
||||
origin_ssl_protocols = [ "SSLv3", "TLSv1" ]
|
||||
}
|
||||
}
|
||||
enabled = true
|
||||
comment = "Some comment"
|
||||
default_root_object = "index.html"
|
||||
logging_config {
|
||||
include_cookies = false
|
||||
bucket = "mylogs.${var.rand_id}.s3.amazonaws.com"
|
||||
prefix = "myprefix"
|
||||
}
|
||||
aliases = [ "mysite.${var.rand_id}.example.com", "*.yoursite.${var.rand_id}.example.com" ]
|
||||
default_cache_behavior {
|
||||
allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ]
|
||||
cached_methods = [ "GET", "HEAD" ]
|
||||
target_origin_id = "myCustomOrigin"
|
||||
smooth_streaming = false
|
||||
forwarded_values {
|
||||
query_string = false
|
||||
cookies {
|
||||
forward = "all"
|
||||
}
|
||||
}
|
||||
viewer_protocol_policy = "allow-all"
|
||||
min_ttl = 0
|
||||
default_ttl = 3600
|
||||
max_ttl = 86400
|
||||
}
|
||||
price_class = "PriceClass_200"
|
||||
restrictions {
|
||||
geo_restriction {
|
||||
restriction_type = "whitelist"
|
||||
locations = [ "US", "CA", "GB", "DE" ]
|
||||
}
|
||||
}
|
||||
viewer_certificate {
|
||||
cloudfront_default_certificate = true
|
||||
}
|
||||
retain_on_delete = true
|
||||
}
|
||||
`, rand.New(rand.NewSource(time.Now().UnixNano())).Int())
|
||||
|
||||
var testAccAWSCloudFrontDistributionMultiOriginConfig = fmt.Sprintf(`
|
||||
variable rand_id {
|
||||
default = %d
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket" "s3_bucket" {
|
||||
bucket = "mybucket.${var.rand_id}.s3.amazonaws.com"
|
||||
acl = "public-read"
|
||||
}
|
||||
|
||||
resource "aws_cloudfront_distribution" "multi_origin_distribution" {
|
||||
origin {
|
||||
domain_name = "${aws_s3_bucket.s3_bucket.id}"
|
||||
origin_id = "myS3Origin"
|
||||
s3_origin_config {}
|
||||
}
|
||||
origin {
|
||||
domain_name = "www.example.com"
|
||||
origin_id = "myCustomOrigin"
|
||||
custom_origin_config {
|
||||
http_port = 80
|
||||
https_port = 443
|
||||
origin_protocol_policy = "http-only"
|
||||
origin_ssl_protocols = [ "SSLv3", "TLSv1" ]
|
||||
}
|
||||
}
|
||||
enabled = true
|
||||
comment = "Some comment"
|
||||
default_root_object = "index.html"
|
||||
logging_config {
|
||||
include_cookies = false
|
||||
bucket = "mylogs.${var.rand_id}.s3.amazonaws.com"
|
||||
prefix = "myprefix"
|
||||
}
|
||||
aliases = [ "mysite.${var.rand_id}.example.com", "*.yoursite.${var.rand_id}.example.com" ]
|
||||
default_cache_behavior {
|
||||
allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ]
|
||||
cached_methods = [ "GET", "HEAD" ]
|
||||
target_origin_id = "myS3Origin"
|
||||
smooth_streaming = true
|
||||
forwarded_values {
|
||||
query_string = false
|
||||
cookies {
|
||||
forward = "all"
|
||||
}
|
||||
}
|
||||
min_ttl = 100
|
||||
default_ttl = 100
|
||||
max_ttl = 100
|
||||
viewer_protocol_policy = "allow-all"
|
||||
}
|
||||
cache_behavior {
|
||||
allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ]
|
||||
cached_methods = [ "GET", "HEAD" ]
|
||||
target_origin_id = "myS3Origin"
|
||||
forwarded_values {
|
||||
query_string = true
|
||||
cookies {
|
||||
forward = "none"
|
||||
}
|
||||
}
|
||||
min_ttl = 50
|
||||
default_ttl = 50
|
||||
max_ttl = 50
|
||||
viewer_protocol_policy = "allow-all"
|
||||
path_pattern = "images1/*.jpg"
|
||||
}
|
||||
cache_behavior {
|
||||
allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ]
|
||||
cached_methods = [ "GET", "HEAD" ]
|
||||
target_origin_id = "myCustomOrigin"
|
||||
forwarded_values {
|
||||
query_string = true
|
||||
cookies {
|
||||
forward = "none"
|
||||
}
|
||||
}
|
||||
min_ttl = 50
|
||||
default_ttl = 50
|
||||
max_ttl = 50
|
||||
viewer_protocol_policy = "allow-all"
|
||||
path_pattern = "images2/*.jpg"
|
||||
}
|
||||
price_class = "PriceClass_All"
|
||||
custom_error_response {
|
||||
error_code = 404
|
||||
response_page_path = "/error-pages/404.html"
|
||||
response_code = 200
|
||||
error_caching_min_ttl = 30
|
||||
}
|
||||
restrictions {
|
||||
geo_restriction {
|
||||
restriction_type = "none"
|
||||
}
|
||||
}
|
||||
viewer_certificate {
|
||||
cloudfront_default_certificate = true
|
||||
}
|
||||
retain_on_delete = true
|
||||
}
|
||||
`, rand.New(rand.NewSource(time.Now().UnixNano())).Int())
|
||||
|
||||
var testAccAWSCloudFrontDistributionNoOptionalItemsConfig = fmt.Sprintf(`
|
||||
variable rand_id {
|
||||
default = %d
|
||||
}
|
||||
|
||||
resource "aws_cloudfront_distribution" "no_optional_items" {
|
||||
origin {
|
||||
domain_name = "www.example.com"
|
||||
origin_id = "myCustomOrigin"
|
||||
custom_origin_config {
|
||||
http_port = 80
|
||||
https_port = 443
|
||||
origin_protocol_policy = "http-only"
|
||||
origin_ssl_protocols = [ "SSLv3", "TLSv1" ]
|
||||
}
|
||||
}
|
||||
enabled = true
|
||||
comment = "Some comment"
|
||||
default_cache_behavior {
|
||||
allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ]
|
||||
cached_methods = [ "GET", "HEAD" ]
|
||||
target_origin_id = "myCustomOrigin"
|
||||
smooth_streaming = false
|
||||
forwarded_values {
|
||||
query_string = false
|
||||
cookies {
|
||||
forward = "all"
|
||||
}
|
||||
}
|
||||
viewer_protocol_policy = "allow-all"
|
||||
min_ttl = 0
|
||||
default_ttl = 3600
|
||||
max_ttl = 86400
|
||||
}
|
||||
restrictions {
|
||||
geo_restriction {
|
||||
restriction_type = "whitelist"
|
||||
locations = [ "US", "CA", "GB", "DE" ]
|
||||
}
|
||||
}
|
||||
viewer_certificate {
|
||||
cloudfront_default_certificate = true
|
||||
}
|
||||
retain_on_delete = true
|
||||
}
|
||||
`, rand.New(rand.NewSource(time.Now().UnixNano())).Int())
|
|
@ -0,0 +1,130 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/service/cloudfront"
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
)
|
||||
|
||||
func resourceAwsCloudFrontOriginAccessIdentity() *schema.Resource {
|
||||
return &schema.Resource{
|
||||
Create: resourceAwsCloudFrontOriginAccessIdentityCreate,
|
||||
Read: resourceAwsCloudFrontOriginAccessIdentityRead,
|
||||
Update: resourceAwsCloudFrontOriginAccessIdentityUpdate,
|
||||
Delete: resourceAwsCloudFrontOriginAccessIdentityDelete,
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
"comment": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "",
|
||||
},
|
||||
"caller_reference": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
"cloudfront_access_identity_path": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
"etag": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
"s3_canonical_user_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func resourceAwsCloudFrontOriginAccessIdentityCreate(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).cloudfrontconn
|
||||
params := &cloudfront.CreateCloudFrontOriginAccessIdentityInput{
|
||||
CloudFrontOriginAccessIdentityConfig: expandOriginAccessIdentityConfig(d),
|
||||
}
|
||||
|
||||
resp, err := conn.CreateCloudFrontOriginAccessIdentity(params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
d.SetId(*resp.CloudFrontOriginAccessIdentity.Id)
|
||||
return resourceAwsCloudFrontOriginAccessIdentityRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceAwsCloudFrontOriginAccessIdentityRead(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).cloudfrontconn
|
||||
params := &cloudfront.GetCloudFrontOriginAccessIdentityInput{
|
||||
Id: aws.String(d.Id()),
|
||||
}
|
||||
|
||||
resp, err := conn.GetCloudFrontOriginAccessIdentity(params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Update attributes from DistributionConfig
|
||||
flattenOriginAccessIdentityConfig(d, resp.CloudFrontOriginAccessIdentity.CloudFrontOriginAccessIdentityConfig)
|
||||
// Update other attributes outside of DistributionConfig
|
||||
d.SetId(*resp.CloudFrontOriginAccessIdentity.Id)
|
||||
d.Set("etag", *resp.ETag)
|
||||
d.Set("s3_canonical_user_id", *resp.CloudFrontOriginAccessIdentity.S3CanonicalUserId)
|
||||
d.Set("cloudfront_access_identity_path", fmt.Sprintf("origin-access-identity/cloudfront/%s", *resp.CloudFrontOriginAccessIdentity.Id))
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceAwsCloudFrontOriginAccessIdentityUpdate(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).cloudfrontconn
|
||||
params := &cloudfront.UpdateCloudFrontOriginAccessIdentityInput{
|
||||
Id: aws.String(d.Id()),
|
||||
CloudFrontOriginAccessIdentityConfig: expandOriginAccessIdentityConfig(d),
|
||||
IfMatch: aws.String(d.Get("etag").(string)),
|
||||
}
|
||||
_, err := conn.UpdateCloudFrontOriginAccessIdentity(params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return resourceAwsCloudFrontOriginAccessIdentityRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceAwsCloudFrontOriginAccessIdentityDelete(d *schema.ResourceData, meta interface{}) error {
|
||||
conn := meta.(*AWSClient).cloudfrontconn
|
||||
params := &cloudfront.DeleteCloudFrontOriginAccessIdentityInput{
|
||||
Id: aws.String(d.Id()),
|
||||
IfMatch: aws.String(d.Get("etag").(string)),
|
||||
}
|
||||
|
||||
_, err := conn.DeleteCloudFrontOriginAccessIdentity(params)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Done
|
||||
d.SetId("")
|
||||
return nil
|
||||
}
|
||||
|
||||
func expandOriginAccessIdentityConfig(d *schema.ResourceData) *cloudfront.OriginAccessIdentityConfig {
|
||||
originAccessIdentityConfig := &cloudfront.OriginAccessIdentityConfig{
|
||||
Comment: aws.String(d.Get("comment").(string)),
|
||||
}
|
||||
// This sets CallerReference if it's still pending computation (ie: new resource)
|
||||
if v, ok := d.GetOk("caller_reference"); ok == false {
|
||||
originAccessIdentityConfig.CallerReference = aws.String(time.Now().Format(time.RFC3339Nano))
|
||||
} else {
|
||||
originAccessIdentityConfig.CallerReference = aws.String(v.(string))
|
||||
}
|
||||
return originAccessIdentityConfig
|
||||
}
|
||||
|
||||
func flattenOriginAccessIdentityConfig(d *schema.ResourceData, originAccessIdentityConfig *cloudfront.OriginAccessIdentityConfig) {
|
||||
if originAccessIdentityConfig.Comment != nil {
|
||||
d.Set("comment", *originAccessIdentityConfig.Comment)
|
||||
}
|
||||
d.Set("caller_reference", *originAccessIdentityConfig.CallerReference)
|
||||
}
|
|
@ -0,0 +1,119 @@
|
|||
package aws
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"regexp"
|
||||
"testing"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/service/cloudfront"
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/terraform"
|
||||
)
|
||||
|
||||
func TestAccAWSCloudFrontOriginAccessIdentity_basic(t *testing.T) {
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckCloudFrontOriginAccessIdentityDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccAWSCloudFrontOriginAccessIdentityConfig,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckCloudFrontOriginAccessIdentityExistence("aws_cloudfront_origin_access_identity.origin_access_identity"),
|
||||
resource.TestCheckResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity", "comment", "some comment"),
|
||||
resource.TestMatchResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity",
|
||||
"caller_reference",
|
||||
regexp.MustCompile("^20[0-9]{2}.*")),
|
||||
resource.TestMatchResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity",
|
||||
"s3_canonical_user_id",
|
||||
regexp.MustCompile("^[a-z0-9]+")),
|
||||
resource.TestMatchResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity",
|
||||
"cloudfront_access_identity_path",
|
||||
regexp.MustCompile("^origin-access-identity/cloudfront/[A-Z0-9]+")),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccAWSCloudFrontOriginAccessIdentity_noComment(t *testing.T) {
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckCloudFrontOriginAccessIdentityDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccAWSCloudFrontOriginAccessIdentityNoCommentConfig,
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckCloudFrontOriginAccessIdentityExistence("aws_cloudfront_origin_access_identity.origin_access_identity"),
|
||||
resource.TestMatchResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity",
|
||||
"caller_reference",
|
||||
regexp.MustCompile("^20[0-9]{2}.*")),
|
||||
resource.TestMatchResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity",
|
||||
"s3_canonical_user_id",
|
||||
regexp.MustCompile("^[a-z0-9]+")),
|
||||
resource.TestMatchResourceAttr("aws_cloudfront_origin_access_identity.origin_access_identity",
|
||||
"cloudfront_access_identity_path",
|
||||
regexp.MustCompile("^origin-access-identity/cloudfront/[A-Z0-9]+")),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccCheckCloudFrontOriginAccessIdentityDestroy(s *terraform.State) error {
|
||||
conn := testAccProvider.Meta().(*AWSClient).cloudfrontconn
|
||||
|
||||
for _, rs := range s.RootModule().Resources {
|
||||
if rs.Type != "aws_cloudfront_origin_access_identity" {
|
||||
continue
|
||||
}
|
||||
|
||||
params := &cloudfront.GetCloudFrontOriginAccessIdentityInput{
|
||||
Id: aws.String(rs.Primary.ID),
|
||||
}
|
||||
|
||||
_, err := conn.GetCloudFrontOriginAccessIdentity(params)
|
||||
if err == nil {
|
||||
return fmt.Errorf("CloudFront origin access identity was not deleted")
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func testAccCheckCloudFrontOriginAccessIdentityExistence(r string) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
rs, ok := s.RootModule().Resources[r]
|
||||
if !ok {
|
||||
return fmt.Errorf("Not found: %s", r)
|
||||
}
|
||||
if rs.Primary.ID == "" {
|
||||
return fmt.Errorf("No Id is set")
|
||||
}
|
||||
|
||||
conn := testAccProvider.Meta().(*AWSClient).cloudfrontconn
|
||||
|
||||
params := &cloudfront.GetCloudFrontOriginAccessIdentityInput{
|
||||
Id: aws.String(rs.Primary.ID),
|
||||
}
|
||||
|
||||
_, err := conn.GetCloudFrontOriginAccessIdentity(params)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error retrieving CloudFront distribution: %s", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
const testAccAWSCloudFrontOriginAccessIdentityConfig = `
|
||||
resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
|
||||
comment = "some comment"
|
||||
}
|
||||
`
|
||||
|
||||
const testAccAWSCloudFrontOriginAccessIdentityNoCommentConfig = `
|
||||
resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
|
||||
}
|
||||
`
|
|
@ -1077,3 +1077,23 @@ func flattenBeanstalkTrigger(list []*elasticbeanstalk.Trigger) []string {
|
|||
}
|
||||
return strs
|
||||
}
|
||||
|
||||
// There are several parts of the AWS API that will sort lists of strings,
|
||||
// causing diffs inbetweeen resources that use lists. This avoids a bit of
|
||||
// code duplication for pre-sorts that can be used for things like hash
|
||||
// functions, etc.
|
||||
func sortInterfaceSlice(in []interface{}) []interface{} {
|
||||
a := []string{}
|
||||
b := []interface{}{}
|
||||
for _, v := range in {
|
||||
a = append(a, v.(string))
|
||||
}
|
||||
|
||||
sort.Strings(a)
|
||||
|
||||
for _, v := range a {
|
||||
b = append(b, v)
|
||||
}
|
||||
|
||||
return b
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,86 @@
|
|||
// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
|
||||
|
||||
package cloudfront
|
||||
|
||||
import (
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
"github.com/aws/aws-sdk-go/aws/client"
|
||||
"github.com/aws/aws-sdk-go/aws/client/metadata"
|
||||
"github.com/aws/aws-sdk-go/aws/request"
|
||||
"github.com/aws/aws-sdk-go/private/protocol/restxml"
|
||||
"github.com/aws/aws-sdk-go/private/signer/v4"
|
||||
)
|
||||
|
||||
// CloudFront is a client for CloudFront.
|
||||
//The service client's operations are safe to be used concurrently.
|
||||
// It is not safe to mutate any of the client's properties though.
|
||||
type CloudFront struct {
|
||||
*client.Client
|
||||
}
|
||||
|
||||
// Used for custom client initialization logic
|
||||
var initClient func(*client.Client)
|
||||
|
||||
// Used for custom request initialization logic
|
||||
var initRequest func(*request.Request)
|
||||
|
||||
// A ServiceName is the name of the service the client will make API calls to.
|
||||
const ServiceName = "cloudfront"
|
||||
|
||||
// New creates a new instance of the CloudFront client with a session.
|
||||
// If additional configuration is needed for the client instance use the optional
|
||||
// aws.Config parameter to add your extra config.
|
||||
//
|
||||
// Example:
|
||||
// // Create a CloudFront client from just a session.
|
||||
// svc := cloudfront.New(mySession)
|
||||
//
|
||||
// // Create a CloudFront client with additional configuration
|
||||
// svc := cloudfront.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
|
||||
func New(p client.ConfigProvider, cfgs ...*aws.Config) *CloudFront {
|
||||
c := p.ClientConfig(ServiceName, cfgs...)
|
||||
return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion)
|
||||
}
|
||||
|
||||
// newClient creates, initializes and returns a new service client instance.
|
||||
func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion string) *CloudFront {
|
||||
svc := &CloudFront{
|
||||
Client: client.New(
|
||||
cfg,
|
||||
metadata.ClientInfo{
|
||||
ServiceName: ServiceName,
|
||||
SigningRegion: signingRegion,
|
||||
Endpoint: endpoint,
|
||||
APIVersion: "2016-01-28",
|
||||
},
|
||||
handlers,
|
||||
),
|
||||
}
|
||||
|
||||
// Handlers
|
||||
svc.Handlers.Sign.PushBack(v4.Sign)
|
||||
svc.Handlers.Build.PushBackNamed(restxml.BuildHandler)
|
||||
svc.Handlers.Unmarshal.PushBackNamed(restxml.UnmarshalHandler)
|
||||
svc.Handlers.UnmarshalMeta.PushBackNamed(restxml.UnmarshalMetaHandler)
|
||||
svc.Handlers.UnmarshalError.PushBackNamed(restxml.UnmarshalErrorHandler)
|
||||
|
||||
// Run custom client initialization if present
|
||||
if initClient != nil {
|
||||
initClient(svc.Client)
|
||||
}
|
||||
|
||||
return svc
|
||||
}
|
||||
|
||||
// newRequest creates a new request for a CloudFront operation and runs any
|
||||
// custom request initialization.
|
||||
func (c *CloudFront) newRequest(op *request.Operation, params, data interface{}) *request.Request {
|
||||
req := c.NewRequest(op, params, data)
|
||||
|
||||
// Run custom request initialization if present
|
||||
if initRequest != nil {
|
||||
initRequest(req)
|
||||
}
|
||||
|
||||
return req
|
||||
}
|
|
@ -0,0 +1,76 @@
|
|||
// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
|
||||
|
||||
package cloudfront
|
||||
|
||||
import (
|
||||
"github.com/aws/aws-sdk-go/private/waiter"
|
||||
)
|
||||
|
||||
func (c *CloudFront) WaitUntilDistributionDeployed(input *GetDistributionInput) error {
|
||||
waiterCfg := waiter.Config{
|
||||
Operation: "GetDistribution",
|
||||
Delay: 60,
|
||||
MaxAttempts: 25,
|
||||
Acceptors: []waiter.WaitAcceptor{
|
||||
{
|
||||
State: "success",
|
||||
Matcher: "path",
|
||||
Argument: "Distribution.Status",
|
||||
Expected: "Deployed",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
w := waiter.Waiter{
|
||||
Client: c,
|
||||
Input: input,
|
||||
Config: waiterCfg,
|
||||
}
|
||||
return w.Wait()
|
||||
}
|
||||
|
||||
func (c *CloudFront) WaitUntilInvalidationCompleted(input *GetInvalidationInput) error {
|
||||
waiterCfg := waiter.Config{
|
||||
Operation: "GetInvalidation",
|
||||
Delay: 20,
|
||||
MaxAttempts: 30,
|
||||
Acceptors: []waiter.WaitAcceptor{
|
||||
{
|
||||
State: "success",
|
||||
Matcher: "path",
|
||||
Argument: "Invalidation.Status",
|
||||
Expected: "Completed",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
w := waiter.Waiter{
|
||||
Client: c,
|
||||
Input: input,
|
||||
Config: waiterCfg,
|
||||
}
|
||||
return w.Wait()
|
||||
}
|
||||
|
||||
func (c *CloudFront) WaitUntilStreamingDistributionDeployed(input *GetStreamingDistributionInput) error {
|
||||
waiterCfg := waiter.Config{
|
||||
Operation: "GetStreamingDistribution",
|
||||
Delay: 60,
|
||||
MaxAttempts: 25,
|
||||
Acceptors: []waiter.WaitAcceptor{
|
||||
{
|
||||
State: "success",
|
||||
Matcher: "path",
|
||||
Argument: "StreamingDistribution.Status",
|
||||
Expected: "Deployed",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
w := waiter.Waiter{
|
||||
Client: c,
|
||||
Input: input,
|
||||
Config: waiterCfg,
|
||||
}
|
||||
return w.Wait()
|
||||
}
|
|
@ -0,0 +1,197 @@
|
|||
---
|
||||
layout: "aws"
|
||||
page_title: "AWS: cloudfront_distribution"
|
||||
sidebar_current: "docs-aws-resource-cloudfront-distribution"
|
||||
description: |-
|
||||
Provides a CloudFront web distribution resource.
|
||||
---
|
||||
|
||||
# aws\_cloudfront\_distribution
|
||||
|
||||
Creates an Amazon CloudFront web distribution.
|
||||
|
||||
For information about CloudFront distributions, see the
|
||||
[Amazon CloudFront Developer Guide][1]. For specific information about creating
|
||||
CloudFront web distributions, see the [POST Distribution][2] page in the Amazon
|
||||
CloudFront API Reference.
|
||||
|
||||
~> **NOTE:** CloudFront distributions take about 15 minutes to a deployed state
|
||||
after creation or modification. During this time, deletes to resources will be
|
||||
blocked. If you need to delete a distribution that is enabled and you do not
|
||||
want to wait, you need to use the `retain_on_delete` flag.
|
||||
|
||||
## Example Usage
|
||||
|
||||
The following example below creates a CloudFront distribution with an S3 origin.
|
||||
|
||||
```
|
||||
resource "aws_cloudfront_distribution" "s3_distribution" {
|
||||
origin {
|
||||
domain_name = "mybucket.s3.amazonaws.com"
|
||||
origin_id = "myS3Origin"
|
||||
s3_origin_config {
|
||||
origin_access_identity = "origin-access-identity/cloudfront/ABCDEFG1234567"
|
||||
}
|
||||
}
|
||||
enabled = true
|
||||
comment = "Some comment"
|
||||
default_root_object = "index.html"
|
||||
logging_config {
|
||||
include_cookies = false
|
||||
bucket = "mylogs.s3.amazonaws.com"
|
||||
prefix = "myprefix"
|
||||
}
|
||||
aliases = [ "mysite.example.com", "yoursite.example.com" ]
|
||||
default_cache_behavior {
|
||||
allowed_methods = [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ]
|
||||
cached_methods = [ "GET", "HEAD" ]
|
||||
target_origin_id = "myS3Origin"
|
||||
forwarded_values {
|
||||
query_string = false
|
||||
cookies {
|
||||
forward = "none"
|
||||
}
|
||||
}
|
||||
viewer_protocol_policy = "allow-all"
|
||||
min_ttl = 0
|
||||
default_ttl = 3600
|
||||
max_ttl = 86400
|
||||
}
|
||||
price_class = "PriceClass_200"
|
||||
restrictions {
|
||||
geo_restriction {
|
||||
restriction_type = "whitelist"
|
||||
locations = [ "US", "CA", "GB", "DE" ]
|
||||
}
|
||||
}
|
||||
viewer_certificate {
|
||||
cloudfront_default_certificate = true
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Argument Reference
|
||||
|
||||
The CloudFront distribution argument layout is a complex structure composed
|
||||
of several sub-resources - these resources are laid out below.
|
||||
|
||||
### Top-Level Arguments
|
||||
|
||||
* `aliases` (Optional) - Extra CNAMEs (alternate domain names), if any, for this distribution.
|
||||
* `cache_behavior` (Optional) - A [cache behavior](#cache_behavior) resource for this distribution (multiples allowed).
|
||||
* `comment` (Optional) - Any comments you want to include about the distribution.
|
||||
* `custom_error_response` (Optional) - One or more [custom error response](#custom_error_response) elements (multiples allowed).
|
||||
* `default_cache_behavior` (Required) - The [default cache behavior](#default_cache_behavior) for this distribution (maximum one).
|
||||
* `default_root_object` (Optional) - The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
|
||||
* `enabled` (Required) - Whether the distribution is enabled to accept end user requests for content.
|
||||
* `logging_config` (Optional) - The [logging configuration](#logging_config) that controls how logs are written to your distribution (maximum one).
|
||||
* `origin` (Required) - One or more [origins](#origin) for this distribution (multiples allowed).
|
||||
* `price_class` (Optional) - The price class for this distribution.
|
||||
* `restrictions` (Required) - The [restriction configuration](#restrictions) for this distribution (maximum one).
|
||||
* `viewer_certificate` (Required) - The [SSL configuration](#viewer_certificate) for this distribution (maximum one).
|
||||
* `web_acl_id` (Optional) - If you're using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution.
|
||||
* `retain_on_delete` (Optional) - Disables the distribution instead of deleting it when destroying the resource through Terraform. If this is set, the distribution needs to be deleted manually afterwards. Default: `false`.
|
||||
|
||||
#### <a name="cache_behavior"> `cache_behavior` Arguments
|
||||
|
||||
* `allowed_methods` (Required) - Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
|
||||
* `cached_methods` (Required) - Controls whether CloudFront caches the response to requests using the specified HTTP methods.
|
||||
* `compress` (Optional) - Whether you want CloudFront to automatically compress content for web requests that include `Accept-Encoding: gzip` in the request header (default: `false`).
|
||||
* `default_ttl` (Required) - The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an `Cache-Control max-age` or `Expires` header.
|
||||
* `forwarded_values` (Required) - The [forwarded values configuration](#forwarded_values) that specifies how CloudFront handles query strings, cookies and headers (maximum one).
|
||||
* `max_ttl` (Required) - The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of `Cache-Control max-age`, `Cache-Control s-maxage`, and `Expires` headers.
|
||||
* `min_ttl` (Required) - The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.
|
||||
* `path_pattern` (Required) - The pattern (for example, `images/*.jpg)` that specifies which requests you want this cache behavior to apply to.
|
||||
* `smooth_streaming` (Optional) - Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
|
||||
* `target_origin_id` (Required) - The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
|
||||
* `trusted_signers` (Optional) - The AWS accounts, if any, that you want to allow to create signed URLs for private content.
|
||||
* `viewer_protocol_policy` (Required) - Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of `allow-all`, `https-only`, or `redirect-to-https`.
|
||||
|
||||
##### <a name="forwarded_values"> `forwarded_values` Arguments
|
||||
|
||||
* `cookies` (Optional) - The [forwarded values cookies](#cookies) that specifies how CloudFront handles cookies (maximum one).
|
||||
* `headers` (Optional) - Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify `*` to include all headers.
|
||||
* `query_string` (Required) - Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
|
||||
|
||||
##### <a name="cookies"> `cookies` Arguments
|
||||
|
||||
* `forward` (Required) - Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify `all`, `none` or `whitelist`.
|
||||
* `whitelisted_names` (Optional) - If you have specified `whitelist` to `forward`, the whitelisted cookies that you want CloudFront to forward to your origin.
|
||||
|
||||
#### <a name="custom_error_response"> `custom_error_response` Arguments
|
||||
|
||||
* `error_caching_min_ttl` (Optional) - The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.
|
||||
* `error_code` (Required) - The 4xx or 5xx HTTP status code that you want to customize.
|
||||
* `response_code` (Optional) - The HTTP status code that you want CloudFront to return with the custom error page to the viewer.
|
||||
* `response_page_path` (Optional) - The path of the custom error page (for example, `/custom_404.html`).
|
||||
|
||||
#### <a name="default_cache_behavior"> `default_cache_behavior` Arguments
|
||||
|
||||
The arguments for `default_cache_behavior` are the same as for
|
||||
[`cache_behavior`](#cache_behavior), except for the `path_pattern` argument is
|
||||
not required.
|
||||
|
||||
#### <a name="logging_config"> `logging_config` Arguments
|
||||
|
||||
* `bucket` (Required) - The Amazon S3 bucket to store the access logs in, for example, `myawslogbucket.s3.amazonaws.com`.
|
||||
* `include_cookies` (Optional) - Specifies whether you want CloudFront to include cookies in access logs (default: `false`).
|
||||
* `prefix` (Optional) - An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, `myprefix/`.
|
||||
|
||||
#### <a name="origin"> `origin` Arguments
|
||||
|
||||
* `custom_origin_config` - The [CloudFront custom origin](#custom_origin_config) configuration information. If an S3 origin is required, use `s3_origin_config` instead.
|
||||
* `domain_name` (Required) - The DNS domain name of either the S3 bucket, or web site of your custom origin.
|
||||
* `custom_header` (Optional) - One or more sub-resources with `name` and `value` parameters that specify header data that will be sent to the origin (multiples allowed).
|
||||
* `origin_id` (Required) - A unique identifier for the origin.
|
||||
* `origin_path` (Optional) - An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.
|
||||
* `s3_origin_config` - The [CloudFront S3 origin](#s3_origin_config) configuration information. If a custom origin is required, use `s3_origin_config` instead.
|
||||
|
||||
##### <a name="custom_origin_config"> `custom_origin_config` Arguments
|
||||
|
||||
* `http_port` (Required) - The HTTP port the custom origin listens on.
|
||||
* `https_port` (Required) - The HTTPS port the custom origin listens on.
|
||||
* `origin_protocol_policy` (Required) - The origin protocol policy to apply to your origin. One of `http-only`, `https-only`, or `match-viewer`.
|
||||
* `origin_ssl_protocols` (Required) - The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of `SSLv3`, `TLSv1`, `TLSv1.1`, and `TLSv1.2`.
|
||||
|
||||
##### <a name="s3_origin_config"> `s3_origin_config` Arguments
|
||||
|
||||
* `origin_access_identity` (Optional) - The [CloudFront origin access identity][5] to associate with the origin.
|
||||
|
||||
#### <a name="restrictions"> `restrictions` Arguments
|
||||
|
||||
The `restrictions` sub-resource takes another single sub-resource named
|
||||
`geo_restriction` (see the example for usage).
|
||||
|
||||
The arguments of `geo_restriction` are:
|
||||
|
||||
* `locations` (Optional) - The [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (`whitelist`) or not distribute your content (`blacklist`).
|
||||
* `restriction_type` (Required) - The method that you want to use to restrict distribution of your content by country: `none`, `whitelist`, or `blacklist`.
|
||||
|
||||
#### <a name="viewer_certificate"> `viewer_certificate` Arguments
|
||||
|
||||
* `acm_certificate_arn` - The ARN of the [AWS Certificate Manager][6] certificate that you wish to use with this distribution. Specify this, `cloudfront_default_certificate`, or `iam_certificate_id`.
|
||||
* `cloudfront_default_certificate` - `true` if you want viewers to use HTTPS to request your objects and you're using the CloudFront domain name for your distribution. Specify this, `acm_certificate_arn`, or `iam_certificate_id`.
|
||||
* `iam_certificate_id` - The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, `acm_certificate_arn`, or `cloudfront_default_certificate`.
|
||||
* `minimum_protocol_version` - The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of `SSLv3` or `TLSv1`. Default: `SSLv3`. **NOTE**: If you are using a custom certificate (specified with `acm_certificate_arn` or `iam_certificate_id`), and have specified `sni-only` in `ssl_support_method`, `TLSv1` must be specified.
|
||||
* `ssl_support_method`: Specifies how you want CloudFront to serve HTTPS requests. One of `vip` or `sni-only`. Required if you specify `acm_certificate_arn` or `iam_certificate_id`. **NOTE:** `vip` causes CloudFront to use a dedicated IP address and may incur extra charges.
|
||||
|
||||
## Attribute Reference
|
||||
|
||||
The following attributes are exported:
|
||||
|
||||
* `id` - The identifier for the distribution. For example: `EDFDVBD632BHDS5`.
|
||||
* `caller_reference` - Internal value used by CloudFront to allow future updates to the distribution configuration.
|
||||
* `status` - The current status of the distribution. `Deployed` if the distribution's information is fully propagated throughout the Amazon CloudFront system.
|
||||
* `active_trusted_signers` - The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs.
|
||||
* `domain_name` - The domain name corresponding to the distribution. For example: `d604721fxaaqy9.cloudfront.net`.
|
||||
* `last_modified_time` - The date and time the distribution was last modified.
|
||||
* `in_progress_validation_batches` - The number of invalidation batches currently in progress.
|
||||
* `etag` - The current version of the distribution's information. For example: `E2QWRUHAPOMQZL`.
|
||||
|
||||
|
||||
[1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html
|
||||
[2]: http://docs.aws.amazon.com/AmazonCloudFront/latest/APIReference/CreateDistribution.html
|
||||
[3]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
|
||||
[4]: http://www.iso.org/iso/country_codes/iso_3166_code_lists/country_names_and_code_elements.htm
|
||||
[5]: /docs/providers/aws/r/cloudfront_origin_access_identity.html
|
||||
[6]: https://aws.amazon.com/certificate-manager/
|
|
@ -0,0 +1,58 @@
|
|||
---
|
||||
layout: "aws"
|
||||
page_title: "AWS: cloudfront_origin_access_identity"
|
||||
sidebar_current: "docs-aws-resource-cloudfront-origin-access-identity"
|
||||
description: |-
|
||||
Provides a CloudFront origin access identity.
|
||||
---
|
||||
|
||||
# aws\_cloudfront\_origin\_access\_identity
|
||||
|
||||
Creates an Amazon CloudFront origin access identity.
|
||||
|
||||
For information about CloudFront distributions, see the
|
||||
[Amazon CloudFront Developer Guide][1]. For more information on generating
|
||||
origin access identities, see
|
||||
[Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content][2].
|
||||
|
||||
## Example Usage
|
||||
|
||||
The following example below creates a CloudFront origin access identity.
|
||||
|
||||
```
|
||||
resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
|
||||
comment = "Some comment"
|
||||
}
|
||||
```
|
||||
|
||||
## Argument Reference
|
||||
|
||||
* `comment` (Optional) - An optional comment for the origin access identity.
|
||||
|
||||
## Attribute Reference
|
||||
|
||||
The following attributes are exported:
|
||||
|
||||
* `id` - The identifier for the distribution. For example: `EDFDVBD632BHDS5`.
|
||||
* `caller_reference` - Internal value used by CloudFront to allow future updates to the origin access identity.
|
||||
* `cloudfront_access_identity_path` - A shortcut to the full path for the origin access identity to use in CloudFront, see below.
|
||||
* `etag` - The current version of the origin access identity's information. For example: E2QWRUHAPOMQZL.
|
||||
* `s3_canonical_user_id` - The Amazon S3 canonical user ID for the origin access identity, which you use when giving the origin access identity read permission to an object in Amazon S3.
|
||||
|
||||
## Using With CloudFront
|
||||
|
||||
Normally, when referencing an origin access identity in CloudFront, you need to
|
||||
prefix the ID with the `origin-access-identity/cloudfront/` special path.
|
||||
The `cloudfront_access_identity_path` allows this to be circumvented.
|
||||
The below snippet demonstrates use with the `s3_origin_config` structure for the
|
||||
[`aws_cloudfront_web_distribution`][3] resource:
|
||||
|
||||
```
|
||||
s3_origin_config {
|
||||
origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
|
||||
}
|
||||
```
|
||||
|
||||
[1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html
|
||||
[2]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
|
||||
[3]: /docs/providers/aws/r/cloudfront_distribution.html
|
|
@ -52,6 +52,18 @@
|
|||
</ul>
|
||||
</li>
|
||||
|
||||
<li<%= sidebar_current(/^docs-aws-resource-cloudfront/) %>>
|
||||
<a href="#">CloudFront Resources</a>
|
||||
<ul class="nav nav-visible">
|
||||
<li<%= sidebar_current("docs-aws-resource-cloudfront-distribution") %>>
|
||||
<a href="/docs/providers/aws/r/cloudfront_distribution.html">aws_cloudfront_distribution</a>
|
||||
</li>
|
||||
<li<%= sidebar_current("docs-aws-resource-cloudfront-origin-access-identity") %>>
|
||||
<a href="/docs/providers/aws/r/cloudfront_origin_access_identity.html">aws_cloudfront_origin_access_identity</a>
|
||||
</li>
|
||||
</ul>
|
||||
</li>
|
||||
|
||||
<li<%= sidebar_current(/^docs-aws-resource-cloudtrail/) %>>
|
||||
<a href="#">CloudTrail Resources</a>
|
||||
<ul class="nav nav-visible">
|
||||
|
|
Loading…
Reference in New Issue