providers/aws: Document and validate ELB ssl_cert and protocol requirements
This commit is contained in:
parent
dcf40661c8
commit
fddafd2b96
|
@ -44,7 +44,23 @@ func expandListeners(configured []interface{}) ([]*elb.Listener, error) {
|
|||
l.SSLCertificateId = aws.String(v.(string))
|
||||
}
|
||||
|
||||
listeners = append(listeners, l)
|
||||
var valid bool
|
||||
if l.SSLCertificateId != nil && *l.SSLCertificateId != "" {
|
||||
// validate the protocol is correct
|
||||
for _, p := range []string{"https", "ssl"} {
|
||||
if (*l.InstanceProtocol == p) || (*l.Protocol == p) {
|
||||
valid = true
|
||||
}
|
||||
}
|
||||
} else {
|
||||
valid = true
|
||||
}
|
||||
|
||||
if valid {
|
||||
listeners = append(listeners, l)
|
||||
} else {
|
||||
return nil, fmt.Errorf("[ERR] Invalid ssl_certificate_id / Protocol combination. Must be either HTTPS or SSL")
|
||||
}
|
||||
}
|
||||
|
||||
return listeners, nil
|
||||
|
|
|
@ -2,6 +2,7 @@ package aws
|
|||
|
||||
import (
|
||||
"reflect"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/aws/aws-sdk-go/aws"
|
||||
|
@ -314,7 +315,31 @@ func TestExpandListeners(t *testing.T) {
|
|||
listeners[0],
|
||||
expected)
|
||||
}
|
||||
}
|
||||
|
||||
// this test should produce an error from expandlisteners on an invalid
|
||||
// combination
|
||||
func TestExpandListeners_invalid(t *testing.T) {
|
||||
expanded := []interface{}{
|
||||
map[string]interface{}{
|
||||
"instance_port": 8000,
|
||||
"lb_port": 80,
|
||||
"instance_protocol": "http",
|
||||
"lb_protocol": "http",
|
||||
"ssl_certificate_id": "something",
|
||||
},
|
||||
}
|
||||
_, err := expandListeners(expanded)
|
||||
if err != nil {
|
||||
// Check the error we got
|
||||
if !strings.Contains(err.Error(), "Protocol combination") {
|
||||
t.Fatalf("Got error in TestExpandListeners_invalid, but not what we expected: %s", err)
|
||||
}
|
||||
}
|
||||
|
||||
if err == nil {
|
||||
t.Fatalf("Expected TestExpandListeners_invalid to fail, but passed")
|
||||
}
|
||||
}
|
||||
|
||||
func TestFlattenHealthCheck(t *testing.T) {
|
||||
|
|
|
@ -33,7 +33,7 @@ resource "aws_elb" "bar" {
|
|||
|
||||
listener {
|
||||
instance_port = 8000
|
||||
instance_protocol = "http"
|
||||
instance_protocol = "https"
|
||||
lb_port = 443
|
||||
lb_protocol = "https"
|
||||
ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
|
||||
|
@ -90,10 +90,14 @@ Access Logs support the following:
|
|||
Listeners support the following:
|
||||
|
||||
* `instance_port` - (Required) The port on the instance to route to
|
||||
* `instance_protocol` - (Required) The protocol to use to the instance.
|
||||
* `instance_protocol` - (Required) The protocol to use to the instance. Valid
|
||||
values are `HTTP`, `HTTPS`, `TCP`, or `SSL`
|
||||
* `lb_port` - (Required) The port to listen on for the load balancer
|
||||
* `lb_protocol` - (Required) The protocol to listen on.
|
||||
* `ssl_certificate_id` - (Optional) The id of an SSL certificate you have uploaded to AWS IAM.
|
||||
* `lb_protocol` - (Required) The protocol to listen on. Valid values are `HTTP`,
|
||||
`HTTPS`, `TCP`, or `SSL`
|
||||
* `ssl_certificate_id` - (Optional) The id of an SSL certificate you have
|
||||
uploaded to AWS IAM. **Only valid when `instance_protocol` and
|
||||
`lb_protocol` are either HTTPS or SSL**
|
||||
|
||||
Health Check supports the following:
|
||||
|
||||
|
|
Loading…
Reference in New Issue