From 1005e171112f3d759887c2a60a9fca63e37f2da0 Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Mon, 30 Sep 2019 10:13:49 -0400 Subject: [PATCH] tests/resource/aws_lb_ssl_negotiation_policy: Use internal implementation for TLS key/certificate Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/10023 Output from acceptance testing: ``` --- PASS: TestAccAWSLBSSLNegotiationPolicy_disappears (33.49s) --- PASS: TestAccAWSLBSSLNegotiationPolicy_basic (40.18s) ``` --- ...urce_aws_lb_ssl_negotiation_policy_test.go | 103 +++++++----------- 1 file changed, 38 insertions(+), 65 deletions(-) diff --git a/aws/resource_aws_lb_ssl_negotiation_policy_test.go b/aws/resource_aws_lb_ssl_negotiation_policy_test.go index ac99a3fd8009..a9424037d145 100644 --- a/aws/resource_aws_lb_ssl_negotiation_policy_test.go +++ b/aws/resource_aws_lb_ssl_negotiation_policy_test.go @@ -14,60 +14,51 @@ import ( ) func TestAccAWSLBSSLNegotiationPolicy_basic(t *testing.T) { + rName := fmt.Sprintf("tf-acc-test-%s", acctest.RandString(8)) // ELB name cannot be longer than 32 characters + elbResourceName := "aws_elb.test" + resourceName := "aws_lb_ssl_negotiation_policy.test" + + key := tlsRsaPrivateKeyPem(2048) + certificate := tlsRsaX509SelfSignedCertificatePem(key, "example.com") + resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProvidersWithTLS, + Providers: testAccProviders, CheckDestroy: testAccCheckLBSSLNegotiationPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccSslNegotiationPolicyConfig( - fmt.Sprintf("tf-acctest-%s", acctest.RandString(10)), fmt.Sprintf("tf-test-lb-%s", acctest.RandString(5))), + Config: testAccSslNegotiationPolicyConfig(rName, key, certificate), Check: resource.ComposeTestCheckFunc( - testAccCheckLBSSLNegotiationPolicy( - "aws_elb.lb", - "aws_lb_ssl_negotiation_policy.foo", - ), - resource.TestCheckResourceAttr( - "aws_lb_ssl_negotiation_policy.foo", "attribute.#", "7"), + testAccCheckLBSSLNegotiationPolicy(elbResourceName, resourceName), + resource.TestCheckResourceAttr(resourceName, "attribute.#", "7"), ), }, }, }) } -func TestAccAWSLBSSLNegotiationPolicy_missingLB(t *testing.T) { - lbName := fmt.Sprintf("tf-test-lb-%s", acctest.RandString(5)) +func TestAccAWSLBSSLNegotiationPolicy_disappears(t *testing.T) { + var loadBalancer elb.LoadBalancerDescription + rName := fmt.Sprintf("tf-acc-test-%s", acctest.RandString(8)) // ELB name cannot be longer than 32 characters + elbResourceName := "aws_elb.test" + resourceName := "aws_lb_ssl_negotiation_policy.test" - // check that we can destroy the policy if the LB is missing - removeLB := func() { - conn := testAccProvider.Meta().(*AWSClient).elbconn - deleteElbOpts := elb.DeleteLoadBalancerInput{ - LoadBalancerName: aws.String(lbName), - } - if _, err := conn.DeleteLoadBalancer(&deleteElbOpts); err != nil { - t.Fatalf("Error deleting ELB: %s", err) - } - } + key := tlsRsaPrivateKeyPem(2048) + certificate := tlsRsaX509SelfSignedCertificatePem(key, "example.com") resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProvidersWithTLS, + Providers: testAccProviders, CheckDestroy: testAccCheckLBSSLNegotiationPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccSslNegotiationPolicyConfig(fmt.Sprintf("tf-acctest-%s", acctest.RandString(10)), lbName), + Config: testAccSslNegotiationPolicyConfig(rName, key, certificate), Check: resource.ComposeTestCheckFunc( - testAccCheckLBSSLNegotiationPolicy( - "aws_elb.lb", - "aws_lb_ssl_negotiation_policy.foo", - ), - resource.TestCheckResourceAttr( - "aws_lb_ssl_negotiation_policy.foo", "attribute.#", "7"), + testAccCheckLBSSLNegotiationPolicy(elbResourceName, resourceName), + testAccCheckAWSELBExists(elbResourceName, &loadBalancer), + testAccCheckAWSELBDisappears(&loadBalancer), ), - }, - { - PreConfig: removeLB, - Config: testAccSslNegotiationPolicyConfig(fmt.Sprintf("tf-acctest-%s", acctest.RandString(10)), lbName), + ExpectNonEmptyPlan: true, }, }, }) @@ -191,52 +182,34 @@ func policyAttributesToMap(attributes *[]*elb.PolicyAttributeDescription) map[st } // Sets the SSL Negotiation policy with attributes. -func testAccSslNegotiationPolicyConfig(certName string, lbName string) string { +func testAccSslNegotiationPolicyConfig(rName, key, certificate string) string { return fmt.Sprintf(` -resource "tls_private_key" "example" { - algorithm = "RSA" -} - -resource "tls_self_signed_cert" "example" { - key_algorithm = "RSA" - private_key_pem = "${tls_private_key.example.private_key_pem}" - - subject { - common_name = "example.com" - organization = "ACME Examples, Inc" - } - - validity_period_hours = 12 - - allowed_uses = [ - "key_encipherment", - "digital_signature", - "server_auth", - ] +data "aws_availability_zones" "available" { + state = "available" } -resource "aws_iam_server_certificate" "test_cert" { - name = "%s" - certificate_body = "${tls_self_signed_cert.example.cert_pem}" - private_key = "${tls_private_key.example.private_key_pem}" +resource "aws_iam_server_certificate" "test" { + name = "%[1]s" + certificate_body = "%[2]s" + private_key = "%[3]s" } -resource "aws_elb" "lb" { - name = "%s" - availability_zones = ["us-west-2a"] +resource "aws_elb" "test" { + name = "%[1]s" + availability_zones = ["${data.aws_availability_zones.available.names[0]}"] listener { instance_port = 8000 instance_protocol = "https" lb_port = 443 lb_protocol = "https" - ssl_certificate_id = "${aws_iam_server_certificate.test_cert.arn}" + ssl_certificate_id = "${aws_iam_server_certificate.test.arn}" } } -resource "aws_lb_ssl_negotiation_policy" "foo" { +resource "aws_lb_ssl_negotiation_policy" "test" { name = "foo-policy" - load_balancer = "${aws_elb.lb.id}" + load_balancer = "${aws_elb.test.id}" lb_port = 443 attribute { @@ -274,5 +247,5 @@ resource "aws_lb_ssl_negotiation_policy" "foo" { value = "false" } } -`, certName, lbName) +`, rName, tlsPemEscapeNewlines(certificate), tlsPemEscapeNewlines(key)) }