Skip to content

Commit

Permalink
Merge pull request #10286 from terraform-providers/t-aws_ec2_client_v…
Browse files Browse the repository at this point in the history 
…pn_endpoint-remove-tls-provider

tests/resource/aws_ec2_client_vpn_endpoint: Use internal implementation for TLS key/certificate
  • Loading branch information
@bflad
bflad authored Sep 30, 2019
2 parents 7691919 + 40ce50b commit 406fdf7
Showing 1 changed file with 34 additions and 210 deletions.
244 changes: 34 additions & 210 deletions aws/resource_aws_ec2_client_vpn_endpoint_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ func TestAccAwsEc2ClientVpnEndpoint_basic(t *testing.T) {

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProvidersWithTLS,
Providers: testAccProviders,
CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy,
Steps: []resource.TestStep{
{
Expand All @@ -103,7 +103,7 @@ func TestAccAwsEc2ClientVpnEndpoint_disappears(t *testing.T) {

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProvidersWithTLS,
Providers: testAccProviders,
CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy,
Steps: []resource.TestStep{
{
Expand All @@ -123,7 +123,7 @@ func TestAccAwsEc2ClientVpnEndpoint_msAD(t *testing.T) {

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProvidersWithTLS,
Providers: testAccProviders,
CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy,
Steps: []resource.TestStep{
{
Expand All @@ -149,7 +149,7 @@ func TestAccAwsEc2ClientVpnEndpoint_withLogGroup(t *testing.T) {

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProvidersWithTLS,
Providers: testAccProviders,
CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy,
Steps: []resource.TestStep{
{
Expand Down Expand Up @@ -180,7 +180,7 @@ func TestAccAwsEc2ClientVpnEndpoint_withDNSServers(t *testing.T) {

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProvidersWithTLS,
Providers: testAccProviders,
CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy,
Steps: []resource.TestStep{
{
Expand Down Expand Up @@ -213,7 +213,7 @@ func TestAccAwsEc2ClientVpnEndpoint_tags(t *testing.T) {

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProvidersWithTLS,
Providers: testAccProviders,
CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy,
Steps: []resource.TestStep{
{
Expand Down Expand Up @@ -249,7 +249,7 @@ func TestAccAwsEc2ClientVpnEndpoint_splitTunnel(t *testing.T) {

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProvidersWithTLS,
Providers: testAccProviders,
CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy,
Steps: []resource.TestStep{
{
Expand Down Expand Up @@ -327,43 +327,28 @@ func testAccCheckAwsEc2ClientVpnEndpointExists(name string) resource.TestCheckFu
}
}

func testAccEc2ClientVpnEndpointConfig(rName string) string {
return fmt.Sprintf(`
resource "tls_private_key" "example" {
algorithm = "RSA"
}
resource "tls_self_signed_cert" "example" {
key_algorithm = "RSA"
private_key_pem = "${tls_private_key.example.private_key_pem}"
subject {
common_name = "example.com"
organization = "ACME Examples, Inc"
}
func testAccEc2ClientVpnEndpointConfigAcmCertificateBase() string {
key := tlsRsaPrivateKeyPem(2048)
certificate := tlsRsaX509SelfSignedCertificatePem(key, "example.com")

validity_period_hours = 12
allowed_uses = [
"key_encipherment",
"digital_signature",
"server_auth",
]
return fmt.Sprintf(`
resource "aws_acm_certificate" "test" {
certificate_body = "%[1]s"
private_key = "%[2]s"
}
resource "aws_acm_certificate" "cert" {
private_key = "${tls_private_key.example.private_key_pem}"
certificate_body = "${tls_self_signed_cert.example.cert_pem}"
`, tlsPemEscapeNewlines(certificate), tlsPemEscapeNewlines(key))
}

func testAccEc2ClientVpnEndpointConfig(rName string) string {
return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(`
resource "aws_ec2_client_vpn_endpoint" "test" {
description = "terraform-testacc-clientvpn-%s"
server_certificate_arn = "${aws_acm_certificate.cert.arn}"
server_certificate_arn = "${aws_acm_certificate.test.arn}"
client_cidr_block = "10.0.0.0/16"
authentication_options {
type = "certificate-authentication"
root_certificate_chain_arn = "${aws_acm_certificate.cert.arn}"
root_certificate_chain_arn = "${aws_acm_certificate.test.arn}"
}
connection_log_options {
Expand All @@ -374,34 +359,7 @@ resource "aws_ec2_client_vpn_endpoint" "test" {
}

func testAccEc2ClientVpnEndpointConfigWithLogGroup(rName string) string {
return fmt.Sprintf(`
resource "tls_private_key" "example" {
algorithm = "RSA"
}
resource "tls_self_signed_cert" "example" {
key_algorithm = "RSA"
private_key_pem = "${tls_private_key.example.private_key_pem}"
subject {
common_name = "example.com"
organization = "ACME Examples, Inc"
}
validity_period_hours = 12
allowed_uses = [
"key_encipherment",
"digital_signature",
"server_auth",
]
}
resource "aws_acm_certificate" "cert" {
private_key = "${tls_private_key.example.private_key_pem}"
certificate_body = "${tls_self_signed_cert.example.cert_pem}"
}
return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(`
resource "aws_cloudwatch_log_group" "lg" {
name = "terraform-testacc-clientvpn-loggroup-%s"
}
Expand All @@ -413,12 +371,12 @@ resource "aws_cloudwatch_log_stream" "ls" {
resource "aws_ec2_client_vpn_endpoint" "test" {
description = "terraform-testacc-clientvpn-%s"
server_certificate_arn = "${aws_acm_certificate.cert.arn}"
server_certificate_arn = "${aws_acm_certificate.test.arn}"
client_cidr_block = "10.0.0.0/16"
authentication_options {
type = "certificate-authentication"
root_certificate_chain_arn = "${aws_acm_certificate.cert.arn}"
root_certificate_chain_arn = "${aws_acm_certificate.test.arn}"
}
connection_log_options {
Expand All @@ -431,44 +389,17 @@ resource "aws_ec2_client_vpn_endpoint" "test" {
}

func testAccEc2ClientVpnEndpointConfigWithDNSServers(rName string) string {
return fmt.Sprintf(`
resource "tls_private_key" "example" {
algorithm = "RSA"
}
resource "tls_self_signed_cert" "example" {
key_algorithm = "RSA"
private_key_pem = "${tls_private_key.example.private_key_pem}"
subject {
common_name = "example.com"
organization = "ACME Examples, Inc"
}
validity_period_hours = 12
allowed_uses = [
"key_encipherment",
"digital_signature",
"server_auth",
]
}
resource "aws_acm_certificate" "cert" {
private_key = "${tls_private_key.example.private_key_pem}"
certificate_body = "${tls_self_signed_cert.example.cert_pem}"
}
return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(`
resource "aws_ec2_client_vpn_endpoint" "test" {
description = "terraform-testacc-clientvpn-%s"
server_certificate_arn = "${aws_acm_certificate.cert.arn}"
server_certificate_arn = "${aws_acm_certificate.test.arn}"
client_cidr_block = "10.0.0.0/16"
dns_servers = ["8.8.8.8", "8.8.4.4"]
authentication_options {
type = "certificate-authentication"
root_certificate_chain_arn = "${aws_acm_certificate.cert.arn}"
root_certificate_chain_arn = "${aws_acm_certificate.test.arn}"
}
connection_log_options {
Expand All @@ -479,7 +410,7 @@ resource "aws_ec2_client_vpn_endpoint" "test" {
}

func testAccEc2ClientVpnEndpointConfigWithMicrosoftAD(rName string) string {
return fmt.Sprintf(`
return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(`
data "aws_availability_zones" "available" {}
resource "aws_vpc" "test" {
Expand Down Expand Up @@ -509,36 +440,9 @@ resource "aws_directory_service_directory" "test" {
}
}
resource "tls_private_key" "example" {
algorithm = "RSA"
}
resource "tls_self_signed_cert" "example" {
key_algorithm = "RSA"
private_key_pem = "${tls_private_key.example.private_key_pem}"
subject {
common_name = "example.com"
organization = "ACME Examples, Inc"
}
validity_period_hours = 12
allowed_uses = [
"key_encipherment",
"digital_signature",
"server_auth",
]
}
resource "aws_acm_certificate" "cert" {
private_key = "${tls_private_key.example.private_key_pem}"
certificate_body = "${tls_self_signed_cert.example.cert_pem}"
}
resource "aws_ec2_client_vpn_endpoint" "test" {
description = "terraform-testacc-clientvpn-%s"
server_certificate_arn = "${aws_acm_certificate.cert.arn}"
server_certificate_arn = "${aws_acm_certificate.test.arn}"
client_cidr_block = "10.0.0.0/16"
authentication_options {
Expand All @@ -554,42 +458,15 @@ resource "aws_ec2_client_vpn_endpoint" "test" {
}

func testAccEc2ClientVpnEndpointConfig_tags(rName string) string {
return fmt.Sprintf(`
resource "tls_private_key" "example" {
algorithm = "RSA"
}
resource "tls_self_signed_cert" "example" {
key_algorithm = "RSA"
private_key_pem = "${tls_private_key.example.private_key_pem}"
subject {
common_name = "example.com"
organization = "ACME Examples, Inc"
}
validity_period_hours = 12
allowed_uses = [
"key_encipherment",
"digital_signature",
"server_auth",
]
}
resource "aws_acm_certificate" "cert" {
private_key = "${tls_private_key.example.private_key_pem}"
certificate_body = "${tls_self_signed_cert.example.cert_pem}"
}
return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(`
resource "aws_ec2_client_vpn_endpoint" "test" {
description = "terraform-testacc-clientvpn-%s"
server_certificate_arn = "${aws_acm_certificate.cert.arn}"
server_certificate_arn = "${aws_acm_certificate.test.arn}"
client_cidr_block = "10.0.0.0/16"
authentication_options {
type = "certificate-authentication"
root_certificate_chain_arn = "${aws_acm_certificate.cert.arn}"
root_certificate_chain_arn = "${aws_acm_certificate.test.arn}"
}
connection_log_options {
Expand All @@ -605,42 +482,15 @@ resource "aws_ec2_client_vpn_endpoint" "test" {
}

func testAccEc2ClientVpnEndpointConfig_tagsChanged(rName string) string {
return fmt.Sprintf(`
resource "tls_private_key" "example" {
algorithm = "RSA"
}
resource "tls_self_signed_cert" "example" {
key_algorithm = "RSA"
private_key_pem = "${tls_private_key.example.private_key_pem}"
subject {
common_name = "example.com"
organization = "ACME Examples, Inc"
}
validity_period_hours = 12
allowed_uses = [
"key_encipherment",
"digital_signature",
"server_auth",
]
}
resource "aws_acm_certificate" "cert" {
private_key = "${tls_private_key.example.private_key_pem}"
certificate_body = "${tls_self_signed_cert.example.cert_pem}"
}
return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(`
resource "aws_ec2_client_vpn_endpoint" "test" {
description = "terraform-testacc-clientvpn-%s"
server_certificate_arn = "${aws_acm_certificate.cert.arn}"
server_certificate_arn = "${aws_acm_certificate.test.arn}"
client_cidr_block = "10.0.0.0/16"
authentication_options {
type = "certificate-authentication"
root_certificate_chain_arn = "${aws_acm_certificate.cert.arn}"
root_certificate_chain_arn = "${aws_acm_certificate.test.arn}"
}
connection_log_options {
Expand All @@ -655,33 +505,7 @@ resource "aws_ec2_client_vpn_endpoint" "test" {
}

func testAccEc2ClientVpnEndpointConfigSplitTunnel(rName string, splitTunnel bool) string {
return fmt.Sprintf(`
resource "tls_private_key" "test" {
algorithm = "RSA"
}
resource "tls_self_signed_cert" "test" {
allowed_uses = [
"digital_signature",
"key_encipherment",
"server_auth",
]
key_algorithm = "RSA"
private_key_pem = "${tls_private_key.test.private_key_pem}"
validity_period_hours = 12
subject {
common_name = "example.com"
organization = "ACME Examples, Inc"
}
}
resource "aws_acm_certificate" "test" {
certificate_body = "${tls_self_signed_cert.test.cert_pem}"
private_key = "${tls_private_key.test.private_key_pem}"
}
return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(`
resource "aws_ec2_client_vpn_endpoint" "test" {
client_cidr_block = "10.0.0.0/16"
description = %[1]q
Expand Down

0 comments on commit 406fdf7

Please sign in to comment.