Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tests/resource/aws_lb_ssl_negotiation_policy: Use internal implementation for TLS key/certificate #10299

Merged
merged 1 commit into from
Sep 30, 2019
Merged

tests/resource/aws_lb_ssl_negotiation_policy: Use internal implementation for TLS key/certificate #10299

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
103 changes: 38 additions & 65 deletions aws/resource_aws_lb_ssl_negotiation_policy_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,60 +14,51 @@ import (
)

func TestAccAWSLBSSLNegotiationPolicy_basic(t *testing.T) {
rName := fmt.Sprintf("tf-acc-test-%s", acctest.RandString(8)) // ELB name cannot be longer than 32 characters
elbResourceName := "aws_elb.test"
resourceName := "aws_lb_ssl_negotiation_policy.test"

key := tlsRsaPrivateKeyPem(2048)
certificate := tlsRsaX509SelfSignedCertificatePem(key, "example.com")

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProvidersWithTLS,
Providers: testAccProviders,
CheckDestroy: testAccCheckLBSSLNegotiationPolicyDestroy,
Steps: []resource.TestStep{
{
Config: testAccSslNegotiationPolicyConfig(
fmt.Sprintf("tf-acctest-%s", acctest.RandString(10)), fmt.Sprintf("tf-test-lb-%s", acctest.RandString(5))),
Config: testAccSslNegotiationPolicyConfig(rName, key, certificate),
Check: resource.ComposeTestCheckFunc(
testAccCheckLBSSLNegotiationPolicy(
"aws_elb.lb",
"aws_lb_ssl_negotiation_policy.foo",
),
resource.TestCheckResourceAttr(
"aws_lb_ssl_negotiation_policy.foo", "attribute.#", "7"),
testAccCheckLBSSLNegotiationPolicy(elbResourceName, resourceName),
resource.TestCheckResourceAttr(resourceName, "attribute.#", "7"),
),
},
},
})
}

func TestAccAWSLBSSLNegotiationPolicy_missingLB(t *testing.T) {
lbName := fmt.Sprintf("tf-test-lb-%s", acctest.RandString(5))
func TestAccAWSLBSSLNegotiationPolicy_disappears(t *testing.T) {
var loadBalancer elb.LoadBalancerDescription
rName := fmt.Sprintf("tf-acc-test-%s", acctest.RandString(8)) // ELB name cannot be longer than 32 characters
elbResourceName := "aws_elb.test"
resourceName := "aws_lb_ssl_negotiation_policy.test"

// check that we can destroy the policy if the LB is missing
removeLB := func() {
conn := testAccProvider.Meta().(*AWSClient).elbconn
deleteElbOpts := elb.DeleteLoadBalancerInput{
LoadBalancerName: aws.String(lbName),
}
if _, err := conn.DeleteLoadBalancer(&deleteElbOpts); err != nil {
t.Fatalf("Error deleting ELB: %s", err)
}
}
key := tlsRsaPrivateKeyPem(2048)
certificate := tlsRsaX509SelfSignedCertificatePem(key, "example.com")

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProvidersWithTLS,
Providers: testAccProviders,
CheckDestroy: testAccCheckLBSSLNegotiationPolicyDestroy,
Steps: []resource.TestStep{
{
Config: testAccSslNegotiationPolicyConfig(fmt.Sprintf("tf-acctest-%s", acctest.RandString(10)), lbName),
Config: testAccSslNegotiationPolicyConfig(rName, key, certificate),
Check: resource.ComposeTestCheckFunc(
testAccCheckLBSSLNegotiationPolicy(
"aws_elb.lb",
"aws_lb_ssl_negotiation_policy.foo",
),
resource.TestCheckResourceAttr(
"aws_lb_ssl_negotiation_policy.foo", "attribute.#", "7"),
testAccCheckLBSSLNegotiationPolicy(elbResourceName, resourceName),
testAccCheckAWSELBExists(elbResourceName, &loadBalancer),
testAccCheckAWSELBDisappears(&loadBalancer),
),
},
{
PreConfig: removeLB,
Config: testAccSslNegotiationPolicyConfig(fmt.Sprintf("tf-acctest-%s", acctest.RandString(10)), lbName),
ExpectNonEmptyPlan: true,
},
},
})
Expand Down Expand Up @@ -191,52 +182,34 @@ func policyAttributesToMap(attributes *[]*elb.PolicyAttributeDescription) map[st
}

// Sets the SSL Negotiation policy with attributes.
func testAccSslNegotiationPolicyConfig(certName string, lbName string) string {
func testAccSslNegotiationPolicyConfig(rName, key, certificate string) string {
return fmt.Sprintf(`
resource "tls_private_key" "example" {
algorithm = "RSA"
}

resource "tls_self_signed_cert" "example" {
key_algorithm = "RSA"
private_key_pem = "${tls_private_key.example.private_key_pem}"

subject {
common_name = "example.com"
organization = "ACME Examples, Inc"
}

validity_period_hours = 12

allowed_uses = [
"key_encipherment",
"digital_signature",
"server_auth",
]
data "aws_availability_zones" "available" {
state = "available"
}

resource "aws_iam_server_certificate" "test_cert" {
name = "%s"
certificate_body = "${tls_self_signed_cert.example.cert_pem}"
private_key = "${tls_private_key.example.private_key_pem}"
resource "aws_iam_server_certificate" "test" {
name = "%[1]s"
certificate_body = "%[2]s"
private_key = "%[3]s"
}

resource "aws_elb" "lb" {
name = "%s"
availability_zones = ["us-west-2a"]
resource "aws_elb" "test" {
name = "%[1]s"
availability_zones = ["${data.aws_availability_zones.available.names[0]}"]

listener {
instance_port = 8000
instance_protocol = "https"
lb_port = 443
lb_protocol = "https"
ssl_certificate_id = "${aws_iam_server_certificate.test_cert.arn}"
ssl_certificate_id = "${aws_iam_server_certificate.test.arn}"
}
}

resource "aws_lb_ssl_negotiation_policy" "foo" {
resource "aws_lb_ssl_negotiation_policy" "test" {
name = "foo-policy"
load_balancer = "${aws_elb.lb.id}"
load_balancer = "${aws_elb.test.id}"
lb_port = 443

attribute {
Expand Down Expand Up @@ -274,5 +247,5 @@ resource "aws_lb_ssl_negotiation_policy" "foo" {
value = "false"
}
}
`, certName, lbName)
`, rName, tlsPemEscapeNewlines(certificate), tlsPemEscapeNewlines(key))
}