-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Resources: aws_acm_certificate and aws_acm_certificate_validation #2813
Changes from 1 commit
a74249c
4e49e55
d4ef13a
fc359ec
b1bd46b
fe230cb
bf646ab
32a9137
fa7bc0a
259ced4
d81ab23
3afd4fb
65c85fe
f3b4d69
77fd92d
ee046e8
010da87
263d9b1
2f6219b
0a4b196
026193a
b37bf16
88a8595
533badc
d80b669
d4c01e1
ff443c1
e42421a
75d784c
b2c070c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
… expectations more explicit
- v5.82.2
- v5.82.1
- v5.82.0
- v5.81.0
- v5.80.0
- v5.79.0
- v5.78.0
- v5.77.0
- v5.76.0
- v5.75.1
- v5.75.0
- v5.74.0
- v5.73.0
- v5.72.1
- v5.72.0
- v5.71.0
- v5.70.0
- v5.69.0
- v5.68.0
- v5.67.0
- v5.66.0
- v5.65.0
- v5.64.0
- v5.63.1
- v5.63.0
- v5.62.0
- v5.61.0
- v5.60.0
- v5.59.0
- v5.58.0
- v5.57.0
- v5.56.1
- v5.56.0
- v5.55.0
- v5.54.1
- v5.54.0
- v5.53.0
- v5.52.0
- v5.51.1
- v5.51.0
- v5.50.0
- v5.49.0
- v5.48.0
- v5.47.0
- v5.46.0
- v5.45.0
- v5.44.0
- v5.43.0
- v5.42.0
- v5.41.0
- v5.40.0
- v5.39.1
- v5.39.0
- v5.38.0
- v5.37.0
- v5.36.0
- v5.35.0
- v5.34.0
- v5.33.0
- v5.32.1
- v5.32.0
- v5.31.0
- v5.30.0
- v5.29.0
- v5.28.0
- v5.27.0
- v5.26.0
- v5.25.0
- v5.24.0
- v5.23.1
- v5.23.0
- v5.22.0
- v5.21.0
- v5.20.1
- v5.20.0
- v5.19.0
- v5.18.1
- v5.18.0
- v5.17.0
- v5.16.2
- v5.16.1
- v5.16.0
- v5.15.0
- v5.14.0
- v5.13.1
- v5.13.0
- v5.12.0
- v5.11.0
- v5.10.0
- v5.9.0
- v5.8.0
- v5.7.0
- v5.6.2
- v5.6.1
- v5.6.0
- v5.5.0
- v5.4.0
- v5.3.0
- v5.2.0
- v5.1.0
- v5.0.1
- v5.0.0
- v4.67.0
- v4.66.1
- v4.66.0
- v4.65.0
- v4.64.0
- v4.63.0
- v4.62.0
- v4.61.0
- v4.60.0
- v4.59.0
- v4.58.0
- v4.57.1
- v4.57.0
- v4.56.0
- v4.55.0
- v4.54.0
- v4.53.0
- v4.52.0
- v4.51.0
- v4.50.0
- v4.49.0
- v4.48.0
- v4.47.0
- v4.46.0
- v4.45.0
- v4.44.0
- v4.43.0
- v4.42.0
- v4.41.0
- v4.40.0
- v4.39.0
- v4.38.0
- v4.37.0
- v4.36.1
- v4.36.0
- v4.35.0
- v4.34.0
- v4.33.0
- v4.32.0
- v4.31.0
- v4.30.0
- v4.29.0
- v4.28.0
- v4.27.0
- v4.26.0
- v4.25.0
- v4.24.0
- v4.23.0
- v4.22.0
- v4.21.0
- v4.20.1
- v4.20.0
- v4.19.0
- v4.18.0
- v4.17.1
- v4.17.0
- v4.16.0
- v4.15.1
- v4.15.0
- v4.14.0
- v4.13.0
- v4.12.1
- v4.12.0
- v4.11.0
- v4.10.0
- v4.9.0
- v4.8.0
- v4.7.0
- v4.6.0
- v4.5.0
- v4.4.0
- v4.3.0
- v4.2.0
- v4.1.0
- v4.0.0
- v3.76.1
- v3.76.0
- v3.75.2
- v3.75.1
- v3.75.0
- v3.74.3
- v3.74.2
- v3.74.1
- v3.74.0
- v3.73.0
- v3.72.0
- v3.71.0
- v3.70.0
- v3.69.0
- v3.68.0
- v3.67.0
- v3.66.0
- v3.65.0
- v3.64.3
- v3.64.2
- v3.64.1
- v3.64.0
- v3.63.0
- v3.62.0
- v3.61.0
- v3.60.0
- v3.59.0
- v3.58.0
- v3.57.0
- v3.56.0
- v3.55.0
- v3.54.0
- v3.53.0
- v3.52.0
- v3.51.0
- v3.50.0
- v3.49.0
- v3.48.0
- v3.47.0
- v3.46.0
- v3.45.0
- v3.44.0
- v3.43.0
- v3.42.0
- v3.41.0
- v3.40.0
- v3.39.0
- v3.38.0
- v3.37.0
- v3.36.0
- v3.35.0
- v3.34.0
- v3.33.0
- v3.32.0
- v3.31.0
- v3.30.0
- v3.29.1
- v3.29.0
- v3.28.0
- v3.27.0
- v3.26.18
- v3.26.17
- v3.26.16
- v3.26.10
- v3.26.5
- v3.26.3
- v3.26.2
- v3.26.1
- v3.26.0
- v3.25.0
- v3.24.1
- v3.24.0
- v3.23.0
- v3.22.0
- v3.21.0
- v3.20.0
- v3.19.0
- v3.18.0
- v3.17.0
- v3.16.0
- v3.15.0
- v3.14.1
- v3.14.0
- v3.13.0
- v3.12.0
- v3.11.0
- v3.10.0
- v3.9.0
- v3.8.0
- v3.7.0
- v3.6.0
- v3.5.0
- v3.4.0
- v3.3.0
- v3.2.0
- v3.1.0
- v3.0.0
- v2.70.4
- v2.70.3
- v2.70.2
- v2.70.1
- v2.70.0
- v2.69.0
- v2.68.0
- v2.67.0
- v2.66.0
- v2.65.0
- v2.64.0
- v2.63.0
- v2.62.0
- v2.61.0
- v2.60.0
- v2.59.0
- v2.58.0
- v2.57.0
- v2.56.0
- v2.55.0
- v2.54.0
- v2.53.0
- v2.52.0
- v2.51.0
- v2.50.0
- v2.49.0
- v2.48.0
- v2.47.0
- v2.46.0
- v2.45.0
- v2.44.0
- v2.43.0
- v2.42.0
- v2.41.0
- v2.40.0
- v2.39.0
- v2.38.0
- v2.37.0
- v2.36.0
- v2.35.0
- v2.34.0
- v2.33.0
- v2.32.0
- v2.31.0
- v2.30.0
- v2.29.0
- v2.28.1
- v2.28.0
- v2.27.0
- v2.26.0
- v2.25.0
- v2.24.0
- v2.23.0
- v2.22.0
- v2.21.1
- v2.21.0
- v2.20.0
- v2.19.0
- v2.18.0
- v2.17.0
- v2.16.0
- v2.15.0
- v2.14.0
- v2.13.0
- v2.12.0
- v2.11.0
- v2.10.0
- v2.9.0
- v2.8.0
- v2.7.0
- v2.6.0
- v2.5.0
- v2.4.0
- v2.3.0
- v2.2.0
- v2.1.0
- v2.0.0
- v1.60.0
- v1.59.0
- v1.58.0
- v1.57.0
- v1.56.0
- v1.55.0
- v1.54.0
- v1.53.0
- v1.52.0
- v1.51.0
- v1.50.0
- v1.49.0
- v1.48.0
- v1.47.0
- v1.46.0
- v1.45.0
- v1.44.0
- v1.43.2
- v1.43.1
- v1.43.0
- v1.42.0
- v1.41.0
- v1.40.0
- v1.39.0
- v1.38.0
- v1.37.0
- v1.36.0
- v1.35.0
- v1.34.0
- v1.33.0
- v1.32.0
- v1.31.0
- v1.30.0
- v1.29.0
- v1.28.0
- v1.27.0
- v1.26.0
- v1.25.0
- v1.24.0
- v1.23.0
- v1.22.0
- v1.21.0
- v1.20.0
- v1.19.0
- v1.18.0
- v1.17.0
- v1.16.0
- v1.15.0
- v1.14.1
- v1.14.0
- v1.13.0
- v1.12.0
- v1.11.0
- v1.10.0
- v1.9.0
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -40,8 +40,17 @@ func TestAccAwsAcmResource_certificateIssuingFlow(t *testing.T) { | |
Check: resource.ComposeTestCheckFunc( | ||
testAccCheckAcmCertificateExists("aws_acm_certificate.cert", &conf, &tags), | ||
testAccCheckAcmCertificateAttributes("aws_acm_certificate.cert", &conf, domain, sanDomain, "PENDING_VALIDATION"), | ||
|
||
testAccCheckTagsACM(&tags.Tags, "Hello", "World"), | ||
testAccCheckTagsACM(&tags.Tags, "Foo", "Bar"), | ||
|
||
resource.TestMatchResourceAttr("aws_acm_certificate.cert", "arn", regexp.MustCompile(`^arn:aws:acm:[^:]+:[^:]+:certificate/.+$`)), | ||
resource.TestCheckResourceAttr("aws_acm_certificate.cert", "domain_name", domain), | ||
resource.TestCheckResourceAttr("aws_acm_certificate.cert", "subject_alternative_names.#", "1"), | ||
resource.TestCheckResourceAttr("aws_acm_certificate.cert", "subject_alternative_names.0", sanDomain), | ||
resource.TestCheckResourceAttr("aws_acm_certificate.cert", "tags.%", "2"), | ||
resource.TestCheckResourceAttr("aws_acm_certificate.cert", "tags.Hello", "World"), | ||
resource.TestCheckResourceAttr("aws_acm_certificate.cert", "tags.Foo", "Bar"), | ||
), | ||
}, | ||
// Test that we can change the tags | ||
|
@@ -50,8 +59,13 @@ func TestAccAwsAcmResource_certificateIssuingFlow(t *testing.T) { | |
Check: resource.ComposeTestCheckFunc( | ||
testAccCheckAcmCertificateExists("aws_acm_certificate.cert", &conf, &tags), | ||
testAccCheckAcmCertificateAttributes("aws_acm_certificate.cert", &conf, domain, sanDomain, "PENDING_VALIDATION"), | ||
|
||
testAccCheckTagsACM(&tags.Tags, "Environment", "Test"), | ||
testAccCheckTagsACM(&tags.Tags, "Foo", "Baz"), | ||
|
||
resource.TestCheckResourceAttr("aws_acm_certificate.cert", "tags.%", "2"), | ||
resource.TestCheckResourceAttr("aws_acm_certificate.cert", "tags.Environment", "Test"), | ||
resource.TestCheckResourceAttr("aws_acm_certificate.cert", "tags.Foo", "Baz"), | ||
), | ||
}, | ||
// Test that validation times out if certificate can't be validated | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can you break this out into a separate acceptance test and move it into There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I agree in principle, there's a catch though: Certificate requests have a limit (twice the number of ACM certificates per region per year so 200 by default but maybe a lot lower) that you hit quickly if you run a lot of tests. It can be increased with approval from the service team but I'm not sure by how much (I got 400 requests per region now). If we want to run these tests in CI, the HashiCorp account possibly needs a pretty high limit and every test that requests a certificate increases it. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please separate any of the validation testing into There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done. |
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we instead just check the Terraform resource state here? Its much simpler and they won't be correct in there unless it the read function did the correct thing. e.g.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I found this pattern in some other tests, e.g.
testAccCheckAWSENIAttributes
.I guess it's a bit more paranoid in the sense that it checks the actual state in AWS without relying on the read operation. In theory, a no-op create and read would also result in the correct resource attributes in the state since they are initially populated from the resource declaration in the TF config, right?
Is that worth the extra complexity? I'm not sure...
For now I added the checks you suggested, they definitely make the the expectations more explicit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally speaking we rely on the resource state checks (such as
resource.TestCheckResourceAttr
) as the acceptance testing is already paranoid about refreshing the resources from AWS. For many AWS services, having the additional checks makes the acceptance testing more susceptible to eventual consistency issues. Some of the older provider testing code may have predated the state helpers or just was never converted over.I would really consider getting rid of these unless there's some reason to keep them, which generally means an attribute should be added.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done, removed the custom checks. I don't think there's anything missing except the check that the certificate is in state
ISSUED
but the validation resource checks that.