Skip to content

Commit

Permalink
Merge pull request #12541 from ewbankkit/issue-10922
Browse files Browse the repository at this point in the history
r/aws_appmesh_virtual_node: AWS App Mesh support for TLS in transit encryption
  • Loading branch information
breathingdust authored Sep 30, 2020
2 parents a46ddb7 + 1a02e79 commit b6a8e65
Show file tree
Hide file tree
Showing 8 changed files with 1,348 additions and 97 deletions.
13 changes: 13 additions & 0 deletions aws/resource_aws_acmpca_certificate_authority_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -577,6 +577,19 @@ func testAccCheckAwsAcmpcaCertificateAuthorityActivateCA(certificateAuthority *a
}
}

func testAccCheckAwsAcmpcaCertificateAuthorityDisableCA(certificateAuthority *acmpca.CertificateAuthority) resource.TestCheckFunc {
return func(s *terraform.State) error {
conn := testAccProvider.Meta().(*AWSClient).acmpcaconn

_, err := conn.UpdateCertificateAuthority(&acmpca.UpdateCertificateAuthorityInput{
CertificateAuthorityArn: certificateAuthority.Arn,
Status: aws.String(acmpca.CertificateAuthorityStatusDisabled),
})

return err
}
}

func listAcmpcaCertificateAuthorities(conn *acmpca.ACMPCA) ([]*acmpca.CertificateAuthority, error) {
certificateAuthorities := []*acmpca.CertificateAuthority{}
input := &acmpca.ListCertificateAuthoritiesInput{}
Expand Down
4 changes: 4 additions & 0 deletions aws/resource_aws_appmesh_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,13 @@ func TestAccAWSAppmesh_serial(t *testing.T) {
},
"VirtualNode": {
"basic": testAccAwsAppmeshVirtualNode_basic,
"backendDefaults": testAccAwsAppmeshVirtualNode_backendDefaults,
"clientPolicyAcm": testAccAwsAppmeshVirtualNode_clientPolicyAcm,
"clientPolicyFile": testAccAwsAppmeshVirtualNode_clientPolicyFile,
"cloudMapServiceDiscovery": testAccAwsAppmeshVirtualNode_cloudMapServiceDiscovery,
"listenerHealthChecks": testAccAwsAppmeshVirtualNode_listenerHealthChecks,
"logging": testAccAwsAppmeshVirtualNode_logging,
"tls": testAccAwsAppmeshVirtualNode_tls,
"tags": testAccAwsAppmeshVirtualNode_tags,
},
"VirtualRouter": {
Expand Down
182 changes: 167 additions & 15 deletions aws/resource_aws_appmesh_virtual_node.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package aws

import (
"bytes"
"fmt"
"log"
"strings"
Expand All @@ -11,7 +10,6 @@ import (
"github.com/aws/aws-sdk-go/service/appmesh"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
"github.com/terraform-providers/terraform-provider-aws/aws/internal/hashcode"
"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
)

Expand Down Expand Up @@ -77,12 +75,25 @@ func resourceAwsAppmeshVirtualNode() *schema.Resource {
Required: true,
ValidateFunc: validation.StringLenBetween(1, 255),
},

"client_policy": appmeshVirtualNodeClientPolicySchema(),
},
},
},
},
},
Set: appmeshVirtualNodeBackendHash,
},

"backend_defaults": {
Type: schema.TypeList,
Optional: true,
MinItems: 0,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"client_policy": appmeshVirtualNodeClientPolicySchema(),
},
},
},

"listener": {
Expand Down Expand Up @@ -171,6 +182,70 @@ func resourceAwsAppmeshVirtualNode() *schema.Resource {
},
},
},

"tls": {
Type: schema.TypeList,
Optional: true,
MinItems: 0,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"certificate": {
Type: schema.TypeList,
Required: true,
MinItems: 1,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"acm": {
Type: schema.TypeList,
Optional: true,
MinItems: 0,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"certificate_arn": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validateArn,
},
},
},
},

"file": {
Type: schema.TypeList,
Optional: true,
MinItems: 0,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"certificate_chain": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringLenBetween(1, 255),
},

"private_key": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringLenBetween(1, 255),
},
},
},
},
},
},
},

"mode": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice(appmesh.ListenerTlsMode_Values(), false),
},
},
},
},
},
},
},
Expand Down Expand Up @@ -295,6 +370,95 @@ func resourceAwsAppmeshVirtualNode() *schema.Resource {
}
}

// appmeshVirtualNodeClientPolicySchema returns the schema for `client_policy` attributes.
func appmeshVirtualNodeClientPolicySchema() *schema.Schema {
return &schema.Schema{
Type: schema.TypeList,
Optional: true,
MinItems: 0,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"tls": {
Type: schema.TypeList,
Optional: true,
MinItems: 0,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"enforce": {
Type: schema.TypeBool,
Optional: true,
Default: true,
},

"ports": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeInt},
Set: schema.HashInt,
},

"validation": {
Type: schema.TypeList,
Required: true,
MinItems: 1,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"trust": {
Type: schema.TypeList,
Required: true,
MinItems: 1,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"acm": {
Type: schema.TypeList,
Optional: true,
MinItems: 0,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"certificate_authority_arns": {
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{Type: schema.TypeString},
Set: schema.HashString,
},
},
},
},

"file": {
Type: schema.TypeList,
Optional: true,
MinItems: 0,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"certificate_chain": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringLenBetween(1, 255),
},
},
},
},
},
},
},
},
},
},
},
},
},
},
},
}
}

func resourceAwsAppmeshVirtualNodeCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).appmeshconn

Expand Down Expand Up @@ -449,15 +613,3 @@ func resourceAwsAppmeshVirtualNodeImport(d *schema.ResourceData, meta interface{

return []*schema.ResourceData{d}, nil
}

func appmeshVirtualNodeBackendHash(vBackend interface{}) int {
var buf bytes.Buffer
mBackend := vBackend.(map[string]interface{})
if vVirtualService, ok := mBackend["virtual_service"].([]interface{}); ok && len(vVirtualService) > 0 && vVirtualService[0] != nil {
mVirtualService := vVirtualService[0].(map[string]interface{})
if v, ok := mVirtualService["virtual_service_name"].(string); ok {
buf.WriteString(fmt.Sprintf("%s-", v))
}
}
return hashcode.String(buf.String())
}
11 changes: 4 additions & 7 deletions aws/resource_aws_appmesh_virtual_node_migrate.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,16 +27,13 @@ func migrateAppmeshVirtualNodeStateV0toV1(is *terraform.InstanceState) (*terrafo
log.Printf("[DEBUG] Attributes before migration: %#v", is.Attributes)
is.Attributes["spec.0.backend.#"] = is.Attributes["spec.0.backends.#"]
delete(is.Attributes, "spec.0.backends.#")
i := 0
for k, v := range is.Attributes {
if strings.HasPrefix(k, "spec.0.backends.") {
hash := appmeshVirtualNodeBackendHash(map[string]interface{}{
"virtual_service": []interface{}{map[string]interface{}{
"virtual_service_name": v,
}},
})
is.Attributes[fmt.Sprintf("spec.0.backend.%d.virtual_service.#", hash)] = "1"
is.Attributes[fmt.Sprintf("spec.0.backend.%d.virtual_service.0.virtual_service_name", hash)] = v
is.Attributes[fmt.Sprintf("spec.0.backend.%d.virtual_service.#", i)] = "1"
is.Attributes[fmt.Sprintf("spec.0.backend.%d.virtual_service.0.virtual_service_name", i)] = v
delete(is.Attributes, k)
i++
}
}

Expand Down
12 changes: 6 additions & 6 deletions aws/resource_aws_appmesh_virtual_node_migrate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,12 @@ func TestAWSAppmeshVirtualNodeMigrateState(t *testing.T) {
"spec.0.service_discovery.0.dns.0.service_name": "serviceb.simpleapp.local",
},
Expected: map[string]string{
"spec.0.backend.#": "1",
"spec.0.backend.2622272660.virtual_service.#": "1",
"spec.0.backend.2622272660.virtual_service.0.virtual_service_name": "servicea.simpleapp.local",
"spec.0.service_discovery.#": "1",
"spec.0.service_discovery.0.dns.#": "1",
"spec.0.service_discovery.0.dns.0.hostname": "serviceb.simpleapp.local",
"spec.0.backend.#": "1",
"spec.0.backend.0.virtual_service.#": "1",
"spec.0.backend.0.virtual_service.0.virtual_service_name": "servicea.simpleapp.local",
"spec.0.service_discovery.#": "1",
"spec.0.service_discovery.0.dns.#": "1",
"spec.0.service_discovery.0.dns.0.hostname": "serviceb.simpleapp.local",
},
},
}
Expand Down
Loading

0 comments on commit b6a8e65

Please sign in to comment.