Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New resource: aws_cloudfront_origin_request_policy #14728

Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions aws/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -464,6 +464,7 @@ func Provider() *schema.Provider {
"aws_cloudformation_stack_set_instance": resourceAwsCloudFormationStackSetInstance(),
"aws_cloudfront_distribution": resourceAwsCloudFrontDistribution(),
"aws_cloudfront_origin_access_identity": resourceAwsCloudFrontOriginAccessIdentity(),
"aws_cloudfront_origin_request_policy": resourceAwsCloudFrontOriginRequestPolicy(),
"aws_cloudfront_public_key": resourceAwsCloudFrontPublicKey(),
"aws_cloudtrail": resourceAwsCloudTrail(),
"aws_cloudwatch_event_bus": resourceAwsCloudWatchEventBus(),
Expand Down
285 changes: 285 additions & 0 deletions aws/resource_aws_cloudfront_origin_request_policy.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,285 @@
package aws

import (
"context"
"log"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/cloudfront"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
)

func resourceAwsCloudFrontOriginRequestPolicy() *schema.Resource {
return &schema.Resource{
CreateContext: resourceAwsCloudFrontOriginRequestPolicyCreate,
ReadContext: resourceAwsCloudFrontOriginRequestPolicyRead,
UpdateContext: resourceAwsCloudFrontOriginRequestPolicyUpdate,
DeleteContext: resourceAwsCloudFrontOriginRequestPolicyDelete,
Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},

Schema: map[string]*schema.Schema{
"comment": {
Type: schema.TypeString,
Optional: true,
},
"cookie_behavior": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice(cloudfront.OriginRequestPolicyCookieBehavior_Values(), false),
},
"cookie_names": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
"etag": {
Type: schema.TypeString,
Computed: true,
},
"header_behavior": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice(cloudfront.OriginRequestPolicyHeaderBehavior_Values(), false),
},
"header_names": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
"name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringIsNotEmpty,
},
"query_string_behavior": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice(cloudfront.OriginRequestPolicyQueryStringBehavior_Values(), false),
},
"query_string_names": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
},
}
}

func resourceAwsCloudFrontOriginRequestPolicyCreate(
ctx context.Context,
d *schema.ResourceData,
meta interface{},
) diag.Diagnostics {
conn := meta.(*AWSClient).cloudfrontconn

input := cloudfront.CreateOriginRequestPolicyInput{
OriginRequestPolicyConfig: expandAwsCloudFrontOriginRequestPolicyConfig(d),
}

output, err := conn.CreateOriginRequestPolicyWithContext(ctx, &input)
if err != nil {
return diag.Errorf("create origin request policy: %s", err)
}

d.SetId(aws.StringValue(output.OriginRequestPolicy.Id))
d.Set("etag", aws.StringValue(output.ETag))

return resourceAwsCloudFrontOriginRequestPolicyRead(ctx, d, meta)
}

func resourceAwsCloudFrontOriginRequestPolicyRead(
ctx context.Context,
d *schema.ResourceData,
meta interface{},
) diag.Diagnostics {
conn := meta.(*AWSClient).cloudfrontconn
id := d.Id()

policy, etag, ok, err := getAwsCloudFrontOriginRequestPolicy(ctx, conn, id)
switch {
case err != nil:
return diag.Errorf("get origin request policy %s: %s", id, err)
case !ok:
log.Printf("[WARN] Origin Request Policy %s not found; removing from state", id)
d.SetId("")
return nil
}

d.Set("etag", etag)

if err := flattenAwsCloudFrontOriginRequestPolicyConfig(d, policy.OriginRequestPolicyConfig); err != nil {
return err
}

return nil
}

func resourceAwsCloudFrontOriginRequestPolicyUpdate(
ctx context.Context,
d *schema.ResourceData,
meta interface{},
) diag.Diagnostics {
conn := meta.(*AWSClient).cloudfrontconn
id := d.Id()

_, etag, ok, err := getAwsCloudFrontOriginRequestPolicy(ctx, conn, id)
switch {
case err != nil:
return diag.Errorf("get origin request policy: %s", err)
case !ok:
return diag.Errorf("origin request policy %s not found", id)
}

input := cloudfront.UpdateOriginRequestPolicyInput{
OriginRequestPolicyConfig: expandAwsCloudFrontOriginRequestPolicyConfig(d),
Id: aws.String(id),
IfMatch: aws.String(etag),
}

output, err := conn.UpdateOriginRequestPolicyWithContext(ctx, &input)
if err != nil {
return diag.Errorf("update failed: %s", err)
}

d.Set("etag", output.ETag)

return resourceAwsCloudFrontOriginRequestPolicyRead(ctx, d, meta)
}

func resourceAwsCloudFrontOriginRequestPolicyDelete(
ctx context.Context,
d *schema.ResourceData,
meta interface{},
) diag.Diagnostics {
conn := meta.(*AWSClient).cloudfrontconn
id := d.Id()

_, etag, ok, err := getAwsCloudFrontOriginRequestPolicy(ctx, conn, id)
switch {
case !ok:
log.Printf("[WARN] Origin Request Policy %s does not exist", id)
return nil
case err != nil:
return diag.Errorf("failed to get etag of origin request policy %s: %s", id, err)
}

input := cloudfront.DeleteOriginRequestPolicyInput{
Id: aws.String(id),
IfMatch: aws.String(etag),
}

_, err = conn.DeleteOriginRequestPolicyWithContext(ctx, &input)
switch {
case isAWSErr(err, "NoSuchOriginRequestPolicy", ""):
log.Printf("[WARN] Origin Request Policy %s does not exist", id)
return nil
case err != nil:
return diag.Errorf("failed to delete: %s", err)
}

return nil
}

func getAwsCloudFrontOriginRequestPolicy(
ctx context.Context,
conn *cloudfront.CloudFront,
id string,
) (policy *cloudfront.OriginRequestPolicy, etag string, ok bool, err error) {
input := cloudfront.GetOriginRequestPolicyInput{Id: aws.String(id)}
output, err := conn.GetOriginRequestPolicyWithContext(ctx, &input)
switch {
case isAWSErr(err, "NoSuchOriginRequestPolicy", ""):
return nil, "", false, nil
case err != nil:
return nil, "", false, err
}

return output.OriginRequestPolicy, aws.StringValue(output.ETag), true, nil
}

func expandAwsCloudFrontOriginRequestPolicyConfig(d *schema.ResourceData) *cloudfront.OriginRequestPolicyConfig {
output := &cloudfront.OriginRequestPolicyConfig{
Comment: nil,
CookiesConfig: &cloudfront.OriginRequestPolicyCookiesConfig{
CookieBehavior: aws.String(d.Get("cookie_behavior").(string)),
Cookies: nil,
},
HeadersConfig: &cloudfront.OriginRequestPolicyHeadersConfig{
HeaderBehavior: aws.String(d.Get("header_behavior").(string)),
Headers: nil,
},
Name: aws.String(d.Get("name").(string)),
QueryStringsConfig: &cloudfront.OriginRequestPolicyQueryStringsConfig{
QueryStringBehavior: aws.String(d.Get("query_string_behavior").(string)),
QueryStrings: nil,
},
}

if v, ok := d.GetOk("comment"); ok && v != "" {
output.Comment = aws.String(v.(string))
}

if v, ok := d.GetOk("cookie_names"); ok {
s := v.(*schema.Set)
output.CookiesConfig.Cookies = &cloudfront.CookieNames{
Items: expandStringList(s.List()),
Quantity: aws.Int64(int64(s.Len())),
}
}

if v, ok := d.GetOk("header_names"); ok {
s := v.(*schema.Set)
output.HeadersConfig.Headers = &cloudfront.Headers{
Items: expandStringList(s.List()),
Quantity: aws.Int64(int64(s.Len())),
}
}

if v, ok := d.GetOk("query_string_names"); ok {
s := v.(*schema.Set)
output.QueryStringsConfig.QueryStrings = &cloudfront.QueryStringNames{
Items: expandStringList(s.List()),
Quantity: aws.Int64(int64(s.Len())),
}
}

return output
}

func flattenAwsCloudFrontOriginRequestPolicyConfig(
d *schema.ResourceData,
config *cloudfront.OriginRequestPolicyConfig,
) diag.Diagnostics {
d.Set("comment", config.Comment)
d.Set("name", config.Name)

d.Set("cookie_behavior", config.CookiesConfig.CookieBehavior)
if list := config.CookiesConfig.Cookies; list != nil {
value := schema.NewSet(schema.HashString, flattenStringList(list.Items))
if err := d.Set("cookie_names", value); err != nil {
return diag.FromErr(err)
}
}

d.Set("header_behavior", config.HeadersConfig.HeaderBehavior)
if list := config.HeadersConfig.Headers; list != nil {
value := schema.NewSet(schema.HashString, flattenStringList(list.Items))
if err := d.Set("header_names", value); err != nil {
return diag.FromErr(err)
}
}

d.Set("query_string_behavior", config.QueryStringsConfig.QueryStringBehavior)
if list := config.QueryStringsConfig.QueryStrings; list != nil {
value := schema.NewSet(schema.HashString, flattenStringList(list.Items))
if err := d.Set("query_string_names", value); err != nil {
return diag.FromErr(err)
}
}

return nil
}
Loading