From 40ce50b58ae6ebf713bbeb0090b4004ab6b6c8d0 Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Sat, 28 Sep 2019 19:19:24 -0400 Subject: [PATCH] tests/resource/aws_ec2_client_vpn_endpoint: Use internal implementation for TLS key/certificate Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/10023 Output from acceptance testing: ``` --- PASS: TestAccAwsEc2ClientVpnEndpoint_disappears (18.01s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_basic (17.22s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_splitTunnel (29.09s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_withDNSServers (29.77s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_withLogGroup (36.80s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_tags (39.35s) --- PASS: TestAccAwsEc2ClientVpnEndpoint_msAD (1761.91s) ``` --- ...source_aws_ec2_client_vpn_endpoint_test.go | 244 +++--------------- 1 file changed, 34 insertions(+), 210 deletions(-) diff --git a/aws/resource_aws_ec2_client_vpn_endpoint_test.go b/aws/resource_aws_ec2_client_vpn_endpoint_test.go index ba7775c4b01d..3e1de1894098 100644 --- a/aws/resource_aws_ec2_client_vpn_endpoint_test.go +++ b/aws/resource_aws_ec2_client_vpn_endpoint_test.go @@ -77,7 +77,7 @@ func TestAccAwsEc2ClientVpnEndpoint_basic(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProvidersWithTLS, + Providers: testAccProviders, CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy, Steps: []resource.TestStep{ { @@ -103,7 +103,7 @@ func TestAccAwsEc2ClientVpnEndpoint_disappears(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProvidersWithTLS, + Providers: testAccProviders, CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy, Steps: []resource.TestStep{ { @@ -123,7 +123,7 @@ func TestAccAwsEc2ClientVpnEndpoint_msAD(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProvidersWithTLS, + Providers: testAccProviders, CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy, Steps: []resource.TestStep{ { @@ -149,7 +149,7 @@ func TestAccAwsEc2ClientVpnEndpoint_withLogGroup(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProvidersWithTLS, + Providers: testAccProviders, CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy, Steps: []resource.TestStep{ { @@ -180,7 +180,7 @@ func TestAccAwsEc2ClientVpnEndpoint_withDNSServers(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProvidersWithTLS, + Providers: testAccProviders, CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy, Steps: []resource.TestStep{ { @@ -213,7 +213,7 @@ func TestAccAwsEc2ClientVpnEndpoint_tags(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProvidersWithTLS, + Providers: testAccProviders, CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy, Steps: []resource.TestStep{ { @@ -249,7 +249,7 @@ func TestAccAwsEc2ClientVpnEndpoint_splitTunnel(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProvidersWithTLS, + Providers: testAccProviders, CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy, Steps: []resource.TestStep{ { @@ -327,43 +327,28 @@ func testAccCheckAwsEc2ClientVpnEndpointExists(name string) resource.TestCheckFu } } -func testAccEc2ClientVpnEndpointConfig(rName string) string { - return fmt.Sprintf(` -resource "tls_private_key" "example" { - algorithm = "RSA" -} - -resource "tls_self_signed_cert" "example" { - key_algorithm = "RSA" - private_key_pem = "${tls_private_key.example.private_key_pem}" - - subject { - common_name = "example.com" - organization = "ACME Examples, Inc" - } +func testAccEc2ClientVpnEndpointConfigAcmCertificateBase() string { + key := tlsRsaPrivateKeyPem(2048) + certificate := tlsRsaX509SelfSignedCertificatePem(key, "example.com") - validity_period_hours = 12 - - allowed_uses = [ - "key_encipherment", - "digital_signature", - "server_auth", - ] + return fmt.Sprintf(` +resource "aws_acm_certificate" "test" { + certificate_body = "%[1]s" + private_key = "%[2]s" } - -resource "aws_acm_certificate" "cert" { - private_key = "${tls_private_key.example.private_key_pem}" - certificate_body = "${tls_self_signed_cert.example.cert_pem}" +`, tlsPemEscapeNewlines(certificate), tlsPemEscapeNewlines(key)) } +func testAccEc2ClientVpnEndpointConfig(rName string) string { + return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(` resource "aws_ec2_client_vpn_endpoint" "test" { description = "terraform-testacc-clientvpn-%s" - server_certificate_arn = "${aws_acm_certificate.cert.arn}" + server_certificate_arn = "${aws_acm_certificate.test.arn}" client_cidr_block = "10.0.0.0/16" authentication_options { type = "certificate-authentication" - root_certificate_chain_arn = "${aws_acm_certificate.cert.arn}" + root_certificate_chain_arn = "${aws_acm_certificate.test.arn}" } connection_log_options { @@ -374,34 +359,7 @@ resource "aws_ec2_client_vpn_endpoint" "test" { } func testAccEc2ClientVpnEndpointConfigWithLogGroup(rName string) string { - return fmt.Sprintf(` -resource "tls_private_key" "example" { - algorithm = "RSA" -} - -resource "tls_self_signed_cert" "example" { - key_algorithm = "RSA" - private_key_pem = "${tls_private_key.example.private_key_pem}" - - subject { - common_name = "example.com" - organization = "ACME Examples, Inc" - } - - validity_period_hours = 12 - - allowed_uses = [ - "key_encipherment", - "digital_signature", - "server_auth", - ] -} - -resource "aws_acm_certificate" "cert" { - private_key = "${tls_private_key.example.private_key_pem}" - certificate_body = "${tls_self_signed_cert.example.cert_pem}" -} - + return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(` resource "aws_cloudwatch_log_group" "lg" { name = "terraform-testacc-clientvpn-loggroup-%s" } @@ -413,12 +371,12 @@ resource "aws_cloudwatch_log_stream" "ls" { resource "aws_ec2_client_vpn_endpoint" "test" { description = "terraform-testacc-clientvpn-%s" - server_certificate_arn = "${aws_acm_certificate.cert.arn}" + server_certificate_arn = "${aws_acm_certificate.test.arn}" client_cidr_block = "10.0.0.0/16" authentication_options { type = "certificate-authentication" - root_certificate_chain_arn = "${aws_acm_certificate.cert.arn}" + root_certificate_chain_arn = "${aws_acm_certificate.test.arn}" } connection_log_options { @@ -431,44 +389,17 @@ resource "aws_ec2_client_vpn_endpoint" "test" { } func testAccEc2ClientVpnEndpointConfigWithDNSServers(rName string) string { - return fmt.Sprintf(` -resource "tls_private_key" "example" { - algorithm = "RSA" -} - -resource "tls_self_signed_cert" "example" { - key_algorithm = "RSA" - private_key_pem = "${tls_private_key.example.private_key_pem}" - - subject { - common_name = "example.com" - organization = "ACME Examples, Inc" - } - - validity_period_hours = 12 - - allowed_uses = [ - "key_encipherment", - "digital_signature", - "server_auth", - ] -} - -resource "aws_acm_certificate" "cert" { - private_key = "${tls_private_key.example.private_key_pem}" - certificate_body = "${tls_self_signed_cert.example.cert_pem}" -} - + return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(` resource "aws_ec2_client_vpn_endpoint" "test" { description = "terraform-testacc-clientvpn-%s" - server_certificate_arn = "${aws_acm_certificate.cert.arn}" + server_certificate_arn = "${aws_acm_certificate.test.arn}" client_cidr_block = "10.0.0.0/16" dns_servers = ["8.8.8.8", "8.8.4.4"] authentication_options { type = "certificate-authentication" - root_certificate_chain_arn = "${aws_acm_certificate.cert.arn}" + root_certificate_chain_arn = "${aws_acm_certificate.test.arn}" } connection_log_options { @@ -479,7 +410,7 @@ resource "aws_ec2_client_vpn_endpoint" "test" { } func testAccEc2ClientVpnEndpointConfigWithMicrosoftAD(rName string) string { - return fmt.Sprintf(` + return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(` data "aws_availability_zones" "available" {} resource "aws_vpc" "test" { @@ -509,36 +440,9 @@ resource "aws_directory_service_directory" "test" { } } -resource "tls_private_key" "example" { - algorithm = "RSA" -} - -resource "tls_self_signed_cert" "example" { - key_algorithm = "RSA" - private_key_pem = "${tls_private_key.example.private_key_pem}" - - subject { - common_name = "example.com" - organization = "ACME Examples, Inc" - } - - validity_period_hours = 12 - - allowed_uses = [ - "key_encipherment", - "digital_signature", - "server_auth", - ] -} - -resource "aws_acm_certificate" "cert" { - private_key = "${tls_private_key.example.private_key_pem}" - certificate_body = "${tls_self_signed_cert.example.cert_pem}" -} - resource "aws_ec2_client_vpn_endpoint" "test" { description = "terraform-testacc-clientvpn-%s" - server_certificate_arn = "${aws_acm_certificate.cert.arn}" + server_certificate_arn = "${aws_acm_certificate.test.arn}" client_cidr_block = "10.0.0.0/16" authentication_options { @@ -554,42 +458,15 @@ resource "aws_ec2_client_vpn_endpoint" "test" { } func testAccEc2ClientVpnEndpointConfig_tags(rName string) string { - return fmt.Sprintf(` -resource "tls_private_key" "example" { - algorithm = "RSA" -} - -resource "tls_self_signed_cert" "example" { - key_algorithm = "RSA" - private_key_pem = "${tls_private_key.example.private_key_pem}" - - subject { - common_name = "example.com" - organization = "ACME Examples, Inc" - } - - validity_period_hours = 12 - - allowed_uses = [ - "key_encipherment", - "digital_signature", - "server_auth", - ] -} - -resource "aws_acm_certificate" "cert" { - private_key = "${tls_private_key.example.private_key_pem}" - certificate_body = "${tls_self_signed_cert.example.cert_pem}" -} - + return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(` resource "aws_ec2_client_vpn_endpoint" "test" { description = "terraform-testacc-clientvpn-%s" - server_certificate_arn = "${aws_acm_certificate.cert.arn}" + server_certificate_arn = "${aws_acm_certificate.test.arn}" client_cidr_block = "10.0.0.0/16" authentication_options { type = "certificate-authentication" - root_certificate_chain_arn = "${aws_acm_certificate.cert.arn}" + root_certificate_chain_arn = "${aws_acm_certificate.test.arn}" } connection_log_options { @@ -605,42 +482,15 @@ resource "aws_ec2_client_vpn_endpoint" "test" { } func testAccEc2ClientVpnEndpointConfig_tagsChanged(rName string) string { - return fmt.Sprintf(` -resource "tls_private_key" "example" { - algorithm = "RSA" -} - -resource "tls_self_signed_cert" "example" { - key_algorithm = "RSA" - private_key_pem = "${tls_private_key.example.private_key_pem}" - - subject { - common_name = "example.com" - organization = "ACME Examples, Inc" - } - - validity_period_hours = 12 - - allowed_uses = [ - "key_encipherment", - "digital_signature", - "server_auth", - ] -} - -resource "aws_acm_certificate" "cert" { - private_key = "${tls_private_key.example.private_key_pem}" - certificate_body = "${tls_self_signed_cert.example.cert_pem}" -} - + return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(` resource "aws_ec2_client_vpn_endpoint" "test" { description = "terraform-testacc-clientvpn-%s" - server_certificate_arn = "${aws_acm_certificate.cert.arn}" + server_certificate_arn = "${aws_acm_certificate.test.arn}" client_cidr_block = "10.0.0.0/16" authentication_options { type = "certificate-authentication" - root_certificate_chain_arn = "${aws_acm_certificate.cert.arn}" + root_certificate_chain_arn = "${aws_acm_certificate.test.arn}" } connection_log_options { @@ -655,33 +505,7 @@ resource "aws_ec2_client_vpn_endpoint" "test" { } func testAccEc2ClientVpnEndpointConfigSplitTunnel(rName string, splitTunnel bool) string { - return fmt.Sprintf(` -resource "tls_private_key" "test" { - algorithm = "RSA" -} - -resource "tls_self_signed_cert" "test" { - allowed_uses = [ - "digital_signature", - "key_encipherment", - "server_auth", - ] - - key_algorithm = "RSA" - private_key_pem = "${tls_private_key.test.private_key_pem}" - validity_period_hours = 12 - - subject { - common_name = "example.com" - organization = "ACME Examples, Inc" - } -} - -resource "aws_acm_certificate" "test" { - certificate_body = "${tls_self_signed_cert.test.cert_pem}" - private_key = "${tls_private_key.test.private_key_pem}" -} - + return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(` resource "aws_ec2_client_vpn_endpoint" "test" { client_cidr_block = "10.0.0.0/16" description = %[1]q