github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/builtin/providers/aws/resource_aws_alb_test.go (about) 1 package aws 2 3 import ( 4 "errors" 5 "fmt" 6 "regexp" 7 "testing" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/service/elbv2" 11 "github.com/hashicorp/errwrap" 12 "github.com/hashicorp/terraform/helper/acctest" 13 "github.com/hashicorp/terraform/helper/resource" 14 "github.com/hashicorp/terraform/terraform" 15 ) 16 17 func TestALBCloudwatchSuffixFromARN(t *testing.T) { 18 cases := []struct { 19 name string 20 arn *string 21 suffix string 22 }{ 23 { 24 name: "valid suffix", 25 arn: aws.String(`arn:aws:elasticloadbalancing:us-east-1:123456:loadbalancer/app/my-alb/abc123`), 26 suffix: `app/my-alb/abc123`, 27 }, 28 { 29 name: "no suffix", 30 arn: aws.String(`arn:aws:elasticloadbalancing:us-east-1:123456:loadbalancer`), 31 suffix: ``, 32 }, 33 { 34 name: "nil ARN", 35 arn: nil, 36 suffix: ``, 37 }, 38 } 39 40 for _, tc := range cases { 41 actual := albSuffixFromARN(tc.arn) 42 if actual != tc.suffix { 43 t.Fatalf("bad suffix: %q\nExpected: %s\n Got: %s", tc.name, tc.suffix, actual) 44 } 45 } 46 } 47 48 func TestAccAWSALB_basic(t *testing.T) { 49 var conf elbv2.LoadBalancer 50 albName := fmt.Sprintf("testaccawsalb-basic-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) 51 52 resource.Test(t, resource.TestCase{ 53 PreCheck: func() { testAccPreCheck(t) }, 54 IDRefreshName: "aws_alb.alb_test", 55 Providers: testAccProviders, 56 CheckDestroy: testAccCheckAWSALBDestroy, 57 Steps: []resource.TestStep{ 58 { 59 Config: testAccAWSALBConfig_basic(albName), 60 Check: resource.ComposeAggregateTestCheckFunc( 61 testAccCheckAWSALBExists("aws_alb.alb_test", &conf), 62 resource.TestCheckResourceAttr("aws_alb.alb_test", "name", albName), 63 resource.TestCheckResourceAttr("aws_alb.alb_test", "internal", "true"), 64 resource.TestCheckResourceAttr("aws_alb.alb_test", "subnets.#", "2"), 65 resource.TestCheckResourceAttr("aws_alb.alb_test", "security_groups.#", "1"), 66 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.%", "1"), 67 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.TestName", "TestAccAWSALB_basic"), 68 resource.TestCheckResourceAttr("aws_alb.alb_test", "enable_deletion_protection", "false"), 69 resource.TestCheckResourceAttr("aws_alb.alb_test", "idle_timeout", "30"), 70 resource.TestCheckResourceAttr("aws_alb.alb_test", "ip_address_type", "ipv4"), 71 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "vpc_id"), 72 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "zone_id"), 73 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "dns_name"), 74 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "arn"), 75 ), 76 }, 77 }, 78 }) 79 } 80 81 func TestAccAWSALB_generatedName(t *testing.T) { 82 var conf elbv2.LoadBalancer 83 84 resource.Test(t, resource.TestCase{ 85 PreCheck: func() { testAccPreCheck(t) }, 86 IDRefreshName: "aws_alb.alb_test", 87 Providers: testAccProviders, 88 CheckDestroy: testAccCheckAWSALBDestroy, 89 Steps: []resource.TestStep{ 90 { 91 Config: testAccAWSALBConfig_generatedName(), 92 Check: resource.ComposeAggregateTestCheckFunc( 93 testAccCheckAWSALBExists("aws_alb.alb_test", &conf), 94 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "name"), 95 ), 96 }, 97 }, 98 }) 99 } 100 101 func TestAccAWSALB_namePrefix(t *testing.T) { 102 var conf elbv2.LoadBalancer 103 104 resource.Test(t, resource.TestCase{ 105 PreCheck: func() { testAccPreCheck(t) }, 106 IDRefreshName: "aws_alb.alb_test", 107 Providers: testAccProviders, 108 CheckDestroy: testAccCheckAWSALBDestroy, 109 Steps: []resource.TestStep{ 110 { 111 Config: testAccAWSALBConfig_namePrefix(), 112 Check: resource.ComposeAggregateTestCheckFunc( 113 testAccCheckAWSALBExists("aws_alb.alb_test", &conf), 114 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "name"), 115 resource.TestMatchResourceAttr("aws_alb.alb_test", "name", 116 regexp.MustCompile("^tf-lb-")), 117 ), 118 }, 119 }, 120 }) 121 } 122 123 func TestAccAWSALB_tags(t *testing.T) { 124 var conf elbv2.LoadBalancer 125 albName := fmt.Sprintf("testaccawsalb-basic-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) 126 127 resource.Test(t, resource.TestCase{ 128 PreCheck: func() { testAccPreCheck(t) }, 129 IDRefreshName: "aws_alb.alb_test", 130 Providers: testAccProviders, 131 CheckDestroy: testAccCheckAWSALBDestroy, 132 Steps: []resource.TestStep{ 133 { 134 Config: testAccAWSALBConfig_basic(albName), 135 Check: resource.ComposeAggregateTestCheckFunc( 136 testAccCheckAWSALBExists("aws_alb.alb_test", &conf), 137 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.%", "1"), 138 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.TestName", "TestAccAWSALB_basic"), 139 ), 140 }, 141 { 142 Config: testAccAWSALBConfig_updatedTags(albName), 143 Check: resource.ComposeAggregateTestCheckFunc( 144 testAccCheckAWSALBExists("aws_alb.alb_test", &conf), 145 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.%", "2"), 146 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.Type", "Sample Type Tag"), 147 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.Environment", "Production"), 148 ), 149 }, 150 }, 151 }) 152 } 153 154 func TestAccAWSALB_updatedSecurityGroups(t *testing.T) { 155 var pre, post elbv2.LoadBalancer 156 albName := fmt.Sprintf("testaccawsalb-basic-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) 157 158 resource.Test(t, resource.TestCase{ 159 PreCheck: func() { testAccPreCheck(t) }, 160 IDRefreshName: "aws_alb.alb_test", 161 Providers: testAccProviders, 162 CheckDestroy: testAccCheckAWSALBDestroy, 163 Steps: []resource.TestStep{ 164 { 165 Config: testAccAWSALBConfig_basic(albName), 166 Check: resource.ComposeAggregateTestCheckFunc( 167 testAccCheckAWSALBExists("aws_alb.alb_test", &pre), 168 resource.TestCheckResourceAttr("aws_alb.alb_test", "security_groups.#", "1"), 169 ), 170 }, 171 { 172 Config: testAccAWSALBConfig_updateSecurityGroups(albName), 173 Check: resource.ComposeAggregateTestCheckFunc( 174 testAccCheckAWSALBExists("aws_alb.alb_test", &post), 175 resource.TestCheckResourceAttr("aws_alb.alb_test", "security_groups.#", "2"), 176 testAccCheckAWSAlbARNs(&pre, &post), 177 ), 178 }, 179 }, 180 }) 181 } 182 183 func TestAccAWSALB_updatedSubnets(t *testing.T) { 184 var pre, post elbv2.LoadBalancer 185 albName := fmt.Sprintf("testaccawsalb-basic-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) 186 187 resource.Test(t, resource.TestCase{ 188 PreCheck: func() { testAccPreCheck(t) }, 189 IDRefreshName: "aws_alb.alb_test", 190 Providers: testAccProviders, 191 CheckDestroy: testAccCheckAWSALBDestroy, 192 Steps: []resource.TestStep{ 193 { 194 Config: testAccAWSALBConfig_basic(albName), 195 Check: resource.ComposeAggregateTestCheckFunc( 196 testAccCheckAWSALBExists("aws_alb.alb_test", &pre), 197 resource.TestCheckResourceAttr("aws_alb.alb_test", "subnets.#", "2"), 198 ), 199 }, 200 { 201 Config: testAccAWSALBConfig_updateSubnets(albName), 202 Check: resource.ComposeAggregateTestCheckFunc( 203 testAccCheckAWSALBExists("aws_alb.alb_test", &post), 204 resource.TestCheckResourceAttr("aws_alb.alb_test", "subnets.#", "3"), 205 testAccCheckAWSAlbARNs(&pre, &post), 206 ), 207 }, 208 }, 209 }) 210 } 211 212 func TestAccAWSALB_updatedIpAddressType(t *testing.T) { 213 var pre, post elbv2.LoadBalancer 214 albName := fmt.Sprintf("testaccawsalb-basic-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) 215 216 resource.Test(t, resource.TestCase{ 217 PreCheck: func() { testAccPreCheck(t) }, 218 IDRefreshName: "aws_alb.alb_test", 219 Providers: testAccProviders, 220 CheckDestroy: testAccCheckAWSALBDestroy, 221 Steps: []resource.TestStep{ 222 { 223 Config: testAccAWSALBConfigWithIpAddressType(albName), 224 Check: resource.ComposeAggregateTestCheckFunc( 225 testAccCheckAWSALBExists("aws_alb.alb_test", &pre), 226 resource.TestCheckResourceAttr("aws_alb.alb_test", "ip_address_type", "ipv4"), 227 ), 228 }, 229 { 230 Config: testAccAWSALBConfigWithIpAddressTypeUpdated(albName), 231 Check: resource.ComposeAggregateTestCheckFunc( 232 testAccCheckAWSALBExists("aws_alb.alb_test", &post), 233 resource.TestCheckResourceAttr("aws_alb.alb_test", "ip_address_type", "dualstack"), 234 ), 235 }, 236 }, 237 }) 238 } 239 240 // TestAccAWSALB_noSecurityGroup regression tests the issue in #8264, 241 // where if an ALB is created without a security group, a default one 242 // is assigned. 243 func TestAccAWSALB_noSecurityGroup(t *testing.T) { 244 var conf elbv2.LoadBalancer 245 albName := fmt.Sprintf("testaccawsalb-nosg-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum)) 246 247 resource.Test(t, resource.TestCase{ 248 PreCheck: func() { testAccPreCheck(t) }, 249 IDRefreshName: "aws_alb.alb_test", 250 Providers: testAccProviders, 251 CheckDestroy: testAccCheckAWSALBDestroy, 252 Steps: []resource.TestStep{ 253 { 254 Config: testAccAWSALBConfig_nosg(albName), 255 Check: resource.ComposeAggregateTestCheckFunc( 256 testAccCheckAWSALBExists("aws_alb.alb_test", &conf), 257 resource.TestCheckResourceAttr("aws_alb.alb_test", "name", albName), 258 resource.TestCheckResourceAttr("aws_alb.alb_test", "internal", "true"), 259 resource.TestCheckResourceAttr("aws_alb.alb_test", "subnets.#", "2"), 260 resource.TestCheckResourceAttr("aws_alb.alb_test", "security_groups.#", "1"), 261 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.%", "1"), 262 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.TestName", "TestAccAWSALB_basic"), 263 resource.TestCheckResourceAttr("aws_alb.alb_test", "enable_deletion_protection", "false"), 264 resource.TestCheckResourceAttr("aws_alb.alb_test", "idle_timeout", "30"), 265 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "vpc_id"), 266 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "zone_id"), 267 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "dns_name"), 268 ), 269 }, 270 }, 271 }) 272 } 273 274 func TestAccAWSALB_accesslogs(t *testing.T) { 275 var conf elbv2.LoadBalancer 276 bucketName := fmt.Sprintf("testaccawsalbaccesslogs-%s", acctest.RandStringFromCharSet(6, acctest.CharSetAlphaNum)) 277 albName := fmt.Sprintf("testaccawsalbaccesslog-%s", acctest.RandStringFromCharSet(4, acctest.CharSetAlpha)) 278 279 resource.Test(t, resource.TestCase{ 280 PreCheck: func() { testAccPreCheck(t) }, 281 IDRefreshName: "aws_alb.alb_test", 282 Providers: testAccProviders, 283 CheckDestroy: testAccCheckAWSALBDestroy, 284 Steps: []resource.TestStep{ 285 { 286 Config: testAccAWSALBConfig_basic(albName), 287 Check: resource.ComposeAggregateTestCheckFunc( 288 testAccCheckAWSALBExists("aws_alb.alb_test", &conf), 289 resource.TestCheckResourceAttr("aws_alb.alb_test", "name", albName), 290 resource.TestCheckResourceAttr("aws_alb.alb_test", "internal", "true"), 291 resource.TestCheckResourceAttr("aws_alb.alb_test", "subnets.#", "2"), 292 resource.TestCheckResourceAttr("aws_alb.alb_test", "security_groups.#", "1"), 293 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.%", "1"), 294 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.TestName", "TestAccAWSALB_basic"), 295 resource.TestCheckResourceAttr("aws_alb.alb_test", "enable_deletion_protection", "false"), 296 resource.TestCheckResourceAttr("aws_alb.alb_test", "idle_timeout", "30"), 297 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "vpc_id"), 298 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "zone_id"), 299 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "dns_name"), 300 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "arn"), 301 ), 302 }, 303 { 304 Config: testAccAWSALBConfig_accessLogs(true, albName, bucketName), 305 Check: resource.ComposeAggregateTestCheckFunc( 306 testAccCheckAWSALBExists("aws_alb.alb_test", &conf), 307 resource.TestCheckResourceAttr("aws_alb.alb_test", "name", albName), 308 resource.TestCheckResourceAttr("aws_alb.alb_test", "internal", "true"), 309 resource.TestCheckResourceAttr("aws_alb.alb_test", "subnets.#", "2"), 310 resource.TestCheckResourceAttr("aws_alb.alb_test", "security_groups.#", "1"), 311 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.%", "1"), 312 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.TestName", "TestAccAWSALB_basic1"), 313 resource.TestCheckResourceAttr("aws_alb.alb_test", "enable_deletion_protection", "false"), 314 resource.TestCheckResourceAttr("aws_alb.alb_test", "idle_timeout", "50"), 315 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "vpc_id"), 316 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "zone_id"), 317 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "dns_name"), 318 resource.TestCheckResourceAttr("aws_alb.alb_test", "access_logs.#", "1"), 319 resource.TestCheckResourceAttr("aws_alb.alb_test", "access_logs.0.bucket", bucketName), 320 resource.TestCheckResourceAttr("aws_alb.alb_test", "access_logs.0.prefix", "testAccAWSALBConfig_accessLogs"), 321 resource.TestCheckResourceAttr("aws_alb.alb_test", "access_logs.0.enabled", "true"), 322 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "arn"), 323 ), 324 }, 325 { 326 Config: testAccAWSALBConfig_accessLogs(false, albName, bucketName), 327 Check: resource.ComposeAggregateTestCheckFunc( 328 testAccCheckAWSALBExists("aws_alb.alb_test", &conf), 329 resource.TestCheckResourceAttr("aws_alb.alb_test", "name", albName), 330 resource.TestCheckResourceAttr("aws_alb.alb_test", "internal", "true"), 331 resource.TestCheckResourceAttr("aws_alb.alb_test", "subnets.#", "2"), 332 resource.TestCheckResourceAttr("aws_alb.alb_test", "security_groups.#", "1"), 333 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.%", "1"), 334 resource.TestCheckResourceAttr("aws_alb.alb_test", "tags.TestName", "TestAccAWSALB_basic1"), 335 resource.TestCheckResourceAttr("aws_alb.alb_test", "enable_deletion_protection", "false"), 336 resource.TestCheckResourceAttr("aws_alb.alb_test", "idle_timeout", "50"), 337 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "vpc_id"), 338 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "zone_id"), 339 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "dns_name"), 340 resource.TestCheckResourceAttr("aws_alb.alb_test", "access_logs.#", "1"), 341 resource.TestCheckResourceAttr("aws_alb.alb_test", "access_logs.0.enabled", "false"), 342 resource.TestCheckResourceAttrSet("aws_alb.alb_test", "arn"), 343 ), 344 }, 345 }, 346 }) 347 } 348 349 func testAccCheckAWSAlbARNs(pre, post *elbv2.LoadBalancer) resource.TestCheckFunc { 350 return func(s *terraform.State) error { 351 if *pre.LoadBalancerArn != *post.LoadBalancerArn { 352 return errors.New("ALB has been recreated. ARNs are different") 353 } 354 355 return nil 356 } 357 } 358 359 func testAccCheckAWSALBExists(n string, res *elbv2.LoadBalancer) resource.TestCheckFunc { 360 return func(s *terraform.State) error { 361 rs, ok := s.RootModule().Resources[n] 362 if !ok { 363 return fmt.Errorf("Not found: %s", n) 364 } 365 366 if rs.Primary.ID == "" { 367 return errors.New("No ALB ID is set") 368 } 369 370 conn := testAccProvider.Meta().(*AWSClient).elbv2conn 371 372 describe, err := conn.DescribeLoadBalancers(&elbv2.DescribeLoadBalancersInput{ 373 LoadBalancerArns: []*string{aws.String(rs.Primary.ID)}, 374 }) 375 376 if err != nil { 377 return err 378 } 379 380 if len(describe.LoadBalancers) != 1 || 381 *describe.LoadBalancers[0].LoadBalancerArn != rs.Primary.ID { 382 return errors.New("ALB not found") 383 } 384 385 *res = *describe.LoadBalancers[0] 386 return nil 387 } 388 } 389 390 func testAccCheckAWSALBDestroy(s *terraform.State) error { 391 conn := testAccProvider.Meta().(*AWSClient).elbv2conn 392 393 for _, rs := range s.RootModule().Resources { 394 if rs.Type != "aws_alb" { 395 continue 396 } 397 398 describe, err := conn.DescribeLoadBalancers(&elbv2.DescribeLoadBalancersInput{ 399 LoadBalancerArns: []*string{aws.String(rs.Primary.ID)}, 400 }) 401 402 if err == nil { 403 if len(describe.LoadBalancers) != 0 && 404 *describe.LoadBalancers[0].LoadBalancerArn == rs.Primary.ID { 405 return fmt.Errorf("ALB %q still exists", rs.Primary.ID) 406 } 407 } 408 409 // Verify the error 410 if isLoadBalancerNotFound(err) { 411 return nil 412 } else { 413 return errwrap.Wrapf("Unexpected error checking ALB destroyed: {{err}}", err) 414 } 415 } 416 417 return nil 418 } 419 420 func testAccAWSALBConfigWithIpAddressTypeUpdated(albName string) string { 421 return fmt.Sprintf(`resource "aws_alb" "alb_test" { 422 name = "%s" 423 security_groups = ["${aws_security_group.alb_test.id}"] 424 subnets = ["${aws_subnet.alb_test_1.id}", "${aws_subnet.alb_test_2.id}"] 425 426 ip_address_type = "dualstack" 427 428 idle_timeout = 30 429 enable_deletion_protection = false 430 431 tags { 432 TestName = "TestAccAWSALB_basic" 433 } 434 } 435 436 resource "aws_alb_listener" "test" { 437 load_balancer_arn = "${aws_alb.alb_test.id}" 438 protocol = "HTTP" 439 port = "80" 440 441 default_action { 442 target_group_arn = "${aws_alb_target_group.test.id}" 443 type = "forward" 444 } 445 } 446 447 resource "aws_alb_target_group" "test" { 448 name = "%s" 449 port = 80 450 protocol = "HTTP" 451 vpc_id = "${aws_vpc.alb_test.id}" 452 453 deregistration_delay = 200 454 455 stickiness { 456 type = "lb_cookie" 457 cookie_duration = 10000 458 } 459 460 health_check { 461 path = "/health2" 462 interval = 30 463 port = 8082 464 protocol = "HTTPS" 465 timeout = 4 466 healthy_threshold = 4 467 unhealthy_threshold = 4 468 matcher = "200" 469 } 470 } 471 472 resource "aws_egress_only_internet_gateway" "igw" { 473 vpc_id = "${aws_vpc.alb_test.id}" 474 } 475 476 resource "aws_vpc" "alb_test" { 477 cidr_block = "10.0.0.0/16" 478 assign_generated_ipv6_cidr_block = true 479 480 tags { 481 TestName = "TestAccAWSALB_basic" 482 } 483 } 484 485 resource "aws_internet_gateway" "foo" { 486 vpc_id = "${aws_vpc.alb_test.id}" 487 } 488 489 resource "aws_subnet" "alb_test_1" { 490 vpc_id = "${aws_vpc.alb_test.id}" 491 cidr_block = "10.0.1.0/24" 492 map_public_ip_on_launch = true 493 availability_zone = "us-west-2a" 494 ipv6_cidr_block = "${cidrsubnet(aws_vpc.alb_test.ipv6_cidr_block, 8, 1)}" 495 496 tags { 497 TestName = "TestAccAWSALB_basic" 498 } 499 } 500 501 resource "aws_subnet" "alb_test_2" { 502 vpc_id = "${aws_vpc.alb_test.id}" 503 cidr_block = "10.0.2.0/24" 504 map_public_ip_on_launch = true 505 availability_zone = "us-west-2b" 506 ipv6_cidr_block = "${cidrsubnet(aws_vpc.alb_test.ipv6_cidr_block, 8, 2)}" 507 508 tags { 509 TestName = "TestAccAWSALB_basic" 510 } 511 } 512 513 resource "aws_security_group" "alb_test" { 514 name = "allow_all_alb_test" 515 description = "Used for ALB Testing" 516 vpc_id = "${aws_vpc.alb_test.id}" 517 518 ingress { 519 from_port = 0 520 to_port = 0 521 protocol = "-1" 522 cidr_blocks = ["0.0.0.0/0"] 523 } 524 525 tags { 526 TestName = "TestAccAWSALB_basic" 527 } 528 }`, albName, albName) 529 } 530 531 func testAccAWSALBConfigWithIpAddressType(albName string) string { 532 return fmt.Sprintf(`resource "aws_alb" "alb_test" { 533 name = "%s" 534 security_groups = ["${aws_security_group.alb_test.id}"] 535 subnets = ["${aws_subnet.alb_test_1.id}", "${aws_subnet.alb_test_2.id}"] 536 537 ip_address_type = "ipv4" 538 539 idle_timeout = 30 540 enable_deletion_protection = false 541 542 tags { 543 TestName = "TestAccAWSALB_basic" 544 } 545 } 546 547 resource "aws_alb_listener" "test" { 548 load_balancer_arn = "${aws_alb.alb_test.id}" 549 protocol = "HTTP" 550 port = "80" 551 552 default_action { 553 target_group_arn = "${aws_alb_target_group.test.id}" 554 type = "forward" 555 } 556 } 557 558 resource "aws_alb_target_group" "test" { 559 name = "%s" 560 port = 80 561 protocol = "HTTP" 562 vpc_id = "${aws_vpc.alb_test.id}" 563 564 deregistration_delay = 200 565 566 stickiness { 567 type = "lb_cookie" 568 cookie_duration = 10000 569 } 570 571 health_check { 572 path = "/health2" 573 interval = 30 574 port = 8082 575 protocol = "HTTPS" 576 timeout = 4 577 healthy_threshold = 4 578 unhealthy_threshold = 4 579 matcher = "200" 580 } 581 } 582 583 resource "aws_egress_only_internet_gateway" "igw" { 584 vpc_id = "${aws_vpc.alb_test.id}" 585 } 586 587 resource "aws_vpc" "alb_test" { 588 cidr_block = "10.0.0.0/16" 589 assign_generated_ipv6_cidr_block = true 590 591 tags { 592 TestName = "TestAccAWSALB_basic" 593 } 594 } 595 596 resource "aws_internet_gateway" "foo" { 597 vpc_id = "${aws_vpc.alb_test.id}" 598 } 599 600 resource "aws_subnet" "alb_test_1" { 601 vpc_id = "${aws_vpc.alb_test.id}" 602 cidr_block = "10.0.1.0/24" 603 map_public_ip_on_launch = true 604 availability_zone = "us-west-2a" 605 ipv6_cidr_block = "${cidrsubnet(aws_vpc.alb_test.ipv6_cidr_block, 8, 1)}" 606 607 tags { 608 TestName = "TestAccAWSALB_basic" 609 } 610 } 611 612 resource "aws_subnet" "alb_test_2" { 613 vpc_id = "${aws_vpc.alb_test.id}" 614 cidr_block = "10.0.2.0/24" 615 map_public_ip_on_launch = true 616 availability_zone = "us-west-2b" 617 ipv6_cidr_block = "${cidrsubnet(aws_vpc.alb_test.ipv6_cidr_block, 8, 2)}" 618 619 tags { 620 TestName = "TestAccAWSALB_basic" 621 } 622 } 623 624 resource "aws_security_group" "alb_test" { 625 name = "allow_all_alb_test" 626 description = "Used for ALB Testing" 627 vpc_id = "${aws_vpc.alb_test.id}" 628 629 ingress { 630 from_port = 0 631 to_port = 0 632 protocol = "-1" 633 cidr_blocks = ["0.0.0.0/0"] 634 } 635 636 tags { 637 TestName = "TestAccAWSALB_basic" 638 } 639 }`, albName, albName) 640 } 641 642 func testAccAWSALBConfig_basic(albName string) string { 643 return fmt.Sprintf(`resource "aws_alb" "alb_test" { 644 name = "%s" 645 internal = true 646 security_groups = ["${aws_security_group.alb_test.id}"] 647 subnets = ["${aws_subnet.alb_test.*.id}"] 648 649 idle_timeout = 30 650 enable_deletion_protection = false 651 652 tags { 653 TestName = "TestAccAWSALB_basic" 654 } 655 } 656 657 variable "subnets" { 658 default = ["10.0.1.0/24", "10.0.2.0/24"] 659 type = "list" 660 } 661 662 data "aws_availability_zones" "available" {} 663 664 resource "aws_vpc" "alb_test" { 665 cidr_block = "10.0.0.0/16" 666 667 tags { 668 TestName = "TestAccAWSALB_basic" 669 } 670 } 671 672 resource "aws_subnet" "alb_test" { 673 count = 2 674 vpc_id = "${aws_vpc.alb_test.id}" 675 cidr_block = "${element(var.subnets, count.index)}" 676 map_public_ip_on_launch = true 677 availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}" 678 679 tags { 680 TestName = "TestAccAWSALB_basic" 681 } 682 } 683 684 resource "aws_security_group" "alb_test" { 685 name = "allow_all_alb_test" 686 description = "Used for ALB Testing" 687 vpc_id = "${aws_vpc.alb_test.id}" 688 689 ingress { 690 from_port = 0 691 to_port = 0 692 protocol = "-1" 693 cidr_blocks = ["0.0.0.0/0"] 694 } 695 696 egress { 697 from_port = 0 698 to_port = 0 699 protocol = "-1" 700 cidr_blocks = ["0.0.0.0/0"] 701 } 702 703 tags { 704 TestName = "TestAccAWSALB_basic" 705 } 706 }`, albName) 707 } 708 709 func testAccAWSALBConfig_updateSubnets(albName string) string { 710 return fmt.Sprintf(`resource "aws_alb" "alb_test" { 711 name = "%s" 712 internal = true 713 security_groups = ["${aws_security_group.alb_test.id}"] 714 subnets = ["${aws_subnet.alb_test.*.id}"] 715 716 idle_timeout = 30 717 enable_deletion_protection = false 718 719 tags { 720 TestName = "TestAccAWSALB_basic" 721 } 722 } 723 724 variable "subnets" { 725 default = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"] 726 type = "list" 727 } 728 729 data "aws_availability_zones" "available" {} 730 731 resource "aws_vpc" "alb_test" { 732 cidr_block = "10.0.0.0/16" 733 734 tags { 735 TestName = "TestAccAWSALB_basic" 736 } 737 } 738 739 resource "aws_subnet" "alb_test" { 740 count = 3 741 vpc_id = "${aws_vpc.alb_test.id}" 742 cidr_block = "${element(var.subnets, count.index)}" 743 map_public_ip_on_launch = true 744 availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}" 745 746 tags { 747 TestName = "TestAccAWSALB_basic" 748 } 749 } 750 751 resource "aws_security_group" "alb_test" { 752 name = "allow_all_alb_test" 753 description = "Used for ALB Testing" 754 vpc_id = "${aws_vpc.alb_test.id}" 755 756 ingress { 757 from_port = 0 758 to_port = 0 759 protocol = "-1" 760 cidr_blocks = ["0.0.0.0/0"] 761 } 762 763 egress { 764 from_port = 0 765 to_port = 0 766 protocol = "-1" 767 cidr_blocks = ["0.0.0.0/0"] 768 } 769 770 tags { 771 TestName = "TestAccAWSALB_basic" 772 } 773 }`, albName) 774 } 775 776 func testAccAWSALBConfig_generatedName() string { 777 return fmt.Sprintf(` 778 resource "aws_alb" "alb_test" { 779 internal = true 780 security_groups = ["${aws_security_group.alb_test.id}"] 781 subnets = ["${aws_subnet.alb_test.*.id}"] 782 783 idle_timeout = 30 784 enable_deletion_protection = false 785 786 tags { 787 TestName = "TestAccAWSALB_basic" 788 } 789 } 790 791 variable "subnets" { 792 default = ["10.0.1.0/24", "10.0.2.0/24"] 793 type = "list" 794 } 795 796 data "aws_availability_zones" "available" {} 797 798 resource "aws_vpc" "alb_test" { 799 cidr_block = "10.0.0.0/16" 800 801 tags { 802 TestName = "TestAccAWSALB_basic" 803 } 804 } 805 806 resource "aws_internet_gateway" "gw" { 807 vpc_id = "${aws_vpc.alb_test.id}" 808 809 tags { 810 Name = "TestAccAWSALB_basic" 811 } 812 } 813 814 resource "aws_subnet" "alb_test" { 815 count = 2 816 vpc_id = "${aws_vpc.alb_test.id}" 817 cidr_block = "${element(var.subnets, count.index)}" 818 map_public_ip_on_launch = true 819 availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}" 820 821 tags { 822 TestName = "TestAccAWSALB_basic" 823 } 824 } 825 826 resource "aws_security_group" "alb_test" { 827 name = "allow_all_alb_test" 828 description = "Used for ALB Testing" 829 vpc_id = "${aws_vpc.alb_test.id}" 830 831 ingress { 832 from_port = 0 833 to_port = 0 834 protocol = "-1" 835 cidr_blocks = ["0.0.0.0/0"] 836 } 837 838 egress { 839 from_port = 0 840 to_port = 0 841 protocol = "-1" 842 cidr_blocks = ["0.0.0.0/0"] 843 } 844 845 tags { 846 TestName = "TestAccAWSALB_basic" 847 } 848 }`) 849 } 850 851 func testAccAWSALBConfig_namePrefix() string { 852 return fmt.Sprintf(` 853 resource "aws_alb" "alb_test" { 854 name_prefix = "tf-lb-" 855 internal = true 856 security_groups = ["${aws_security_group.alb_test.id}"] 857 subnets = ["${aws_subnet.alb_test.*.id}"] 858 859 idle_timeout = 30 860 enable_deletion_protection = false 861 862 tags { 863 TestName = "TestAccAWSALB_basic" 864 } 865 } 866 867 variable "subnets" { 868 default = ["10.0.1.0/24", "10.0.2.0/24"] 869 type = "list" 870 } 871 872 data "aws_availability_zones" "available" {} 873 874 resource "aws_vpc" "alb_test" { 875 cidr_block = "10.0.0.0/16" 876 877 tags { 878 TestName = "TestAccAWSALB_basic" 879 } 880 } 881 882 resource "aws_subnet" "alb_test" { 883 count = 2 884 vpc_id = "${aws_vpc.alb_test.id}" 885 cidr_block = "${element(var.subnets, count.index)}" 886 map_public_ip_on_launch = true 887 availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}" 888 889 tags { 890 TestName = "TestAccAWSALB_basic" 891 } 892 } 893 894 resource "aws_security_group" "alb_test" { 895 name = "allow_all_alb_test" 896 description = "Used for ALB Testing" 897 vpc_id = "${aws_vpc.alb_test.id}" 898 899 ingress { 900 from_port = 0 901 to_port = 0 902 protocol = "-1" 903 cidr_blocks = ["0.0.0.0/0"] 904 } 905 906 egress { 907 from_port = 0 908 to_port = 0 909 protocol = "-1" 910 cidr_blocks = ["0.0.0.0/0"] 911 } 912 913 tags { 914 TestName = "TestAccAWSALB_basic" 915 } 916 }`) 917 } 918 func testAccAWSALBConfig_updatedTags(albName string) string { 919 return fmt.Sprintf(`resource "aws_alb" "alb_test" { 920 name = "%s" 921 internal = true 922 security_groups = ["${aws_security_group.alb_test.id}"] 923 subnets = ["${aws_subnet.alb_test.*.id}"] 924 925 idle_timeout = 30 926 enable_deletion_protection = false 927 928 tags { 929 Environment = "Production" 930 Type = "Sample Type Tag" 931 } 932 } 933 934 variable "subnets" { 935 default = ["10.0.1.0/24", "10.0.2.0/24"] 936 type = "list" 937 } 938 939 data "aws_availability_zones" "available" {} 940 941 resource "aws_vpc" "alb_test" { 942 cidr_block = "10.0.0.0/16" 943 944 tags { 945 TestName = "TestAccAWSALB_basic" 946 } 947 } 948 949 resource "aws_subnet" "alb_test" { 950 count = 2 951 vpc_id = "${aws_vpc.alb_test.id}" 952 cidr_block = "${element(var.subnets, count.index)}" 953 map_public_ip_on_launch = true 954 availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}" 955 956 tags { 957 TestName = "TestAccAWSALB_basic" 958 } 959 } 960 961 resource "aws_security_group" "alb_test" { 962 name = "allow_all_alb_test" 963 description = "Used for ALB Testing" 964 vpc_id = "${aws_vpc.alb_test.id}" 965 966 ingress { 967 from_port = 0 968 to_port = 0 969 protocol = "-1" 970 cidr_blocks = ["0.0.0.0/0"] 971 } 972 973 egress { 974 from_port = 0 975 to_port = 0 976 protocol = "-1" 977 cidr_blocks = ["0.0.0.0/0"] 978 } 979 980 tags { 981 TestName = "TestAccAWSALB_basic" 982 } 983 }`, albName) 984 } 985 986 func testAccAWSALBConfig_accessLogs(enabled bool, albName, bucketName string) string { 987 return fmt.Sprintf(`resource "aws_alb" "alb_test" { 988 name = "%s" 989 internal = true 990 security_groups = ["${aws_security_group.alb_test.id}"] 991 subnets = ["${aws_subnet.alb_test.*.id}"] 992 993 idle_timeout = 50 994 enable_deletion_protection = false 995 996 access_logs { 997 bucket = "${aws_s3_bucket.logs.bucket}" 998 prefix = "${var.bucket_prefix}" 999 enabled = "%t" 1000 } 1001 1002 tags { 1003 TestName = "TestAccAWSALB_basic1" 1004 } 1005 } 1006 1007 variable "bucket_name" { 1008 type = "string" 1009 default = "%s" 1010 } 1011 1012 variable "bucket_prefix" { 1013 type = "string" 1014 default = "testAccAWSALBConfig_accessLogs" 1015 } 1016 1017 resource "aws_s3_bucket" "logs" { 1018 bucket = "${var.bucket_name}" 1019 policy = "${data.aws_iam_policy_document.logs_bucket.json}" 1020 # dangerous, only here for the test... 1021 force_destroy = true 1022 1023 tags { 1024 Name = "ALB Logs Bucket Test" 1025 } 1026 } 1027 1028 data "aws_caller_identity" "current" {} 1029 1030 data "aws_elb_service_account" "current" {} 1031 1032 data "aws_iam_policy_document" "logs_bucket" { 1033 statement { 1034 actions = ["s3:PutObject"] 1035 effect = "Allow" 1036 resources = ["arn:aws:s3:::${var.bucket_name}/${var.bucket_prefix}/AWSLogs/${data.aws_caller_identity.current.account_id}/*"] 1037 1038 principals = { 1039 type = "AWS" 1040 identifiers = ["arn:aws:iam::${data.aws_elb_service_account.current.id}:root"] 1041 } 1042 } 1043 } 1044 1045 variable "subnets" { 1046 default = ["10.0.1.0/24", "10.0.2.0/24"] 1047 type = "list" 1048 } 1049 1050 data "aws_availability_zones" "available" {} 1051 1052 resource "aws_vpc" "alb_test" { 1053 cidr_block = "10.0.0.0/16" 1054 1055 tags { 1056 TestName = "TestAccAWSALB_basic" 1057 } 1058 } 1059 1060 resource "aws_subnet" "alb_test" { 1061 count = 2 1062 vpc_id = "${aws_vpc.alb_test.id}" 1063 cidr_block = "${element(var.subnets, count.index)}" 1064 map_public_ip_on_launch = true 1065 availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}" 1066 1067 tags { 1068 TestName = "TestAccAWSALB_basic" 1069 } 1070 } 1071 1072 resource "aws_security_group" "alb_test" { 1073 name = "allow_all_alb_test" 1074 description = "Used for ALB Testing" 1075 vpc_id = "${aws_vpc.alb_test.id}" 1076 1077 ingress { 1078 from_port = 0 1079 to_port = 0 1080 protocol = "-1" 1081 cidr_blocks = ["0.0.0.0/0"] 1082 } 1083 1084 egress { 1085 from_port = 0 1086 to_port = 0 1087 protocol = "-1" 1088 cidr_blocks = ["0.0.0.0/0"] 1089 } 1090 1091 tags { 1092 TestName = "TestAccAWSALB_basic" 1093 } 1094 }`, albName, enabled, bucketName) 1095 } 1096 1097 func testAccAWSALBConfig_nosg(albName string) string { 1098 return fmt.Sprintf(`resource "aws_alb" "alb_test" { 1099 name = "%s" 1100 internal = true 1101 subnets = ["${aws_subnet.alb_test.*.id}"] 1102 1103 idle_timeout = 30 1104 enable_deletion_protection = false 1105 1106 tags { 1107 TestName = "TestAccAWSALB_basic" 1108 } 1109 } 1110 1111 variable "subnets" { 1112 default = ["10.0.1.0/24", "10.0.2.0/24"] 1113 type = "list" 1114 } 1115 1116 data "aws_availability_zones" "available" {} 1117 1118 resource "aws_vpc" "alb_test" { 1119 cidr_block = "10.0.0.0/16" 1120 1121 tags { 1122 TestName = "TestAccAWSALB_basic" 1123 } 1124 } 1125 1126 resource "aws_subnet" "alb_test" { 1127 count = 2 1128 vpc_id = "${aws_vpc.alb_test.id}" 1129 cidr_block = "${element(var.subnets, count.index)}" 1130 map_public_ip_on_launch = true 1131 availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}" 1132 1133 tags { 1134 TestName = "TestAccAWSALB_basic" 1135 } 1136 }`, albName) 1137 } 1138 1139 func testAccAWSALBConfig_updateSecurityGroups(albName string) string { 1140 return fmt.Sprintf(`resource "aws_alb" "alb_test" { 1141 name = "%s" 1142 internal = true 1143 security_groups = ["${aws_security_group.alb_test.id}", "${aws_security_group.alb_test_2.id}"] 1144 subnets = ["${aws_subnet.alb_test.*.id}"] 1145 1146 idle_timeout = 30 1147 enable_deletion_protection = false 1148 1149 tags { 1150 TestName = "TestAccAWSALB_basic" 1151 } 1152 } 1153 1154 variable "subnets" { 1155 default = ["10.0.1.0/24", "10.0.2.0/24"] 1156 type = "list" 1157 } 1158 1159 data "aws_availability_zones" "available" {} 1160 1161 resource "aws_vpc" "alb_test" { 1162 cidr_block = "10.0.0.0/16" 1163 1164 tags { 1165 TestName = "TestAccAWSALB_basic" 1166 } 1167 } 1168 1169 resource "aws_subnet" "alb_test" { 1170 count = 2 1171 vpc_id = "${aws_vpc.alb_test.id}" 1172 cidr_block = "${element(var.subnets, count.index)}" 1173 map_public_ip_on_launch = true 1174 availability_zone = "${element(data.aws_availability_zones.available.names, count.index)}" 1175 1176 tags { 1177 TestName = "TestAccAWSALB_basic" 1178 } 1179 } 1180 1181 resource "aws_security_group" "alb_test_2" { 1182 name = "allow_all_alb_test_2" 1183 description = "Used for ALB Testing" 1184 vpc_id = "${aws_vpc.alb_test.id}" 1185 1186 ingress { 1187 from_port = 80 1188 to_port = 80 1189 protocol = "TCP" 1190 cidr_blocks = ["0.0.0.0/0"] 1191 } 1192 1193 tags { 1194 TestName = "TestAccAWSALB_basic_2" 1195 } 1196 } 1197 1198 resource "aws_security_group" "alb_test" { 1199 name = "allow_all_alb_test" 1200 description = "Used for ALB Testing" 1201 vpc_id = "${aws_vpc.alb_test.id}" 1202 1203 ingress { 1204 from_port = 0 1205 to_port = 0 1206 protocol = "-1" 1207 cidr_blocks = ["0.0.0.0/0"] 1208 } 1209 1210 egress { 1211 from_port = 0 1212 to_port = 0 1213 protocol = "-1" 1214 cidr_blocks = ["0.0.0.0/0"] 1215 } 1216 1217 tags { 1218 TestName = "TestAccAWSALB_basic" 1219 } 1220 }`, albName) 1221 }