From 42049e984f5d30f37e6d99271489ca996183df34 Mon Sep 17 00:00:00 2001 From: Paddy Date: Wed, 2 Nov 2016 11:58:57 -0700 Subject: [PATCH 1/2] provider/aws: Add the enable_sni attribute for Route53 health checks. In #8502 it was requested that we add support for the EnableSNI parameter of Route53's health checks; this enables customers to manually specify whether or not the health check will use SNI when communicating with the endpoint. The customer originally requested we default to `false`. While implementing the issue, I discovered that when creating health checks with a Type set to HTTP, Amazon's default value for EnableSNI is `false`. However, when creating health checks with a Type set to HTTPS, Amazon's default value is `true`. So rather than setting a default value, I made the attribute computed. --- .../aws/resource_aws_route53_health_check.go | 14 +++ .../resource_aws_route53_health_check_test.go | 88 +++++++++++++++++++ 2 files changed, 102 insertions(+) diff --git a/builtin/providers/aws/resource_aws_route53_health_check.go b/builtin/providers/aws/resource_aws_route53_health_check.go index 0510e9d83..6cf4ee205 100644 --- a/builtin/providers/aws/resource_aws_route53_health_check.go +++ b/builtin/providers/aws/resource_aws_route53_health_check.go @@ -115,6 +115,11 @@ func resourceAwsRoute53HealthCheck() *schema.Resource { Optional: true, ForceNew: true, }, + "enable_sni": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + Computed: true, + }, "tags": tagsSchema(), }, @@ -173,6 +178,10 @@ func resourceAwsRoute53HealthCheckUpdate(d *schema.ResourceData, meta interface{ updateHealthCheck.InsufficientDataHealthStatus = aws.String(d.Get("insufficient_data_health_status").(string)) } + if d.HasChange("enable_sni") { + updateHealthCheck.EnableSNI = aws.Bool(d.Get("enable_sni").(bool)) + } + _, err := conn.UpdateHealthCheck(updateHealthCheck) if err != nil { return err @@ -230,6 +239,10 @@ func resourceAwsRoute53HealthCheckCreate(d *schema.ResourceData, meta interface{ healthConfig.Inverted = aws.Bool(v.(bool)) } + if v, ok := d.GetOk("enable_sni"); ok { + healthConfig.EnableSNI = aws.Bool(v.(bool)) + } + if *healthConfig.Type == route53.HealthCheckTypeCalculated { if v, ok := d.GetOk("child_healthchecks"); ok { healthConfig.ChildHealthChecks = expandStringList(v.(*schema.Set).List()) @@ -314,6 +327,7 @@ func resourceAwsRoute53HealthCheckRead(d *schema.ResourceData, meta interface{}) d.Set("child_healthchecks", updated.ChildHealthChecks) d.Set("child_health_threshold", updated.HealthThreshold) d.Set("insufficient_data_health_status", updated.InsufficientDataHealthStatus) + d.Set("enable_sni", updated.EnableSNI) if updated.AlarmIdentifier != nil { d.Set("cloudwatch_alarm_name", updated.AlarmIdentifier.Name) diff --git a/builtin/providers/aws/resource_aws_route53_health_check_test.go b/builtin/providers/aws/resource_aws_route53_health_check_test.go index 51dbdff8f..29fcceb24 100644 --- a/builtin/providers/aws/resource_aws_route53_health_check_test.go +++ b/builtin/providers/aws/resource_aws_route53_health_check_test.go @@ -122,6 +122,41 @@ func TestAccAWSRoute53HealthCheck_CloudWatchAlarmCheck(t *testing.T) { }) } +func TestAccAWSRoute53HealthCheck_withSNI(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + IDRefreshName: "aws_route53_health_check.foo", + Providers: testAccProviders, + CheckDestroy: testAccCheckRoute53HealthCheckDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccRoute53HealthCheckConfigWithoutSNI, + Check: resource.ComposeTestCheckFunc( + testAccCheckRoute53HealthCheckExists("aws_route53_health_check.foo"), + resource.TestCheckResourceAttr( + "aws_route53_health_check.foo", "enable_sni", "true"), + ), + }, + resource.TestStep{ + Config: testAccRoute53HealthCheckConfigWithSNIDisabled, + Check: resource.ComposeTestCheckFunc( + testAccCheckRoute53HealthCheckExists("aws_route53_health_check.foo"), + resource.TestCheckResourceAttr( + "aws_route53_health_check.foo", "enable_sni", "false"), + ), + }, + resource.TestStep{ + Config: testAccRoute53HealthCheckConfigWithSNI, + Check: resource.ComposeTestCheckFunc( + testAccCheckRoute53HealthCheckExists("aws_route53_health_check.foo"), + resource.TestCheckResourceAttr( + "aws_route53_health_check.foo", "enable_sni", "true"), + ), + }, + }, + }) +} + func testAccCheckRoute53HealthCheckDestroy(s *terraform.State) error { conn := testAccProvider.Meta().(*AWSClient).r53conn @@ -314,3 +349,56 @@ resource "aws_route53_health_check" "foo" { } } ` + +const testAccRoute53HealthCheckConfigWithoutSNI = ` +resource "aws_route53_health_check" "foo" { + fqdn = "dev.notexample.com" + port = 443 + type = "HTTPS" + resource_path = "/" + failure_threshold = "2" + request_interval = "30" + measure_latency = true + invert_healthcheck = true + + tags = { + Name = "tf-test-health-check" + } +} +` + +const testAccRoute53HealthCheckConfigWithSNI = ` +resource "aws_route53_health_check" "foo" { + fqdn = "dev.notexample.com" + port = 443 + type = "HTTPS" + resource_path = "/" + failure_threshold = "2" + request_interval = "30" + measure_latency = true + invert_healthcheck = true + enable_sni = true + + tags = { + Name = "tf-test-health-check" + } +} +` + +const testAccRoute53HealthCheckConfigWithSNIDisabled = ` +resource "aws_route53_health_check" "foo" { + fqdn = "dev.notexample.com" + port = 443 + type = "HTTPS" + resource_path = "/" + failure_threshold = "2" + request_interval = "30" + measure_latency = true + invert_healthcheck = true + enable_sni = false + + tags = { + Name = "tf-test-health-check" + } +} +` From 5fcd5404ce6b65981d483ffd269572558048958b Mon Sep 17 00:00:00 2001 From: Paddy Date: Wed, 2 Nov 2016 16:32:27 -0700 Subject: [PATCH 2/2] Document the enable_sni attribute on the website. Now that we've added an `enable_sni` attribute to the Route53 health checks, add it to the health check documentation page so users know about it. --- .../docs/providers/aws/r/route53_health_check.html.markdown | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/website/source/docs/providers/aws/r/route53_health_check.html.markdown b/website/source/docs/providers/aws/r/route53_health_check.html.markdown index 6c449e090..84dd3dba6 100644 --- a/website/source/docs/providers/aws/r/route53_health_check.html.markdown +++ b/website/source/docs/providers/aws/r/route53_health_check.html.markdown @@ -75,6 +75,7 @@ The following arguments are supported: * `search_string` - (Optional) String searched in the first 5120 bytes of the response body for check to be considered healthy. * `measure_latency` - (Optional) A Boolean value that indicates whether you want Route 53 to measure the latency between health checkers in multiple AWS regions and your endpoint and to display CloudWatch latency graphs in the Route 53 console. * `invert_healthcheck` - (Optional) A boolean value that indicates whether the status of health check should be inverted. For example, if a health check is healthy but Inverted is True , then Route 53 considers the health check to be unhealthy. +* `enable_sni` - (Optional) A boolean value that indicates whether Route53 should send the `fqdn` to the endpoint when performing the health check. This defaults to AWS' defaults: when the `type` is "HTTPS" `enable_sni` defaults to `true`, when `type` is anything else `enable_sni` defaults to `false`. * `child_healthchecks` - (Optional) For a specified parent health check, a list of HealthCheckId values for the associated child health checks. * `child_health_threshold` - (Optional) The minimum number of child health checks that must be healthy for Route 53 to consider the parent health check to be healthy. Valid values are integers between 0 and 256, inclusive * `cloudwatch_alarm_name` - (Optional) The name of the CloudWatch alarm. @@ -92,4 +93,4 @@ Route53 Health Checks can be imported using the `health check id`, e.g. ``` $ terraform import aws_route53_health_check.http_check abcdef11-2222-3333-4444-555555fedcba -``` \ No newline at end of file +```