Merge pull request #17342 from hashicorp/f_cloudfront_origin_request_…

…policy CloudFront Origin Request Policy
hashicorp · Feb 4, 2021 · 4dfd4bb · 4dfd4bb
2 parents 746f48f + 72bab54
commit 4dfd4bb
Show file tree

Hide file tree

Showing 12 changed files with 1,081 additions and 0 deletions.
diff --git a/aws/cloudfront_distribution_configuration_structure.go b/aws/cloudfront_distribution_configuration_structure.go
@@ -195,6 +195,7 @@ func expandCloudFrontDefaultCacheBehavior(m map[string]interface{}) *cloudfront.
 		ForwardedValues:        expandForwardedValues(m["forwarded_values"].([]interface{})[0].(map[string]interface{})),
 		MaxTTL:                 aws.Int64(int64(m["max_ttl"].(int))),
 		MinTTL:                 aws.Int64(int64(m["min_ttl"].(int))),
+		OriginRequestPolicyId:  aws.String(m["origin_request_policy_id"].(string)),
 		TargetOriginId:         aws.String(m["target_origin_id"].(string)),
 		ViewerProtocolPolicy:   aws.String(m["viewer_protocol_policy"].(string)),
 	}
@@ -230,6 +231,7 @@ func expandCacheBehavior(m map[string]interface{}) *cloudfront.CacheBehavior {
 		ForwardedValues:        expandForwardedValues(m["forwarded_values"].([]interface{})[0].(map[string]interface{})),
 		MaxTTL:                 aws.Int64(int64(m["max_ttl"].(int))),
 		MinTTL:                 aws.Int64(int64(m["min_ttl"].(int))),
+		OriginRequestPolicyId:  aws.String(m["origin_request_policy_id"].(string)),
 		TargetOriginId:         aws.String(m["target_origin_id"].(string)),
 		ViewerProtocolPolicy:   aws.String(m["viewer_protocol_policy"].(string)),
 	}
@@ -266,6 +268,7 @@ func flattenCloudFrontDefaultCacheBehavior(dcb *cloudfront.DefaultCacheBehavior)
 		"viewer_protocol_policy":    aws.StringValue(dcb.ViewerProtocolPolicy),
 		"target_origin_id":          aws.StringValue(dcb.TargetOriginId),
 		"min_ttl":                   aws.Int64Value(dcb.MinTTL),
+		"origin_request_policy_id":  aws.StringValue(dcb.OriginRequestPolicyId),
 	}
 
 	if dcb.ForwardedValues != nil {
@@ -304,6 +307,7 @@ func flattenCacheBehavior(cb *cloudfront.CacheBehavior) map[string]interface{} {
 	m["viewer_protocol_policy"] = aws.StringValue(cb.ViewerProtocolPolicy)
 	m["target_origin_id"] = aws.StringValue(cb.TargetOriginId)
 	m["min_ttl"] = int(aws.Int64Value(cb.MinTTL))
+	m["origin_request_policy_id"] = aws.StringValue(cb.OriginRequestPolicyId)
 
 	if cb.ForwardedValues != nil {
 		m["forwarded_values"] = []interface{}{flattenForwardedValues(cb.ForwardedValues)}

diff --git a/aws/cloudfront_distribution_configuration_structure_test.go b/aws/cloudfront_distribution_configuration_structure_test.go
@@ -21,6 +21,7 @@ func defaultCacheBehaviorConf() map[string]interface{} {
 		"smooth_streaming":            false,
 		"default_ttl":                 86400,
 		"allowed_methods":             allowedMethodsConf(),
+		"origin_request_policy_id":    "ABCD1234",
 		"cached_methods":              cachedMethodsConf(),
 		"compress":                    true,
 		"field_level_encryption_id":   "",

diff --git a/aws/cloudfront_origin_request_policy_structure.go b/aws/cloudfront_origin_request_policy_structure.go
@@ -0,0 +1,180 @@
+package aws
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/cloudfront"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func expandCloudFrontOriginRequestPolicyCookieNames(tfMap map[string]interface{}) *cloudfront.CookieNames {
+	if tfMap == nil {
+		return nil
+	}
+
+	apiObject := &cloudfront.CookieNames{}
+
+	var items []*string
+	for _, item := range tfMap["items"].(*schema.Set).List() {
+		items = append(items, aws.String(item.(string)))
+	}
+	apiObject.Items = items
+	apiObject.Quantity = aws.Int64(int64(len(items)))
+
+	return apiObject
+}
+
+func expandCloudFrontOriginRequestPolicyCookiesConfig(tfMap map[string]interface{}) *cloudfront.OriginRequestPolicyCookiesConfig {
+	if tfMap == nil {
+		return nil
+	}
+
+	apiObject := &cloudfront.OriginRequestPolicyCookiesConfig{
+		CookieBehavior: aws.String(tfMap["cookie_behavior"].(string)),
+	}
+
+	if items, ok := tfMap["cookies"].([]interface{}); ok && len(items) == 1 {
+		apiObject.Cookies = expandCloudFrontOriginRequestPolicyCookieNames(items[0].(map[string]interface{}))
+	}
+
+	return apiObject
+}
+
+func expandCloudFrontOriginRequestPolicyHeaders(tfMap map[string]interface{}) *cloudfront.Headers {
+	if tfMap == nil {
+		return nil
+	}
+
+	var items []*string
+	for _, item := range tfMap["items"].(*schema.Set).List() {
+		items = append(items, aws.String(item.(string)))
+	}
+
+	apiObject := &cloudfront.Headers{
+		Items:    items,
+		Quantity: aws.Int64(int64(len(items))),
+	}
+
+	return apiObject
+}
+
+func expandCloudFrontOriginRequestPolicyHeadersConfig(tfMap map[string]interface{}) *cloudfront.OriginRequestPolicyHeadersConfig {
+	if tfMap == nil {
+		return nil
+	}
+
+	apiObject := &cloudfront.OriginRequestPolicyHeadersConfig{
+		HeaderBehavior: aws.String(tfMap["header_behavior"].(string)),
+	}
+
+	if items, ok := tfMap["headers"].([]interface{}); ok && len(items) == 1 && tfMap["header_behavior"] != "none" {
+		apiObject.Headers = expandCloudFrontOriginRequestPolicyHeaders(items[0].(map[string]interface{}))
+	}
+
+	return apiObject
+}
+
+func expandCloudFrontOriginRequestPolicyQueryStringNames(tfMap map[string]interface{}) *cloudfront.QueryStringNames {
+	if tfMap == nil {
+		return nil
+	}
+
+	var items []*string
+	for _, item := range tfMap["items"].(*schema.Set).List() {
+		items = append(items, aws.String(item.(string)))
+	}
+
+	apiObject := &cloudfront.QueryStringNames{
+		Items:    items,
+		Quantity: aws.Int64(int64(len(items))),
+	}
+
+	return apiObject
+}
+
+func expandCloudFrontOriginRequestPolicyQueryStringsConfig(tfMap map[string]interface{}) *cloudfront.OriginRequestPolicyQueryStringsConfig {
+	if tfMap == nil {
+		return nil
+	}
+
+	apiObject := &cloudfront.OriginRequestPolicyQueryStringsConfig{
+		QueryStringBehavior: aws.String(tfMap["query_string_behavior"].(string)),
+	}
+
+	if items, ok := tfMap["query_strings"].([]interface{}); ok && len(items) == 1 {
+		apiObject.QueryStrings = expandCloudFrontOriginRequestPolicyQueryStringNames(items[0].(map[string]interface{}))
+	}
+
+	return apiObject
+}
+
+func expandCloudFrontOriginRequestPolicyConfig(d *schema.ResourceData) *cloudfront.OriginRequestPolicyConfig {
+	apiObject := &cloudfront.OriginRequestPolicyConfig{
+		Comment:            aws.String(d.Get("comment").(string)),
+		Name:               aws.String(d.Get("name").(string)),
+		CookiesConfig:      expandCloudFrontOriginRequestPolicyCookiesConfig(d.Get("cookies_config").([]interface{})[0].(map[string]interface{})),
+		HeadersConfig:      expandCloudFrontOriginRequestPolicyHeadersConfig(d.Get("headers_config").([]interface{})[0].(map[string]interface{})),
+		QueryStringsConfig: expandCloudFrontOriginRequestPolicyQueryStringsConfig(d.Get("query_strings_config").([]interface{})[0].(map[string]interface{})),
+	}
+
+	return apiObject
+}
+
+func flattenCloudFrontOriginRequestPolicyCookiesConfig(cookiesConfig *cloudfront.OriginRequestPolicyCookiesConfig) []map[string]interface{} {
+	cookiesConfigFlat := map[string]interface{}{}
+
+	cookies := []map[string]interface{}{}
+	if cookiesConfig.Cookies != nil {
+		cookies = []map[string]interface{}{
+			{
+				"items": cookiesConfig.Cookies.Items,
+			},
+		}
+	}
+
+	cookiesConfigFlat["cookie_behavior"] = aws.StringValue(cookiesConfig.CookieBehavior)
+	cookiesConfigFlat["cookies"] = cookies
+
+	return []map[string]interface{}{
+		cookiesConfigFlat,
+	}
+}
+
+func flattenCloudFrontOriginRequestPolicyHeadersConfig(headersConfig *cloudfront.OriginRequestPolicyHeadersConfig) []map[string]interface{} {
+	headersConfigFlat := map[string]interface{}{}
+
+	headers := []map[string]interface{}{}
+	if headersConfig.Headers != nil {
+		headers = []map[string]interface{}{
+			{
+				"items": headersConfig.Headers.Items,
+			},
+		}
+	}
+
+	headersConfigFlat["header_behavior"] = aws.StringValue(headersConfig.HeaderBehavior)
+	headersConfigFlat["headers"] = headers
+
+	return []map[string]interface{}{
+		headersConfigFlat,
+	}
+}
+
+func flattenCloudFrontOriginRequestPolicyQueryStringsConfig(queryStringsConfig *cloudfront.OriginRequestPolicyQueryStringsConfig) []map[string]interface{} {
+	queryStringsConfigFlat := map[string]interface{}{}
+
+	queryStrings := []map[string]interface{}{}
+	if queryStringsConfig.QueryStrings != nil {
+		queryStrings = []map[string]interface{}{
+			{
+				"items": queryStringsConfig.QueryStrings.Items,
+			},
+		}
+	}
+
+	queryStringsConfigFlat["query_string_behavior"] = aws.StringValue(queryStringsConfig.QueryStringBehavior)
+	queryStringsConfigFlat["query_strings"] = queryStrings
+
+	return []map[string]interface{}{
+		queryStringsConfigFlat,
+	}
+}
diff --git a/aws/data_source_aws_cloudfront_origin_request_policy.go b/aws/data_source_aws_cloudfront_origin_request_policy.go
@@ -0,0 +1,161 @@
+package aws
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/cloudfront"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceAwsCloudFrontOriginRequestPolicy() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceAwsCloudFrontOriginRequestPolicyRead,
+
+		Schema: map[string]*schema.Schema{
+			"comment": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"cookies_config": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"cookie_behavior": {
+							Computed: true,
+							Type:     schema.TypeString,
+						},
+						"cookies": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"items": {
+										Type:     schema.TypeSet,
+										Computed: true,
+										Elem:     &schema.Schema{Type: schema.TypeString},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			"etag": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"headers_config": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"header_behavior": {
+							Computed: true,
+							Type:     schema.TypeString,
+						},
+						"headers": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"items": {
+										Type:     schema.TypeSet,
+										Computed: true,
+										Elem:     &schema.Schema{Type: schema.TypeString},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			"id": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+			"query_strings_config": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"query_string_behavior": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"query_strings": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"items": {
+										Type:     schema.TypeSet,
+										Computed: true,
+										Elem:     &schema.Schema{Type: schema.TypeString},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceAwsCloudFrontOriginRequestPolicyRead(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).cloudfrontconn
+
+	if d.Get("id").(string) == "" {
+		if err := dataSourceAwsCloudFrontOriginRequestPolicyFindByName(d, conn); err != nil {
+			return fmt.Errorf("Unable to find origin request policy by name: %s", err.Error())
+		}
+	}
+
+	if d.Id() != "" {
+		request := &cloudfront.GetOriginRequestPolicyInput{
+			Id: aws.String(d.Id()),
+		}
+
+		resp, err := conn.GetOriginRequestPolicy(request)
+		if err != nil {
+			return fmt.Errorf("Unable to retrieve origin request policy with ID %s: %s", d.Id(), err.Error())
+		}
+		d.Set("etag", aws.StringValue(resp.ETag))
+
+		originRequestPolicy := *resp.OriginRequestPolicy.OriginRequestPolicyConfig
+		d.Set("comment", aws.StringValue(originRequestPolicy.Comment))
+		d.Set("name", aws.StringValue(originRequestPolicy.Name))
+		d.Set("cookies_config", flattenCloudFrontOriginRequestPolicyCookiesConfig(originRequestPolicy.CookiesConfig))
+		d.Set("headers_config", flattenCloudFrontOriginRequestPolicyHeadersConfig(originRequestPolicy.HeadersConfig))
+		d.Set("query_strings_config", flattenCloudFrontOriginRequestPolicyQueryStringsConfig(originRequestPolicy.QueryStringsConfig))
+	}
+
+	return nil
+}
+
+func dataSourceAwsCloudFrontOriginRequestPolicyFindByName(d *schema.ResourceData, conn *cloudfront.CloudFront) error {
+	var originRequestPolicy *cloudfront.OriginRequestPolicy
+	request := &cloudfront.ListOriginRequestPoliciesInput{}
+	resp, err := conn.ListOriginRequestPolicies(request)
+	if err != nil {
+		return err
+	}
+
+	for _, policySummary := range resp.OriginRequestPolicyList.Items {
+		if *policySummary.OriginRequestPolicy.OriginRequestPolicyConfig.Name == d.Get("name").(string) {
+			originRequestPolicy = policySummary.OriginRequestPolicy
+			break
+		}
+	}
+
+	if originRequestPolicy != nil {
+		d.SetId(aws.StringValue(originRequestPolicy.Id))
+	}
+	return nil
+}