validations + tags

aws/resource_aws_lb_listener_rule.go

@@ -12,9 +12,11 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/elbv2"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
 )
 
 func resourceAwsLbbListenerRule() *schema.Resource {
@@ -33,9 +35,10 @@ func resourceAwsLbbListenerRule() *schema.Resource {
 				Computed: true,
 			},
 			"listener_arn": {
-				Type:     schema.TypeString,
-				Required: true,
-				ForceNew: true,
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validateArn,
 			},
 			"priority": {
 				Type:         schema.TypeInt,
@@ -50,15 +53,9 @@ func resourceAwsLbbListenerRule() *schema.Resource {
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"type": {
-							Type:     schema.TypeString,
-							Required: true,
-							ValidateFunc: validation.StringInSlice([]string{
-								elbv2.ActionTypeEnumAuthenticateCognito,
-								elbv2.ActionTypeEnumAuthenticateOidc,
-								elbv2.ActionTypeEnumFixedResponse,
-								elbv2.ActionTypeEnumForward,
-								elbv2.ActionTypeEnumRedirect,
-							}, true),
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validation.StringInSlice(elbv2.ActionTypeEnum_Values(), true),
 						},
 						"order": {
 							Type:         schema.TypeInt,
@@ -71,6 +68,7 @@ func resourceAwsLbbListenerRule() *schema.Resource {
 							Type:             schema.TypeString,
 							Optional:         true,
 							DiffSuppressFunc: suppressIfActionTypeNot(elbv2.ActionTypeEnumForward),
+							ValidateFunc:     validateArn,
 						},
 
 						"forward": {
@@ -88,8 +86,9 @@ func resourceAwsLbbListenerRule() *schema.Resource {
 										Elem: &schema.Resource{
 											Schema: map[string]*schema.Schema{
 												"arn": {
-													Type:     schema.TypeString,
-													Required: true,
+													Type:         schema.TypeString,
+													Required:     true,
+													ValidateFunc: validateArn,
 												},
 												"weight": {
 													Type:         schema.TypeInt,
@@ -132,21 +131,27 @@ func resourceAwsLbbListenerRule() *schema.Resource {
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									"host": {
-										Type:     schema.TypeString,
-										Optional: true,
-										Default:  "#{host}",
+										Type:         schema.TypeString,
+										Optional:     true,
+										Default:      "#{host}",
+										ValidateFunc: validation.StringLenBetween(1, 128),
 									},
 
 									"path": {
-										Type:     schema.TypeString,
-										Optional: true,
-										Default:  "/#{path}",
+										Type:         schema.TypeString,
+										Optional:     true,
+										Default:      "/#{path}",
+										ValidateFunc: validation.StringLenBetween(1, 128),
 									},
 
 									"port": {
 										Type:     schema.TypeString,
 										Optional: true,
 										Default:  "#{port}",
+										ValidateFunc: validation.Any(
+											validation.StringInSlice([]string{"#{port}"}, false),
+											validation.IsPortNumber,
+										),
 									},
 
 									"protocol": {
@@ -161,18 +166,16 @@ func resourceAwsLbbListenerRule() *schema.Resource {
 									},
 
 									"query": {
-										Type:     schema.TypeString,
-										Optional: true,
-										Default:  "#{query}",
+										Type:         schema.TypeString,
+										Optional:     true,
+										Default:      "#{query}",
+										ValidateFunc: validation.StringLenBetween(1, 128),
 									},
 
 									"status_code": {
-										Type:     schema.TypeString,
-										Required: true,
-										ValidateFunc: validation.StringInSlice([]string{
-											"HTTP_301",
-											"HTTP_302",
-										}, false),
+										Type:         schema.TypeString,
+										Required:     true,
+										ValidateFunc: validation.StringInSlice(elbv2.RedirectActionStatusCodeEnum_Values(), false),
 									},
 								},
 							},
@@ -198,8 +201,9 @@ func resourceAwsLbbListenerRule() *schema.Resource {
 									},
 
 									"message_body": {
-										Type:     schema.TypeString,
-										Optional: true,
+										Type:         schema.TypeString,
+										Optional:     true,
+										ValidateFunc: validation.StringLenBetween(0, 1024),
 									},
 
 									"status_code": {
@@ -225,33 +229,30 @@ func resourceAwsLbbListenerRule() *schema.Resource {
 										Elem:     &schema.Schema{Type: schema.TypeString},
 									},
 									"on_unauthenticated_request": {
-										Type:     schema.TypeString,
-										Optional: true,
-										Computed: true,
-										ValidateFunc: validation.StringInSlice([]string{
-											elbv2.AuthenticateCognitoActionConditionalBehaviorEnumDeny,
-											elbv2.AuthenticateCognitoActionConditionalBehaviorEnumAllow,
-											elbv2.AuthenticateCognitoActionConditionalBehaviorEnumAuthenticate,
-										}, true),
+										Type:         schema.TypeString,
+										Optional:     true,
+										Computed:     true,
+										ValidateFunc: validation.StringInSlice(elbv2.AuthenticateCognitoActionConditionalBehaviorEnum_Values(), true),
 									},
 									"scope": {
 										Type:     schema.TypeString,
 										Optional: true,
-										Computed: true,
+										Default:  "openid",
 									},
 									"session_cookie_name": {
 										Type:     schema.TypeString,
 										Optional: true,
-										Computed: true,
+										Default:  "AWSELBAuthSessionCookie",
 									},
 									"session_timeout": {
 										Type:     schema.TypeInt,
 										Optional: true,
-										Computed: true,
+										Default:  604800,
 									},
 									"user_pool_arn": {
-										Type:     schema.TypeString,
-										Required: true,
+										Type:         schema.TypeString,
+										Required:     true,
+										ValidateFunc: validateArn,
 									},
 									"user_pool_client_id": {
 										Type:     schema.TypeString,
@@ -295,29 +296,25 @@ func resourceAwsLbbListenerRule() *schema.Resource {
 										Required: true,
 									},
 									"on_unauthenticated_request": {
-										Type:     schema.TypeString,
-										Optional: true,
-										Computed: true,
-										ValidateFunc: validation.StringInSlice([]string{
-											elbv2.AuthenticateOidcActionConditionalBehaviorEnumDeny,
-											elbv2.AuthenticateOidcActionConditionalBehaviorEnumAllow,
-											elbv2.AuthenticateOidcActionConditionalBehaviorEnumAuthenticate,
-										}, true),
+										Type:         schema.TypeString,
+										Optional:     true,
+										Computed:     true,
+										ValidateFunc: validation.StringInSlice(elbv2.AuthenticateOidcActionConditionalBehaviorEnum_Values(), true),
 									},
 									"scope": {
 										Type:     schema.TypeString,
 										Optional: true,
-										Computed: true,
+										Default:  "openid",
 									},
 									"session_cookie_name": {
 										Type:     schema.TypeString,
 										Optional: true,
-										Computed: true,
+										Default:  "AWSELBAuthSessionCookie",
 									},
 									"session_timeout": {
 										Type:     schema.TypeInt,
 										Optional: true,
-										Computed: true,
+										Default:  604800,
 									},
 									"token_endpoint": {
 										Type:     schema.TypeString,
@@ -454,7 +451,12 @@ func resourceAwsLbbListenerRule() *schema.Resource {
 					},
 				},
 			},
+			"tags":     tagsSchema(),
+			"tags_all": tagsSchemaComputed(),
 		},
+		CustomizeDiff: customdiff.Sequence(
+			SetTagsDiff,
+		),
 	}
 }
 
@@ -476,10 +478,15 @@ func suppressIfActionTypeNot(t string) schema.SchemaDiffSuppressFunc {
 func resourceAwsLbListenerRuleCreate(d *schema.ResourceData, meta interface{}) error {
 	elbconn := meta.(*AWSClient).elbv2conn
 	listenerArn := d.Get("listener_arn").(string)
+	defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig
+	tags := defaultTagsConfig.MergeTags(keyvaluetags.New(d.Get("tags").(map[string]interface{})))
 
 	params := &elbv2.CreateRuleInput{
 		ListenerArn: aws.String(listenerArn),
 	}
+	if len(tags) > 0 {
+		params.Tags = tags.IgnoreAws().Elbv2Tags()
+	}
 
 	var err error
 
@@ -543,6 +550,8 @@ func resourceAwsLbListenerRuleCreate(d *schema.ResourceData, meta interface{}) e
 
 func resourceAwsLbListenerRuleRead(d *schema.ResourceData, meta interface{}) error {
 	elbconn := meta.(*AWSClient).elbv2conn
+	defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig
+	ignoreTagsConfig := meta.(*AWSClient).IgnoreTagsConfig
 
 	var resp *elbv2.DescribeRulesOutput
 	var req = &elbv2.DescribeRulesInput{
@@ -581,6 +590,23 @@ func resourceAwsLbListenerRuleRead(d *schema.ResourceData, meta interface{}) err
 
 	d.Set("arn", rule.RuleArn)
 
+	tags, err := keyvaluetags.Elbv2ListTags(elbconn, d.Id())
+
+	if err != nil {
+		return fmt.Errorf("error listing tags for (%s): %w", d.Id(), err)
+	}
+
+	tags = tags.IgnoreAws().IgnoreConfig(ignoreTagsConfig)
+
+	//lintignore:AWSR002
+	if err := d.Set("tags", tags.RemoveDefaultConfig(defaultTagsConfig).Map()); err != nil {
+		return fmt.Errorf("error setting tags: %w", err)
+	}
+
+	if err := d.Set("tags_all", tags.Map()); err != nil {
+		return fmt.Errorf("error setting tags_all: %w", err)
+	}
+
 	// The listener arn isn't in the response but can be derived from the rule arn
 	d.Set("listener_arn", lbListenerARNFromRuleARN(aws.StringValue(rule.RuleArn)))
 

aws/resource_aws_lb_listener_rule_test.go

@@ -95,6 +95,7 @@ func TestAccAWSLBListenerRule_basic(t *testing.T) {
 						"source_ip.#":             "0",
 					}),
 					resource.TestCheckTypeSetElemAttr(resourceName, "condition.*.path_pattern.0.values.*", "/static/*"),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
 				),
 			},
 		},