Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CloudFront Origin Request Policy #17342

Merged
merged 10 commits into from
Feb 4, 2021
Merged

CloudFront Origin Request Policy #17342

merged 10 commits into from
Feb 4, 2021

Conversation

bill-rich
Copy link
Contributor

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Relates #14373
Output from acceptance testing:

==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSCloudFrontOriginRequestPolicy -timeout 120m
=== RUN   TestAccAWSCloudFrontOriginRequestPolicy_basic
=== PAUSE TestAccAWSCloudFrontOriginRequestPolicy_basic
=== RUN   TestAccAWSCloudFrontOriginRequestPolicy_update
=== PAUSE TestAccAWSCloudFrontOriginRequestPolicy_update
=== RUN   TestAccAWSCloudFrontOriginRequestPolicy_noneBehavior
=== PAUSE TestAccAWSCloudFrontOriginRequestPolicy_noneBehavior
=== CONT  TestAccAWSCloudFrontOriginRequestPolicy_basic
=== CONT  TestAccAWSCloudFrontOriginRequestPolicy_noneBehavior
=== CONT  TestAccAWSCloudFrontOriginRequestPolicy_update
--- PASS: TestAccAWSCloudFrontOriginRequestPolicy_noneBehavior (14.52s)
--- PASS: TestAccAWSCloudFrontOriginRequestPolicy_basic (14.60s)
--- PASS: TestAccAWSCloudFrontOriginRequestPolicy_update (24.22s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	24.268s

@bill-rich bill-rich requested a review from a team as a code owner January 28, 2021 20:20
@ghost ghost added size/XXL Managed by automation to categorize the size of a PR. documentation Introduces or discusses updates to documentation. provider Pertains to the provider itself, rather than any interaction with AWS. service/cloudfront Issues and PRs that pertain to the cloudfront service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Jan 28, 2021
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Jan 28, 2021
@bill-rich bill-rich removed the needs-triage Waiting for first response or review from a maintainer. label Jan 28, 2021
@YakDriver YakDriver self-assigned this Jan 29, 2021
YakDriver
YakDriver requested changes Jan 29, 2021
View reviewed changes
Copy link
Member

@YakDriver YakDriver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Just a few minor changes needed.

aws/data_source_aws_cloudfront_origin_request_policy.go Outdated
Comment on lines 14 to 104
"name": {
Type: schema.TypeString,
Optional: true,
},
"id": {
Type: schema.TypeString,
Optional: true,
},
"comment": {
Type: schema.TypeString,
Computed: true,
},
"etag": {
Type: schema.TypeString,
Computed: true,
},
"cookies_config": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"cookie_behavior": {
Computed: true,
Type: schema.TypeString,
},
"cookies": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"items": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
},
},
},
},
},
},
"headers_config": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"header_behavior": {
Computed: true,
Type: schema.TypeString,
},
"headers": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"items": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
},
},
},
},
},
},
"query_strings_config": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"query_string_behavior": {
Type: schema.TypeString,
Computed: true,
},
"query_strings": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"items": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
},
},
},
},
},
},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"name": {
Type: schema.TypeString,
Optional: true,
},
"id": {
Type: schema.TypeString,
Optional: true,
},
"comment": {
Type: schema.TypeString,
Computed: true,
},
"etag": {
Type: schema.TypeString,
Computed: true,
},
"cookies_config": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"cookie_behavior": {
Computed: true,
Type: schema.TypeString,
},
"cookies": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"items": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
},
},
},
},
},
},
"headers_config": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"header_behavior": {
Computed: true,
Type: schema.TypeString,
},
"headers": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"items": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
},
},
},
},
},
},
"query_strings_config": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"query_string_behavior": {
Type: schema.TypeString,
Computed: true,
},
"query_strings": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"items": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
},
},
},
},
},
},
"comment": {
Type: schema.TypeString,
Computed: true,
},
"cookies_config": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"cookie_behavior": {
Computed: true,
Type: schema.TypeString,
},
"cookies": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"items": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
},
},
},
},
},
},
"etag": {
Type: schema.TypeString,
Computed: true,
},
"headers_config": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"header_behavior": {
Computed: true,
Type: schema.TypeString,
},
"headers": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"items": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
},
},
},
},
},
},
"id": {
Type: schema.TypeString,
Optional: true,
},
"name": {
Type: schema.TypeString,
Optional: true,
},
"query_strings_config": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"query_string_behavior": {
Type: schema.TypeString,
Computed: true,
},
"query_strings": {
Type: schema.TypeList,
Computed: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"items": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
},
},
},
},
},
},
},

Nit: Alphabetizing the arguments helps with quickly finding them in the future.

aws/cloudfront_origin_request_policy_structure.go Outdated
}
}

func flattenCloudFrontOriginRequestPolicy(d *schema.ResourceData, originRequestPolicy *cloudfront.OriginRequestPolicyConfig) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this is not flattening, I would not preface this function name with flatten.

However, more importantly, it's a bad idea to set these values in a separate function. It creates an extra burden later trying to figure out what the read() is doing. Even though it's redundant, these 5 d.Set() calls should be moved to the data source and resource read functions.

aws/cloudfront_origin_request_policy_structure.go Outdated
Comment on lines 9 to 20
func expandCloudFrontOriginRequestPolicyCookieNames(cookieNamesFlat map[string]interface{}) *cloudfront.CookieNames {
cookieNames := &cloudfront.CookieNames{}

var newCookieItems []*string
for _, cookie := range cookieNamesFlat["items"].(*schema.Set).List() {
newCookieItems = append(newCookieItems, aws.String(cookie.(string)))
}
cookieNames.Items = newCookieItems
cookieNames.Quantity = aws.Int64(int64(len(newCookieItems)))

return cookieNames
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
func expandCloudFrontOriginRequestPolicyCookieNames(cookieNamesFlat map[string]interface{}) *cloudfront.CookieNames {
cookieNames := &cloudfront.CookieNames{}
var newCookieItems []*string
for _, cookie := range cookieNamesFlat["items"].(*schema.Set).List() {
newCookieItems = append(newCookieItems, aws.String(cookie.(string)))
}
cookieNames.Items = newCookieItems
cookieNames.Quantity = aws.Int64(int64(len(newCookieItems)))
return cookieNames
}
func expandCloudFrontOriginRequestPolicyCookieNames(tfMap map[string]interface{}) *cloudfront.CookieNames {
if tfMap == nil {
return ni
}
apiObject := &cloudfront.CookieNames{}
var items []*string
for _, item := range tfMap["items"].(*schema.Set).List() {
items = append(items, aws.String(item.(string)))
}
apiObject.Items = items
apiObject.Quantity = aws.Int64(int64(len(items)))
return apiObject
}
  1. Include a safety nil check. If Go hits the type cast on line 13 old/17 new and cookieNamesFlat is nil, it will panic. Even though with your current setup, nil would not be possible, in the future if things change, it protects us. Since expand funcs should usually have the check, it's more likely someone would assume it's there.
  2. Expand and flatten funcs are exceptions to the descriptive variables names rule. Keeping the names generic helps future contributors to quickly mentally process flatteners/expanders.

These changes should be made to all 10 of the expanders/flatteners. See https://github.com/hashicorp/terraform-provider-aws/blob/master/docs/contributing/data-handling-and-conversion.md#expand-functions-for-blocks for more.

aws/data_source_aws_cloudfront_origin_request_policy.go Outdated
}
}

func dataSourceAwsCloudFrontOriginRequestPolicyFindByName(d *schema.ResourceData, conn *cloudfront.CloudFront) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any non-CRUD func should come after the CRUD funcs.

aws/resource_aws_cloudfront_origin_request_policy.go
},

Schema: map[string]*schema.Schema{
"comment": {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As with the data source, these args should be alphebetized.

website/docs/d/cloudfront_origin_request_policy.html.markdown Outdated
### Cookies Config

`cookie_behavior` - Determines whether any cookies in viewer requests are included in the origin request key and automatically included in requests that CloudFront sends to the origin. Valid values are `none`, `whitelist` `all`.
`cookies` - An object that contains a list of cookie names. See [Items](#items) for more information.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
`cookies` - An object that contains a list of cookie names. See [Items](#items) for more information.
`cookies` - Object that contains a list of cookie names. See [Items](#items) for more information.

website/docs/d/cloudfront_origin_request_policy.html.markdown Outdated
* `cookies_config` - An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See [Cookies Config](#cookies-config) for more information.
* `etag` - The current version of the origin request policy.
* `headers_config` - An object that determines whether any HTTP headers (and if so, which headers) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See [Headers Config](#headers-config) for more information.
* `query_strings_config` - An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See [Query Strings Config](#query-strings-config) for more information.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* `query_strings_config` - An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See [Query Strings Config](#query-strings-config) for more information.
* `query_strings_config` - Object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See [Query Strings Config](#query-strings-config) for more information.

website/docs/d/cloudfront_origin_request_policy.html.markdown Outdated
* `comment` - A comment to describe the origin request policy.
* `cookies_config` - An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See [Cookies Config](#cookies-config) for more information.
* `etag` - The current version of the origin request policy.
* `headers_config` - An object that determines whether any HTTP headers (and if so, which headers) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See [Headers Config](#headers-config) for more information.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* `headers_config` - An object that determines whether any HTTP headers (and if so, which headers) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See [Headers Config](#headers-config) for more information.
* `headers_config` - Object that determines whether any HTTP headers (and if so, which headers) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See [Headers Config](#headers-config) for more information.

website/docs/d/cloudfront_origin_request_policy.html.markdown Outdated
## Attributes Reference

* `comment` - A comment to describe the origin request policy.
* `cookies_config` - An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See [Cookies Config](#cookies-config) for more information.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* `cookies_config` - An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See [Cookies Config](#cookies-config) for more information.
* `cookies_config` - Object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See [Cookies Config](#cookies-config) for more information.

website/docs/d/cloudfront_origin_request_policy.html.markdown Outdated

## Attributes Reference

* `comment` - A comment to describe the origin request policy.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* `comment` - A comment to describe the origin request policy.
* `comment` - Comment to describe the origin request policy.

YakDriver
YakDriver approved these changes Feb 4, 2021
View reviewed changes
Copy link
Member

@YakDriver YakDriver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking good. Few minors things left (especially d.IsNewResource()) and it's good to go!

GovCloud:

--- SKIP: TestAccAWSCloudFrontOriginRequestPolicy_basic (1.16s)
--- SKIP: TestAccAWSCloudFrontOriginRequestPolicy_noneBehavior (1.16s)
--- SKIP: TestAccAWSCloudFrontOriginRequestPolicy_update (1.16s)

us-west-2:

--- PASS: TestAccAWSCloudFrontOriginRequestPolicy_basic (10.76s)
--- PASS: TestAccAWSCloudFrontOriginRequestPolicy_noneBehavior (10.77s)
--- PASS: TestAccAWSCloudFrontOriginRequestPolicy_update (17.53s)

aws/data_source_aws_cloudfront_origin_request_policy.go

if d.Get("id").(string) == "" {
if err := dataSourceAwsCloudFrontOriginRequestPolicyFindByName(d, conn); err != nil {
return fmt.Errorf("Unable to find origin request policy by name: %s", err.Error())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return fmt.Errorf("Unable to find origin request policy by name: %s", err.Error())
return fmt.Errorf("unable to find origin request policy by name: %s", err.Error())

aws/data_source_aws_cloudfront_origin_request_policy.go

resp, err := conn.GetOriginRequestPolicy(request)
if err != nil {
return fmt.Errorf("Unable to retrieve origin request policy with ID %s: %s", d.Id(), err.Error())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return fmt.Errorf("Unable to retrieve origin request policy with ID %s: %s", d.Id(), err.Error())
return fmt.Errorf("unable to retrieve origin request policy with ID %s: %s", d.Id(), err.Error())

@bill-rich bill-rich merged commit 4dfd4bb into main Feb 4, 2021
@bill-rich bill-rich deleted the f_cloudfront_origin_request_policy branch February 4, 2021 18:55
@github-actions github-actions bot added this to the v3.27.0 milestone Feb 4, 2021
@ghost
Copy link

ghost commented Feb 5, 2021

This has been released in version 3.27.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ewbankkit ewbankkit mentioned this pull request Feb 6, 2021
Closed
oleg-codaio
oleg-codaio reviewed Feb 14, 2021
View reviewed changes
aws/resource_aws_cloudfront_distribution.go
@@ -151,6 +151,10 @@ func resourceAwsCloudFrontDistribution() *schema.Resource {
Optional: true,
Default: 0,
},
"origin_request_policy_id": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that this new parameter was never added to the documentation.

@JamesJJ JamesJJ mentioned this pull request Feb 16, 2021
Merged
@ghost
Copy link

ghost commented Mar 7, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Mar 7, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@oleg-codaio oleg-codaio oleg-codaio left review comments

@YakDriver YakDriver YakDriver approved these changes

Assignees

@YakDriver YakDriver

Labels
documentation Introduces or discusses updates to documentation. provider Pertains to the provider itself, rather than any interaction with AWS. service/cloudfront Issues and PRs that pertain to the cloudfront service. size/XXL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v3.27.0
Development

Successfully merging this pull request may close these issues.
3 participants
@bill-rich @oleg-codaio @YakDriver