Skip to content

Commit

Permalink
fix ssl setting for Redis connection strings
Browse files Browse the repository at this point in the history
  • Loading branch information
Maksymilian Boguń committed Apr 27, 2020
1 parent 8e31829 commit d313ee1
Show file tree
Hide file tree
Showing 3 changed files with 57 additions and 10 deletions.
5 changes: 3 additions & 2 deletions azurerm/internal/services/redis/data_source_redis_cache.go
Original file line number Diff line number Diff line change
Expand Up @@ -289,8 +289,9 @@ func dataSourceArmRedisCacheRead(d *schema.ResourceData, meta interface{}) error
d.Set("secondary_access_key", keys.SecondaryKey)

if props != nil {
d.Set("primary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keys.PrimaryKey, *props.EnableNonSslPort))
d.Set("secondary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keys.SecondaryKey, *props.EnableNonSslPort))
enableSslPort := !*props.EnableNonSslPort
d.Set("primary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keys.PrimaryKey, enableSslPort))
d.Set("secondary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keys.SecondaryKey, enableSslPort))
}

return tags.FlattenAndSet(d, resp.Tags)
Expand Down
5 changes: 3 additions & 2 deletions azurerm/internal/services/redis/resource_arm_redis_cache.go
Original file line number Diff line number Diff line change
Expand Up @@ -570,8 +570,9 @@ func resourceArmRedisCacheRead(d *schema.ResourceData, meta interface{}) error {
d.Set("secondary_access_key", keysResp.SecondaryKey)

if props != nil {
d.Set("primary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keysResp.PrimaryKey, *props.EnableNonSslPort))
d.Set("secondary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keysResp.SecondaryKey, *props.EnableNonSslPort))
enableSslPort := !*props.EnableNonSslPort
d.Set("primary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keysResp.PrimaryKey, enableSslPort))
d.Set("secondary_connection_string", getRedisConnectionString(*props.HostName, *props.SslPort, *keysResp.SecondaryKey, enableSslPort))
}

return tags.FlattenAndSet(d, resp.Tags)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package tests
import (
"fmt"
"net/http"
"strings"
"testing"

"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
Expand All @@ -20,12 +21,35 @@ func TestAccAzureRMRedisCache_basic(t *testing.T) {
CheckDestroy: testCheckAzureRMRedisCacheDestroy,
Steps: []resource.TestStep{
{
Config: testAccAzureRMRedisCache_basic(data),
Config: testAccAzureRMRedisCache_basic(data, true),
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMRedisCacheExists(data.ResourceName),
resource.TestCheckResourceAttrSet(data.ResourceName, "minimum_tls_version"),
resource.TestCheckResourceAttrSet(data.ResourceName, "primary_connection_string"),
resource.TestCheckResourceAttrSet(data.ResourceName, "secondary_connection_string"),
testCheckSSLInConnectionString(data.ResourceName, "primary_connection_string", true),
testCheckSSLInConnectionString(data.ResourceName, "secondary_connection_string", true),
),
},
data.ImportStep(),
},
})
}

func TestAccAzureRMRedisCache_withoutSSL(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_redis_cache", "test")

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { acceptance.PreCheck(t) },
Providers: acceptance.SupportedProviders,
CheckDestroy: testCheckAzureRMRedisCacheDestroy,
Steps: []resource.TestStep{
{
Config: testAccAzureRMRedisCache_basic(data, false),
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMRedisCacheExists(data.ResourceName),
testCheckSSLInConnectionString(data.ResourceName, "primary_connection_string", false),
testCheckSSLInConnectionString(data.ResourceName, "secondary_connection_string", false),
),
},
data.ImportStep(),
Expand All @@ -42,7 +66,7 @@ func TestAccAzureRMRedisCache_requiresImport(t *testing.T) {
CheckDestroy: testCheckAzureRMRedisCacheDestroy,
Steps: []resource.TestStep{
{
Config: testAccAzureRMRedisCache_basic(data),
Config: testAccAzureRMRedisCache_basic(data, true),
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMRedisCacheExists(data.ResourceName),
),
Expand Down Expand Up @@ -416,6 +440,7 @@ func TestAccAzureRMRedisCache_WithoutAuth(t *testing.T) {
},
})
}

func testCheckAzureRMRedisCacheExists(resourceName string) resource.TestCheckFunc {
return func(s *terraform.State) error {
conn := acceptance.AzureProvider.Meta().(*clients.Client).Redis.Client
Expand Down Expand Up @@ -472,7 +497,7 @@ func testCheckAzureRMRedisCacheDestroy(s *terraform.State) error {
return nil
}

func testAccAzureRMRedisCache_basic(data acceptance.TestData) string {
func testAccAzureRMRedisCache_basic(data acceptance.TestData, requireSSL bool) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
Expand All @@ -490,17 +515,17 @@ resource "azurerm_redis_cache" "test" {
capacity = 1
family = "C"
sku_name = "Basic"
enable_non_ssl_port = false
enable_non_ssl_port = %t
minimum_tls_version = "1.2"
redis_configuration {
}
}
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger)
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, !requireSSL)
}

func testAccAzureRMRedisCache_requiresImport(data acceptance.TestData) string {
template := testAccAzureRMRedisCache_basic(data)
template := testAccAzureRMRedisCache_basic(data, true)
return fmt.Sprintf(`
%s
Expand Down Expand Up @@ -1037,3 +1062,23 @@ resource "azurerm_redis_cache" "test" {
}
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger)
}

func testCheckSSLInConnectionString(resourceName string, propertyName string, requireSSL bool) resource.TestCheckFunc {
return func(s *terraform.State) error {
// Ensure we have enough information in state to look up in API
rs, ok := s.RootModule().Resources[resourceName]
if !ok {
return fmt.Errorf("Not found: %s", resourceName)
}

connectionString := rs.Primary.Attributes[propertyName]
if strings.Contains(connectionString, fmt.Sprintf("ssl=%t", requireSSL)) {
return nil
}
if strings.Contains(connectionString, fmt.Sprintf("ssl=%t", !requireSSL)) {
return fmt.Errorf("Bad: wrong SSL setting in connection string: %s", propertyName)
}

return fmt.Errorf("Bad: missing SSL setting in connection string: %s", propertyName)
}
}

0 comments on commit d313ee1

Please sign in to comment.