Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Resource: aws_cloudfront_origin_access_control #26508

Merged
merged 3 commits into from
Aug 29, 2022
Merged

New Resource: aws_cloudfront_origin_access_control #26508

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3c384af
r/aws_cloudfront_origin_access_control: new resource
roberth-k Aug 26, 2022
0a973dc
r/aws_cloudfront_origin_access_control: add sweeper
roberth-k Aug 26, 2022
20c9526
add changelog entry for #26508
roberth-k Aug 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/26508.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:new-resource
aws_cloudfront_origin_access_control
```
1 change: 1 addition & 0 deletions internal/provider/provider.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1098,6 +1098,7 @@ func New(_ context.Context) (*schema.Provider, error) {
"aws_cloudfront_function": cloudfront.ResourceFunction(),
"aws_cloudfront_key_group": cloudfront.ResourceKeyGroup(),
"aws_cloudfront_monitoring_subscription": cloudfront.ResourceMonitoringSubscription(),
"aws_cloudfront_origin_access_control": cloudfront.ResourceOriginAccessControl(),
"aws_cloudfront_origin_access_identity": cloudfront.ResourceOriginAccessIdentity(),
"aws_cloudfront_origin_request_policy": cloudfront.ResourceOriginRequestPolicy(),
"aws_cloudfront_public_key": cloudfront.ResourcePublicKey(),
Expand Down
17 changes: 17 additions & 0 deletions internal/service/cloudfront/list.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,3 +108,20 @@ func ListResponseHeadersPoliciesPages(conn *cloudfront.CloudFront, input *cloudf
}
return nil
}

func ListOriginAccessControlsPages(conn *cloudfront.CloudFront, input *cloudfront.ListOriginAccessControlsInput, fn func(*cloudfront.ListOriginAccessControlsOutput, bool) bool) error {
for {
output, err := conn.ListOriginAccessControls(input)
if err != nil {
return err
}

lastPage := aws.StringValue(output.OriginAccessControlList.NextMarker) == ""
if !fn(output, lastPage) || lastPage {
break
}

input.Marker = output.OriginAccessControlList.NextMarker
}
return nil
}
195 changes: 195 additions & 0 deletions internal/service/cloudfront/origin_access_control.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,195 @@
package cloudfront

import (
"context"
"errors"
"log"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/cloudfront"
"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
"github.com/hashicorp/terraform-provider-aws/internal/conns"
"github.com/hashicorp/terraform-provider-aws/internal/create"
"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
"github.com/hashicorp/terraform-provider-aws/names"
)

func ResourceOriginAccessControl() *schema.Resource {
return &schema.Resource{
CreateWithoutTimeout: resourceOriginAccessControlCreate,
ReadWithoutTimeout: resourceOriginAccessControlRead,
UpdateWithoutTimeout: resourceOriginAccessControlUpdate,
DeleteWithoutTimeout: resourceOriginAccessControlDelete,

Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},

Schema: map[string]*schema.Schema{
"description": {
Type: schema.TypeString,
Optional: true,
Default: "Managed by Terraform",
ValidateFunc: validation.StringLenBetween(0, 256),
},
"etag": {
Type: schema.TypeString,
Computed: true,
},
"name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringLenBetween(1, 64),
},
"origin_access_control_origin_type": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice(cloudfront.OriginAccessControlOriginTypes_Values(), false),
},
"signing_behavior": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice(cloudfront.OriginAccessControlSigningBehaviors_Values(), false),
},
"signing_protocol": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice(cloudfront.OriginAccessControlSigningProtocols_Values(), false),
},
},
}
}

const (
ResNameOriginAccessControl = "Origin Access Control"
)

func resourceOriginAccessControlCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
conn := meta.(*conns.AWSClient).CloudFrontConn

in := &cloudfront.CreateOriginAccessControlInput{
OriginAccessControlConfig: &cloudfront.OriginAccessControlConfig{
Description: aws.String(d.Get("description").(string)),
Name: aws.String(d.Get("name").(string)),
OriginAccessControlOriginType: aws.String(d.Get("origin_access_control_origin_type").(string)),
SigningBehavior: aws.String(d.Get("signing_behavior").(string)),
SigningProtocol: aws.String(d.Get("signing_protocol").(string)),
},
}

out, err := conn.CreateOriginAccessControlWithContext(ctx, in)
if err != nil {
return create.DiagError(names.CloudFront, create.ErrActionCreating, ResNameOriginAccessControl, d.Get("name").(string), err)
}

if out == nil || out.OriginAccessControl == nil {
return create.DiagError(names.CloudFront, create.ErrActionCreating, ResNameOriginAccessControl, d.Get("name").(string), errors.New("empty output"))
}

d.SetId(aws.StringValue(out.OriginAccessControl.Id))

return resourceOriginAccessControlRead(ctx, d, meta)
}

func resourceOriginAccessControlRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
conn := meta.(*conns.AWSClient).CloudFrontConn

out, err := findOriginAccessControlByID(ctx, conn, d.Id())

if !d.IsNewResource() && tfresource.NotFound(err) {
log.Printf("[WARN] CloudFront Origin Access Control (%s) not found, removing from state", d.Id())
d.SetId("")
return nil
}

if err != nil {
return create.DiagError(names.CloudFront, create.ErrActionReading, ResNameOriginAccessControl, d.Id(), err)
}

if out.OriginAccessControl == nil || out.OriginAccessControl.OriginAccessControlConfig == nil {
return create.DiagError(names.CloudFront, create.ErrActionReading, ResNameOriginAccessControl, d.Id(), errors.New("empty output"))
}

config := out.OriginAccessControl.OriginAccessControlConfig

d.Set("description", config.Description)
d.Set("etag", out.ETag)
d.Set("name", config.Name)
d.Set("origin_access_control_origin_type", config.OriginAccessControlOriginType)
d.Set("signing_behavior", config.SigningBehavior)
d.Set("signing_protocol", config.SigningProtocol)

return nil
}

func resourceOriginAccessControlUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
conn := meta.(*conns.AWSClient).CloudFrontConn

in := &cloudfront.UpdateOriginAccessControlInput{
Id: aws.String(d.Id()),
IfMatch: aws.String(d.Get("etag").(string)),
OriginAccessControlConfig: &cloudfront.OriginAccessControlConfig{
Description: aws.String(d.Get("description").(string)),
Name: aws.String(d.Get("name").(string)),
OriginAccessControlOriginType: aws.String(d.Get("origin_access_control_origin_type").(string)),
SigningBehavior: aws.String(d.Get("signing_behavior").(string)),
SigningProtocol: aws.String(d.Get("signing_protocol").(string)),
},
}

log.Printf("[DEBUG] Updating CloudFront Origin Access Control (%s): %#v", d.Id(), in)
_, err := conn.UpdateOriginAccessControlWithContext(ctx, in)
if err != nil {
return create.DiagError(names.CloudFront, create.ErrActionUpdating, ResNameOriginAccessControl, d.Id(), err)
}

return resourceOriginAccessControlRead(ctx, d, meta)
}

func resourceOriginAccessControlDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
conn := meta.(*conns.AWSClient).CloudFrontConn

log.Printf("[INFO] Deleting CloudFront Origin Access Control %s", d.Id())

_, err := conn.DeleteOriginAccessControlWithContext(ctx, &cloudfront.DeleteOriginAccessControlInput{
Id: aws.String(d.Id()),
IfMatch: aws.String(d.Get("etag").(string)),
})

if tfawserr.ErrCodeEquals(err, cloudfront.ErrCodeNoSuchOriginAccessControl) {
return nil
}

if err != nil {
return create.DiagError(names.CloudFront, create.ErrActionDeleting, ResNameOriginAccessControl, d.Id(), err)
}

return nil
}

func findOriginAccessControlByID(ctx context.Context, conn *cloudfront.CloudFront, id string) (*cloudfront.GetOriginAccessControlOutput, error) {
in := &cloudfront.GetOriginAccessControlInput{
Id: aws.String(id),
}
out, err := conn.GetOriginAccessControlWithContext(ctx, in)
if tfawserr.ErrCodeEquals(err, cloudfront.ErrCodeNoSuchOriginAccessControl) {
return nil, &resource.NotFoundError{
LastError: err,
LastRequest: in,
}
}

if err != nil {
return nil, err
}

if out == nil || out.OriginAccessControl == nil {
return nil, tfresource.NewEmptyResultError(in)
}

return out, nil
}
Loading