From 5b7fbaa236e65203ab07ab6772e8a1c33c78f500 Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Tue, 21 Aug 2018 13:17:24 -0400 Subject: [PATCH 1/2] resource/aws_launch_template: Prevent encrypted flag cannot be specified error with block_device_mappings ebs argument * Convert `block_device_mappings` > `ebs` > `delete_on_termination` and `encrypted` to `schema.TypeString`. This to allow an "unspecified" value for the attributes since `schema.TypeBool` only has true/false with false default. The conversion from bare true/false values in configurations to `schema.TypeString` value is currently safe. Previously: ``` --- FAIL: TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS (11.23s) testing.go:527: Step 0 error: Error applying: 1 error occurred: * aws_autoscaling_group.test: 1 error occurred: * aws_autoscaling_group.test: Error creating AutoScaling Group: ValidationError: You must use a valid fully-formed launch template. the encrypted flag cannot be specified since device /dev/sda1 has a snapshot specified. ``` After code adjustments: ``` make testacc TEST=./aws TESTARGS='-run=TestAccAWSLaunchTemplate_' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -run=TestAccAWSLaunchTemplate_ -timeout 120m === RUN TestAccAWSLaunchTemplate_importBasic --- PASS: TestAccAWSLaunchTemplate_importBasic (13.63s) === RUN TestAccAWSLaunchTemplate_importData --- PASS: TestAccAWSLaunchTemplate_importData (12.00s) === RUN TestAccAWSLaunchTemplate_basic --- PASS: TestAccAWSLaunchTemplate_basic (12.71s) === RUN TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS --- PASS: TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS (48.73s) === RUN TestAccAWSLaunchTemplate_data --- PASS: TestAccAWSLaunchTemplate_data (13.59s) === RUN TestAccAWSLaunchTemplate_update --- PASS: TestAccAWSLaunchTemplate_update (46.88s) === RUN TestAccAWSLaunchTemplate_tags --- PASS: TestAccAWSLaunchTemplate_tags (21.37s) === RUN TestAccAWSLaunchTemplate_nonBurstable --- PASS: TestAccAWSLaunchTemplate_nonBurstable (11.47s) === RUN TestAccAWSLaunchTemplate_networkInterface --- PASS: TestAccAWSLaunchTemplate_networkInterface (30.44s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 211.533s ``` --- aws/resource_aws_launch_template.go | 76 ++++++++++++++++++------ aws/resource_aws_launch_template_test.go | 21 ++++++- 2 files changed, 76 insertions(+), 21 deletions(-) diff --git a/aws/resource_aws_launch_template.go b/aws/resource_aws_launch_template.go index c599182c3c1..5bb5f6aeac8 100644 --- a/aws/resource_aws_launch_template.go +++ b/aws/resource_aws_launch_template.go @@ -89,12 +89,30 @@ func resourceAwsLaunchTemplate() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "delete_on_termination": { - Type: schema.TypeBool, + // Use TypeString to allow an "unspecified" value, + // since TypeBool only has true/false with false default. + // The conversion from bare true/false values in + // configurations to TypeString value is currently safe. + Type: schema.TypeString, Optional: true, + ValidateFunc: validation.StringInSlice([]string{ + "", + "false", + "true", + }, false), }, "encrypted": { - Type: schema.TypeBool, + // Use TypeString to allow an "unspecified" value, + // since TypeBool only has true/false with false default. + // The conversion from bare true/false values in + // configurations to TypeString value is currently safe. + Type: schema.TypeString, Optional: true, + ValidateFunc: validation.StringInSlice([]string{ + "", + "false", + "true", + }, false), }, "iops": { Type: schema.TypeInt, @@ -638,14 +656,18 @@ func getBlockDeviceMappings(m []*ec2.LaunchTemplateBlockDeviceMapping) []interfa "virtual_name": aws.StringValue(v.VirtualName), } if v.NoDevice != nil { - mapping["no_device"] = *v.NoDevice + mapping["no_device"] = aws.StringValue(v.NoDevice) } if v.Ebs != nil { ebs := map[string]interface{}{ - "delete_on_termination": aws.BoolValue(v.Ebs.DeleteOnTermination), - "encrypted": aws.BoolValue(v.Ebs.Encrypted), - "volume_size": int(aws.Int64Value(v.Ebs.VolumeSize)), - "volume_type": aws.StringValue(v.Ebs.VolumeType), + "volume_size": int(aws.Int64Value(v.Ebs.VolumeSize)), + "volume_type": aws.StringValue(v.Ebs.VolumeType), + } + if v.Ebs.DeleteOnTermination != nil { + ebs["delete_on_termination"] = strconv.FormatBool(aws.BoolValue(v.Ebs.DeleteOnTermination)) + } + if v.Ebs.Encrypted != nil { + ebs["encrypted"] = strconv.FormatBool(aws.BoolValue(v.Ebs.Encrypted)) } if v.Ebs.Iops != nil { ebs["iops"] = aws.Int64Value(v.Ebs.Iops) @@ -857,7 +879,11 @@ func buildLaunchTemplateData(d *schema.ResourceData, meta interface{}) (*ec2.Req bdms := v.([]interface{}) for _, bdm := range bdms { - blockDeviceMappings = append(blockDeviceMappings, readBlockDeviceMappingFromConfig(bdm.(map[string]interface{}))) + blockDeviceMapping, err := readBlockDeviceMappingFromConfig(bdm.(map[string]interface{})) + if err != nil { + return nil, err + } + blockDeviceMappings = append(blockDeviceMappings, blockDeviceMapping) } opts.BlockDeviceMappings = blockDeviceMappings } @@ -950,7 +976,7 @@ func buildLaunchTemplateData(d *schema.ResourceData, meta interface{}) (*ec2.Req return opts, nil } -func readBlockDeviceMappingFromConfig(bdm map[string]interface{}) *ec2.LaunchTemplateBlockDeviceMappingRequest { +func readBlockDeviceMappingFromConfig(bdm map[string]interface{}) (*ec2.LaunchTemplateBlockDeviceMappingRequest, error) { blockDeviceMapping := &ec2.LaunchTemplateBlockDeviceMappingRequest{} if v := bdm["device_name"].(string); v != "" { @@ -967,24 +993,36 @@ func readBlockDeviceMappingFromConfig(bdm map[string]interface{}) *ec2.LaunchTem if v := bdm["ebs"]; len(v.([]interface{})) > 0 { ebs := v.([]interface{}) - if len(ebs) > 0 { - ebsData := ebs[0] - blockDeviceMapping.Ebs = readEbsBlockDeviceFromConfig(ebsData.(map[string]interface{})) + if len(ebs) > 0 && ebs[0] != nil { + ebsData := ebs[0].(map[string]interface{}) + launchTemplateEbsBlockDeviceRequest, err := readEbsBlockDeviceFromConfig(ebsData) + if err != nil { + return nil, err + } + blockDeviceMapping.Ebs = launchTemplateEbsBlockDeviceRequest } } - return blockDeviceMapping + return blockDeviceMapping, nil } -func readEbsBlockDeviceFromConfig(ebs map[string]interface{}) *ec2.LaunchTemplateEbsBlockDeviceRequest { +func readEbsBlockDeviceFromConfig(ebs map[string]interface{}) (*ec2.LaunchTemplateEbsBlockDeviceRequest, error) { ebsDevice := &ec2.LaunchTemplateEbsBlockDeviceRequest{} - if v := ebs["delete_on_termination"]; v != nil { - ebsDevice.DeleteOnTermination = aws.Bool(v.(bool)) + if v, ok := ebs["delete_on_termination"]; ok && v.(string) != "" { + vBool, err := strconv.ParseBool(v.(string)) + if err != nil { + return nil, fmt.Errorf("error converting delete_on_termination %q from string to boolean: %s", v.(string), err) + } + ebsDevice.DeleteOnTermination = aws.Bool(vBool) } - if v := ebs["encrypted"]; v != nil { - ebsDevice.Encrypted = aws.Bool(v.(bool)) + if v, ok := ebs["encrypted"]; ok && v.(string) != "" { + vBool, err := strconv.ParseBool(v.(string)) + if err != nil { + return nil, fmt.Errorf("error converting encrypted %q from string to boolean: %s", v.(string), err) + } + ebsDevice.Encrypted = aws.Bool(vBool) } if v := ebs["iops"].(int); v > 0 { @@ -1007,7 +1045,7 @@ func readEbsBlockDeviceFromConfig(ebs map[string]interface{}) *ec2.LaunchTemplat ebsDevice.VolumeType = aws.String(v) } - return ebsDevice + return ebsDevice, nil } func readNetworkInterfacesFromConfig(ni map[string]interface{}) *ec2.LaunchTemplateInstanceNetworkInterfaceSpecificationRequest { diff --git a/aws/resource_aws_launch_template_test.go b/aws/resource_aws_launch_template_test.go index 151b7011ef7..7149997b713 100644 --- a/aws/resource_aws_launch_template_test.go +++ b/aws/resource_aws_launch_template_test.go @@ -293,9 +293,11 @@ data "aws_ami" "test" { } } +data "aws_availability_zones" "available" {} + resource "aws_launch_template" "test" { image_id = "${data.aws_ami.test.id}" - name = "%s" + name = %q block_device_mappings { device_name = "/dev/sda1" @@ -305,7 +307,22 @@ resource "aws_launch_template" "test" { } } } -`, rName) + +# Creating an AutoScaling Group verifies the launch template +# ValidationError: You must use a valid fully-formed launch template. the encrypted flag cannot be specified since device /dev/sda1 has a snapshot specified. +resource "aws_autoscaling_group" "test" { + availability_zones = ["${data.aws_availability_zones.available.names[0]}"] + desired_capacity = 0 + max_size = 0 + min_size = 0 + name = %q + + launch_template { + id = "${aws_launch_template.test.id}" + version = "${aws_launch_template.test.default_version}" + } +} +`, rName, rName) } func testAccAWSLaunchTemplateConfig_data(rInt int) string { From 2e8a2b3b17a56b028af497aafd3a36ed15e513e1 Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Thu, 30 Aug 2018 09:40:51 -0400 Subject: [PATCH 2/2] resource/aws_launch_template: Handle bare true/false values correctly with TypeString boolean attributes Previously: ``` --- FAIL: TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS_DeleteOnTermination (1.27s) testing.go:527: Step 0 error: config is invalid: aws_launch_template.test: expected block_device_mappings.0.ebs.0.delete_on_termination to be one of [ false true], got 1 ``` Now: ``` make testacc TEST=./aws TESTARGS='-run=TestAccAWSLaunchTemplate_' ==> Checking that code complies with gofmt requirements... TF_ACC=1 go test ./aws -v -run=TestAccAWSLaunchTemplate_ -timeout 120m === RUN TestAccAWSLaunchTemplate_importBasic --- PASS: TestAccAWSLaunchTemplate_importBasic (13.71s) === RUN TestAccAWSLaunchTemplate_importData --- PASS: TestAccAWSLaunchTemplate_importData (11.56s) === RUN TestAccAWSLaunchTemplate_basic --- PASS: TestAccAWSLaunchTemplate_basic (12.18s) === RUN TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS --- PASS: TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS (48.61s) === RUN TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS_DeleteOnTermination --- PASS: TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS_DeleteOnTermination (48.98s) === RUN TestAccAWSLaunchTemplate_data --- PASS: TestAccAWSLaunchTemplate_data (11.61s) === RUN TestAccAWSLaunchTemplate_update --- PASS: TestAccAWSLaunchTemplate_update (54.26s) === RUN TestAccAWSLaunchTemplate_tags --- PASS: TestAccAWSLaunchTemplate_tags (20.58s) === RUN TestAccAWSLaunchTemplate_nonBurstable --- PASS: TestAccAWSLaunchTemplate_nonBurstable (11.58s) === RUN TestAccAWSLaunchTemplate_networkInterface --- PASS: TestAccAWSLaunchTemplate_networkInterface (30.64s) PASS ok github.com/terraform-providers/terraform-provider-aws/aws 264.442s ``` --- aws/diff_suppress_funcs.go | 13 ++++ aws/diff_suppress_funcs_test.go | 41 +++++++++++ aws/resource_aws_launch_template.go | 22 +++--- aws/resource_aws_launch_template_test.go | 91 ++++++++++++++++++++++++ aws/validators.go | 22 ++++++ aws/validators_test.go | 48 +++++++++++++ 6 files changed, 223 insertions(+), 14 deletions(-) diff --git a/aws/diff_suppress_funcs.go b/aws/diff_suppress_funcs.go index cc33eab36b4..b994d2a9a23 100644 --- a/aws/diff_suppress_funcs.go +++ b/aws/diff_suppress_funcs.go @@ -20,6 +20,19 @@ func suppressEquivalentAwsPolicyDiffs(k, old, new string, d *schema.ResourceData return equivalent } +// suppressEquivalentTypeStringBoolean provides custom difference suppression for TypeString booleans +// Some arguments require three values: true, false, and "" (unspecified), but +// confusing behavior exists when converting bare true/false values with state. +func suppressEquivalentTypeStringBoolean(k, old, new string, d *schema.ResourceData) bool { + if old == "false" && new == "0" { + return true + } + if old == "true" && new == "1" { + return true + } + return false +} + // Suppresses minor version changes to the db_instance engine_version attribute func suppressAwsDbEngineVersionDiffs(k, old, new string, d *schema.ResourceData) bool { // First check if the old/new values are nil. diff --git a/aws/diff_suppress_funcs_test.go b/aws/diff_suppress_funcs_test.go index 0727a1042b5..196616aeae5 100644 --- a/aws/diff_suppress_funcs_test.go +++ b/aws/diff_suppress_funcs_test.go @@ -29,3 +29,44 @@ func TestSuppressEquivalentJsonDiffsWhitespaceAndNoWhitespace(t *testing.T) { t.Errorf("Expected suppressEquivalentJsonDiffs to return false for %s == %s", noWhitespaceDiff, whitespaceDiff) } } + +func TestSuppressEquivalentTypeStringBoolean(t *testing.T) { + testCases := []struct { + old string + new string + equivalent bool + }{ + { + old: "false", + new: "0", + equivalent: true, + }, + { + old: "true", + new: "1", + equivalent: true, + }, + { + old: "", + new: "0", + equivalent: false, + }, + { + old: "", + new: "1", + equivalent: false, + }, + } + + for i, tc := range testCases { + value := suppressEquivalentTypeStringBoolean("test_property", tc.old, tc.new, nil) + + if tc.equivalent && !value { + t.Fatalf("expected test case %d to be equivalent", i) + } + + if !tc.equivalent && value { + t.Fatalf("expected test case %d to not be equivalent", i) + } + } +} diff --git a/aws/resource_aws_launch_template.go b/aws/resource_aws_launch_template.go index 5bb5f6aeac8..1ab156c58af 100644 --- a/aws/resource_aws_launch_template.go +++ b/aws/resource_aws_launch_template.go @@ -93,26 +93,20 @@ func resourceAwsLaunchTemplate() *schema.Resource { // since TypeBool only has true/false with false default. // The conversion from bare true/false values in // configurations to TypeString value is currently safe. - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.StringInSlice([]string{ - "", - "false", - "true", - }, false), + Type: schema.TypeString, + Optional: true, + DiffSuppressFunc: suppressEquivalentTypeStringBoolean, + ValidateFunc: validateTypeStringNullableBoolean, }, "encrypted": { // Use TypeString to allow an "unspecified" value, // since TypeBool only has true/false with false default. // The conversion from bare true/false values in // configurations to TypeString value is currently safe. - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.StringInSlice([]string{ - "", - "false", - "true", - }, false), + Type: schema.TypeString, + Optional: true, + DiffSuppressFunc: suppressEquivalentTypeStringBoolean, + ValidateFunc: validateTypeStringNullableBoolean, }, "iops": { Type: schema.TypeInt, diff --git a/aws/resource_aws_launch_template_test.go b/aws/resource_aws_launch_template_test.go index 7149997b713..bb9c6bc4c3e 100644 --- a/aws/resource_aws_launch_template_test.go +++ b/aws/resource_aws_launch_template_test.go @@ -64,6 +64,47 @@ func TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS(t *testing.T) { }) } +func TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS_DeleteOnTermination(t *testing.T) { + var template ec2.LaunchTemplate + rName := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_launch_template.test" + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSLaunchTemplateDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSLaunchTemplateConfig_BlockDeviceMappings_EBS_DeleteOnTermination(rName, true), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSLaunchTemplateExists(resourceName, &template), + resource.TestCheckResourceAttr(resourceName, "block_device_mappings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "block_device_mappings.0.device_name", "/dev/sda1"), + resource.TestCheckResourceAttr(resourceName, "block_device_mappings.0.ebs.#", "1"), + resource.TestCheckResourceAttr(resourceName, "block_device_mappings.0.ebs.0.delete_on_termination", "true"), + resource.TestCheckResourceAttr(resourceName, "block_device_mappings.0.ebs.0.volume_size", "15"), + ), + }, + { + Config: testAccAWSLaunchTemplateConfig_BlockDeviceMappings_EBS_DeleteOnTermination(rName, false), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSLaunchTemplateExists(resourceName, &template), + resource.TestCheckResourceAttr(resourceName, "block_device_mappings.#", "1"), + resource.TestCheckResourceAttr(resourceName, "block_device_mappings.0.device_name", "/dev/sda1"), + resource.TestCheckResourceAttr(resourceName, "block_device_mappings.0.ebs.#", "1"), + resource.TestCheckResourceAttr(resourceName, "block_device_mappings.0.ebs.0.delete_on_termination", "false"), + resource.TestCheckResourceAttr(resourceName, "block_device_mappings.0.ebs.0.volume_size", "15"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func TestAccAWSLaunchTemplate_data(t *testing.T) { var template ec2.LaunchTemplate resName := "aws_launch_template.foo" @@ -325,6 +366,56 @@ resource "aws_autoscaling_group" "test" { `, rName, rName) } +func testAccAWSLaunchTemplateConfig_BlockDeviceMappings_EBS_DeleteOnTermination(rName string, deleteOnTermination bool) string { + return fmt.Sprintf(` +data "aws_ami" "test" { + most_recent = true + owners = ["099720109477"] # Canonical + + filter { + name = "name" + values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } +} + +data "aws_availability_zones" "available" {} + +resource "aws_launch_template" "test" { + image_id = "${data.aws_ami.test.id}" + name = %q + + block_device_mappings { + device_name = "/dev/sda1" + + ebs { + delete_on_termination = %t + volume_size = 15 + } + } +} + +# Creating an AutoScaling Group verifies the launch template +# ValidationError: You must use a valid fully-formed launch template. the encrypted flag cannot be specified since device /dev/sda1 has a snapshot specified. +resource "aws_autoscaling_group" "test" { + availability_zones = ["${data.aws_availability_zones.available.names[0]}"] + desired_capacity = 0 + max_size = 0 + min_size = 0 + name = %q + + launch_template { + id = "${aws_launch_template.test.id}" + version = "${aws_launch_template.test.default_version}" + } +} +`, rName, deleteOnTermination, rName) +} + func testAccAWSLaunchTemplateConfig_data(rInt int) string { return fmt.Sprintf(` resource "aws_launch_template" "foo" { diff --git a/aws/validators.go b/aws/validators.go index e834c9239be..51a8d434a87 100644 --- a/aws/validators.go +++ b/aws/validators.go @@ -32,6 +32,28 @@ func validateRFC3339TimeString(v interface{}, k string) (ws []string, errors []e return } +// validateTypeStringNullableBoolean provides custom error messaging for TypeString booleans +// Some arguments require three values: true, false, and "" (unspecified). +// This ValidateFunc returns a custom message since the message with +// validation.StringInSlice([]string{"", "false", "true"}, false) is confusing: +// to be one of [ false true], got 1 +func validateTypeStringNullableBoolean(v interface{}, k string) (ws []string, es []error) { + value, ok := v.(string) + if !ok { + es = append(es, fmt.Errorf("expected type of %s to be string", k)) + return + } + + for _, str := range []string{"", "0", "1"} { + if value == str { + return + } + } + + es = append(es, fmt.Errorf("expected %s to be one of [\"\", false, true], got %s", k, value)) + return +} + func validateRdsIdentifier(v interface{}, k string) (ws []string, errors []error) { value := v.(string) if !regexp.MustCompile(`^[0-9a-z-]+$`).MatchString(value) { diff --git a/aws/validators_test.go b/aws/validators_test.go index 953b720527c..df9fed35db5 100644 --- a/aws/validators_test.go +++ b/aws/validators_test.go @@ -81,6 +81,54 @@ func TestValidateRFC3339TimeString(t *testing.T) { } } +func TestValidateTypeStringNullableBoolean(t *testing.T) { + testCases := []struct { + val interface{} + expectedErr *regexp.Regexp + }{ + { + val: "", + }, + { + val: "0", + }, + { + val: "1", + }, + { + val: "invalid", + expectedErr: regexp.MustCompile(`to be one of \["", false, true\]`), + }, + } + + matchErr := func(errs []error, r *regexp.Regexp) bool { + // err must match one provided + for _, err := range errs { + if r.MatchString(err.Error()) { + return true + } + } + + return false + } + + for i, tc := range testCases { + _, errs := validateTypeStringNullableBoolean(tc.val, "test_property") + + if len(errs) == 0 && tc.expectedErr == nil { + continue + } + + if len(errs) != 0 && tc.expectedErr == nil { + t.Fatalf("expected test case %d to produce no errors, got %v", i, errs) + } + + if !matchErr(errs, tc.expectedErr) { + t.Fatalf("expected test case %d to produce error matching \"%s\", got %v", i, tc.expectedErr, errs) + } + } +} + func TestValidateEcrRepositoryName(t *testing.T) { validNames := []string{ "nginx-web-app",