Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for setting of certificate in aws_codebuild_project #6087

Merged
merged 2 commits into from
Oct 9, 2018
Merged

Support for setting of certificate in aws_codebuild_project #6087

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
39923bc
Support for setting of certificate in `aws_codebuild_project`
tkbky Oct 7, 2018
c5c262b
Rework the test for codebuild certificate
tkbky Oct 9, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions aws/resource_aws_codebuild_project.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,10 @@ func resourceAwsCodeBuildProject() *schema.Resource {
Optional: true,
Default: false,
},
"certificate": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the CodeBuild API seems to validate against .pem and .zip endings, we can implement plan-time validation for that via:

ValidateFunc: validation.StringMatch(regexp.MustCompile(`\.(pem|zip)$`), "must end in .pem or .zip"),

Also, since this attribute lives inside a Type: schema.TypeSet attribute, there is a Set function which is used to detect changes. resourceAwsCodeBuildProjectEnvironmentHash in this case.

We can add the following there:

if v, ok := m["certificate"]; ok && v.(string) != "" {
	buf.WriteString(fmt.Sprintf("%s-", v.(string)))
}

At some point we'll likely be converting many of these TypeSet attributes, due to their unnecessary complexity.

Type: schema.TypeString,
Optional: true,
},
},
},
Set: resourceAwsCodeBuildProjectEnvironmentHash,
Expand Down Expand Up @@ -619,6 +623,10 @@ func expandProjectEnvironment(d *schema.ResourceData) *codebuild.ProjectEnvironm
projectEnv.Type = aws.String(v.(string))
}

if v := envConfig["certificate"]; v != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To prevent the Terraform resource from always triggering this error when not set in the Terrraform configuration:

--- FAIL: TestAccAWSCodeBuildProject_basic (6.15s)
    testing.go:527: Step 0 error: Error applying: 1 error occurred:
        	* aws_codebuild_project.test: 1 error occurred:
        	* aws_codebuild_project.test: Error creating CodeBuild project: InvalidInputException: Invalid extension: certificate must be either .pem or .zip
        	status code: 400, request id: bc162507-cbe4-11e8-aeb7-db9c8472a837

We can use this instead:

if v, ok := envConfig["certificate"]; ok && v.(string) != "" {
	projectEnv.Certificate = aws.String(v.(string))
}

projectEnv.Certificate = aws.String(v.(string))
}

if v := envConfig["environment_variable"]; v != nil {
envVariables := v.([]interface{})
if len(envVariables) > 0 {
Expand Down Expand Up @@ -984,6 +992,7 @@ func flattenAwsCodeBuildProjectEnvironment(environment *codebuild.ProjectEnviron
envConfig["type"] = *environment.Type
envConfig["compute_type"] = *environment.ComputeType
envConfig["image"] = *environment.Image
envConfig["certificate"] = aws.StringValue(environment.Certificate)
envConfig["privileged_mode"] = *environment.PrivilegedMode

if environment.EnvironmentVariables != nil {
Expand Down
54 changes: 54 additions & 0 deletions aws/resource_aws_codebuild_project_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -286,6 +286,29 @@ func TestAccAWSCodeBuildProject_Environment_EnvironmentVariable_Type(t *testing.
})
}

func TestAccAWSCodeBuildProject_Environment_Certificate(t *testing.T) {
var project codebuild.Project
rName := acctest.RandomWithPrefix("tf-acc-test")
bName := acctest.RandomWithPrefix("tf-acc-test-bucket")
oName := "certificate.pem"
resourceName := "aws_codebuild_project.test"

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckAWSCodeBuildProjectDestroy,
Steps: []resource.TestStep{
{
Config: testAccAWSCodeBuildProjectConfig_Environment_Certificate(rName, bName, oName),
Check: resource.ComposeTestCheckFunc(
testAccCheckAWSCodeBuildProjectExists(resourceName, &project),
resource.TestCheckResourceAttr(resourceName, "environment.1974383098.certificate", fmt.Sprintf("%s/%s", bName, oName)),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since the TypeSet value wasn't dependent on the certificate value previously, the 1974383098 value was static. Now that resourceAwsCodeBuildProjectEnvironmentHash has been updated and since we randomly generate the S3 bucket name, the hash will never be consistent. Rather than trying to recompute the hash value for this test, we can instead just verify the API is set correctly via:

testAccCheckAWSCodeBuildProjectCertificate(&project, fmt.Sprintf("%s/%s", bName, oName)),

and its definition:

func testAccCheckAWSCodeBuildProjectCertificate(project *codebuild.Project, expectedCertificate string) resource.TestCheckFunc {
	return func(s *terraform.State) error {
		if aws.StringValue(project.Environment.Certificate) != expectedCertificate {
			return fmt.Errorf("CodeBuild Project certificate (%s) did not match: %s", aws.StringValue(project.Environment.Certificate), expectedCertificate)
		}
		return nil
	}
}

),
},
},
})
}

func TestAccAWSCodeBuildProject_Source_Auth(t *testing.T) {
var project codebuild.Project
rName := acctest.RandomWithPrefix("tf-acc-test")
Expand Down Expand Up @@ -1017,6 +1040,37 @@ resource "aws_codebuild_project" "test" {
`, rName, environmentVariableType)
}

func testAccAWSCodeBuildProjectConfig_Environment_Certificate(rName string, bName string, oName string) string {
return testAccAWSCodeBuildProjectConfig_Base_ServiceRole(rName) + testAccAWSCodeBuildProjectConfig_Base_Bucket(bName) + fmt.Sprintf(`
resource "aws_s3_bucket_object" "test" {
bucket = "${aws_s3_bucket.test.bucket}"
key = "%s"
content = "foo"
}

resource "aws_codebuild_project" "test" {
name = "%s"
service_role = "${aws_iam_role.test.arn}"

artifacts {
type = "NO_ARTIFACTS"
}

environment {
compute_type = "BUILD_GENERAL1_SMALL"
image = "2"
type = "LINUX_CONTAINER"
certificate = "${aws_s3_bucket.test.bucket}/${aws_s3_bucket_object.test.key}"
}

source {
type = "GITHUB"
location = "https://github.com/hashicorp/packer.git"
}
}
`, oName, rName)
}

func testAccAWSCodeBuildProjectConfig_Source_Auth(rName, authResource, authType string) string {
return testAccAWSCodeBuildProjectConfig_Base_ServiceRole(rName) + fmt.Sprintf(`
resource "aws_codebuild_project" "test" {
Expand Down
5 changes: 3 additions & 2 deletions website/docs/r/codebuild_project.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ The following arguments are supported:
* `tags` - (Optional) A mapping of tags to assign to the resource.
* `vpc_config` - (Optional) Configuration for the builds to run inside a VPC. VPC config blocks are documented below.
* `secondary_artifacts` - (Optional) A set of secondary artifacts to be used inside the build. Secondary artifacts blocks are documented below.
* `secondary_sources` - (Optional) A set of secondary sources to be used inside the build. Secondary sources blocks are documented below.
* `secondary_sources` - (Optional) A set of secondary sources to be used inside the build. Secondary sources blocks are documented below.

`artifacts` supports the following:

Expand All @@ -182,6 +182,7 @@ The following arguments are supported:
* `type` - (Required) The type of build environment to use for related builds. Available values are: `LINUX_CONTAINER` or `WINDOWS_CONTAINER`.
* `environment_variable` - (Optional) A set of environment variables to make available to builds for this build project.
* `privileged_mode` - (Optional) If set to true, enables running the Docker daemon inside a Docker container. Defaults to `false`.
* `certificate` - (Optional) The ARN of the S3 bucket, path prefix and object key that contains the PEM-encoded certificate.

`environment_variable` supports the following:

Expand Down Expand Up @@ -214,7 +215,7 @@ The following arguments are supported:
`secondary_artifacts` supports the following:

* `type` - (Required) The build output artifact's type. Valid values for this parameter are: `CODEPIPELINE`, `NO_ARTIFACTS` or `S3`.
* `artifact_identifier` - (Required) The artifact identifier. Must be the same specified inside AWS CodeBuild buildspec.
* `artifact_identifier` - (Required) The artifact identifier. Must be the same specified inside AWS CodeBuild buildspec.
* `encryption_disabled` - (Optional) If set to true, output artifacts will not be encrypted. If `type` is set to `NO_ARTIFACTS` then this value will be ignored. Defaults to `false`.
* `location` - (Optional) Information about the build output artifact location. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS` then this value will be ignored. If `type` is set to `S3`, this is the name of the output bucket. If `path` is not also specified, then `location` can also specify the path of the output artifact in the output bucket.
* `name` - (Optional) The name of the project. If `type` is set to `S3`, this is the name of the output artifact object
Expand Down