fix(tls_mutual_authentication): Ensure that 'enforced' property does …

…not revert to default during changes. (#890) * Use GO_BIN environment variable to find Go binary. * fix(tls_mutual_authentication): Ensure that 'enforced' property does not revert to default during changes. If the 'enforced' property was already set to true in the configuration, and the name (or certificate bundle) of an MTLS authentication resource was changed, the 'enforced' property would revert to 'false'.
fastly · Oct 28, 2024 · de01fe6 · de01fe6
1 parent 0a19458
commit de01fe6
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 20 deletions.
diff --git a/Makefile b/Makefile
@@ -1,4 +1,6 @@
-TEST?=$$(go list ./... |grep -v 'vendor')
+GO_BIN ?= go ## Allows overriding go executable.
+
+TEST?=$$($(GO_BIN) list ./... |grep -v 'vendor')
 GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
 WEBSITE_REPO=github.com/hashicorp/terraform-website
 PKG_NAME=fastly
@@ -9,7 +11,7 @@ VERSION_SHORT=$(shell git describe --tags --always --abbrev=0)
 DOCS_PROVIDER_VERSION=$(subst v,,$(VERSION_SHORT))
 
 # Enables support for tools such as https://github.com/rakyll/gotest
-TEST_COMMAND ?= go test
+TEST_COMMAND ?= $(GO_BIN) test
 
 # R019: ignore large number of arguments passed to HasChanges().
 # R018: replace sleep with either resource.Retry() or WaitForState().
@@ -19,8 +21,8 @@ TFPROVIDERLINT_DEFAULT_FLAGS=-R001=false -R018=false -R019=false
 # XAT001: missing resource.TestCase ErrorCheck.
 TFPROVIDERLINTX_DEFAULT_FLAGS=-XAT001=false
 
-GOHOSTOS ?= $(shell go env GOHOSTOS || echo unknown)
-GOHOSTARCH ?= $(shell go env GOHOSTARCH || echo unknown)
+GOHOSTOS ?= $(shell $(GO_BIN) env GOHOSTOS || echo unknown)
+GOHOSTARCH ?= $(shell $(GO_BIN) env GOHOSTARCH || echo unknown)
 
 # Use a parallelism of 4 by default for tests, overriding whatever GOMAXPROCS is
 # set to. For the acceptance tests especially, the main bottleneck affecting the
@@ -32,7 +34,7 @@ TEST_PARALLELISM?=4
 default: build
 
 build: clean
-	go build -o bin/terraform-provider-$(PKG_NAME)_$(VERSION) -ldflags="-X $(FULL_PKG_NAME)/$(VERSION_PLACEHOLDER)=$(VERSION)"
+	$(GO_BIN) build -o bin/terraform-provider-$(PKG_NAME)_$(VERSION) -ldflags="-X $(FULL_PKG_NAME)/$(VERSION_PLACEHOLDER)=$(VERSION)"
 	@sh -c "'$(CURDIR)/scripts/generate-dev-overrides.sh'"
 
 test:
@@ -65,7 +67,7 @@ clean_test:
 	fi
 
 vet:
-	@go vet $$(go list ./... | grep -v vendor/) ; if [ $$? -eq 1 ]; then \
+	@$(GO_BIN) vet $$($(GO_BIN) list ./... | grep -v vendor/) ; if [ $$? -eq 1 ]; then \
 		echo "\nVet found suspicious constructs. Please check the reported constructs"; \
 		echo "and fix them if necessary before submitting the code for review."; \
 		exit 1; \
@@ -82,7 +84,7 @@ errcheck:
 
 goreleaser-bin:
 	@# This is the last version of goreleaser that supports Go 1.20.14 (the version used to build the provider)
-	go install github.com/goreleaser/[email protected]
+	$(GO_BIN) install github.com/goreleaser/[email protected]
 
 nilaway:
 	@nilaway ./...
@@ -107,7 +109,7 @@ test-compile:
 BIN=$(CURDIR)/bin
 $(BIN)/%:
 	@echo "Installing tools from tools/tools.go"
-	@cat tools/tools.go | grep _ | awk -F '"' '{print $$2}' | GOBIN=$(BIN) xargs -tI {} go install {}
+	@cat tools/tools.go | grep _ | awk -F '"' '{print $$2}' | GOBIN=$(BIN) xargs -tI {} $(GO_BIN) install {}
 
 generate-docs: $(BIN)/tfplugindocs
 	$(shell sed -e "s/__VERSION__/$(DOCS_PROVIDER_VERSION)/g" examples/index-fastly-provider.tf.tmpl > examples/index-fastly-provider.tf)

diff --git a/fastly/resource_fastly_tls_mutual_authentication.go b/fastly/resource_fastly_tls_mutual_authentication.go
@@ -179,9 +179,11 @@ func resourceFastlyTLSMutualAuthenticationUpdate(_ context.Context, d *schema.Re
 		CertBundle: d.Get("cert_bundle").(string),
 	}
 
-	if d.HasChange("enforced") {
-		input.Enforced = d.Get("enforced").(bool)
-	}
+	// Since a boolean value is not 'optional', the input struct
+	// must always contain the expected value of the 'enforced'
+	// setting, whether it was changed or not
+	input.Enforced = d.Get("enforced").(bool)
+
 	if d.HasChange("name") {
 		input.Name = d.Get("name").(string)
 	}

diff --git a/fastly/resource_fastly_tls_mutual_authentication_test.go b/fastly/resource_fastly_tls_mutual_authentication_test.go
@@ -23,8 +23,11 @@ func TestAccFastlyMTLS_basic(t *testing.T) {
 	name := acctest.RandomWithPrefix(testResourcePrefix)
 	updatedName := acctest.RandomWithPrefix(testResourcePrefix)
 
+	enforced := false
+
 	resourceTLSActivationName := "fastly_tls_activation.test"
 	resourceMTLSName := "fastly_tls_mutual_authentication.test"
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck: func() {
 			testAccPreCheck(t)
@@ -33,23 +36,23 @@ func TestAccFastlyMTLS_basic(t *testing.T) {
 		CheckDestroy:      testAccFastlyTLSActivationCheckDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccFastlyMTLSConfig(name, name, key, name, cert, domain, mtlsCert),
+				Config: testAccFastlyMTLSConfig(name, name, key, name, cert, domain, mtlsCert, name, enforced),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet(resourceTLSActivationName, "certificate_id"),
 					resource.TestCheckResourceAttrSet(resourceTLSActivationName, "configuration_id"),
 					resource.TestCheckResourceAttr(resourceTLSActivationName, "domain", domain),
 					resource.TestCheckResourceAttrSet(resourceTLSActivationName, "created_at"),
 					testAccFastlyTLSActivationCheckExists(resourceTLSActivationName),
-					resource.TestCheckResourceAttr(resourceMTLSName, "name", "example_mtls"),
-					resource.TestCheckResourceAttr(resourceMTLSName, "enforced", "false"),
+					resource.TestCheckResourceAttr(resourceMTLSName, "name", name),
+					resource.TestCheckResourceAttr(resourceMTLSName, "enforced", fmt.Sprintf("%t", enforced)),
 				),
 			},
 			{
-				Config: testAccFastlyMTLSConfig(name, name, key, updatedName, cert2, domain, mtlsCert),
+				Config: testAccFastlyMTLSConfig(name, name, key, updatedName, cert2, domain, mtlsCert, name, enforced),
 				Check: resource.ComposeTestCheckFunc(
 					testAccFastlyTLSActivationCheckExists(resourceTLSActivationName),
-					resource.TestCheckResourceAttr(resourceMTLSName, "name", "example_mtls"),
-					resource.TestCheckResourceAttr(resourceMTLSName, "enforced", "false"),
+					resource.TestCheckResourceAttr(resourceMTLSName, "name", name),
+					resource.TestCheckResourceAttr(resourceMTLSName, "enforced", fmt.Sprintf("%t", enforced)),
 				),
 			},
 			{
@@ -68,7 +71,55 @@ func TestAccFastlyMTLS_basic(t *testing.T) {
 	})
 }
 
-func testAccFastlyMTLSConfig(serviceName, keyName, key, certName, cert, domain, certBundle string) string {
+func TestAccFastlyMTLS_PreserveEnforcedStateDuringNameChange(t *testing.T) {
+	domain := fmt.Sprintf("%s.com", acctest.RandomWithPrefix(testResourcePrefix))
+	key, cert, _, err := generateKeyAndMultipleCerts(domain)
+	require.NoError(t, err)
+	_, mtlsCert, err := generateKeyAndCert(domain)
+	require.NoError(t, err)
+	key = strings.ReplaceAll(key, "\n", `\n`)
+	cert = strings.ReplaceAll(cert, "\n", `\n`)
+
+	name := acctest.RandomWithPrefix(testResourcePrefix)
+	updatedName := acctest.RandomWithPrefix(testResourcePrefix)
+
+	enforced := true
+
+	resourceTLSActivationName := "fastly_tls_activation.test"
+	resourceMTLSName := "fastly_tls_mutual_authentication.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		ProviderFactories: testAccProviders,
+		CheckDestroy:      testAccFastlyTLSActivationCheckDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccFastlyMTLSConfig(name, name, key, name, cert, domain, mtlsCert, name, enforced),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(resourceTLSActivationName, "certificate_id"),
+					resource.TestCheckResourceAttrSet(resourceTLSActivationName, "configuration_id"),
+					resource.TestCheckResourceAttr(resourceTLSActivationName, "domain", domain),
+					resource.TestCheckResourceAttrSet(resourceTLSActivationName, "created_at"),
+					testAccFastlyTLSActivationCheckExists(resourceTLSActivationName),
+					resource.TestCheckResourceAttr(resourceMTLSName, "name", name),
+					resource.TestCheckResourceAttr(resourceMTLSName, "enforced", fmt.Sprintf("%t", enforced)),
+				),
+			},
+			{
+				Config: testAccFastlyMTLSConfig(name, name, key, name, cert, domain, mtlsCert, updatedName, enforced),
+				Check: resource.ComposeTestCheckFunc(
+					testAccFastlyTLSActivationCheckExists(resourceTLSActivationName),
+					resource.TestCheckResourceAttr(resourceMTLSName, "name", updatedName),
+					resource.TestCheckResourceAttr(resourceMTLSName, "enforced", fmt.Sprintf("%t", enforced)),
+				),
+			},
+		},
+	})
+}
+
+func testAccFastlyMTLSConfig(serviceName, keyName, key, certName, cert, domain, certBundle, mtlsName string, enforced bool) string {
 	return fmt.Sprintf(`
 resource "fastly_service_vcl" "test" {
   name = "%s"
@@ -103,11 +154,12 @@ resource "fastly_tls_activation" "test" {
 }
 
 resource "fastly_tls_mutual_authentication" "test" {
+  enforced = %t
   activation_ids = [fastly_tls_activation.test.id]
   cert_bundle = <<EOF
 %s
 EOF
-  name = "example_mtls"
+  name = "%s"
 }
-`, serviceName, domain, key, keyName, cert, certName, domain, certBundle)
+`, serviceName, domain, key, keyName, cert, certName, domain, enforced, certBundle, mtlsName)
 }