diff --git a/CHANGELOG.md b/CHANGELOG.md index 86493675..adc61a90 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ FEATURES - Add `custom_load_balancer_config` input variable which can be used to feed in custom load balancer target group config that can be attached to the gateway's ECS task. - Add `consul.hashicorp.com.gateway-kind` as a tag to the gateway task's IAM Role. This field will hold the type of the gateway that is getting deployed to the ECS task and will be used by the configured IAM auth method to mint tokens with appropriate permissions when individual tasks perform a Consul login. +* Add support for provisioning Terminating gateways as ECS tasks [[GH-236](https://github.com/hashicorp/terraform-aws-consul-ecs/pull/236)] + - Add `terminating-gateway` as an acceptable `kind` input for the gateway submodule. * examples/api-gateway: Add example terraform to demonstrate exposing mesh tasks in ECS via Consul API gateway deployed as an ECS task. [[GH-235]](https://github.com/hashicorp/terraform-aws-consul-ecs/pull/235) ## 0.7.0 (Nov 8, 2023) diff --git a/modules/gateway-task/variables.tf b/modules/gateway-task/variables.tf index cb786150..43ad8c9f 100644 --- a/modules/gateway-task/variables.tf +++ b/modules/gateway-task/variables.tf @@ -196,8 +196,8 @@ variable "kind" { type = string validation { - error_message = "Gateway kind must be one of 'mesh-gateway' or 'api-gateway'." - condition = contains(["mesh-gateway", "api-gateway"], var.kind) + error_message = "Gateway kind must be one of 'mesh-gateway', 'terminating-gateway' or 'api-gateway'." + condition = contains(["mesh-gateway", "terminating-gateway", "api-gateway"], var.kind) } } diff --git a/test/acceptance/tests/validation/terraform/terminating-gateway-validate/main.tf b/test/acceptance/tests/validation/terraform/terminating-gateway-validate/main.tf new file mode 100644 index 00000000..4ef5710a --- /dev/null +++ b/test/acceptance/tests/validation/terraform/terminating-gateway-validate/main.tf @@ -0,0 +1,27 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +provider "aws" { + region = "us-west-2" +} + +variable "kind" { + type = string +} + +variable "gateway_count" { + type = number + default = 1 +} + +module "test_gateway" { + source = "../../../../../../modules/gateway-task" + family = "family" + ecs_cluster_arn = "cluster" + subnets = ["subnets"] + kind = var.kind + gateway_count = var.gateway_count + consul_server_hosts = "localhost:8500" + tls = true + lb_create_security_group = false +} diff --git a/test/acceptance/tests/validation/validation_test.go b/test/acceptance/tests/validation/validation_test.go index d4985da2..ffd2b05a 100644 --- a/test/acceptance/tests/validation/validation_test.go +++ b/test/acceptance/tests/validation/validation_test.go @@ -796,7 +796,7 @@ func TestValidation_MeshGateway(t *testing.T) { "kind must be mesh-gateway": { kind: "not-mesh-gateway", enableMeshGatewayWANFed: false, - expError: `Gateway kind must be one of 'mesh-gateway' or 'api-gateway'.`, + expError: `Gateway kind must be one of 'mesh-gateway', 'terminating-gateway'`, }, "no WAN federation": { kind: "mesh-gateway", @@ -893,11 +893,13 @@ func TestValidation_MeshGateway(t *testing.T) { "lb_create_security_group": c.lbCreateSecGroup, "lb_modify_security_group": c.lbModifySecGroup, "lb_modify_security_group_id": c.lbModifySecGroupID, - "gateway_count": c.gatewayCount, } if len(c.kind) > 0 { tfVars["kind"] = c.kind } + if c.gatewayCount > 0 { + tfVars["gateway_count"] = c.gatewayCount + } applyOpts := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ TerraformDir: terraformOptions.TerraformDir, NoColor: terraformOptions.NoColor, @@ -940,7 +942,7 @@ func TestValidation_APIGateway(t *testing.T) { }, "kind must be api-gateway": { kind: "not-api-gateway", - expError: `Gateway kind must be one of 'mesh-gateway' or 'api-gateway'.`, + expError: `Gateway kind must be one of 'mesh-gateway', 'terminating-gateway'`, }, "lb_enabled": { kind: "api-gateway", @@ -997,14 +999,16 @@ func TestValidation_APIGateway(t *testing.T) { t.Parallel() tfVars := map[string]interface{}{ - "lb_enabled": c.lbEnabled, - "gateway_count": c.gatewayCount, - "lb_vpc_id": c.lbVpcID, - "lb_subnets": c.lbSubnets, + "lb_enabled": c.lbEnabled, + "lb_vpc_id": c.lbVpcID, + "lb_subnets": c.lbSubnets, } if len(c.kind) > 0 { tfVars["kind"] = c.kind } + if c.gatewayCount > 0 { + tfVars["gateway_count"] = c.gatewayCount + } if c.customLBConfig != nil { tfVars["custom_lb_config"] = c.customLBConfig } @@ -1025,3 +1029,63 @@ func TestValidation_APIGateway(t *testing.T) { }) } } + +func TestValidation_TerminatingGateway(t *testing.T) { + t.Parallel() + + terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ + TerraformDir: "./terraform/terminating-gateway-validate", + NoColor: true, + }) + _ = terraform.Init(t, terraformOptions) + + cases := map[string]struct { + kind string + expError string + gatewayCount int + }{ + "kind is required": { + kind: "", + expError: `variable "kind" is not set`, + }, + "kind must be api-gateway": { + kind: "not-api-gateway", + expError: `Gateway kind must be one of 'mesh-gateway', 'terminating-gateway'`, + }, + "single terminating gateways": { + kind: "terminating-gateway", + }, + "multiple terminating gateways": { + kind: "terminating-gateway", + gatewayCount: 2, + }, + } + for name, c := range cases { + c := c + t.Run(name, func(t *testing.T) { + t.Parallel() + + tfVars := map[string]interface{}{} + if len(c.kind) > 0 { + tfVars["kind"] = c.kind + } + if c.gatewayCount > 0 { + tfVars["gateway_count"] = c.gatewayCount + } + applyOpts := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ + TerraformDir: terraformOptions.TerraformDir, + NoColor: terraformOptions.NoColor, + Vars: tfVars, + }) + t.Cleanup(func() { _, _ = terraform.DestroyE(t, applyOpts) }) + + _, err := terraform.PlanE(t, applyOpts) + if len(c.expError) > 0 { + require.Error(t, err) + require.Contains(t, err.Error(), c.expError) + } else { + require.NoError(t, err) + } + }) + } +}