-
Notifications
You must be signed in to change notification settings - Fork 9.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] provider/aws elb Add access logs setting (fixes #2315) #3062
Conversation
Hi, I'd like to work on this issue but there's too little documentation to be helpful on how to make this work.
I've ran terraform with Please advize. Thank you. |
Hey @dlsniper – sorry for the cryptic message there, what it's saying is that the method
Schema elements of type Here's the definition: // The following fields are only valid for a TypeSet type.
//
// Set defines a function to determine the unique ID of an item so that
// a proper set can be built.
Set SchemaSetFunc From https://github.com/hashicorp/terraform/blob/master/helper/schema/schema.go#L104-L108 |
This should fix #2315 |
"bucket_prefix": &schema.Schema{ | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Default: "", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reading the documentation, it seems the prefix
is optional, in which case a Default
of ""
may not be the best. Instead, we should make it optional and likely Computed
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AWS handles this situation is like this:
- if you only have the
bucket name
(with or without the creation option) then the logs will be put here in<bucket-name>/AWSLogs/<account-id>/elasticloadbalancing/<region>/<year>/<month>/<day>/
- if you have the
bucket name / prefix
then the logs will be stored under<bucket-name>/<prefix>/AWSLogs/<account-id>/elasticloadbalancing/<region>/<year>/<month>/<day>/
Now, the issue would be how should Terraform handle this (and how does the AWS sdk does it as well)? If we use the Computed
option then the default value should still be ""
but if we use an existing prefix, we should make sure that the default parts are removed from the output.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wasn't very clear in my first post, sorry 😦
If we have a default of ""
, then Terraform will send ""
as the prefix in the struct. Assuming AWS doesn't just flat out reject that, you'll end up with this:
mybucket//AWSLogs/123455
But I suspect it will plain reject it.
The aws-sdk expects nil
for "non existent" attributes, which is why the attributes are all pointers:
// Information about the AccessLog attribute.
type AccessLog struct {
[...]
// The name of the Amazon S3 bucket where the access logs are stored.
S3BucketName *string `type:"string"`
// The logical hierarchy you created for your Amazon S3 bucket, for example
// my-bucket-prefix/prod. If the prefix is not provided, the log is placed at
// the root level of the bucket.
S3BucketPrefix *string `type:"string"`
[...]
}
I was poorly articulating that for prefix
, we need to do the same as I mentioned below, and only add it if it's not ""
Thanks for the help, I'll look more into this during the weekend as I have more time then (and I need the feature as well so unless someone fixes it before me, I'm definitely keen into having this done asap). |
Thanks for doing the heavy lifting here @dlsniper ! Let us know if you think you'll get to the last mile, or if you need someone else to chip in |
Looking forward to using this! :) |
@catsby sorry, this one fell a bit from my radar, I'll fix it this upcoming weekend. |
I don't know, but maybe it would make sense to implement this as a separate resource, in the same way as the aws_lb_cookie_stickiness_policy. Thoughts? |
@dadgar this would help reusing the same bucket / prefix but I don't know if this is desirable. What advantages do you see over the current solution? Small update: I've looked more into this and changed things as suggested in the feedback but now I have a different error to handle: Thank you. |
Hey @dlsniper sorry for the silence. Regarding your panic and Let me know if you need anything else to continue debugging and working on this. |
@@ -438,6 +467,22 @@ func resourceAwsElbUpdate(d *schema.ResourceData, meta interface{}) error { | |||
}, | |||
} | |||
|
|||
logs := d.Get("access_logs").(*schema.Set).List() | |||
if len(logs) > 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm pretty sure it's an error for this to be specified more than once.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe the check here is just to see if we've found access_logs
in the configuration. access_logs
is a set and technically it's valid to have more than one in the config (from a HCL standpoint), but on AWS side yes it's likely an error. You can see later in the code only logs[0]
is used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right. Unfortunately, this isn't great because it will silently discard anything but the first occurrence. IMHO, we should return an error back to the user if there is > 1 block so there isn't any ambiguity.
I've built upon this pull request to fix some issues I had when I tried to apply the changes as-is to the v0.6.6 release. Please see pr #3708 for more info. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
This PR adds the ability to set the ELB access logs facility for AWS.
AWS documentation: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-access-logs.html