[WIP] provider/aws elb Add access logs setting (fixes #2315) #3062
Conversation
dlsniper
changed the title
|
Hi, I'd like to work on this issue but there's too little documentation to be helpful on how to make this work. I've ran terraform with Please advize. Thank you. |
|
Hey @dlsniper – sorry for the cryptic message there, what it's saying is that the method
Schema elements of type Here's the definition: // The following fields are only valid for a TypeSet type.
//
// Set defines a function to determine the unique ID of an item so that
// a proper set can be built.
Set SchemaSetFuncFrom https://github.com/hashicorp/terraform/blob/master/helper/schema/schema.go#L104-L108 |
|
This should fix #2315 |
| "bucket_prefix": &schema.Schema{ | ||
| Type: schema.TypeString, | ||
| Optional: true, | ||
| Default: "", |
There was a problem hiding this comment.
Reading the documentation, it seems the prefix is optional, in which case a Default of "" may not be the best. Instead, we should make it optional and likely Computed.
There was a problem hiding this comment.
AWS handles this situation is like this:
- if you only have the
bucket name(with or without the creation option) then the logs will be put here in<bucket-name>/AWSLogs/<account-id>/elasticloadbalancing/<region>/<year>/<month>/<day>/ - if you have the
bucket name / prefixthen the logs will be stored under<bucket-name>/<prefix>/AWSLogs/<account-id>/elasticloadbalancing/<region>/<year>/<month>/<day>/
Now, the issue would be how should Terraform handle this (and how does the AWS sdk does it as well)? If we use the Computed option then the default value should still be "" but if we use an existing prefix, we should make sure that the default parts are removed from the output.
There was a problem hiding this comment.
I wasn't very clear in my first post, sorry 😦
If we have a default of "", then Terraform will send "" as the prefix in the struct. Assuming AWS doesn't just flat out reject that, you'll end up with this:
mybucket//AWSLogs/123455
But I suspect it will plain reject it.
The aws-sdk expects nil for "non existent" attributes, which is why the attributes are all pointers:
// Information about the AccessLog attribute.
type AccessLog struct {
[...]
// The name of the Amazon S3 bucket where the access logs are stored.
S3BucketName *string `type:"string"`
// The logical hierarchy you created for your Amazon S3 bucket, for example
// my-bucket-prefix/prod. If the prefix is not provided, the log is placed at
// the root level of the bucket.
S3BucketPrefix *string `type:"string"`
[...]
}I was poorly articulating that for prefix, we need to do the same as I mentioned below, and only add it if it's not ""
catsby
added
enhancement
waiting-response
|
Thanks for the help, I'll look more into this during the weekend as I have more time then (and I need the feature as well so unless someone fixes it before me, I'm definitely keen into having this done asap). |
|
Thanks for doing the heavy lifting here @dlsniper ! Let us know if you think you'll get to the last mile, or if you need someone else to chip in |
|
Looking forward to using this! :) |
|
@catsby sorry, this one fell a bit from my radar, I'll fix it this upcoming weekend. |
radeksimko
added
wip
and removed
waiting-response
|
I don't know, but maybe it would make sense to implement this as a separate resource, in the same way as the aws_lb_cookie_stickiness_policy. Thoughts? |
|
@dadgar this would help reusing the same bucket / prefix but I don't know if this is desirable. What advantages do you see over the current solution? Small update: I've looked more into this and changed things as suggested in the feedback but now I have a different error to handle: Thank you. |
|
Hey @dlsniper sorry for the silence. Regarding your panic and Let me know if you need anything else to continue debugging and working on this. |
catsby
added
the
waiting-response
| @@ -438,6 +467,22 @@ func resourceAwsElbUpdate(d *schema.ResourceData, meta interface{}) error { | |||
| }, | |||
| } | |||
|
|
|||
| logs := d.Get("access_logs").(*schema.Set).List() | |||
| if len(logs) > 0 { | |||
There was a problem hiding this comment.
I'm pretty sure it's an error for this to be specified more than once.
There was a problem hiding this comment.
I believe the check here is just to see if we've found access_logs in the configuration. access_logs is a set and technically it's valid to have more than one in the config (from a HCL standpoint), but on AWS side yes it's likely an error. You can see later in the code only logs[0] is used.
There was a problem hiding this comment.
Right. Unfortunately, this isn't great because it will silently discard anything but the first occurrence. IMHO, we should return an error back to the user if there is > 1 block so there isn't any ambiguity.
|
I've built upon this pull request to fix some issues I had when I tried to apply the changes as-is to the v0.6.6 release. Please see pr #3708 for more info. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
ghost
removed
the
waiting-response
This PR adds the ability to set the ELB access logs facility for AWS.
AWS documentation: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-access-logs.html