Making cert mandatory for HTTPS and removing no-cert test scenario

ns1-terraform · Jun 7, 2024 · aa04657 · aa04657
1 parent 413fa87
commit aa04657
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 73 deletions.
diff --git a/ns1/examples/redirect.tf b/ns1/examples/redirect.tf
@@ -4,7 +4,7 @@ resource "ns1_redirect_certificate" "example" {
 }
 
 resource "ns1_redirect" "example" {
-	certificate_id   = "${ns1_redirect_certificate.example.id}"
+  certificate_id   = "${ns1_redirect_certificate.example.id}"
   domain           = "www.example.com"
   path             = "/from/path"
   target           = "https://url.com/target/path"

diff --git a/ns1/resource_redirect.go b/ns1/resource_redirect.go
@@ -1,6 +1,7 @@
 package ns1
 
 import (
+	"errors"
 	"fmt"
 	"log"
 	"regexp"
@@ -177,6 +178,9 @@ func RedirectConfigCreate(d *schema.ResourceData, meta interface{}) error {
 	)
 
 	r.CertificateID = getStringp(d, "certificate_id")
+	if r.CertificateID == nil && (r.HttpsEnabled == nil || *r.HttpsEnabled) {
+		return errors.New("a certificate is required when https_enabled is not false")
+	}
 
 	cfg, resp, err := client.Redirects.Create(r)
 	if err != nil {
@@ -240,6 +244,9 @@ func RedirectConfigUpdate(d *schema.ResourceData, meta interface{}) error {
 	r.ID = &id
 
 	r.CertificateID = getStringp(d, "certificate_id")
+	if r.CertificateID == nil && (r.HttpsEnabled == nil || *r.HttpsEnabled) {
+		return errors.New("a certificate is required when https_enabled is not false")
+	}
 
 	cfg, resp, err := client.Redirects.Update(r)
 	if err != nil {

diff --git a/ns1/resource_redirect_test.go b/ns1/resource_redirect_test.go
@@ -54,38 +54,6 @@ func TestAccRedirectConfig_basic(t *testing.T) {
 	})
 }
 
-func TestAccRedirectConfig_untracked_cert(t *testing.T) {
-	var redirect redirect.Configuration
-	rString := acctest.RandStringFromCharSet(15, acctest.CharSetAlphaNum)
-	domainName := fmt.Sprintf("terraform-test-%s.io", rString)
-
-	resource.Test(t, resource.TestCase{
-		PreCheck:     func() { testAccPreCheck(t) },
-		Providers:    testAccProviders,
-		CheckDestroy: testAccCheckRedirectDestroy,
-		Steps: []resource.TestStep{
-			{
-				Config: testAccRedirectNoCert(rString),
-				Check: resource.ComposeTestCheckFunc(
-					testAccCheckRedirectConfigExists("ns1_redirect.it", &redirect),
-					testAccCheckRedirectConfigDomain(&redirect, "test."+domainName),
-					testAccCheckRedirectConfigFwType(&redirect, "masking"),
-					testAccCheckRedirectConfigTags(&redirect, []string{}),
-				),
-			},
-			{
-				Config: testAccRedirectNoCertUpdated(rString),
-				Check: resource.ComposeTestCheckFunc(
-					testAccCheckRedirectConfigExists("ns1_redirect.it", &redirect),
-					testAccCheckRedirectConfigDomain(&redirect, "test."+domainName),
-					testAccCheckRedirectConfigFwType(&redirect, "permanent"),
-					testAccCheckRedirectConfigTags(&redirect, []string{}),
-				),
-			},
-		},
-	})
-}
-
 func TestAccRedirectConfig_http_to_https(t *testing.T) {
 	var redirect redirect.Configuration
 	rString := acctest.RandStringFromCharSet(15, acctest.CharSetAlphaNum)
@@ -107,7 +75,7 @@ func TestAccRedirectConfig_http_to_https(t *testing.T) {
 				),
 			},
 			{
-				Config: testAccRedirectNoCertUpdated(rString),
+				Config: testAccRedirectUpdated(rString),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckRedirectConfigExists("ns1_redirect.it", &redirect),
 					testAccCheckRedirectConfigDomain(&redirect, "test."+domainName),
@@ -170,41 +138,6 @@ resource "ns1_zone" "test" {
 `, rString)
 }
 
-func testAccRedirectNoCert(rString string) string {
-	return fmt.Sprintf(`
-resource "ns1_redirect" "it" {
-  domain           = "test.${ns1_zone.test.zone}"
-  path             = "/from/path/*"
-  target           = "https://url.com/target/path"
-  forwarding_mode  = "capture"
-  forwarding_type  = "masking"
-}
-
-resource "ns1_zone" "test" {
-  zone = "terraform-test-%s.io"
-}
-`, rString)
-}
-
-func testAccRedirectNoCertUpdated(rString string) string {
-	return fmt.Sprintf(`
-resource "ns1_redirect" "it" {
-  domain           = "test.${ns1_zone.test.zone}"
-  path             = "/from/path/*"
-  target           = "https://url.com/target/path"
-  forwarding_mode  = "capture"
-  forwarding_type  = "permanent"
-  https_enabled    = true
-  https_forced     = true
-  tags             = []
-}
-
-resource "ns1_zone" "test" {
-  zone = "terraform-test-%s.io"
-}
-`, rString)
-}
-
 func testAccRedirectHTTP(rString string) string {
 	return fmt.Sprintf(`
 resource "ns1_redirect" "it" {

diff --git a/website/docs/r/redirect.html.markdown b/website/docs/r/redirect.html.markdown
@@ -28,7 +28,8 @@ The following arguments are supported:
 * `path` - (Required) The path on the domain to redirect from.
 * `target` - (Required) The URL to redirect to.
 * `id` - (Optional) The redirect id, if already created.
-* `certificate_id` - (Optional) The certificate redirect id, if already created.
+* `certificate_id` - (Optional) The certificate redirect id.
+                  This field is mandatory if https_enabled is not false.
 * `forwarding_mode` - (Optional - defaults to "all") How the target is interpreted:
   * __all__       appends the entire incoming path to the target destination;
   * __capture__   appends only the part of the incoming path corresponding to the wildcard (*);
@@ -53,9 +54,6 @@ The following arguments are supported:
 All of the arguments listed above are exported as attributes, with no
 additions.
 
-Note that https_enabled=true causes a certificate to be requested if none exist: the resulting certificate object
-would not be tracked by the state, so it's recommended to create the certificate object manually in order to track it in terraform state.
-
 ## NS1 Documentation
 
 [Redirect Api Doc](https://ns1.com/api#redirect)