New Resource: aws_network_acl_association #1034
Conversation
|
Oh sorry. i fix to be success for build. |
fix to success go vet .
|
I think this resource use case is... if there is restriction to operation of aws resource and i encount to it right now 😭 |
grubernaut
added
the
enhancement
|
Hey @takahiro9 Thanks for opening this. Also, what are you trying to achieve that do not work with the actual resources? |
Ninir
added
the
waiting-response
There was a problem hiding this comment.
Agree fully with @Ninir's comment, went ahead and made a quick review of the PR as-is, in case there's a valid use-case here 😄
| d.SetId(naclId) | ||
| log.Printf("[INFO] Association ID: %s", d.Id()) | ||
|
|
||
| return nil |
There was a problem hiding this comment.
Should return resourceAwsNetworkAclAssociationRead(d, meta) here to capture any changes.
| subnetId := d.Get("subnet_id").(string) | ||
| _, err_association := findNetworkAclAssociation(subnetId, conn) | ||
| if err_association != nil { | ||
| return fmt.Errorf("Failed to read acl %s with subnet %s: %s", d.Id(), subnetId, err_association) |
There was a problem hiding this comment.
If we fail to read the network acl, set the ID to "", and return nil. This will still register a diff in the Terraform state, as Read happens prior to a plan.
| d.SetId(*resp.NewAssociationId) | ||
| log.Printf("[INFO] Association ID: %s", d.Id()) | ||
|
|
||
| return nil |
There was a problem hiding this comment.
Should return Read here as well
|
thank you to feedback.
oh, thanks to tell me.
ok ! i think This resource is effectiveness at this situation. very rare case. |
|
i think this resource that like aws_autoscaling_attachment |
|
please tell me if dont know. sorry for my clumsy english by google translation |
There was a problem hiding this comment.
HI @takahiro9
Ok thanks for sharing your use-case. Just left a few comments to address: some cosmetic and some logic work, nothing critical!
Thanks for the work here, and nice first contribution! 👍
| Delete: resourceAwsNetworkAclAssociationDelete, | ||
|
|
||
| Schema: map[string]*schema.Schema{ | ||
| "subnet_id": &schema.Schema{ |
There was a problem hiding this comment.
Since Go 1.7+, redundant type declaration in composite literal can be safely removed, so:
"subnet_id": &schema.Schema{can become:
"subnet_id": {| return err | ||
| } | ||
|
|
||
| // Set the ID and return |
There was a problem hiding this comment.
This comment seems a bit obvious, so would prefer to remove it if you don't mind
| AssociationId: association.NetworkAclAssociationId, | ||
| NetworkAclId: aws.String(naclId), | ||
| } | ||
|
|
There was a problem hiding this comment.
Could you move the log instruction from line 42 here, put it all on one line, and perhaps change it to the below?:
log.Printf("[DEBUG] Creating Network ACL association: %#v", associationOpts)
This would provide all of the parameters for the function, so that we don't need to Printf them :)
| subnetId, | ||
| naclId) | ||
|
|
||
| association, err_association := findNetworkAclAssociation(subnetId, conn) |
There was a problem hiding this comment.
Please prefer camelCase-d variables instead of snake-case-d ones, like errAssociation
|
|
||
| association, err_association := findNetworkAclAssociation(subnetId, conn) | ||
| if err_association != nil { | ||
| return fmt.Errorf("Failed to create acl %s with nacl %s: %s", d.Id(), naclId, err_association) |
There was a problem hiding this comment.
This message is not really accurate. What do you think of rewording it to:
return fmt.Errorf("Failed to find association for subnet %s: %s", subnetId, errAssociation)
|
|
||
| func resourceAwsNetworkAclAssociationDelete(d *schema.ResourceData, meta interface{}) error { | ||
|
|
||
| log.Printf("[INFO] Do nothing on network acl associatioØ destroy phase: %s", d.Id()) |
There was a problem hiding this comment.
I think this method should really do something here, as the association would still exist in the AWS-land.
What do you think of doing something in the idea of: replacing the Network ACL Association created with the default Network ACL, as it is done in the resource_aws_network_acl.go resource?
Also, when you need to destroy something in the TF-land, set the ID to "" and it will be remove from the state, like d.SetId("")
There was a problem hiding this comment.
Thank you for comment
I think too
| }) | ||
| } | ||
|
|
||
| func testCheckAwsRMNetworkAclAssocExists(name string) resource.TestCheckFunc { |
There was a problem hiding this comment.
This method should check that the association exists, by requesting AWS.
Do you think you could get some inspiration from testAccCheckAWSNetworkAclExists?
website/aws.erb
Outdated
| @@ -1405,6 +1405,10 @@ | |||
| <a href="/docs/providers/aws/r/network_acl.html">aws_network_acl</a> | |||
| </li> | |||
|
|
|||
| <li<%= sidebar_current("docs-aws-resource-network-acl-assoc") %>> | |||
There was a problem hiding this comment.
Please keep the full association word here and line 1409
| Provides an network ACL association resource. | ||
| --- | ||
|
|
||
| # aws\_network\_acl\_association |
There was a problem hiding this comment.
antislashes are not needed anymore, it is safe to remove them here
| * `id` - The ID of the network ACL | ||
| * `network_acl_id` - The ID of the network ACL | ||
| * `subnet_id` - The ID of the subnet id | ||
|
|
There was a problem hiding this comment.
Small nitpick but this last line is not needed here 😄
|
ah. i was late for noticing.
i am happy that can communication !
thank you. it is very informative to me. |
radeksimko
added
the
size/L
|
Hey @radeksimko , @takahiro9, what are we missing to merge this in? |
|
thank you. |
radeksimko
added
service/ec2
radeksimko
changed the title
|
@Ninir @takahiro9 we also have a usecase for this resource: After an initial network ACL is created in a "base" plan, different applications then should be able to look it up (via tags in a data provider) and then create an association relevant to just the subnets relevant to the application. What can I do to help push this forward? It looks like the outstanding comments have been addressed, however, there is now a merge conflict. |
|
cc @radeksimko. What can I do to help push this forward? It looks like the outstanding comments have been addressed, however, there is now a merge conflict. Would a new PR that squashes these commits and resolves the merge conflicts help? |
|
Any thoughts on when this may be merged in? I have a usecase where the acl is created before the subnet, so I need to associate a new subnet to an already existing acl, which seems to fit with what this resource is achieving. |
Notification of Recent and Upcoming Changes to ContributionsThank you for this contribution! There have been a few recent development changes that affect this pull request. We apologize for the inconvenience, especially if there have been long review delays up until now. Please note that this is automated message from an unmonitored account. See the FAQ for additional information on the maintainer team and review prioritization. If you are unable to complete these updates, please leave a comment for the community and maintainers so someone can potentially continue the work. The maintainers will encourage other contributors to use the existing contribution as the base for additional changes as appropriate. Otherwise, contributions that do not receive updated code or comments from the original contributor may be closed in the future so the maintainers can focus on active items. For the most up to date information about Terraform AWS Provider development, see the Contributing Guide. Additional technical debt changes can be tracked with the As part of updating a pull request with these changes, the most current unit testing and linting will run. These may report issues that were not previously reported. Action Required: Terraform 0.12 SyntaxReference: #8950 Version 3 and later of the Terraform AWS Provider, which all existing contributions would potentially be added, only supports Terraform 0.12 and later. Certain syntax elements of Terraform 0.11 and earlier show deprecation warnings during runs with Terraform 0.12. Documentation and test configurations, such as those including deprecated string interpolations ( Action Required: Terraform Plugin SDK Version 2Reference: #14551 The Terraform AWS Provider has been upgraded to the latest version of the Terraform Plugin SDK. Generally, most changes to contributions should only involve updating Go import paths in source code files. Please see the referenced issue for additional information. Action Required: Removal of website/aws.erb FileReference: #14712 Any changes to the Upcoming Change of Git Branch NamingReference: #14292 Development environments will need their upstream Git branch updated from Upcoming Change of GitHub OrganizationReference: #14715 This repository will be migrating from https://github.com/terraform-providers/terraform-provider-aws to https://github.com/hashicorp/terraform-provider-aws. No practitioner or developer action is anticipated and most GitHub functionality will automatically redirect to the new location. Go import paths including |
|
@ewbankkit Do we know why this has sat around for over 3 years as a concept without any implementation? Seems like there have been a number of issues raised asking for this resource also! #12364 #16660 #17648 |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
reopen pr
hashicorp/terraform#15393