Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New resources: aws_dx_gateway, aws_dx_gateway_assocation #2861

Closed
wants to merge 2 commits into from
Closed

New resources: aws_dx_gateway, aws_dx_gateway_assocation #2861

wants to merge 2 commits into from

Conversation

aeriff
Copy link

@aeriff aeriff commented Jan 4, 2018

TF_ACC=1 go test ./aws/ -v -run=TestAccAwsDxGateway -timeout 120m
=== RUN   TestAccAwsDxGatewayAssociation_basic
--- PASS: TestAccAwsDxGatewayAssociation_basic (65.53s)
=== RUN   TestAccAwsDxGatewayAssociation_multiVgws
--- PASS: TestAccAwsDxGatewayAssociation_multiVgws (79.58s)
=== RUN   TestAccAwsDxGateway_basic
--- PASS: TestAccAwsDxGateway_basic (31.14s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	176.300s

I have used the same ASN validation code from #1888 to prove this works, but I suppose this blocks merging this PR until that is solved with the proposed addition of TypeInt64 to Terraform.

Resolves #2140.

@Ninir Ninir added the enhancement Requests to existing resources that expand the functionality or scope. label Jan 4, 2018
@Ninir
Copy link
Contributor

Ninir commented Jan 4, 2018

Hi @aeriff

Thanks for the work here, looks promising! Would you mind splitting this PR in two (if possible) with 1 resource per PR?

Would be easier for us to review & merge :)

Thanks!

@Ninir Ninir added the waiting-response Maintainers are waiting on response from community or contributor. label Jan 4, 2018
@aeriff aeriff changed the title New resources: aws_dx_gateway, aws_dx_gateway_association New resource: aws_dx_gateway Jan 4, 2018
@aeriff
Copy link
Author

aeriff commented Jan 4, 2018

@Ninir thanks for the feedback. I have split them into separate PRs as requested.

@bflad bflad added the service/directconnect Issues and PRs that pertain to the directconnect service. label Jan 11, 2018
Create: resourceAwsDxGatewayCreate,
Read: resourceAwsDxGatewayRead,
Delete: resourceAwsDxGatewayDelete,
Importer: &schema.ResourceImporter{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If terraform import is supported please note in the documentation and add an import acceptance test.
I did that for the existing Direct Connect resources in #2992.

@aeriff
Copy link
Author

aeriff commented Jan 15, 2018

@ewbankkit thanks for the reminder! Adding import support was an afterthought, so I missed writing the tests.

TF_ACC=1 go test ./aws -v -run=TestAccAwsDxGateway_import -timeout 120m
=== RUN   TestAccAwsDxGateway_importBasic
--- PASS: TestAccAwsDxGateway_importBasic (36.99s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	37.029s

@aeriff
Copy link
Author

aeriff commented Jan 18, 2018

I decided to merge the 2 PRs back into one because both resources now have dependencies on each other. The resources are in 2 separate commits, so review shouldn't be any more difficult. All the discussion has happened so far in this PR, so I will close #2862 in favour of this.

Acceptance tests:

TF_ACC=1 go test ./aws -v -run=TestAccAwsDxGateway -timeout 120m
=== RUN   TestAccAwsDxGateway_importBasic
--- PASS: TestAccAwsDxGateway_importBasic (36.29s)
=== RUN   TestAccAwsDxGateway_importComplex
--- PASS: TestAccAwsDxGateway_importComplex (116.35s)
=== RUN   TestAccAwsDxGatewayAssociation_basic
--- PASS: TestAccAwsDxGatewayAssociation_basic (98.23s)
=== RUN   TestAccAwsDxGatewayAssociation_multiVgws
--- PASS: TestAccAwsDxGatewayAssociation_multiVgws (124.51s)
=== RUN   TestAccAwsDxGateway_basic
--- PASS: TestAccAwsDxGateway_basic (31.80s)
PASS
ok	github.com/terraform-providers/terraform-provider-aws/aws	407.018s

@aeriff aeriff changed the title New resource: aws_dx_gateway New resources: aws_dx_gateway, aws_dx_gateway_assocation Jan 18, 2018
@ghost ghost added the size/XL Managed by automation to categorize the size of a PR. label Feb 12, 2018
@radeksimko radeksimko removed the waiting-response Maintainers are waiting on response from community or contributor. label Feb 12, 2018
Copy link
Member

@radeksimko radeksimko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @aeriff
I'm not sure why but the attached acceptance tests are currently failing for me:

=== RUN   TestAccAwsDxGateway_importBasic
--- PASS: TestAccAwsDxGateway_importBasic (54.18s)
=== RUN   TestAccAwsDxGateway_importComplex
--- FAIL: TestAccAwsDxGateway_importComplex (390.02s)
	testing.go:573: Error destroying resource! WARNING: Dangling resources
		may exist. The full state and error is shown below.

		Error: Error applying: 2 error(s) occurred:

		* aws_vpn_gateway.test2 (destroy): 1 error(s) occurred:

		* aws_vpn_gateway.test2: IncorrectState: The VPN gateway is in use.
			status code: 400, request id: e537c998-2b90-4224-9361-a41cee2d558c
		* aws_vpn_gateway.test1 (destroy): 1 error(s) occurred:

		* aws_vpn_gateway.test1: IncorrectState: The VPN gateway is in use.
			status code: 400, request id: 394b4a08-ed9b-4c93-b90a-e546281198b0

		State: aws_vpc.test1:
		  ID = vpc-628a0a1b
		  provider = provider.aws
		  assign_generated_ipv6_cidr_block = false
		  cidr_block = 10.255.255.16/28
		  default_network_acl_id = acl-3cf5f145
		  default_route_table_id = rtb-237ad65b
		  default_security_group_id = sg-7bcf7704
		  dhcp_options_id = dopt-11ac7e74
		  enable_classiclink = false
		  enable_classiclink_dns_support = false
		  enable_dns_hostnames = false
		  enable_dns_support = true
		  instance_tenancy = default
		  main_route_table_id = rtb-237ad65b
		  tags.% = 0
		aws_vpc.test2:
		  ID = vpc-6c870715
		  provider = provider.aws
		  assign_generated_ipv6_cidr_block = false
		  cidr_block = 10.255.255.32/28
		  default_network_acl_id = acl-08e9ed71
		  default_route_table_id = rtb-6178d419
		  default_security_group_id = sg-bdcc74c2
		  dhcp_options_id = dopt-11ac7e74
		  enable_classiclink = false
		  enable_classiclink_dns_support = false
		  enable_dns_hostnames = false
		  enable_dns_support = true
		  instance_tenancy = default
		  main_route_table_id = rtb-6178d419
		  tags.% = 0
		aws_vpn_gateway.test1:
		  ID = vgw-c98521d7
		  provider = provider.aws
		  amazon_side_asn = 7224
		  tags.% = 0
		  vpc_id = vpc-628a0a1b

		  Dependencies:
		    aws_vpc.test1
		aws_vpn_gateway.test2:
		  ID = vgw-c88521d6
		  provider = provider.aws
		  amazon_side_asn = 7224
		  tags.% = 0
		  vpc_id = vpc-6c870715

		  Dependencies:
		    aws_vpc.test2
=== RUN   TestAccAwsDxGatewayAssociation_basic
--- PASS: TestAccAwsDxGatewayAssociation_basic (94.76s)
=== RUN   TestAccAwsDxGatewayAssociation_multiVgws
--- FAIL: TestAccAwsDxGatewayAssociation_multiVgws (403.21s)
	testing.go:573: Error destroying resource! WARNING: Dangling resources
		may exist. The full state and error is shown below.

		Error: Error applying: 2 error(s) occurred:

		* aws_vpn_gateway.test1 (destroy): 1 error(s) occurred:

		* aws_vpn_gateway.test1: IncorrectState: The VPN gateway is in use.
			status code: 400, request id: 108c06cf-29fb-4c07-b278-12cab7e12569
		* aws_vpn_gateway.test2 (destroy): 1 error(s) occurred:

		* aws_vpn_gateway.test2: IncorrectState: The VPN gateway is in use.
			status code: 400, request id: 39fb5662-57f3-410d-bc97-92c6b055818c

		State: aws_vpc.test1:
		  ID = vpc-c68c0cbf
		  provider = provider.aws
		  assign_generated_ipv6_cidr_block = false
		  cidr_block = 10.255.255.16/28
		  default_network_acl_id = acl-e8ebef91
		  default_route_table_id = rtb-ee7bd796
		  default_security_group_id = sg-c4b800bb
		  dhcp_options_id = dopt-11ac7e74
		  enable_classiclink = false
		  enable_classiclink_dns_support = false
		  enable_dns_hostnames = false
		  enable_dns_support = true
		  instance_tenancy = default
		  main_route_table_id = rtb-ee7bd796
		  tags.% = 0
		aws_vpc.test2:
		  ID = vpc-c08d0db9
		  provider = provider.aws
		  assign_generated_ipv6_cidr_block = false
		  cidr_block = 10.255.255.32/28
		  default_network_acl_id = acl-98f0f4e1
		  default_route_table_id = rtb-5677db2e
		  default_security_group_id = sg-8db901f2
		  dhcp_options_id = dopt-11ac7e74
		  enable_classiclink = false
		  enable_classiclink_dns_support = false
		  enable_dns_hostnames = false
		  enable_dns_support = true
		  instance_tenancy = default
		  main_route_table_id = rtb-5677db2e
		  tags.% = 0
		aws_vpn_gateway.test1:
		  ID = vgw-fe8521e0
		  provider = provider.aws
		  amazon_side_asn = 7224
		  tags.% = 0
		  vpc_id = vpc-c68c0cbf

		  Dependencies:
		    aws_vpc.test1
		aws_vpn_gateway.test2:
		  ID = vgw-c18521df
		  provider = provider.aws
		  amazon_side_asn = 7224
		  tags.% = 0
		  vpc_id = vpc-c08d0db9

		  Dependencies:
		    aws_vpc.test2
=== RUN   TestAccAwsDxGateway_basic
--- PASS: TestAccAwsDxGateway_basic (42.83s)
FAIL
FAIL	github.com/terraform-providers/terraform-provider-aws/aws	985.024s

btw. you may want to consider generating random ASN so that multiple tests can run safely in parallel. See how we do it here:

https://github.com/terraform-providers/terraform-provider-aws/blob/b8d4e1570fc43a2acee6b6e47f63c9db6b067fa2/aws/import_aws_vpn_connection_test.go#L12-L28

return fmt.Errorf("Found %d Direct Connect Gateway associations for %s, expected 1", len(resp.DirectConnectGatewayAssociations), d.Id())
}
if *resp.DirectConnectGatewayAssociations[0].VirtualGatewayId != d.Get("virtual_gateway_id").(string) {
d.SetId("")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mind adding a WARN log message here so we know the resource is getting wiped? It can be helpful during debugging.

Example:

https://github.com/terraform-providers/terraform-provider-aws/blob/2de6cb620fcffe61024512e8452829fc25974c4f/aws/resource_aws_api_gateway_api_key.go#L115

}

func dxGatewayIdVgwIdHash(gatewayId, vgwId string) string {
return fmt.Sprintf("ga-%s%d", gatewayId, hashcode.String(vgwId))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any particular reason we're hashing the VGW ID here? Wouldn't just simple concatenation be sufficient?

website/aws.erb Outdated
@@ -624,6 +624,11 @@
<li<%= sidebar_current("docs-aws-resource-dx-connection-association") %>>
<a href="/docs/providers/aws/r/dx_connection_association.html">aws_dx_connection_association</a>
</li>
<li<%= sidebar_current("docs-aws-resource-dx-gateway") %>>
<a href="/docs/providers/aws/r/dx_gateway.html">aws_dx_gateway</a>
<li<%= sidebar_current("docs-aws-resource-dx-gateway-association") %>>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's </li> missing here. 👀

}

d.SetId(aws.StringValue(resp.DirectConnectGateway.DirectConnectGatewayId))
return resourceAwsDxGatewayRead(d, meta)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The convention is that Terraform always hands over the resource when it's actually ready. Do you mind adding StateChangeConf construct similar to the one that's in Delete which waits until the DX GW is directconnect.GatewayStateAvailable?

@radeksimko radeksimko added the waiting-response Maintainers are waiting on response from community or contributor. label Feb 12, 2018
@ghost ghost added the size/XL Managed by automation to categorize the size of a PR. label Mar 5, 2018
@aeriff
Copy link
Author

aeriff commented Mar 5, 2018

@radeksimko thanks for the review! All comments should all be addressed now.

=== RUN   TestAccAwsDxGateway_importBasic
--- PASS: TestAccAwsDxGateway_importBasic (48.41s)
=== RUN   TestAccAwsDxGateway_importComplex
--- PASS: TestAccAwsDxGateway_importComplex (77.33s)
=== RUN   TestAccAwsDxGatewayAssociation_basic
--- PASS: TestAccAwsDxGatewayAssociation_basic (78.88s)
=== RUN   TestAccAwsDxGatewayAssociation_multiVgws
--- PASS: TestAccAwsDxGatewayAssociation_multiVgws (123.67s)
=== RUN   TestAccAwsDxGateway_basic
--- PASS: TestAccAwsDxGateway_basic (43.70s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	372.046s

The tests pass for me (almost) consistently. I also saw one IncorrectState error during one run when trying to delete a test VGW, but I would argue that's out of scope of these changes and more likely a bug in the retry logic in the aws_vpn_gateway resource.

I guess merging is blocked by hashicorp/terraform#17438, however. I tested with a custom random range function for now.

@ghost ghost added the size/XL Managed by automation to categorize the size of a PR. label Mar 5, 2018
@kmcquade
Copy link

kmcquade commented Apr 3, 2018

@aeriff any idea when this will be released? Just checking. Thanks for your work!

@MrGossett
Copy link
Contributor

It would be great to see this merged.

@DevilWAH
Copy link

Has this been merged yet? being able to associate a direct connect gateway to VPC gateway would be really nice :)

@violetmythmaker
Copy link

Definitely looking forward to seeing this merged. Will we be able to pass the ID of the created gateway to a route's gateway_id argument as well, like with an aws_internet_gateway or aws_vpn_gateway ?

@sleterrier
Copy link

While seeing this merged would be great, I wonder how viable it would be in a complex environment with multiple regions and accounts. Is there any plan to add a aws_dx_gateway data source at some point?

@ewbankkit
Copy link
Contributor

@sleterrier Please open an issue(s) for any data source(s) you'd like added.

@ewbankkit
Copy link
Contributor

@violetmythmaker The association between a Direct Connect Gateway and a Virtual Private Gateway is managed via the aws_dx_gateway_association resource added in this PR.
I'm not aware of the ability to associate a Direct Connect Gateway with an Internet Gateway.

@heycasey
Copy link

Also looking forward to seeing this merged. Are there any additional steps needed before the merge

@ewbankkit, you are correct that a DX gateway cannot be associated with an Internet Gateway, only VGWs.

@ewbankkit
Copy link
Contributor

@aeriff If you added your custom RandIntRange function then acceptance tests will pass and this should aid in getting the PR merged.
Once hashicorp/terraform#17438 is merged we can change back.

Also, for #3253 and #3255 I use the name vpn_gateway_id for the attribute similar to the one you have named virtual_gateway_id in the new aws_dx_gateway_association resource. The attributes should have the same name.
I have no problem changing the name in my 2 PRs.
I named the attribute vpn_gateway_id as that is what the attribute is named for its association with a VPC in the aws_vpn_gateway_attachment resource.

@aeriff
Copy link
Author

aeriff commented May 20, 2018

@ewbankkit I agree on the attribute name change from virtual_gateway_id to vpn_gateway_id. It is (was?) inconsistently named throughout the AWS docs and in the control panel, but we should at least aim for consistency in the provider.

I no longer have access to an AWS account for running the acceptance tests, nor access to the org that owns the repo I opened this PR against as I have changed jobs in the meantime. I won't have a lot of time to work on this in the immediate future but I'll see what I can do.

@ewbankkit
Copy link
Contributor

@aeriff I can create another PR based on your commits and make the changes if you want - I assume your custom version of RandIntRange was just the changes you submitted for hashicorp/terraform#17438?

@ewbankkit
Copy link
Contributor

@aeriff I took the liberty of making the suggested changes in #4896 based off this PR. The acceptance tests are now passing.

@aeriff
Copy link
Author

aeriff commented Jun 20, 2018

@ewbankkit thanks! Closing this in favour of your PR.

@ghost
Copy link

ghost commented Apr 5, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 5, 2020
@breathingdust breathingdust removed the waiting-response Maintainers are waiting on response from community or contributor. label Sep 17, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/directconnect Issues and PRs that pertain to the directconnect service. size/XL Managed by automation to categorize the size of a PR.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add support for Direct Connect Gateway