-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Second half of support for Gateway Association Proposals #8455
Conversation
Changing tack and modifying |
Third time lucky. |
Current state of acceptance tests: $ AWS_ALTERNATE_ACCESS_KEY_ID=AAAAAAAAAAAAAAAAAAAA AWS_ALTERNATE_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsDxCrossAccountGatewayAssociation_basic'==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -parallel 20 -run=TestAccAwsDxCrossAccountGatewayAssociation_basic -timeout 120m
=== RUN TestAccAwsDxCrossAccountGatewayAssociation_basic
=== PAUSE TestAccAwsDxCrossAccountGatewayAssociation_basic
=== CONT TestAccAwsDxCrossAccountGatewayAssociation_basic
--- FAIL: TestAccAwsDxCrossAccountGatewayAssociation_basic (36.60s)
testing.go:568: Step 0 error: errors during apply:
Error: error accepting Direct Connect gateway association proposal: DirectConnectClientException: Could not find a Direct Connect Gateway Association Proposal for the provided combination of Direct Connect Gateway ID, Virtual Gateway Owner Account, and Proposal ID
status code: 400, request id: ffb47e9e-6872-11e9-911f-4d247d966a1c
on /tmp/tf-test395757204/main.tf line 47:
(source code not available)
FAIL
FAIL github.com/terraform-providers/terraform-provider-aws/aws 36.614s
GNUmakefile:20: recipe for target 'testacc' failed
make: *** [testacc] Error 1 |
Acceptance tests: aws_dx_cross_account_gateway_association$ AWS_ALTERNATE_ACCESS_KEY_ID=AAAAAAAAAAAAAAAAAAAA AWS_ALTERNATE_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsDxCrossAccountGatewayAssociation_basic'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -parallel 20 -run=TestAccAwsDxCrossAccountGatewayAssociation_basic -timeout 120m
=== RUN TestAccAwsDxCrossAccountGatewayAssociation_basic
=== PAUSE TestAccAwsDxCrossAccountGatewayAssociation_basic
=== CONT TestAccAwsDxCrossAccountGatewayAssociation_basic
--- PASS: TestAccAwsDxCrossAccountGatewayAssociation_basic (1269.86s)
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws 1269.894s
$ AWS_ALTERNATE_ACCESS_KEY_ID=AAAAAAAAAAAAAAAAAAAA AWS_ALTERNATE_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsDxCrossAccountGatewayAssociation_allowedPrefixes'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -parallel 20 -run=TestAccAwsDxCrossAccountGatewayAssociation_allowedPrefixes -timeout 120m
=== RUN TestAccAwsDxCrossAccountGatewayAssociation_allowedPrefixes
=== PAUSE TestAccAwsDxCrossAccountGatewayAssociation_allowedPrefixes
=== CONT TestAccAwsDxCrossAccountGatewayAssociation_allowedPrefixes
--- PASS: TestAccAwsDxCrossAccountGatewayAssociation_allowedPrefixes (1647.82s)
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws 1647.874s aws_dx_gateway_association_proposal$ AWS_ALTERNATE_ACCESS_KEY_ID=AAAAAAAAAAAAAAAAAAAA AWS_ALTERNATE_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsDxGatewayAssociationProposal_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -parallel 20 -run=TestAccAwsDxGatewayAssociationProposal_ -timeout 120m
=== RUN TestAccAwsDxGatewayAssociationProposal_basic
=== PAUSE TestAccAwsDxGatewayAssociationProposal_basic
=== RUN TestAccAwsDxGatewayAssociationProposal_disappears
=== PAUSE TestAccAwsDxGatewayAssociationProposal_disappears
=== RUN TestAccAwsDxGatewayAssociationProposal_allowedPrefixes
=== PAUSE TestAccAwsDxGatewayAssociationProposal_allowedPrefixes
=== CONT TestAccAwsDxGatewayAssociationProposal_basic
=== CONT TestAccAwsDxGatewayAssociationProposal_allowedPrefixes
=== CONT TestAccAwsDxGatewayAssociationProposal_disappears
--- PASS: TestAccAwsDxGatewayAssociationProposal_disappears (70.28s)
--- PASS: TestAccAwsDxGatewayAssociationProposal_basic (75.87s)
--- PASS: TestAccAwsDxGatewayAssociationProposal_allowedPrefixes (94.45s)
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws 94.510s Removing WIP. |
@@ -18,12 +19,29 @@ func resourceAwsDxGatewayAssociationProposal() *schema.Resource { | |||
State: schema.ImportStatePassthrough, | |||
}, | |||
|
|||
CustomizeDiff: customdiff.Sequence( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Accepting the proposal with overridden prefixes changes the returned RequestedAllowedPrefixesToDirectConnectGateway
value.
We only want to force a new resource if this value changes and the current proposal state is requested
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would be helpful to add as a comment within the code base.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will do (once the changes are made in #8528).
resource.TestCheckResourceAttr(resourceName, "allowed_prefixes.#", "1"), | ||
resource.TestCheckResourceAttr(resourceName, "allowed_prefixes.1642241106", "10.255.255.8/29"), | ||
), | ||
ExpectNonEmptyPlan: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Non-empty plan because of overridden prefixes - see https://github.com/terraform-providers/terraform-provider-aws/pull/8455/files#r279220520.
@@ -153,45 +171,3 @@ func describeDirectConnectGatewayAssociationProposal(conn *directconnect.DirectC | |||
|
|||
return nil, nil | |||
} | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use the equivalent functionality in structure.go
.
835f931
to
43ee094
Compare
Rebased to fix conflicts. |
Changing to WIP to incorporate the changes for #8490. |
43ee094
to
2ea6419
Compare
Hi @ewbankkit sorry for the delay on this review. I see that you’ve flipped this back into a WIP PR but I want to leave a quick suggestion and ask a question about the approach. |
@@ -153,45 +171,3 @@ func describeDirectConnectGatewayAssociationProposal(conn *directconnect.DirectC | |||
|
|||
return nil, nil | |||
} | |||
|
|||
func expandDirectConnectGatewayAssociationProposalAllowedPrefixes(allowedPrefixes []interface{}) []*directconnect.RouteFilterPrefix { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's actually preferred to keep these functions defined within the resource and not in structure.go
. While I understand the rationale, shared functions within structure.go
has actually become an antipattern for the provider and it is a convention that we are moving away from. The CONTRIBUTING guide will be updated to reflect this as well.
Moving forward the preference is to have code duplicated across similar resources with a smaller defined scope, then having one or two functions (in a high-touch file) shared across multiple resources.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, I'll keep these routines once the changes are made in #8528.
"github.com/hashicorp/terraform/helper/schema" | ||
) | ||
|
||
func resourceAwsDxCrossAccountGatewayAssociation() *schema.Resource { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ewbankkit in the original issue #8100 you mentioned updating the existing dx_gateway_association
resource with the new attributesvpn_gateway_owner_account_id
and proposal_id
But then you mention implementing a new resource as the path forward. I don't see a clear explanation why you found this approach to be the better option. Did you run into issues adding the additional schema attributes?
I'm concerned that having two resources that do the same thing with a slight twist may be confusing to the operator so I am wondering if your first approach is a viable option.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nywilken Two main reasons I am thinking of a separate resource (and I'm totally open to changing):
- When I thought about the changes required to
aws_dx_gateway_association
, the creation functionality would basically have to be split in two, one for the current case withdx_gateway_id
andvpn_gateway_id
and one forproposal_id
andvpn_gateway_owner_account_id
and most of the currentRequired
attributes would have to be madeOptional
and runtime checking done to make sure that the right combinations of attributes were set - In the AWS API the association is actually visible from "both ends", proposer and accepter although this resource applies only to the accepter end
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But given the work in #8528 to support transit gateways I will take another look (for example vpn_gateway_id
has had to go from Required
to Optional
as we now have another attribute associated_gateway_id
that can accept both VGW and Transit Gateway IDs).
@nywilken / @bflad Given the changes I am making to BTW, the current status on #8528 is that I just have to run the acceptance tests but kept getting failures on the $ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsDxGatewayAssociation_deprecated'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -parallel 20 -run=TestAccAwsDxGatewayAssociation_deprecated -timeout 120m
=== RUN TestAccAwsDxGatewayAssociation_deprecated
=== PAUSE TestAccAwsDxGatewayAssociation_deprecated
=== CONT TestAccAwsDxGatewayAssociation_deprecated
--- FAIL: TestAccAwsDxGatewayAssociation_deprecated (1212.63s)
testing.go:629: Error destroying resource! WARNING: Dangling resources
may exist. The full state and error is shown below.
Error: errors during apply: IncorrectState: The VPN gateway is in use.
status code: 400, request id: 1419626e-9204-4349-b2eb-0a913508f4a5
State: aws_vpn_gateway.test:
ID = vgw-0000000000000000
provider = provider.aws
amazon_side_asn = 64512
tags.% = 1
tags.Name = terraform-testacc-dxgwassoc-3462434342993075499
vpc_id = vpc-0000000000000000
FAIL
FAIL github.com/terraform-providers/terraform-provider-aws/aws 1212.695s
make: *** [testacc] Error 1 but I have just found the problem that causes this (and probably also the issues mentioned in #8222 (review)), this code https://github.com/terraform-providers/terraform-provider-aws/blob/3471582595cb9cd20d20abe2ca7f7463499edf6a/aws/resource_aws_vpn_gateway.go#L333-L340 |
Closing this PR in favor of consolidating the changes into #8528. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Fixes #8100.
Follows on from: