Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support AWS PrivateLink for AWS Services #2253

Closed
wants to merge 4 commits into from
Closed

Support AWS PrivateLink for AWS Services #2253

wants to merge 4 commits into from

Conversation

ewbankkit
Copy link
Contributor

@ewbankkit ewbankkit commented Nov 10, 2017
edited
Loading

Fixes #2222.

  • aws_vpc_endpoint_service data source - Update
  • aws_vpc_endpoint data source - Update
  • aws_vpc_endpoint resource - Update
  • aws_vpc_endpoint_subnet_association resource - New
  • aws_vpc_endpoint_security_group_association resource - New
  • Documentation
  • Acceptance tests

@ewbankkit ewbankkit force-pushed the issue-2222 branch 3 times, most recently from e01a9d0 to 12ebc3f Compare November 12, 2017 23:32
@radeksimko radeksimko added enhancement Requests to existing resources that expand the functionality or scope. size/XXL Managed by automation to categorize the size of a PR. labels Nov 13, 2017
@ewbankkit
Copy link
Contributor Author

OK, finally completed this.
The major change since my initial design was to not add a new aws_vpc_endpoint_security_group_association but instead to require at least one subnet ID be specified in the aws_vpc_endpoint resource for Interface endpoints.
The reasoning for this is that Interface endpoints must always be associated with at least one security group and if none is explicitly specified on creation then the VPC's default security group is implictly added. This doesn't fit well with the Terraform model, so I went with only specifying security groups in the aws_vpc_endpoint resource and not allowing them to be associated via a separate resource.

@ewbankkit
Copy link
Contributor Author

Acceptance tests:

make testacc TEST=./aws/ TESTARGS='-run=TestAccDataSourceAwsVpcEndpointService_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -run=TestAccDataSourceAwsVpcEndpointService_ -timeout 120m
=== RUN   TestAccDataSourceAwsVpcEndpointService_gateway
--- PASS: TestAccDataSourceAwsVpcEndpointService_gateway (14.91s)
=== RUN   TestAccDataSourceAwsVpcEndpointService_interface
--- PASS: TestAccDataSourceAwsVpcEndpointService_interface (13.98s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	28.907s

make testacc TEST=./aws/ TESTARGS='-run=TestAccDataSourceAwsVpcEndpoint_'==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -run=TestAccDataSourceAwsVpcEndpoint_ -timeout 120m
=== RUN   TestAccDataSourceAwsVpcEndpoint_gatewayBasic
--- PASS: TestAccDataSourceAwsVpcEndpoint_gatewayBasic (44.29s)
=== RUN   TestAccDataSourceAwsVpcEndpoint_byId
--- PASS: TestAccDataSourceAwsVpcEndpoint_byId (45.65s)
=== RUN   TestAccDataSourceAwsVpcEndpoint_gatewayWithRouteTable
--- PASS: TestAccDataSourceAwsVpcEndpoint_gatewayWithRouteTable (47.49s)
=== RUN   TestAccDataSourceAwsVpcEndpoint_interface
--- PASS: TestAccDataSourceAwsVpcEndpoint_interface (218.24s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	355.672s

make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsVpcEndpointSubnetAssociation_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -run=TestAccAwsVpcEndpointSubnetAssociation_ -timeout 120m
=== RUN   TestAccAwsVpcEndpointSubnetAssociation_basic
--- PASS: TestAccAwsVpcEndpointSubnetAssociation_basic (94.42s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	94.443s

make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsVpcEndpoint_'==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -run=TestAccAwsVpcEndpoint_ -timeout 120m
=== RUN   TestAccAwsVpcEndpoint_importBasic
--- PASS: TestAccAwsVpcEndpoint_importBasic (44.35s)
=== RUN   TestAccAwsVpcEndpoint_gatewayBasic
--- PASS: TestAccAwsVpcEndpoint_gatewayBasic (38.88s)
=== RUN   TestAccAwsVpcEndpoint_gatewayWithRouteTableAndPolicy
--- PASS: TestAccAwsVpcEndpoint_gatewayWithRouteTableAndPolicy (73.42s)
=== RUN   TestAccAwsVpcEndpoint_interfaceBasic
--- PASS: TestAccAwsVpcEndpoint_interfaceBasic (48.15s)
=== RUN   TestAccAwsVpcEndpoint_interfaceWithSubnetAndSecurityGroup
--- PASS: TestAccAwsVpcEndpoint_interfaceWithSubnetAndSecurityGroup (341.28s)
=== RUN   TestAccAwsVpcEndpoint_removed
--- PASS: TestAccAwsVpcEndpoint_removed (31.93s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	578.036s

@ewbankkit ewbankkit changed the title [WIP] Support AWS PrivateLink for AWS Services Support AWS PrivateLink for AWS Services Nov 19, 2017
@ewbankkit
Copy link
Contributor Author

Removed WIP.

ewbankkit
ewbankkit commented Nov 27, 2017
View reviewed changes
aws/resource_aws_vpc_endpoint.go
VpcId: aws.String(d.Get("vpc_id").(string)),
ServiceName: aws.String(d.Get("service_name").(string)),
func resourceAwsVpcEndpointCreate(d *schema.ResourceData, meta interface{}) error {
if d.Get("vpc_endpoint_type").(string) == ec2.VpcEndpointTypeInterface &&
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can now replace this "apply-time" logic with "plan-time" logic using these changes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't get the "plan-time" logic

CustomizeDiff: func(diff *schema.ResourceDiff, v interface{}) error {
    if diff.Get("vpc_endpoint_type").(string) == ec2.VpcEndpointTypeInterface {
        _, new := diff.GetChange("security_group_ids")
        if new.(*schema.Set).Len() == 0 {
                return errors.New("An Interface VPC Endpoint must always have at least one Security Group")
        }
    }

    return nil
},

to work - the new length is always 0 when creating the resource the first time.

johnjelinek
johnjelinek approved these changes Nov 29, 2017
View reviewed changes
Copy link

@johnjelinek johnjelinek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ewbankkit
Copy link
Contributor Author

Rebased and added the acceptance_required attribute to the aws_vpc_endpoint_service data source, required in support of #2460.

This was referenced Dec 1, 2017
Closed
Closed
@darrenhaken
Copy link
Contributor

Any idea when this might be good to go?

@ewbankkit ewbankkit closed this Dec 10, 2017
@ewbankkit
Copy link
Contributor Author

Work merged in to #2515.

@jen20
Copy link
Contributor

jen20 commented Feb 3, 2018

This landed as part of #2515 in 35b273e.

@ewbankkit ewbankkit deleted the issue-2222 branch August 3, 2018 14:15
@ewbankkit ewbankkit mentioned this pull request Apr 19, 2019
Closed
@ewbankkit ewbankkit mentioned this pull request Oct 9, 2019
Closed
@ghost
Copy link

ghost commented Apr 4, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 4, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@johnjelinek johnjelinek johnjelinek approved these changes

Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. size/XXL Managed by automation to categorize the size of a PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature: Support AWS PrivateLink for AWS Services
5 participants
@ewbankkit @darrenhaken @jen20 @johnjelinek @radeksimko