Skip to content

Commit

Permalink
Add new resource 'aws_vpc_endpoint_security_group_association'.
Browse files Browse the repository at this point in the history
Test no security groups specified for Interface VPC endpoint.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSVpcEndpoint_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -count 1 -parallel 2 -run=TestAccAWSVpcEndpoint_ -timeout 120m
=== RUN   TestAccAWSVpcEndpoint_gatewayBasic
=== PAUSE TestAccAWSVpcEndpoint_gatewayBasic
=== RUN   TestAccAWSVpcEndpoint_gatewayWithRouteTableAndPolicyAndTags
=== PAUSE TestAccAWSVpcEndpoint_gatewayWithRouteTableAndPolicyAndTags
=== RUN   TestAccAWSVpcEndpoint_gatewayPolicy
=== PAUSE TestAccAWSVpcEndpoint_gatewayPolicy
=== RUN   TestAccAWSVpcEndpoint_interfaceBasic
=== PAUSE TestAccAWSVpcEndpoint_interfaceBasic
=== RUN   TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup
=== PAUSE TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup
=== RUN   TestAccAWSVpcEndpoint_interfaceNonAWSService
=== PAUSE TestAccAWSVpcEndpoint_interfaceNonAWSService
=== RUN   TestAccAWSVpcEndpoint_disappears
=== PAUSE TestAccAWSVpcEndpoint_disappears
=== CONT  TestAccAWSVpcEndpoint_gatewayBasic
=== CONT  TestAccAWSVpcEndpoint_disappears
--- PASS: TestAccAWSVpcEndpoint_disappears (48.99s)
=== CONT  TestAccAWSVpcEndpoint_interfaceNonAWSService
--- PASS: TestAccAWSVpcEndpoint_gatewayBasic (51.48s)
=== CONT  TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup
--- PASS: TestAccAWSVpcEndpoint_interfaceNonAWSService (330.97s)
=== CONT  TestAccAWSVpcEndpoint_interfaceBasic
--- PASS: TestAccAWSVpcEndpoint_interfaceBasic (112.93s)
=== CONT  TestAccAWSVpcEndpoint_gatewayPolicy
--- PASS: TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup (451.61s)
=== CONT  TestAccAWSVpcEndpoint_gatewayWithRouteTableAndPolicyAndTags
--- PASS: TestAccAWSVpcEndpoint_gatewayPolicy (84.62s)
--- PASS: TestAccAWSVpcEndpoint_gatewayWithRouteTableAndPolicyAndTags (93.34s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	596.473s

First acceptance test.

Output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSVpcEndpointSecurityGroupAssociation_basic'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -count 1 -parallel 2 -run=TestAccAWSVpcEndpointSecurityGroupAssociation_basic -timeout 120m
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_basic
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_basic (136.41s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	136.460s

Add 'TestAccAWSVpcEndpointSecurityGroupAssociation_disappears'.

Output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSVpcEndpointSecurityGroupAssociation_disappears'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -count 1 -parallel 2 -run=TestAccAWSVpcEndpointSecurityGroupAssociation_disappears -timeout 120m
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_disappears (189.39s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	189.437s

Remove resource importer.

r/aws_vpc_endpoint_security_group_association: Add 'replace_default_association' attribute.

Fix acceptance tests after rebase.

Upgrade to Plugin SDK v2 and use Terraform 0.12 syntax in documentation.

r/aws_vpc_endpoint: Add 'finder.VpcEndpointByID'.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSVpcEndpoint_' ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 2 -run=TestAccAWSVpcEndpoint_ -timeout 120m
=== RUN   TestAccAWSVpcEndpoint_gatewayBasic
=== PAUSE TestAccAWSVpcEndpoint_gatewayBasic
=== RUN   TestAccAWSVpcEndpoint_gatewayWithRouteTableAndPolicy
=== PAUSE TestAccAWSVpcEndpoint_gatewayWithRouteTableAndPolicy
=== RUN   TestAccAWSVpcEndpoint_gatewayPolicy
=== PAUSE TestAccAWSVpcEndpoint_gatewayPolicy
=== RUN   TestAccAWSVpcEndpoint_interfaceBasic
=== PAUSE TestAccAWSVpcEndpoint_interfaceBasic
=== RUN   TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup
=== PAUSE TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup
=== RUN   TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnCreate
=== PAUSE TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnCreate
=== RUN   TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnUpdate
=== PAUSE TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnUpdate
=== RUN   TestAccAWSVpcEndpoint_disappears
=== PAUSE TestAccAWSVpcEndpoint_disappears
=== RUN   TestAccAWSVpcEndpoint_tags
=== PAUSE TestAccAWSVpcEndpoint_tags
=== CONT  TestAccAWSVpcEndpoint_gatewayBasic
=== CONT  TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnCreate
--- PASS: TestAccAWSVpcEndpoint_gatewayBasic (39.27s)
=== CONT  TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup
--- PASS: TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnCreate (272.03s)
=== CONT  TestAccAWSVpcEndpoint_tags
--- PASS: TestAccAWSVpcEndpoint_tags (94.20s)
=== CONT  TestAccAWSVpcEndpoint_disappears
--- PASS: TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup (344.51s)
=== CONT  TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnUpdate
=== CONT  TestAccAWSVpcEndpoint_disappears
    resource_aws_vpc_endpoint_test.go:445: [INFO] Got non-empty plan, as expected
--- PASS: TestAccAWSVpcEndpoint_disappears (35.43s)
=== CONT  TestAccAWSVpcEndpoint_gatewayPolicy
--- PASS: TestAccAWSVpcEndpoint_gatewayPolicy (64.31s)
=== CONT  TestAccAWSVpcEndpoint_interfaceBasic
--- PASS: TestAccAWSVpcEndpoint_interfaceBasic (79.91s)
=== CONT  TestAccAWSVpcEndpoint_gatewayWithRouteTableAndPolicy
--- PASS: TestAccAWSVpcEndpoint_gatewayWithRouteTableAndPolicy (73.57s)
--- PASS: TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnUpdate (326.78s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	710.605s

r/aws_vpc_endpoint_security_group_association: Use internal 'finder' package.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSVpcEndpointSecurityGroupAssociation_' ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 2 -run=TestAccAWSVpcEndpointSecurityGroupAssociation_ -timeout 120m
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_multiple
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_multiple
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation (104.16s)
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_multiple
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_basic (111.52s)
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
    resource_aws_vpc_endpoint_security_group_association_test.go:41: [INFO] Got non-empty plan, as expected
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_multiple (61.28s)
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_disappears (63.64s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	175.194s

Fix linting issues.

'hcl' -> 'terraform' in documentation.

r/aws_vpc_endpoint_*: Use internal finder and waiter packages.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSVpcEndpointSecurityGroupAssociation_\|TestAccAWSVpcEndpoint_\|TestAccAWSVpcEndpointSubnetAssociation_' ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 2 -run=TestAccAWSVpcEndpointSecurityGroupAssociation_\|TestAccAWSVpcEndpoint_\|TestAccAWSVpcEndpointSubnetAssociation_ -timeout 180m
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_multiple
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_multiple
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation
=== RUN   TestAccAWSVpcEndpointSubnetAssociation_basic
=== PAUSE TestAccAWSVpcEndpointSubnetAssociation_basic
=== RUN   TestAccAWSVpcEndpointSubnetAssociation_disappears
=== PAUSE TestAccAWSVpcEndpointSubnetAssociation_disappears
=== RUN   TestAccAWSVpcEndpointSubnetAssociation_multiple
=== PAUSE TestAccAWSVpcEndpointSubnetAssociation_multiple
=== RUN   TestAccAWSVpcEndpoint_gatewayBasic
=== PAUSE TestAccAWSVpcEndpoint_gatewayBasic
=== RUN   TestAccAWSVpcEndpoint_gatewayWithRouteTableAndPolicy
=== PAUSE TestAccAWSVpcEndpoint_gatewayWithRouteTableAndPolicy
=== RUN   TestAccAWSVpcEndpoint_gatewayPolicy
=== PAUSE TestAccAWSVpcEndpoint_gatewayPolicy
=== RUN   TestAccAWSVpcEndpoint_interfaceBasic
=== PAUSE TestAccAWSVpcEndpoint_interfaceBasic
=== RUN   TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup
=== PAUSE TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup
=== RUN   TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnCreate
=== PAUSE TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnCreate
=== RUN   TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnUpdate
=== PAUSE TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnUpdate
=== RUN   TestAccAWSVpcEndpoint_disappears
=== PAUSE TestAccAWSVpcEndpoint_disappears
=== RUN   TestAccAWSVpcEndpoint_tags
=== PAUSE TestAccAWSVpcEndpoint_tags
=== RUN   TestAccAWSVpcEndpoint_VpcEndpointType_GatewayLoadBalancer
=== PAUSE TestAccAWSVpcEndpoint_VpcEndpointType_GatewayLoadBalancer
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== CONT  TestAccAWSVpcEndpoint_gatewayPolicy
--- PASS: TestAccAWSVpcEndpoint_gatewayPolicy (59.54s)
=== CONT  TestAccAWSVpcEndpoint_VpcEndpointType_GatewayLoadBalancer
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_basic (66.30s)
=== CONT  TestAccAWSVpcEndpoint_tags
--- PASS: TestAccAWSVpcEndpoint_tags (83.44s)
=== CONT  TestAccAWSVpcEndpoint_disappears
--- PASS: TestAccAWSVpcEndpoint_disappears (31.54s)
=== CONT  TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnUpdate
--- PASS: TestAccAWSVpcEndpoint_VpcEndpointType_GatewayLoadBalancer (324.96s)
=== CONT  TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnCreate
--- PASS: TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnUpdate (277.00s)
=== CONT  TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup
--- PASS: TestAccAWSVpcEndpoint_interfaceNonAWSServiceAcceptOnCreate (271.89s)
=== CONT  TestAccAWSVpcEndpoint_interfaceBasic
--- PASS: TestAccAWSVpcEndpoint_interfaceBasic (76.82s)
=== CONT  TestAccAWSVpcEndpointSubnetAssociation_disappears
--- PASS: TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup (323.02s)
=== CONT  TestAccAWSVpcEndpoint_gatewayWithRouteTableAndPolicy
=== CONT  TestAccAWSVpcEndpoint_gatewayBasic
--- PASS: TestAccAWSVpcEndpoint_gatewayWithRouteTableAndPolicy (67.98s)
--- PASS: TestAccAWSVpcEndpoint_gatewayBasic (34.33s)
=== CONT  TestAccAWSVpcEndpointSubnetAssociation_multiple
--- PASS: TestAccAWSVpcEndpointSubnetAssociation_disappears (300.21s)
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation (67.70s)
=== CONT  TestAccAWSVpcEndpointSubnetAssociation_basic
--- PASS: TestAccAWSVpcEndpointSubnetAssociation_basic (247.76s)
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_multiple
=== CONT  TestAccAWSVpcEndpointSubnetAssociation_multiple
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_multiple (107.91s)
--- PASS: TestAccAWSVpcEndpointSubnetAssociation_multiple (585.07s)
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_disappears (76.35s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	1533.242s

Add 'ErrorCheck' for new acceptance tests.

Fix golangci-lint error:

aws/resource_aws_vpc_endpoint_subnet_association_test.go:111:63: `testAccCheckVpcEndpointSubnetAssociationExists` - `vpce` is unused (unparam)
func testAccCheckVpcEndpointSubnetAssociationExists(n string, vpce *ec2.VpcEndpoint) resource.TestCheckFunc {
                                                              ^

Fix golangci-lint error:

S1039: unnecessary use of fmt.Sprintf (gosimple)
		fmt.Sprintf(`
		^

r/aws_route_table_association: Tidy up after rebase including hashicorp#18465.

r/aws_vpc_endpoint_route_table_association: Use internal finder package.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSVpcEndpointRouteTableAssociation_' ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 2 -run=TestAccAWSVpcEndpointRouteTableAssociation_ -timeout 180m
=== RUN   TestAccAWSVpcEndpointRouteTableAssociation_basic
=== PAUSE TestAccAWSVpcEndpointRouteTableAssociation_basic
=== RUN   TestAccAWSVpcEndpointRouteTableAssociation_disappears
=== PAUSE TestAccAWSVpcEndpointRouteTableAssociation_disappears
=== CONT  TestAccAWSVpcEndpointRouteTableAssociation_basic
=== CONT  TestAccAWSVpcEndpointRouteTableAssociation_disappears
--- PASS: TestAccAWSVpcEndpointRouteTableAssociation_disappears (36.58s)
--- PASS: TestAccAWSVpcEndpointRouteTableAssociation_basic (39.06s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	39.161s

r/aws_vpc_endpoint_security_group_association: 'VpcEndpointSecurityGroupAssociation' -> 'VpcEndpointSecurityGroupAssociationExists'.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSVpcEndpointSecurityGroupAssociation_' ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 2 -run=TestAccAWSVpcEndpointSecurityGroupAssociation_ -timeout 180m
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_multiple
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_multiple
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation (65.31s)
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_multiple
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_basic (67.35s)
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_disappears (65.30s)
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_multiple (81.87s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	147.314s

r/aws_vpc_endpoint_subnet_association: Use internal finder package.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSVpcEndpointSubnetAssociation_' ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 2 -run=TestAccAWSVpcEndpointSubnetAssociation_ -timeout 180m
=== RUN   TestAccAWSVpcEndpointSubnetAssociation_basic
=== PAUSE TestAccAWSVpcEndpointSubnetAssociation_basic
=== RUN   TestAccAWSVpcEndpointSubnetAssociation_disappears
=== PAUSE TestAccAWSVpcEndpointSubnetAssociation_disappears
=== RUN   TestAccAWSVpcEndpointSubnetAssociation_multiple
=== PAUSE TestAccAWSVpcEndpointSubnetAssociation_multiple
=== CONT  TestAccAWSVpcEndpointSubnetAssociation_basic
=== CONT  TestAccAWSVpcEndpointSubnetAssociation_multiple
--- PASS: TestAccAWSVpcEndpointSubnetAssociation_basic (244.58s)
=== CONT  TestAccAWSVpcEndpointSubnetAssociation_disappears
--- PASS: TestAccAWSVpcEndpointSubnetAssociation_disappears (301.32s)
--- PASS: TestAccAWSVpcEndpointSubnetAssociation_multiple (592.71s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	592.827s

Set Name tag in acceptance tests where possible.

Add CHANGELOG entry.

'ExistsPropagation' -> 'ExistancePropagation'.

Acceptance test output:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSVpcEndpointSecurityGroupAssociation_basic\|TestAccAWSVpcEndpointSubnetAssociation_basic\|TestAccAWSVpcEndpointRouteTableAssociation_basic' ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 2 -run=TestAccAWSVpcEndpointSecurityGroupAssociation_basic\|TestAccAWSVpcEndpointSubnetAssociation_basic\|TestAccAWSVpcEndpointRouteTableAssociation_basic -timeout 180m
=== RUN   TestAccAWSVpcEndpointRouteTableAssociation_basic
=== PAUSE TestAccAWSVpcEndpointRouteTableAssociation_basic
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== RUN   TestAccAWSVpcEndpointSubnetAssociation_basic
=== PAUSE TestAccAWSVpcEndpointSubnetAssociation_basic
=== CONT  TestAccAWSVpcEndpointRouteTableAssociation_basic
=== CONT  TestAccAWSVpcEndpointSubnetAssociation_basic
--- PASS: TestAccAWSVpcEndpointRouteTableAssociation_basic (38.09s)
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_basic
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_basic (82.50s)
--- PASS: TestAccAWSVpcEndpointSubnetAssociation_basic (255.78s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	255.882s

Fix golangci-lint error:

S1021: should merge variable declaration with assignment on next line (gosimple)
		var err error
		^

Add 'tfresource.RetryUntilFound'.

Exclude 'aws/internal/tfresource/retry.go' from helper-schema-resource-Retry-without-TimeoutError-check.

r/aws_vpc_endpoint_security_group_association: Don't retry on read.

Acceptance test output:

% make testacc TEST=./aws TESTARGS='-run=TestAccAWSVpcEndpointSecurityGroupAssociation_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSVpcEndpointSecurityGroupAssociation_ -timeout 180m
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_multiple
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_multiple
=== RUN   TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation
=== PAUSE TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_basic
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_disappears
=== CONT  TestAccAWSVpcEndpointSecurityGroupAssociation_multiple
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_ReplaceDefaultAssociation (104.66s)
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_basic (108.84s)
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_multiple (111.20s)
--- PASS: TestAccAWSVpcEndpointSecurityGroupAssociation_disappears (124.08s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	127.135s

r/aws_vpc_endpoint_subnet_association: Don't retry on read.

Acceptance test output:

% make testacc TEST=./aws TESTARGS='-run=TestAccAWSVpcEndpointSubnetAssociation_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSVpcEndpointSubnetAssociation_ -timeout 180m
=== RUN   TestAccAWSVpcEndpointSubnetAssociation_basic
=== PAUSE TestAccAWSVpcEndpointSubnetAssociation_basic
=== RUN   TestAccAWSVpcEndpointSubnetAssociation_disappears
=== PAUSE TestAccAWSVpcEndpointSubnetAssociation_disappears
=== RUN   TestAccAWSVpcEndpointSubnetAssociation_multiple
=== PAUSE TestAccAWSVpcEndpointSubnetAssociation_multiple
=== CONT  TestAccAWSVpcEndpointSubnetAssociation_basic
=== CONT  TestAccAWSVpcEndpointSubnetAssociation_multiple
=== CONT  TestAccAWSVpcEndpointSubnetAssociation_disappears
--- PASS: TestAccAWSVpcEndpointSubnetAssociation_disappears (258.95s)
--- PASS: TestAccAWSVpcEndpointSubnetAssociation_basic (259.71s)
--- PASS: TestAccAWSVpcEndpointSubnetAssociation_multiple (545.62s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	548.634s
  • Loading branch information
ewbankkit committed Jun 18, 2021
1 parent 205fb10 commit a23cd5a
Show file tree
Hide file tree
Showing 10 changed files with 554 additions and 19 deletions.
7 changes: 7 additions & 0 deletions .changelog/13737.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
```release-note:new-resource
aws_vpc_endpoint_security_group_association
```

```release-note:enhancement
resource/aws_vpc_endpoint: The `security_group_ids` attribute can now be empty when the resource is created. In this case the VPC's default security is associated with the VPC endpoint
```
47 changes: 47 additions & 0 deletions aws/internal/service/ec2/finder/finder.go
Original file line number Diff line number Diff line change
Expand Up @@ -407,6 +407,34 @@ func RouteByPrefixListIDDestination(conn *ec2.EC2, routeTableID, prefixListID st
return nil, &resource.NotFoundError{}
}

// DefaultSecurityGroup returns the default security group for the specified VPC.
// Returns NotFoundError if no default security group is found.
func DefaultSecurityGroup(conn *ec2.EC2, vpcID string) (*ec2.SecurityGroup, error) {
filters := map[string]string{
"group-name": "default",
"vpc-id": vpcID,
}

input := &ec2.DescribeSecurityGroupsInput{
Filters: tfec2.BuildAttributeFilterList(filters),
}

output, err := conn.DescribeSecurityGroups(input)

if err != nil {
return nil, err
}

if output == nil || len(output.SecurityGroups) == 0 || output.SecurityGroups[0] == nil {
return nil, &resource.NotFoundError{
Message: "Empty result",
LastRequest: input,
}
}

return output.SecurityGroups[0], nil
}

// SecurityGroupByID looks up a security group by ID. When not found, returns nil and potentially an API error.
func SecurityGroupByID(conn *ec2.EC2, id string) (*ec2.SecurityGroup, error) {
req := &ec2.DescribeSecurityGroupsInput{
Expand Down Expand Up @@ -692,6 +720,25 @@ func VpcEndpointRouteTableAssociationExists(conn *ec2.EC2, vpcEndpointID string,
}
}

// VpcEndpointRouteTableAssociationExists returns NotFoundError if no association for the specified VPC endpoint and security group IDs is found.
func VpcEndpointSecurityGroupAssociationExists(conn *ec2.EC2, vpcEndpointID, securityGroupID string) error {
vpcEndpoint, err := VpcEndpointByID(conn, vpcEndpointID)

if err != nil {
return err
}

for _, group := range vpcEndpoint.Groups {
if aws.StringValue(group.GroupId) == securityGroupID {
return nil
}
}

return &resource.NotFoundError{
LastError: fmt.Errorf("VPC Endpoint Security Group Association (%s/%s) not found", vpcEndpointID, securityGroupID),
}
}

// VpcEndpointSubnetAssociationExists returns NotFoundError if no association for the specified VPC endpoint and subnet IDs is found.
func VpcEndpointSubnetAssociationExists(conn *ec2.EC2, vpcEndpointID string, subnetID string) error {
vpcEndpoint, err := VpcEndpointByID(conn, vpcEndpointID)
Expand Down
4 changes: 4 additions & 0 deletions aws/internal/service/ec2/id.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,10 @@ func VpcEndpointRouteTableAssociationCreateID(vpcEndpointID, routeTableID string
return fmt.Sprintf("a-%s%d", vpcEndpointID, hashcode.String(routeTableID))
}

func VpcEndpointSecurityGroupAssociationCreateID(vpcEndpointID, securityGroupID string) string {
return fmt.Sprintf("a-%s%d", vpcEndpointID, hashcode.String(securityGroupID))
}

func VpcEndpointSubnetAssociationCreateID(vpcEndpointID, subnetID string) string {
return fmt.Sprintf("a-%s%d", vpcEndpointID, hashcode.String(subnetID))
}
Expand Down
1 change: 1 addition & 0 deletions aws/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -1119,6 +1119,7 @@ func Provider() *schema.Provider {
"aws_vpc_endpoint": resourceAwsVpcEndpoint(),
"aws_vpc_endpoint_connection_notification": resourceAwsVpcEndpointConnectionNotification(),
"aws_vpc_endpoint_route_table_association": resourceAwsVpcEndpointRouteTableAssociation(),
"aws_vpc_endpoint_security_group_association": resourceAwsVpcEndpointSecurityGroupAssociation(),
"aws_vpc_endpoint_subnet_association": resourceAwsVpcEndpointSubnetAssociation(),
"aws_vpc_endpoint_service": resourceAwsVpcEndpointService(),
"aws_vpc_endpoint_service_allowed_principal": resourceAwsVpcEndpointServiceAllowedPrincipal(),
Expand Down
6 changes: 0 additions & 6 deletions aws/resource_aws_vpc_endpoint.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package aws

import (
"errors"
"fmt"
"log"
"time"
Expand Down Expand Up @@ -156,11 +155,6 @@ func resourceAwsVpcEndpoint() *schema.Resource {
}

func resourceAwsVpcEndpointCreate(d *schema.ResourceData, meta interface{}) error {
if d.Get("vpc_endpoint_type").(string) == ec2.VpcEndpointTypeInterface &&
d.Get("security_group_ids").(*schema.Set).Len() == 0 {
return errors.New("An Interface VPC Endpoint must always have at least one Security Group")
}

conn := meta.(*AWSClient).ec2conn
defaultTagsConfig := meta.(*AWSClient).DefaultTagsConfig
tags := defaultTagsConfig.MergeTags(keyvaluetags.New(d.Get("tags").(map[string]interface{})))
Expand Down
200 changes: 200 additions & 0 deletions aws/resource_aws_vpc_endpoint_security_group_association.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,200 @@
package aws

import (
"fmt"
"log"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/hashicorp/aws-sdk-go-base/tfawserr"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
tfec2 "github.com/terraform-providers/terraform-provider-aws/aws/internal/service/ec2"
"github.com/terraform-providers/terraform-provider-aws/aws/internal/service/ec2/finder"
"github.com/terraform-providers/terraform-provider-aws/aws/internal/tfresource"
)

func resourceAwsVpcEndpointSecurityGroupAssociation() *schema.Resource {
return &schema.Resource{
Create: resourceAwsVpcEndpointSecurityGroupAssociationCreate,
Read: resourceAwsVpcEndpointSecurityGroupAssociationRead,
Delete: resourceAwsVpcEndpointSecurityGroupAssociationDelete,

Schema: map[string]*schema.Schema{
"replace_default_association": {
Type: schema.TypeBool,
Optional: true,
Default: false,
ForceNew: true,
},
"security_group_id": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"vpc_endpoint_id": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
},
}
}

func resourceAwsVpcEndpointSecurityGroupAssociationCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).ec2conn

vpcEndpointID := d.Get("vpc_endpoint_id").(string)
securityGroupID := d.Get("security_group_id").(string)
replaceDefaultAssociation := d.Get("replace_default_association").(bool)

defaultSecurityGroupID := ""
if replaceDefaultAssociation {
vpcEndpoint, err := finder.VpcEndpointByID(conn, vpcEndpointID)

if err != nil {
return fmt.Errorf("error reading VPC endpoint (%s): %w", vpcEndpointID, err)
}

vpcID := aws.StringValue(vpcEndpoint.VpcId)

defaultSecurityGroup, err := finder.DefaultSecurityGroup(conn, vpcID)

if err != nil {
return fmt.Errorf("error reading default security group for VPC (%s): %w", vpcID, err)
}

defaultSecurityGroupID = aws.StringValue(defaultSecurityGroup.GroupId)

if defaultSecurityGroupID == securityGroupID {
return fmt.Errorf("%s is the default security group for VPC (%s)", securityGroupID, vpcID)
}

foundDefaultAssociation := false

for _, group := range vpcEndpoint.Groups {
if aws.StringValue(group.GroupId) == defaultSecurityGroupID {
foundDefaultAssociation = true
break
}
}

if !foundDefaultAssociation {
return fmt.Errorf("no association of default security group (%s) with VPC endpoint (%s)", defaultSecurityGroupID, vpcEndpointID)
}
}

err := createVpcEndpointSecurityGroupAssociation(conn, vpcEndpointID, securityGroupID)

if err != nil {
return err
}

d.SetId(tfec2.VpcEndpointSecurityGroupAssociationCreateID(vpcEndpointID, securityGroupID))

if replaceDefaultAssociation {
// Delete the existing VPC endpoint/default security group association.
err := deleteVpcEndpointSecurityGroupAssociation(conn, vpcEndpointID, defaultSecurityGroupID)

if err != nil {
return err
}
}

return resourceAwsVpcEndpointSecurityGroupAssociationRead(d, meta)
}

func resourceAwsVpcEndpointSecurityGroupAssociationRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).ec2conn

vpcEndpointID := d.Get("vpc_endpoint_id").(string)
securityGroupID := d.Get("security_group_id").(string)
// Human friendly ID for error messages since d.Id() is non-descriptive
id := fmt.Sprintf("%s/%s", vpcEndpointID, securityGroupID)

err := finder.VpcEndpointSecurityGroupAssociationExists(conn, vpcEndpointID, securityGroupID)

if !d.IsNewResource() && tfresource.NotFound(err) {
log.Printf("[WARN] VPC Endpoint Security Group Association (%s) not found, removing from state", id)
d.SetId("")
return nil
}

if err != nil {
return fmt.Errorf("error reading VPC Security Group Association (%s): %w", id, err)
}

return nil
}

func resourceAwsVpcEndpointSecurityGroupAssociationDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).ec2conn

vpcEndpointID := d.Get("vpc_endpoint_id").(string)
securityGroupID := d.Get("security_group_id").(string)
replaceDefaultAssociation := d.Get("replace_default_association").(bool)

if replaceDefaultAssociation {
vpcEndpoint, err := finder.VpcEndpointByID(conn, vpcEndpointID)

if err != nil {
return fmt.Errorf("error reading VPC endpoint (%s): %w", vpcEndpointID, err)
}

vpcID := aws.StringValue(vpcEndpoint.VpcId)

defaultSecurityGroup, err := finder.DefaultSecurityGroup(conn, vpcID)

if err != nil {
return fmt.Errorf("error reading default security group for VPC (%s): %w", vpcID, err)
}

// Add back the VPC endpoint/default security group association.
err = createVpcEndpointSecurityGroupAssociation(conn, vpcEndpointID, aws.StringValue(defaultSecurityGroup.GroupId))

if err != nil {
return err
}
}

return deleteVpcEndpointSecurityGroupAssociation(conn, vpcEndpointID, securityGroupID)
}

// createVpcEndpointSecurityGroupAssociation creates the specified VPC endpoint/security group association.
func createVpcEndpointSecurityGroupAssociation(conn *ec2.EC2, vpcEndpointID, securityGroupID string) error {
input := &ec2.ModifyVpcEndpointInput{
VpcEndpointId: aws.String(vpcEndpointID),
AddSecurityGroupIds: aws.StringSlice([]string{securityGroupID}),
}

log.Printf("[DEBUG] Creating VPC Endpoint Security Group Association: %s", input)

_, err := conn.ModifyVpcEndpoint(input)

if err != nil {
return fmt.Errorf("error creating VPC Endpoint Security Group Association (%s/%s): %w", vpcEndpointID, securityGroupID, err)
}

return nil
}

// deleteVpcEndpointSecurityGroupAssociation deletes the specified VPC endpoint/security group association.
func deleteVpcEndpointSecurityGroupAssociation(conn *ec2.EC2, vpcEndpointID, securityGroupID string) error {
input := &ec2.ModifyVpcEndpointInput{
VpcEndpointId: aws.String(vpcEndpointID),
RemoveSecurityGroupIds: aws.StringSlice([]string{securityGroupID}),
}

log.Printf("[DEBUG] Deleting VPC Endpoint Security Group Association: %s", input)

_, err := conn.ModifyVpcEndpoint(input)

if tfawserr.ErrCodeEquals(err, tfec2.ErrCodeInvalidVpcEndpointIdNotFound) || tfawserr.ErrCodeEquals(err, tfec2.InvalidGroupNotFound) || tfawserr.ErrCodeEquals(err, tfec2.ErrCodeInvalidParameter) {
return nil
}

if err != nil {
return fmt.Errorf("error deleting VPC Endpoint Security Group Association (%s/%s): %w", vpcEndpointID, securityGroupID, err)
}

return nil
}
Loading

0 comments on commit a23cd5a

Please sign in to comment.