-
Notifications
You must be signed in to change notification settings - Fork 9.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
r/aws_vpc_endpoint_service_private_dns_verification: new resource
This resource will allow practitioners to start the verification process for a VPC endpoint service private DNS name via Terraform. ```console % make testacc PKG=ec2 TESTS="TestAccVPCEndpointServicePrivateDNSVerification_" ==> Checking that code complies with gofmt requirements... TF_ACC=1 go1.22.2 test ./internal/service/ec2/... -v -count 1 -parallel 20 -run='TestAccVPCEndpointServicePrivateDNSVerification_' -timeout 360m --- PASS: TestAccVPCEndpointServicePrivateDNSVerification_basic (218.59s) --- PASS: TestAccVPCEndpointServicePrivateDNSVerification_waitForVerification (262.01s) PASS ok github.com/hashicorp/terraform-provider-aws/internal/service/ec2 267.248s ```
- Loading branch information
Showing
8 changed files
with
346 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:new-resource | ||
aws_vpc_endpoint_service_private_dns_verification | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
124 changes: 124 additions & 0 deletions
124
internal/service/ec2/vpc_endpoint_service_private_dns_verification.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,124 @@ | ||
// Copyright (c) HashiCorp, Inc. | ||
// SPDX-License-Identifier: MPL-2.0 | ||
|
||
package ec2 | ||
|
||
import ( | ||
"context" | ||
"errors" | ||
"time" | ||
|
||
"github.com/aws/aws-sdk-go-v2/aws" | ||
"github.com/aws/aws-sdk-go-v2/service/ec2" | ||
"github.com/hashicorp/terraform-plugin-framework-timeouts/resource/timeouts" | ||
"github.com/hashicorp/terraform-plugin-framework/resource" | ||
"github.com/hashicorp/terraform-plugin-framework/resource/schema" | ||
"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" | ||
"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" | ||
"github.com/hashicorp/terraform-plugin-framework/types" | ||
"github.com/hashicorp/terraform-provider-aws/internal/create" | ||
"github.com/hashicorp/terraform-provider-aws/internal/framework" | ||
"github.com/hashicorp/terraform-provider-aws/names" | ||
) | ||
|
||
// @FrameworkResource("aws_vpc_endpoint_service_private_dns_verification", name="Endpoint Service Private DNS Verification") | ||
func newResourceEndpointServicePrivateDNSVerification(_ context.Context) (resource.ResourceWithConfigure, error) { | ||
r := &resourceEndpointServicePrivateDNSVerification{} | ||
r.SetDefaultCreateTimeout(30 * time.Minute) | ||
|
||
return r, nil | ||
} | ||
|
||
const ( | ||
ResNameEndpointServicePrivateDNSVerification = "Endpoint Service Private DNS Verification" | ||
) | ||
|
||
type resourceEndpointServicePrivateDNSVerification struct { | ||
framework.ResourceWithConfigure | ||
framework.WithNoOpRead | ||
framework.WithNoUpdate | ||
framework.WithNoOpDelete | ||
framework.WithTimeouts | ||
} | ||
|
||
func (r *resourceEndpointServicePrivateDNSVerification) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { | ||
resp.TypeName = "aws_vpc_endpoint_service_private_dns_verification" | ||
} | ||
|
||
func (r *resourceEndpointServicePrivateDNSVerification) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { | ||
resp.Schema = schema.Schema{ | ||
Attributes: map[string]schema.Attribute{ | ||
"service_id": schema.StringAttribute{ | ||
Required: true, | ||
PlanModifiers: []planmodifier.String{ | ||
stringplanmodifier.RequiresReplace(), | ||
}, | ||
}, | ||
"wait_for_verification": schema.BoolAttribute{ | ||
Optional: true, | ||
}, | ||
}, | ||
Blocks: map[string]schema.Block{ | ||
"timeouts": timeouts.Block(ctx, timeouts.Opts{ | ||
Create: true, | ||
}), | ||
}, | ||
} | ||
} | ||
|
||
func (r *resourceEndpointServicePrivateDNSVerification) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { | ||
conn := r.Meta().EC2Client(ctx) | ||
|
||
var plan resourceEndpointServicePrivateDNSVerificationData | ||
resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...) | ||
if resp.Diagnostics.HasError() { | ||
return | ||
} | ||
|
||
in := &ec2.StartVpcEndpointServicePrivateDnsVerificationInput{ | ||
ServiceId: aws.String(plan.ServiceID.ValueString()), | ||
} | ||
|
||
out, err := conn.StartVpcEndpointServicePrivateDnsVerification(ctx, in) | ||
if err != nil { | ||
resp.Diagnostics.AddError( | ||
create.ProblemStandardMessage(names.EC2, create.ErrActionCreating, ResNameEndpointServicePrivateDNSVerification, plan.ServiceID.String(), err), | ||
err.Error(), | ||
) | ||
return | ||
} | ||
if out == nil || out.ReturnValue == nil { | ||
resp.Diagnostics.AddError( | ||
create.ProblemStandardMessage(names.EC2, create.ErrActionCreating, ResNameEndpointServicePrivateDNSVerification, plan.ServiceID.String(), nil), | ||
errors.New("empty output").Error(), | ||
) | ||
return | ||
} | ||
if !aws.ToBool(out.ReturnValue) { | ||
resp.Diagnostics.AddError( | ||
create.ProblemStandardMessage(names.EC2, create.ErrActionCreating, ResNameEndpointServicePrivateDNSVerification, plan.ServiceID.String(), nil), | ||
errors.New("request failed").Error(), | ||
) | ||
return | ||
} | ||
|
||
if plan.WaitForVerification.ValueBool() { | ||
createTimeout := r.CreateTimeout(ctx, plan.Timeouts) | ||
_, err := waitVPCEndpointServicePrivateDNSNameVerifiedV2(ctx, conn, plan.ServiceID.ValueString(), createTimeout) | ||
if err != nil { | ||
resp.Diagnostics.AddError( | ||
create.ProblemStandardMessage(names.EC2, create.ErrActionWaitingForCreation, ResNameEndpointServicePrivateDNSVerification, plan.ServiceID.String(), err), | ||
err.Error(), | ||
) | ||
return | ||
} | ||
} | ||
|
||
resp.Diagnostics.Append(resp.State.Set(ctx, plan)...) | ||
} | ||
|
||
type resourceEndpointServicePrivateDNSVerificationData struct { | ||
ServiceID types.String `tfsdk:"service_id"` | ||
Timeouts timeouts.Value `tfsdk:"timeouts"` | ||
WaitForVerification types.Bool `tfsdk:"wait_for_verification"` | ||
} |
128 changes: 128 additions & 0 deletions
128
internal/service/ec2/vpc_endpoint_service_private_dns_verification_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,128 @@ | ||
// Copyright (c) HashiCorp, Inc. | ||
// SPDX-License-Identifier: MPL-2.0 | ||
|
||
package ec2_test | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/YakDriver/regexache" | ||
sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" | ||
"github.com/hashicorp/terraform-plugin-testing/helper/resource" | ||
"github.com/hashicorp/terraform-provider-aws/internal/acctest" | ||
"github.com/hashicorp/terraform-provider-aws/names" | ||
) | ||
|
||
func TestAccVPCEndpointServicePrivateDNSVerification_basic(t *testing.T) { | ||
ctx := acctest.Context(t) | ||
if testing.Short() { | ||
t.Skip("skipping long-running test in short mode") | ||
} | ||
|
||
rName := sdkacctest.RandomWithPrefix("tfacctest") // 32 character limit | ||
domainName := acctest.RandomDomainName() | ||
resourceName := "aws_vpc_endpoint_service_private_dns_verification.test" | ||
endpointServiceResourceName := "aws_vpc_endpoint_service.test" | ||
|
||
resource.ParallelTest(t, resource.TestCase{ | ||
PreCheck: func() { | ||
acctest.PreCheck(ctx, t) | ||
acctest.PreCheckPartitionHasService(t, names.EC2) | ||
}, | ||
ErrorCheck: acctest.ErrorCheck(t, names.EC2ServiceID), | ||
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, | ||
CheckDestroy: nil, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccVPCEndpointServicePrivateDNSVerificationConfig_basic(rName, domainName), | ||
Check: resource.ComposeTestCheckFunc( | ||
resource.TestCheckResourceAttrPair(resourceName, "service_id", endpointServiceResourceName, names.AttrID), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func TestAccVPCEndpointServicePrivateDNSVerification_waitForVerification(t *testing.T) { | ||
ctx := acctest.Context(t) | ||
if testing.Short() { | ||
t.Skip("skipping long-running test in short mode") | ||
} | ||
|
||
rName := sdkacctest.RandomWithPrefix("tfacctest") // 32 character limit | ||
domainName := acctest.RandomDomainName() | ||
|
||
resource.ParallelTest(t, resource.TestCase{ | ||
PreCheck: func() { | ||
acctest.PreCheck(ctx, t) | ||
acctest.PreCheckPartitionHasService(t, names.EC2) | ||
}, | ||
ErrorCheck: acctest.ErrorCheck(t, names.EC2ServiceID), | ||
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, | ||
CheckDestroy: nil, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccVPCEndpointServicePrivateDNSVerificationConfig_waitForVerification(rName, domainName), | ||
// Expect an error as private DNS setup and verification is not | ||
// included in this configuration. This test simply verifies the | ||
// create waiter functions as expected. | ||
ExpectError: regexache.MustCompile("waiting for creation"), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccVPCEndpointServicePrivateDNSVerificationConfigBase(rName, domainName string, count int) string { | ||
return acctest.ConfigCompose( | ||
acctest.ConfigVPCWithSubnets(rName, 2), | ||
fmt.Sprintf(` | ||
resource "aws_lb" "test" { | ||
count = %[3]d | ||
load_balancer_type = "network" | ||
name = "%[1]s-${count.index}" | ||
subnets = aws_subnet.test[*].id | ||
internal = true | ||
idle_timeout = 60 | ||
enable_deletion_protection = false | ||
tags = { | ||
Name = %[1]q | ||
} | ||
} | ||
resource "aws_vpc_endpoint_service" "test" { | ||
acceptance_required = false | ||
network_load_balancer_arns = aws_lb.test[*].arn | ||
private_dns_name = %[2]q | ||
} | ||
`, rName, domainName, count)) | ||
} | ||
|
||
func testAccVPCEndpointServicePrivateDNSVerificationConfig_basic(rName, domainName string) string { | ||
return acctest.ConfigCompose( | ||
testAccVPCEndpointServicePrivateDNSVerificationConfigBase(rName, domainName, 1), | ||
` | ||
resource "aws_vpc_endpoint_service_private_dns_verification" "test" { | ||
service_id = aws_vpc_endpoint_service.test.id | ||
} | ||
`) | ||
} | ||
|
||
func testAccVPCEndpointServicePrivateDNSVerificationConfig_waitForVerification(rName, domainName string) string { | ||
return acctest.ConfigCompose( | ||
testAccVPCEndpointServicePrivateDNSVerificationConfigBase(rName, domainName, 1), | ||
` | ||
resource "aws_vpc_endpoint_service_private_dns_verification" "test" { | ||
service_id = aws_vpc_endpoint_service.test.id | ||
wait_for_verification = true | ||
timeouts { | ||
create = "1m" | ||
} | ||
} | ||
`) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
website/docs/r/vpc_endpoint_service_private_dns_verification.html.markdown
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
--- | ||
subcategory: "VPC (Virtual Private Cloud)" | ||
layout: "aws" | ||
page_title: "AWS: aws_vpc_endpoint_service_private_dns_verification" | ||
description: |- | ||
Terraform resource for managing an AWS VPC (Virtual Private Cloud) Endpoint Service Private DNS Verification. | ||
--- | ||
# Resource: aws_vpc_endpoint_service_private_dns_verification | ||
|
||
Terraform resource for managing an AWS VPC (Virtual Private Cloud) Endpoint Service Private DNS Verification. | ||
|
||
~> Destruction of this resource will not stop the verification process, only remove the resource from state. | ||
|
||
## Example Usage | ||
|
||
### Basic Usage | ||
|
||
```terraform | ||
resource "aws_vpc_endpoint_service_private_dns_verification" "example" { | ||
service_id = aws_vpc_endpoint_service.example.id | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are required: | ||
|
||
* `service_id` - (Required) ID of the endpoint service. | ||
|
||
The following arguments are optional: | ||
|
||
* `wait_for_verification` - (Optional) Whether to wait until the endpoint service returns a `Verified` status for the configured private DNS name. | ||
|
||
## Attribute Reference | ||
|
||
This resource exports no additional attributes. | ||
|
||
## Timeouts | ||
|
||
[Configuration options](https://developer.hashicorp.com/terraform/language/resources/syntax#operation-timeouts): | ||
|
||
* `create` - (Default `30m`) | ||
|
||
## Import | ||
|
||
You cannot import this resource. |