Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ec2: fix aws_vpc_endpoint missing exposed dns_option #31873

Merged
merged 14 commits into from
Jun 12, 2023
Merged

ec2: fix aws_vpc_endpoint missing exposed dns_option #31873

merged 14 commits into from
Jun 12, 2023

Conversation

FabianPonce
Copy link
Contributor

@FabianPonce FabianPonce commented Jun 9, 2023
edited
Loading

Description

This PR exposes the field PrivateDnsOnlyForInboundResolverEndpoint from DnsOptionsSpecification.

In order to create S3 Interface endpoints, this field must be set to false. The absence of this field results in an error message:

Error: creating EC2 VPC Endpoint (com.amazonaws.us-east-1.s3): InvalidParameter: To set PrivateDnsOnlyForInboundResolverEndpoint to true, the VPC vpc-abc123 must have a Gateway endpoint for the service.

Relations

Closes #31117

References

Output from Acceptance Testing

$ make testacc TESTS=TestAccXXX PKG=ec2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 20 -run='TestAccVPCEndpoint_'  -timeout 180m
=== RUN   TestAccVPCEndpoint_gatewayBasic
=== PAUSE TestAccVPCEndpoint_gatewayBasic
=== RUN   TestAccVPCEndpoint_interfaceBasic
=== PAUSE TestAccVPCEndpoint_interfaceBasic
=== RUN   TestAccVPCEndpoint_interfacePrivateDNS
=== PAUSE TestAccVPCEndpoint_interfacePrivateDNS
=== RUN   TestAccVPCEndpoint_disappears
=== PAUSE TestAccVPCEndpoint_disappears
=== RUN   TestAccVPCEndpoint_tags
=== PAUSE TestAccVPCEndpoint_tags
=== RUN   TestAccVPCEndpoint_gatewayWithRouteTableAndPolicy
=== PAUSE TestAccVPCEndpoint_gatewayWithRouteTableAndPolicy
=== RUN   TestAccVPCEndpoint_gatewayPolicy
=== PAUSE TestAccVPCEndpoint_gatewayPolicy
=== RUN   TestAccVPCEndpoint_ignoreEquivalent
=== PAUSE TestAccVPCEndpoint_ignoreEquivalent
=== RUN   TestAccVPCEndpoint_ipAddressType
=== PAUSE TestAccVPCEndpoint_ipAddressType
=== RUN   TestAccVPCEndpoint_interfaceWithSubnetAndSecurityGroup
=== PAUSE TestAccVPCEndpoint_interfaceWithSubnetAndSecurityGroup
=== RUN   TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnCreate
=== PAUSE TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnCreate
=== RUN   TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnUpdate
=== PAUSE TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnUpdate
=== RUN   TestAccVPCEndpoint_VPCEndpointType_gatewayLoadBalancer
=== PAUSE TestAccVPCEndpoint_VPCEndpointType_gatewayLoadBalancer
=== CONT  TestAccVPCEndpoint_gatewayBasic
=== CONT  TestAccVPCEndpoint_ignoreEquivalent
=== CONT  TestAccVPCEndpoint_tags
=== CONT  TestAccVPCEndpoint_gatewayPolicy
=== CONT  TestAccVPCEndpoint_interfacePrivateDNS
=== CONT  TestAccVPCEndpoint_disappears
=== CONT  TestAccVPCEndpoint_interfaceBasic
=== CONT  TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnCreate
=== CONT  TestAccVPCEndpoint_VPCEndpointType_gatewayLoadBalancer
=== CONT  TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnUpdate
=== CONT  TestAccVPCEndpoint_interfaceWithSubnetAndSecurityGroup
=== CONT  TestAccVPCEndpoint_ipAddressType
=== CONT  TestAccVPCEndpoint_gatewayWithRouteTableAndPolicy
    vpc_endpoint_test.go:232: Step 1/3 error: Error running apply: exit status 1
        
        Error: reading EC2 VPC (vpc-00bb66587a0fe7bd2) Attribute (enableNetworkAddressUsageMetrics): couldn't find resource
        
          with aws_vpc.test,
          on terraform_plugin_test.tf line 2, in resource "aws_vpc" "test":
           2: resource "aws_vpc" "test" {
        
=== NAME  TestAccVPCEndpoint_tags
    vpc_endpoint_test.go:186: Step 1/4 error: Error running apply: exit status 1
        
        Error: reading EC2 VPC (vpc-00749a990443d170c) Attribute (enableDnsSupport): couldn't find resource
        
          with aws_vpc.test,
          on terraform_plugin_test.tf line 2, in resource "aws_vpc" "test":
           2: resource "aws_vpc" "test" {
        
--- FAIL: TestAccVPCEndpoint_gatewayWithRouteTableAndPolicy (11.58s)
--- FAIL: TestAccVPCEndpoint_tags (11.71s)
--- PASS: TestAccVPCEndpoint_disappears (29.89s)
--- PASS: TestAccVPCEndpoint_gatewayBasic (32.28s)
--- PASS: TestAccVPCEndpoint_ignoreEquivalent (42.81s)
--- PASS: TestAccVPCEndpoint_gatewayPolicy (49.68s)
--- PASS: TestAccVPCEndpoint_interfaceBasic (52.31s)
--- PASS: TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnCreate (263.52s)
--- PASS: TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnUpdate (264.83s)
--- PASS: TestAccVPCEndpoint_ipAddressType (296.28s)
--- PASS: TestAccVPCEndpoint_interfaceWithSubnetAndSecurityGroup (328.70s)
--- PASS: TestAccVPCEndpoint_VPCEndpointType_gatewayLoadBalancer (356.44s)
--- PASS: TestAccVPCEndpoint_interfacePrivateDNS (414.06s)
FAIL
FAIL	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	414.329s
FAIL
...

Test failure is due to transient error reading vpc attributes that seems to curse me.

@github-actions
Copy link

github-actions bot commented Jun 9, 2023

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. service/vpc Issues and PRs that pertain to the vpc service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. size/M Managed by automation to categorize the size of a PR. needs-triage Waiting for first response or review from a maintainer. and removed documentation Introduces or discusses updates to documentation. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. service/vpc Issues and PRs that pertain to the vpc service. labels Jun 9, 2023
@github-actions github-actions bot added documentation Introduces or discusses updates to documentation. service/vpc Issues and PRs that pertain to the vpc service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Jun 9, 2023
github-actions[bot]
github-actions bot reviewed Jun 9, 2023
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome @FabianPonce 👋

It looks like this is your first Pull Request submission to the Terraform AWS Provider! If you haven’t already done so please make sure you have checked out our CONTRIBUTOR guide and FAQ to make sure your contribution is adhering to best practice and has all the necessary elements in place for a successful approval.

Also take a look at our FAQ which details how we prioritize Pull Requests for inclusion.

Thanks again, and welcome to the community! 😃

@justinretzolk justinretzolk added enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels Jun 9, 2023
@FabianPonce
Copy link
Contributor Author

Thanks for cleaning this up, I wasn't sure how best to handle the expansion of private_dns_only_for_inbound_resolver_endpoint in cases where dns_options wasn't set in Terraform.

There was an interesting edge case in that the creation of an S3 VPC Endpoint (w/ only interface type, no gateway), should be possible, but only when private_dns_only_for_inbound_resolver_endpoint is set to false. I had initially been surprised that AWS was not treating nil as false, which necessitated the original PR and issue. I struggled to map the 3 possible states (nil, false, true) onto the boolean in a clean fashion.

Additionally, it didn't like receiving the false value for Endpoint types where it expected it to be nil entirely.

ewbankkit
ewbankkit approved these changes Jun 12, 2023
View reviewed changes
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccVPCEndpoint_' PKG=ec2 ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ec2/... -v -count 1 -parallel 2  -run=TestAccVPCEndpoint_ -timeout 180m
=== RUN   TestAccVPCEndpoint_gatewayBasic
=== PAUSE TestAccVPCEndpoint_gatewayBasic
=== RUN   TestAccVPCEndpoint_interfaceBasic
=== PAUSE TestAccVPCEndpoint_interfaceBasic
=== RUN   TestAccVPCEndpoint_interfacePrivateDNS
=== PAUSE TestAccVPCEndpoint_interfacePrivateDNS
=== RUN   TestAccVPCEndpoint_disappears
=== PAUSE TestAccVPCEndpoint_disappears
=== RUN   TestAccVPCEndpoint_tags
=== PAUSE TestAccVPCEndpoint_tags
=== RUN   TestAccVPCEndpoint_gatewayWithRouteTableAndPolicy
=== PAUSE TestAccVPCEndpoint_gatewayWithRouteTableAndPolicy
=== RUN   TestAccVPCEndpoint_gatewayPolicy
=== PAUSE TestAccVPCEndpoint_gatewayPolicy
=== RUN   TestAccVPCEndpoint_ignoreEquivalent
=== PAUSE TestAccVPCEndpoint_ignoreEquivalent
=== RUN   TestAccVPCEndpoint_ipAddressType
=== PAUSE TestAccVPCEndpoint_ipAddressType
=== RUN   TestAccVPCEndpoint_interfaceWithSubnetAndSecurityGroup
=== PAUSE TestAccVPCEndpoint_interfaceWithSubnetAndSecurityGroup
=== RUN   TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnCreate
=== PAUSE TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnCreate
=== RUN   TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnUpdate
=== PAUSE TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnUpdate
=== RUN   TestAccVPCEndpoint_VPCEndpointType_gatewayLoadBalancer
=== PAUSE TestAccVPCEndpoint_VPCEndpointType_gatewayLoadBalancer
=== CONT  TestAccVPCEndpoint_gatewayBasic
=== CONT  TestAccVPCEndpoint_ignoreEquivalent
--- PASS: TestAccVPCEndpoint_gatewayBasic (38.45s)
=== CONT  TestAccVPCEndpoint_tags
--- PASS: TestAccVPCEndpoint_ignoreEquivalent (49.86s)
=== CONT  TestAccVPCEndpoint_gatewayPolicy
--- PASS: TestAccVPCEndpoint_tags (72.98s)
=== CONT  TestAccVPCEndpoint_gatewayWithRouteTableAndPolicy
--- PASS: TestAccVPCEndpoint_gatewayPolicy (63.75s)
=== CONT  TestAccVPCEndpoint_interfaceBasic
--- PASS: TestAccVPCEndpoint_gatewayWithRouteTableAndPolicy (63.11s)
=== CONT  TestAccVPCEndpoint_disappears
--- PASS: TestAccVPCEndpoint_interfaceBasic (63.15s)
=== CONT  TestAccVPCEndpoint_interfacePrivateDNS
--- PASS: TestAccVPCEndpoint_interfacePrivateDNS (555.43s)
=== CONT  TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnCreate
--- PASS: TestAccVPCEndpoint_disappears (34.45s)
=== CONT  TestAccVPCEndpoint_ipAddressType
--- PASS: TestAccVPCEndpoint_ipAddressType (437.70s)
=== CONT  TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnUpdate
--- PASS: TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnCreate (296.91s)
=== CONT  TestAccVPCEndpoint_interfaceWithSubnetAndSecurityGroup
--- PASS: TestAccVPCEndpoint_interfaceNonAWSServiceAcceptOnUpdate (345.75s)
=== CONT  TestAccVPCEndpoint_VPCEndpointType_gatewayLoadBalancer
--- PASS: TestAccVPCEndpoint_VPCEndpointType_gatewayLoadBalancer (398.71s)
--- PASS: TestAccVPCEndpoint_interfaceWithSubnetAndSecurityGroup (513.59s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/ec2	1017.469s

@ewbankkit
Copy link
Contributor

@FabianPonce Thanks for the contribution 🎉 👏.

@ewbankkit ewbankkit merged commit ba85a49 into hashicorp:main Jun 12, 2023
@github-actions github-actions bot added this to the v5.3.0 milestone Jun 12, 2023
@github-actions
Copy link

This functionality has been released in v5.3.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@FabianPonce FabianPonce mentioned this pull request Jun 15, 2023
Closed
@aidan-o-boyle-kroo
Copy link

I'm still receiving this error in v5.5

This was referenced Jun 27, 2023
Closed
Merged
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 28, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@ewbankkit ewbankkit ewbankkit approved these changes

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. service/vpc Issues and PRs that pertain to the vpc service. size/M Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v5.3.0
Development

Successfully merging this pull request may close these issues.

[Bug]:
4 participants
@FabianPonce @ewbankkit @aidan-o-boyle-kroo @justinretzolk