-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Transfer Server VPC Endpoint Type and User Home Directory Type / Mapping #12599
Conversation
… User Home Directory Type / Mapping
@bflad I'm using my fork of this in prod. So I know it works great. I'm hoping this can get into the next release so I don't have to maintain my fork for long though. Let me know if I can help with anything! |
@sshearn at a quick glance, this looks great. Watching this PR as well! Thank you for this. I should add, that I'll be using this today - will respond with any issues |
@sshearn This is great - I played around quite a bit, here are a couple of pieces of feedback:
All in all, this was a joy to use. Thank you for this contribution! |
@sshearn Thanks for this. |
@ewbankkit When creating an endpoint via the normal method, there is no way to create an endpoint of this type. As such, I would suggest the proper way to manage this service-created endpoint would be through the transfer-server module. |
I did some more digging today into this. I created a transfer server and then attempted to use the following code to attach the security groups per @ewbankkit 's suggestion.
It failed with the following
This error makes sense; these interfaces are managed through the endpoint service and, as such, can't be managed directly. The web UI also has the same error: There doesn't appear to be a way to manage this without something like an aws_vpc_endpoint_sg_attachement resource. |
@derekmurawsky Thanks for looking into this. We are considering creating an |
I can update this PR to account for this once it's merged in. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some minor changes, ill try to dive a bit deeper a bit later
Is anyone planning on making the changes suggested by @DrFaust92? I'd really like to see this PR merged soon.... |
Hi @sshearn 👋 Thank you for your work here. Are you still interested in working on this contribution? There are some review items noted above that prevent merging this and we separately just merged If we do not hear back in two weeks, we will default to providing review of #15105, which includes these commits and some of these review item fixes. |
I basically abandoned this for my own provider that I've been using in production for months. I guess I could pick this back up and making the new required changes. I'll start working on it. EDIT: Also the PR for |
All changes requested are addressed |
Thank you for your work on this, @sshearn. I think this is now in a good enough state where we can discuss the overall approach here to prepare to get this functionality merged with a few relevant changes. 👍 Please reach out if you have any questions or if you would prefer to not spend additional time on this (no big deal either which way, we'll make sure you get credit).
Thanks again. |
@sshearn Thank you for your effort on this functionality! It is making a sizable impact for a lot of people! |
|
I tested via the cli:
|
I've removed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alrighty! After diving into this more, was able to fully remove the EC2 dependency by introducing retry logic for the specific error on update after creation: ConflictException: VPC Endpoint state is not yet available
-- this allows us to not require unexpected IAM permissions for this resource and prevents any other potential cross-service eventual consistency that might occur. It was certainly interesting that the Transfer Server state of ONLINE
didn't wait for that.
After fixing up the test configuration to remove the non-existent data source reference and fixing the expandTransferServerEndpointDetails
function so VPC_ENDPOINT support continued to work, looks good, thank you @sshearn 🚀
Output from acceptance testing:
--- PASS: TestAccAWSTransferServer_apigateway (190.91s)
--- PASS: TestAccAWSTransferServer_basic (196.10s)
--- PASS: TestAccAWSTransferServer_disappears (180.81s)
--- PASS: TestAccAWSTransferServer_forcedestroy (155.75s)
--- PASS: TestAccAWSTransferServer_hostKey (155.02s)
--- PASS: TestAccAWSTransferServer_Vpc (288.89s)
--- PASS: TestAccAWSTransferServer_vpcEndpointId (143.93s)
This has been released in version 3.8.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
Thanks so much @sshearn for these additions. Is there a way to also manage a "custom hostname" within the endpoint_details additions? I did not see this mentioned in the latest documentation. https://docs.aws.amazon.com/transfer/latest/userguide/requirements-dns.html |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Closes #11281
Closes #11632
Closes #11724
Closes #11569
Closes #11593
Release note for CHANGELOG:
Output from acceptance testing:
Note:
TestAccAWSTransferServer_Vpc
test failed because it couldn't release the eip's on destroy due to policies on my account. But the actual test works.