Add Authorization Rules for Client VPN #13950
Conversation
…network associations and authorization rules as parameters
# Conflicts: # aws/resource_aws_ec2_client_vpn_endpoint.go # aws/resource_aws_ec2_client_vpn_endpoint_test.go # website/docs/r/ec2_client_vpn_endpoint.html.markdown
…emoves `network_association` field from `aws_ec2_client_vpn_endpoint` resource
ghost
added
size/XL
ghost
added
size/XXL
|
Acceptance tests are failing due to provider not waiting for deletion of Client VPN endpoint #13910 |
# Conflicts: # aws/resource_aws_ec2_client_vpn_network_association_test.go
gdavison
force-pushed
the
resource-aws-ec2-client-vpn-consolidation
branch
from
f0e7904
to
d85342a
Compare
There was a problem hiding this comment.
Hey @gdavison 👋 Left some initial feedback below since its introducing a few complexities that currently are not present anywhere else in the codebase and we already discussed the semaphore business, but please reach out with any questions. 👍
| result, err := conn.DescribeClientVpnEndpoints(&ec2.DescribeClientVpnEndpointsInput{ | ||
| ClientVpnEndpointIds: aws.StringSlice([]string{endpointID}), | ||
| }) | ||
| if tfec2.ErrCodeEquals(err, tfec2.ErrCodeClientVpnEndpointIdNotFound) { |
There was a problem hiding this comment.
I think we'll need to globally decide whether errors like these should be handled in these service packages or downstream in the resource implementations so they can decide what to do with them. For example, this swallows available request ID information from the SDK unless debug logging is enabled.
There was a problem hiding this comment.
In this case, we need to handle at least some of the errors here, or else the calling WaitForState() will error out instead of returning cleanly
There was a problem hiding this comment.
I guess the real difference is that if/when this code is generated, it then needs an additional layer of knowledge of errors rather than just how to handle the API structures. Not a big deal in the short term, but something to consider for longer term.
| @@ -39,3 +40,41 @@ func LocalGatewayRouteTableVpcAssociationState(conn *ec2.EC2, localGatewayRouteT | |||
| return association, aws.StringValue(association.State), nil | |||
| } | |||
| } | |||
|
|
|||
| const ( | |||
There was a problem hiding this comment.
Should the plan be to always separate const declarations in these files based on some criteria?
There was a problem hiding this comment.
I was following the model of a separate const block for each resource type as well as keeping them together with the corresponding Status function
There was a problem hiding this comment.
Definitely not something for this PR, but wonder if we should change these to per "resource" files then like status_ClientVpnEndpoint.go -- something to noodle over in #12840!
There was a problem hiding this comment.
Let's go! 🚀
Output from acceptance testing:
--- PASS: TestAccAwsEc2ClientVpn (4.23s)
--- PASS: TestAccAwsEc2ClientVpn/Endpoint_withDNSServers (17.91s)
--- PASS: TestAccAwsEc2ClientVpn/Endpoint_withLogGroup (19.48s)
--- PASS: TestAccAwsEc2ClientVpn/Endpoint_tags (26.70s)
--- PASS: TestAccAwsEc2ClientVpn/AuthorizationRule_basic (33.05s)
--- PASS: TestAccAwsEc2ClientVpn/NetworkAssociation_disappears (613.82s)
--- PASS: TestAccAwsEc2ClientVpn/NetworkAssociation_basic (623.53s)
--- PASS: TestAccAwsEc2ClientVpn/AuthorizationRule_Subnets (48.77s)
--- PASS: TestAccAwsEc2ClientVpn/AuthorizationRule_disappears (33.33s)
--- PASS: TestAccAwsEc2ClientVpn/Endpoint_basic (11.02s)
--- PASS: TestAccAwsEc2ClientVpn/Endpoint_disappears (9.88s)
--- PASS: TestAccAwsEc2ClientVpn/Endpoint_splitTunnel (17.77s)
--- PASS: TestAccAwsEc2ClientVpn/AuthorizationRule_groups (62.18s)
--- PASS: TestAccAwsEc2ClientVpn/Endpoint_mutualAuthAndMsAD (1813.60s)
--- PASS: TestAccAwsEc2ClientVpn/Endpoint_msAD (1883.59s)
| @@ -39,3 +40,41 @@ func LocalGatewayRouteTableVpcAssociationState(conn *ec2.EC2, localGatewayRouteT | |||
| return association, aws.StringValue(association.State), nil | |||
| } | |||
| } | |||
|
|
|||
| const ( | |||
There was a problem hiding this comment.
Definitely not something for this PR, but wonder if we should change these to per "resource" files then like status_ClientVpnEndpoint.go -- something to noodle over in #12840!
| result, err := conn.DescribeClientVpnEndpoints(&ec2.DescribeClientVpnEndpointsInput{ | ||
| ClientVpnEndpointIds: aws.StringSlice([]string{endpointID}), | ||
| }) | ||
| if tfec2.ErrCodeEquals(err, tfec2.ErrCodeClientVpnEndpointIdNotFound) { |
There was a problem hiding this comment.
I guess the real difference is that if/when this code is generated, it then needs an additional layer of knowledge of errors rather than just how to handle the API structures. Not a big deal in the short term, but something to consider for longer term.
Removes outdated comment Co-authored-by: Brian Flad <bflad417@gmail.com>
Removes unneeded checks Co-authored-by: Brian Flad <bflad417@gmail.com>
|
This has been released in version 2.70.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
This continues the work done in #7564 to add Authorization Rules for Client VPN. The Authorization Rules are implemented as a standalone resource.
Routes will be addressed by #10508.
Community Note
Closes #7494
Closes #13959
Closes #13910
Release note for CHANGELOG:
Output from acceptance testing: