Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New resource: aws_verifiedaccess_group #33297

Merged
merged 24 commits into from
Oct 9, 2023
Merged

New resource: aws_verifiedaccess_group #33297

Show file tree
Hide file tree
Changes from 20 commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
3252e6a
Added verified access group resource
Sep 1, 2023
1aba502
Removed unused status constants
Sep 1, 2023
15c3128
added basic test with hard-coded instance id
Sep 1, 2023
9875308
Added checkdestroy, tags, and policy tests
Sep 4, 2023
89186e6
Added service package
Sep 4, 2023
821210c
added changelog
Sep 4, 2023
defd714
Added docs for webpage
Sep 5, 2023
fbac108
Merge branch 'main' into HEAD
ewbankkit Sep 11, 2023
c6f254d
'aws_verifiedaccess_access_group' -> 'aws_verifiedaccess_group'.
ewbankkit Sep 11, 2023
5542476
Fix terrafmt errors.
ewbankkit Sep 11, 2023
76706a3
Merge branch 'main' into HEAD
ewbankkit Sep 14, 2023
45fbdae
Add 'FindVerifiedAccessGroups' and friends.
ewbankkit Sep 14, 2023
11e1aad
r/aws_verifiedaccess_instance: Error check on delete.
ewbankkit Sep 14, 2023
cf782fc
r/aws_verifiedaccess_trust_provider: Error check on delete.
ewbankkit Sep 14, 2023
3d4c7de
r/aws_verifiedaccess_group: Tidy up.
ewbankkit Sep 14, 2023
9c544d4
r/aws_verifiedaccess_group: Fix typos.
ewbankkit Sep 14, 2023
89efecd
r/aws_verifiedaccess_group: Start to tidy up acceptance tests.
ewbankkit Sep 14, 2023
61332c8
Merge branch 'main' into HEAD
ewbankkit Oct 6, 2023
ba87b1d
r/aws_verifiedaccess_group: Tweak documentation.
ewbankkit Oct 6, 2023
3470f20
r/aws_verifiedaccess_group: Additional acceptance tests.
ewbankkit Oct 6, 2023
deb2256
Add copywrite headers.
ewbankkit Oct 6, 2023
7f5da6d
Fix terrafmt errors.
ewbankkit Oct 6, 2023
62e797e
Correct documentation subcategory.
ewbankkit Oct 6, 2023
03fab2e
Fix tfproviderdocs errors.
ewbankkit Oct 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/33297.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:new-resource
aws_verifiedaccess_group
```
1 change: 1 addition & 0 deletions internal/service/ec2/errors.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ const (
errCodeInvalidTransitGatewayPolicyTableIdNotFound = "InvalidTransitGatewayPolicyTableId.NotFound"
errCodeInvalidTransitGatewayIDNotFound = "InvalidTransitGatewayID.NotFound"
errCodeInvalidTransitGatewayMulticastDomainIdNotFound = "InvalidTransitGatewayMulticastDomainId.NotFound"
errCodeInvalidVerifiedAccessGroupIdNotFound = "InvalidVerifiedAccessGroupId.NotFound"
errCodeInvalidVerifiedAccessInstanceIdNotFound = "InvalidVerifiedAccessInstanceId.NotFound"
errCodeInvalidVerifiedAccessTrustProviderIdNotFound = "InvalidVerifiedAccessTrustProviderId.NotFound"
errCodeInvalidVolumeNotFound = "InvalidVolume.NotFound"
Expand Down
78 changes: 78 additions & 0 deletions internal/service/ec2/find.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7022,6 +7022,84 @@ func FindInstanceConnectEndpointByID(ctx context.Context, conn *ec2_sdkv2.Client
return output, nil
}

func FindVerifiedAccessGroupPolicyByID(ctx context.Context, conn *ec2_sdkv2.Client, id string) (*ec2_sdkv2.GetVerifiedAccessGroupPolicyOutput, error) {
input := &ec2_sdkv2.GetVerifiedAccessGroupPolicyInput{
VerifiedAccessGroupId: &id,
}
output, err := conn.GetVerifiedAccessGroupPolicy(ctx, input)

if tfawserr_sdkv2.ErrCodeEquals(err, errCodeInvalidVerifiedAccessGroupIdNotFound) {
return nil, &retry.NotFoundError{
LastError: err,
LastRequest: input,
}
}

if err != nil {
return nil, err
}

if output == nil {
return nil, tfresource.NewEmptyResultError(input)
}

return output, nil
}

func FindVerifiedAccessGroup(ctx context.Context, conn *ec2_sdkv2.Client, input *ec2_sdkv2.DescribeVerifiedAccessGroupsInput) (*awstypes.VerifiedAccessGroup, error) {
output, err := FindVerifiedAccessGroups(ctx, conn, input)

if err != nil {
return nil, err
}

return tfresource.AssertSingleValueResult(output)
}

func FindVerifiedAccessGroups(ctx context.Context, conn *ec2_sdkv2.Client, input *ec2_sdkv2.DescribeVerifiedAccessGroupsInput) ([]awstypes.VerifiedAccessGroup, error) {
var output []awstypes.VerifiedAccessGroup
paginator := ec2_sdkv2.NewDescribeVerifiedAccessGroupsPaginator(conn, input)

for paginator.HasMorePages() {
page, err := paginator.NextPage(ctx)

if tfawserr_sdkv2.ErrCodeEquals(err, errCodeInvalidVerifiedAccessGroupIdNotFound) {
return nil, &retry.NotFoundError{
LastError: err,
LastRequest: input,
}
}

if err != nil {
return nil, err
}

output = append(output, page.VerifiedAccessGroups...)
}

return output, nil
}

func FindVerifiedAccessGroupByID(ctx context.Context, conn *ec2_sdkv2.Client, id string) (*awstypes.VerifiedAccessGroup, error) {
input := &ec2_sdkv2.DescribeVerifiedAccessGroupsInput{
VerifiedAccessGroupIds: []string{id},
}
output, err := FindVerifiedAccessGroup(ctx, conn, input)

if err != nil {
return nil, err
}

// Eventual consistency check.
if aws_sdkv2.ToString(output.VerifiedAccessGroupId) != id {
return nil, &retry.NotFoundError{
LastRequest: input,
}
}

return output, nil
}

func FindVerifiedAccessInstance(ctx context.Context, conn *ec2_sdkv2.Client, input *ec2_sdkv2.DescribeVerifiedAccessInstancesInput) (*awstypes.VerifiedAccessInstance, error) {
output, err := FindVerifiedAccessInstances(ctx, conn, input)

Expand Down
8 changes: 8 additions & 0 deletions internal/service/ec2/service_package_gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

204 changes: 204 additions & 0 deletions internal/service/ec2/verifiedaccess_group.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,204 @@
package ec2

import (
"context"
"log"

"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/ec2"
"github.com/aws/aws-sdk-go-v2/service/ec2/types"
"github.com/hashicorp/aws-sdk-go-base/v2/tfawserr"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-aws/internal/conns"
"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
tftags "github.com/hashicorp/terraform-provider-aws/internal/tags"
"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
"github.com/hashicorp/terraform-provider-aws/internal/verify"
"github.com/hashicorp/terraform-provider-aws/names"
)

// @SDKResource("aws_verifiedaccess_group", name="Verified Access Group")
// @Tags(identifierAttribute="id")
func ResourceVerifiedAccessGroup() *schema.Resource {
return &schema.Resource{
CreateWithoutTimeout: resourceVerifiedAccessGroupCreate,
ReadWithoutTimeout: resourceVerifiedAccessGroupRead,
UpdateWithoutTimeout: resourceVerifiedAccessGroupUpdate,
DeleteWithoutTimeout: resourceVerifiedAccessGroupDelete,

Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},

Schema: map[string]*schema.Schema{
"creation_time": {
Type: schema.TypeString,
Computed: true,
},
"deletion_time": {
Type: schema.TypeString,
Computed: true,
},
"description": {
Type: schema.TypeString,
Computed: true,
Optional: true,
},
"last_updated_time": {
Type: schema.TypeString,
Computed: true,
},
"owner": {
Type: schema.TypeString,
Computed: true,
},
"policy_document": {
Type: schema.TypeString,
Optional: true,
},
names.AttrTags: tftags.TagsSchema(),
names.AttrTagsAll: tftags.TagsSchemaComputed(),
"verifiedaccess_group_arn": {
Type: schema.TypeString,
Computed: true,
},
"verifiedaccess_group_id": {
Type: schema.TypeString,
Computed: true,
},
"verifiedaccess_instance_id": {
Type: schema.TypeString,
Required: true,
},
},

CustomizeDiff: verify.SetTagsDiff,
}
}

func resourceVerifiedAccessGroupCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).EC2Client(ctx)

input := &ec2.CreateVerifiedAccessGroupInput{
TagSpecifications: getTagSpecificationsInV2(ctx, types.ResourceTypeVerifiedAccessGroup),
VerifiedAccessInstanceId: aws.String(d.Get("verifiedaccess_instance_id").(string)),
}

if v, ok := d.GetOk("description"); ok {
input.Description = aws.String(v.(string))
}

if v, ok := d.GetOk("policy_document"); ok {
input.PolicyDocument = aws.String(v.(string))
}

output, err := conn.CreateVerifiedAccessGroup(ctx, input)

if err != nil {
return sdkdiag.AppendErrorf(diags, "creating Verified Access Group: %s", err)
}

d.SetId(aws.ToString(output.VerifiedAccessGroup.VerifiedAccessGroupId))

return append(diags, resourceVerifiedAccessGroupRead(ctx, d, meta)...)
}

func resourceVerifiedAccessGroupRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).EC2Client(ctx)

group, err := FindVerifiedAccessGroupByID(ctx, conn, d.Id())

if !d.IsNewResource() && tfresource.NotFound(err) {
log.Printf("[WARN] EC2 Verified Access Group (%s) not found, removing from state", d.Id())
d.SetId("")
return diags
}

if err != nil {
return sdkdiag.AppendErrorf(diags, "reading Verified Access Group (%s): %s", d.Id(), err)
}

d.Set("creation_time", group.CreationTime)
d.Set("deletion_time", group.DeletionTime)
d.Set("description", group.Description)
d.Set("last_updated_time", group.LastUpdatedTime)
d.Set("owner", group.Owner)
d.Set("verifiedaccess_group_arn", group.VerifiedAccessGroupArn)
d.Set("verifiedaccess_group_id", group.VerifiedAccessGroupId)
d.Set("verifiedaccess_instance_id", group.VerifiedAccessInstanceId)

setTagsOutV2(ctx, group.Tags)

output, err := FindVerifiedAccessGroupPolicyByID(ctx, conn, d.Id())

if err != nil {
return sdkdiag.AppendErrorf(diags, "reading Verified Access Group (%s) policy: %s", d.Id(), err)
}

d.Set("policy_document", output.PolicyDocument)

return diags
}

func resourceVerifiedAccessGroupUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).EC2Client(ctx)

if d.HasChangesExcept("policy_document", "tags", "tags_all") {
input := &ec2.ModifyVerifiedAccessGroupInput{
VerifiedAccessGroupId: aws.String(d.Id()),
}

if d.HasChange("description") {
input.Description = aws.String(d.Get("description").(string))
}

if d.HasChange("verified_access_instance_id") {
input.VerifiedAccessInstanceId = aws.String(d.Get("description").(string))
}

_, err := conn.ModifyVerifiedAccessGroup(ctx, input)

if err != nil {
return sdkdiag.AppendErrorf(diags, "updating Verified Access Group (%s): %s", d.Id(), err)
}
}

if d.HasChange("policy_document") {
input := &ec2.ModifyVerifiedAccessGroupPolicyInput{
PolicyDocument: aws.String(d.Get("policy_document").(string)),
VerifiedAccessGroupId: aws.String(d.Id()),
}

_, err := conn.ModifyVerifiedAccessGroupPolicy(ctx, input)

if err != nil {
return sdkdiag.AppendErrorf(diags, "updating Verified Access Group (%s) policy: %s", d.Id(), err)
}
}

return append(diags, resourceVerifiedAccessGroupRead(ctx, d, meta)...)
}

func resourceVerifiedAccessGroupDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).EC2Client(ctx)

log.Printf("[INFO] Deleting Verified Access Group: %s", d.Id())
_, err := conn.DeleteVerifiedAccessGroup(ctx, &ec2.DeleteVerifiedAccessGroupInput{
VerifiedAccessGroupId: aws.String(d.Id()),
})

if tfawserr.ErrCodeEquals(err, errCodeInvalidVerifiedAccessGroupIdNotFound) {
return diags
}

if err != nil {
return sdkdiag.AppendErrorf(diags, "deleting Verified Access Group (%s): %s", d.Id(), err)
}

return diags
}
Loading
Loading