-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
provider/azurerm: Add resources virtual network gateway and connection #13886
provider/azurerm: Add resources virtual network gateway and connection #13886
Conversation
azurerm_virtual_network_gateway
and azurerm_virtual_network_gateway_connection
Hey @tombuildsstuff, any word on when this will be merged? I have a new template that requires this resource. :) Thanks! |
# Conflicts: # builtin/providers/azurerm/provider.go
Just resolved recent conflicts with master. I assume the Terraform team has fixed their sprint goal for the current release cycle and there are also lots of other community pull requests which consume review time. Would appreciate if this could fit in one of the upcoming release cycles. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for opening this PR - apologies for the delay in reviewing this. I've taken a look through and left some comments inline - and also opened a bug on the Azure Rest API Specs Repository about the broken API.
After chatting internally, until the API is fixed - would it be possible to investigate containing this logic within the Virtual Network Gateway resource, rather than within the Subnet resource (as recently we've discovered some resources which can only be modified separately, rather than in parallel). There's a couple of different approaches here, either by utilising a State Func with a ContinuousTargetOccurence
set - or to see if the Virtual Network Gateway is visible through the either Virtual Network Gateway's List
method / Resource Group's contents?
Thanks!
string(network.VirtualNetworkGatewaySkuTierBasic), | ||
string(network.VirtualNetworkGatewaySkuTierStandard), | ||
string(network.VirtualNetworkGatewaySkuTierHighPerformance), | ||
string(network.VirtualNetworkGatewaySkuTierUltraPerformance), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as above, however if these fields are going to be the same value is it worth consolidating this on a single field for now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
string(network.VirtualNetworkGatewaySkuNameBasic), | ||
string(network.VirtualNetworkGatewaySkuNameStandard), | ||
string(network.VirtualNetworkGatewaySkuNameHighPerformance), | ||
string(network.VirtualNetworkGatewaySkuNameUltraPerformance), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As an alternative, I would add a validation function which cross checks gateway type and sku. Would that be fine?
return resGroup, name, nil | ||
} | ||
|
||
func retrieveLocalNetworkGatewayById(localNetworkGatewayId string, meta interface{}) (*network.LocalNetworkGateway, bool, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
from what I can see, I don't believe this method's being used, as such can we remove it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
|
||
"enable_bgp": { | ||
Type: schema.TypeBool, | ||
Optional: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this also wants to be Computed: true
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
"active_active": { | ||
Type: schema.TypeBool, | ||
Optional: true, | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe this also wants to be Computed: true
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
return &schema.Resource{ | ||
Create: resourceArmVirtualNetworkGatewayConnectionCreate, | ||
Read: resourceArmVirtualNetworkGatewayConnectionRead, | ||
Update: resourceArmVirtualNetworkGatewayConnectionCreate, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor can we rename this to be CreateUpdate
rather than just Create
seeing as it's used for both Creating and Updating?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
|
||
"connection_status": { | ||
Type: schema.TypeString, | ||
Optional: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From what I can see this value can't be set - as such I think this line can be removed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right, the connection_status cannot be set, it is read-only. The idea to keep this was to allow the user to use it as part of an output variable. However, in this case, a separate data source is the better option right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will move this to a separate data source.
"shared_key": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Sensitive: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does the API generate a Shared Key if one isn't specified in the Request? If so, this should be Computed
- but unfortunately the API docs aren't clear here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The shared key needs to be provided as the API does not generate one. I suggest to keep this as it is.
|
||
"egress_bytes_transferred": { | ||
Type: schema.TypeInt, | ||
Optional: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
given this value is Computed
only (and as such isn't setable) - I believe this line can be removed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See above
|
||
"ingress_bytes_transferred": { | ||
Type: schema.TypeInt, | ||
Optional: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
given this value is Computed
only (and as such isn't setable) - I believe this line can be removed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See above
Thanks for reviewing @tombuildsstuff. I will be able to go through your points until the end of the week. |
Ping @dominik-lekse |
Sorry for being silent here for a while. Unfortunately, working on this pull request fall behind other priorities. I will try to catch up on this Friday with the comments. In particular, I am sure a rebase with the current master is necessary since #14004 is merged. As a request to the community: We can also collaborate on finishing this pull request. To those of you eager to collaborate: Just ping me here and I invite you with write permissions to the fork which is the basis for this pull request https://github.com/dominik-lekse/terraform/tree/public-feature/azurerm-vpn-gateway. |
I will reopen the pull request in the new azurerm provider repository with the requested changes. |
That'd be awesome - thanks @dominik-lekse :) |
Hi @dominik-lekse Could you please update your pull request |
@YuriyKischenko I have implemented the new SKUs, they will be part of the pull request I will open in the https://github.com/terraform-providers/terraform-provider-azurerm repository soon. Even with the new gateway types, running the tests still takes > 2 hours :( |
Closing the original PR since this has been migrated to the new repo: hashicorp/terraform-provider-azurerm#133 |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
This pull request adds the resources
azurerm_virtual_network_gateway
andazurerm_virtual_network_gateway_connection
which can be used to manage Azure VPN Gateways and Connections.In pull request #9255, @pmcatominey provided the major part the resource
azurerm_virtual_network_gateway
implementation. This pull request bases on the top of this and contains the original commits of #9255. In addition, the resourceazurerm_virtual_network_gateway
has been completed and implementation and tests of the resourceazurerm_virtual_network_gateway_connection
have been added. Further, documentation for both resources is included.Please consider the following notes when reviewing:
azurerm_virtual_network_gateway
to run for a while since "creating a gateway can take a long time to complete. Often 45 minutes or more." (see https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-create-site-to-site-rm-powershell#a-namecreategatewaya6-create-the-virtual-network-gateway). The Terraform resource polls for the status until the virtual network gateways is fully provisioned and can be used with other resources such as connections.Acceptance tests:
TestAccAzureRMVirtualNetworkGateway_basic
: Create a virtual network gateway and destroys itTestAccAzureRMVirtualNetworkGatewayConnection_sitetosite
: Creates a site-to-site connection and destroys itTestAccAzureRMVirtualNetworkGatewayConnection_vnettovnet
: Creates virtual network gateways in two Azure regions and connects them using a vnet-to-vnet connectionTestAccAzureRMVirtualNetworkGateway_importBasic
: Verifies import of a virtual network gatewayTestAccAzureRMVirtualNetworkGatewayConnection_importSiteToSite
: Verifies import of a virtual network gateway connectionOpen tasks:
azurerm_virtual_network_gateway
andazurerm_virtual_network_gateway_connection
in a scenarioazurerm_virtual_network_gateway
(TestAccAzureRMVirtualNetworkGateway_basic
)azurerm_virtual_network_gateway
(TestAccAzureRMVirtualNetworkGateway_importBasic
)azurerm_virtual_network_gateway
azurerm_virtual_network_gateway_connection
to test site-to-site connection (TestAccAzureRMVirtualNetworkGatewayConnection_sitetosite
)azurerm_virtual_network_gateway_connection
to test vnet-to-vnet connection (TestAccAzureRMVirtualNetworkGatewayConnection_vnettovnet
)azurerm_virtual_network_gateway_connection
(TestAccAzureRMVirtualNetworkGatewayConnection_importSiteToSite
)azurerm_virtual_network_gateway_connection
This pull request will resolve the issues, #8372, #10634 and includes the pull request #9255. It would be great to get feedback from you waiting for these resources.
// Dominik