Merging PR hashicorp#2515 - Support AWS PrivateLink

Add documentation for aws_vpc_endpoint_service and aws_vpc_endpoint_service_allowed_principal resources. Normalize 'not found' resource log lines on read. Use 'ConflictsWith' in schema. Use 'helper/validation' package to avoid frequent 'validators.go' conflicts.
opetch · Jan 29, 2018 · d49de4e · d49de4e
1 parent 7394e01
commit d49de4e
Show file tree

Hide file tree

Showing 29 changed files with 3,023 additions and 379 deletions.
diff --git a/aws/data_source_aws_vpc_endpoint.go b/aws/data_source_aws_vpc_endpoint.go
@@ -5,11 +5,8 @@ import (
 	"log"
 
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/service/ec2"
-	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/terraform/helper/schema"
-	"github.com/hashicorp/terraform/helper/structure"
 )
 
 func dataSourceAwsVpcEndpoint() *schema.Resource {
@@ -22,21 +19,25 @@ func dataSourceAwsVpcEndpoint() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			},
-			"state": {
+			"vpc_id": {
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
 			},
-			"vpc_id": {
+			"service_name": {
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
 			},
-			"service_name": {
+			"state": {
 				Type:     schema.TypeString,
 				Optional: true,
 				Computed: true,
 			},
+			"vpc_endpoint_type": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			"policy": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -51,6 +52,49 @@ func dataSourceAwsVpcEndpoint() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"cidr_blocks": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+			},
+			"subnet_ids": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set:      schema.HashString,
+			},
+			"network_interface_ids": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set:      schema.HashString,
+			},
+			"security_group_ids": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set:      schema.HashString,
+			},
+			"private_dns_enabled": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"dns_entry": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"dns_name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"hosted_zone_id": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -89,43 +133,7 @@ func dataSourceAwsVpcEndpointRead(d *schema.ResourceData, meta interface{}) erro
 	}
 
 	vpce := resp.VpcEndpoints[0]
-	policy, err := structure.NormalizeJsonString(*vpce.PolicyDocument)
-	if err != nil {
-		return errwrap.Wrapf("policy contains an invalid JSON: {{err}}", err)
-	}
-
-	prefixListServiceName := *vpce.ServiceName
-	prefixListInput := &ec2.DescribePrefixListsInput{
-		Filters: []*ec2.Filter{
-			{Name: aws.String("prefix-list-name"), Values: []*string{aws.String(prefixListServiceName)}},
-		},
-	}
-	log.Printf("[DEBUG] Reading VPC Endpoint prefix list: %s", prefixListServiceName)
-	prefixListsOutput, err := conn.DescribePrefixLists(prefixListInput)
-
-	if err != nil {
-		_, ok := err.(awserr.Error)
-		if !ok {
-			return fmt.Errorf("Error reading VPC Endpoint prefix list: %s", err.Error())
-		}
-	}
-
-	if len(prefixListsOutput.PrefixLists) != 1 {
-		return fmt.Errorf("There are multiple prefix lists associated with the service name '%s'. Unexpected", prefixListServiceName)
-	}
-
 	d.SetId(aws.StringValue(vpce.VpcEndpointId))
-	d.Set("state", vpce.State)
-	d.Set("vpc_id", vpce.VpcId)
-	d.Set("service_name", vpce.ServiceName)
-	d.Set("policy", policy)
-
-	pl := prefixListsOutput.PrefixLists[0]
-	d.Set("prefix_list_id", pl.PrefixListId)
-
-	if err := d.Set("route_table_ids", aws.StringValueSlice(vpce.RouteTableIds)); err != nil {
-		return err
-	}
 
-	return nil
+	return vpcEndpointAttributes(d, vpce, conn)
 }
diff --git a/aws/data_source_aws_vpc_endpoint_service.go b/aws/data_source_aws_vpc_endpoint_service.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"log"
 	"strconv"
-	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ec2"
@@ -18,37 +17,92 @@ func dataSourceAwsVpcEndpointService() *schema.Resource {
 
 		Schema: map[string]*schema.Schema{
 			"service": {
-				Type:     schema.TypeString,
-				Required: true,
+				Type:          schema.TypeString,
+				Optional:      true,
+				ConflictsWith: []string{"service_name"},
 			},
 			"service_name": {
+				Type:          schema.TypeString,
+				Optional:      true,
+				Computed:      true,
+				ConflictsWith: []string{"service"},
+			},
+			"service_type": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"owner": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"vpc_endpoint_policy_supported": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"acceptance_required": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"availability_zones": {
+				Type:     schema.TypeSet,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Computed: true,
+				Set:      schema.HashString,
+			},
+			"private_dns_name": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"base_endpoint_dns_names": {
+				Type:     schema.TypeSet,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Computed: true,
+				Set:      schema.HashString,
+			},
 		},
 	}
 }
 
 func dataSourceAwsVpcEndpointServiceRead(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).ec2conn
 
-	service := d.Get("service").(string)
-	request := &ec2.DescribeVpcEndpointServicesInput{}
+	var serviceName string
+	if v, ok := d.GetOk("service_name"); ok {
+		serviceName = v.(string)
+	} else if v, ok := d.GetOk("service"); ok {
+		serviceName = fmt.Sprintf("com.amazonaws.%s.%s", meta.(*AWSClient).region, v.(string))
+	} else {
+		return fmt.Errorf(
+			"One of ['service', 'service_name'] must be set to query VPC Endpoint Services")
+	}
 
-	log.Printf("[DEBUG] Reading VPC Endpoint Service: %s", request)
-	resp, err := conn.DescribeVpcEndpointServices(request)
+	req := &ec2.DescribeVpcEndpointServicesInput{
+		ServiceNames: aws.StringSlice([]string{serviceName}),
+	}
+
+	log.Printf("[DEBUG] Reading VPC Endpoint Services: %s", req)
+	resp, err := conn.DescribeVpcEndpointServices(req)
 	if err != nil {
 		return fmt.Errorf("Error fetching VPC Endpoint Services: %s", err)
 	}
-
-	names := aws.StringValueSlice(resp.ServiceNames)
-	for _, name := range names {
-		if strings.HasSuffix(name, "."+service) {
-			d.SetId(strconv.Itoa(hashcode.String(name)))
-			d.Set("service_name", name)
-			return nil
-		}
+	if resp == nil || len(resp.ServiceDetails) == 0 {
+		return fmt.Errorf("no matching VPC Endpoint Service found")
 	}
+	if len(resp.ServiceDetails) > 1 {
+		return fmt.Errorf("multiple VPC Endpoint Services matched; use additional constraints to reduce matches to a single VPC Endpoint Service")
+	}
+
+	sd := resp.ServiceDetails[0]
+	serviceName = aws.StringValue(sd.ServiceName)
+	d.SetId(strconv.Itoa(hashcode.String(serviceName)))
+	d.Set("service_name", serviceName)
+	d.Set("service_type", sd.ServiceType[0].ServiceType)
+	d.Set("owner", sd.Owner)
+	d.Set("vpc_endpoint_policy_supported", sd.VpcEndpointPolicySupported)
+	d.Set("acceptance_required", sd.AcceptanceRequired)
+	d.Set("availability_zones", flattenStringList(sd.AvailabilityZones))
+	d.Set("private_dns_name", sd.PrivateDnsName)
+	d.Set("base_endpoint_dns_names", flattenStringList(sd.BaseEndpointDnsNames))
 
-	return fmt.Errorf("VPC Endpoint Service (%s) not found", service)
+	return nil
 }