resource/aws_lb: Add Cross Zone Load Balancing support for NLBs

[mpilar]

Closes #3574

Enable Cross Zone load balancing support for NLBs:
Just allows setting the load_balancing.cross_zone.enabled Attribute.
Docs:
https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_LoadBalancerAttribute.html
https://docs.aws.amazon.com/sdk-for-go/api/service/elbv2/#LoadBalancerAttribute

TF_ACC=1 go test ./aws -v -run=TestAccAWSLB_networkLoadbalancer -timeout 120m 
=== RUN   TestAccAWSLB_networkLoadbalancer
--- PASS: TestAccAWSLB_networkLoadbalancer (245.89s)
=== RUN   TestAccAWSLB_networkLoadbalancerEIP
--- PASS: TestAccAWSLB_networkLoadbalancerEIP (262.47s)
=== RUN   TestAccAWSLB_networkLoadbalancer_subnet_change
--- PASS: TestAccAWSLB_networkLoadbalancer_subnet_change (277.25s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	786.288s```

[bflad]

Thanks @mpilar, this is looking pretty good! Would you have time to also add a test that enables/disables this flag and ensure it gets set correctly? If not, no problem. 👍

[bflad]

We should create a test that ensures enabling/disabling works as expected 😄

[mpilar]

Any hints as to where I could look for an example? It's my first time digging into a largeish golang codebase.

Is it sufficient to add the directive to testAccAWSLBConfig_networkLoadBalancerEIP as true and assert on that test?

(See added commit)

[mpilar]

I was unable to run the acceptance tests after the commit. As soon as I have a break I will.

[bflad]

My general workflow does usually involve adding a directive/parameter to the test configuration function for the new attribute. Generally speaking though, its usually easiest to just create a whole new acceptance test and configuration function so you don't wind up with needing to pass in way too many directives to a function. Copy paste of an existing is okay and generally encouraged for this situation as the testing is more important than any (potential) later refactoring. 👍

[mpilar]

@bflad there's a bug I ran into when running the new acceptance test. I will hunt it down.

[mpilar]

@bflad
--- PASS: TestAccAWSLB_networkLoadbalancerEIP (305.89s)

I did run into an unrelated (random) issue where the EIP de-allocation failed because of the permission denied (since AWS controls the ENI).

--- FAIL: TestAccAWSLB_networkLoadbalancerEIP (325.03s)
	testing.go:573: Error destroying resource! WARNING: Dangling resources
		may exist. The full state and error is shown below.

		Error: Error applying: 1 error(s) occurred:

		* aws_eip.lb[1] (destroy): 1 error(s) occurred:

		* aws_eip.lb.1: AuthFailure: You do not have permission to access the specified resource.
			status code: 400, request id: 18744029-9e3a-44ae-aca0-1edfaa9f45a3

		State: aws_eip.lb.1:
		  ID = eipalloc-4c905770
		  provider = provider.aws
		  association_id = eipassoc-28867ae5
		  domain = vpc
		  instance =
		  network_interface = eni-e0ef40d7
		  private_ip = 10.10.1.24
		  public_ip = 34.218.56.51
		  tags.% = 0
		  vpc = true

		  Dependencies:
		    data.aws_availability_zones.available
		data.aws_availability_zones.available:
		  ID = 2018-03-01 06:55:43.446792279 +0000 UTC
		  provider = provider.aws
		  names.# = 3
		  names.0 = us-west-2a
		  names.1 = us-west-2b
		  names.2 = us-west-2c

I have tried finding where best to fix this but haven't been able to replicate it. I did capture a debug log of it happening.

[bflad]

See my note above -- we'll probably want to just copy paste the handling of the new attribute to a new test and config or at least pass the true/false value for this attributes is a directive into the above config function and use enable_cross_zone_load_balancing = %v 😄

[mpilar]

@bflad I made a new test and am running into some odd behavior, I thought I had a hang of the harness and how it works but this is baffling me.
https://gist.github.com/mpilar/dd0d9dcbf828e5b7fd3778fcce95ec5c

I captured a TRACE to see if I can figure out what's going on, but when the test runs it successfully creates the LB then destroys everything and doesn't create the second environment (or as I would prefer, update the env to the second configuration). This happens regardless of whether I make it cross-zone first or second.

I am fairly sure it's some mistake I am making with the test harness but can't figure it out.

e: I obfuscated the requests by removing my AWS key, also went ahead and rotated the key because I am paranoid.

E: I can't believe it took me so long to figure out I had typed "aws_lb.test" and not "aws_lb.lb_test" .

[mpilar]

Flagged as WIP to add HTTP2 as well.

[bflad]

I would prefer to treat that functionality in a separate PR please (smaller is easier to review)

[mpilar]

@bflad then the PR should be good as is, or do you think it needs more?

The next commit has:

• refactored to use a switch statement a la [WIP] Fix 3511 support all elbv2 attributes #3578
• added enable_http2 as a flag
• added tests for the above
• made the boolean flag tests have 3 steps: on, off, on. to test creation, flag and unflag.
• increased timeout and delay for aws_internet_gateway detachment refresh
• increased wait time to wait for network interfaces to be destroyed after deleting an NLB (this, combined with the above, caused the EIP hanging resource I saw yesterday)
• made all test fixtures use lb_test as the name for the aws_lb (to prevent the typo issue I had)

It's ready just waiting for all Acceptance tests to finish running (10 down, 5 to go). I decided to run them all after changing the timeouts and making the test fixtures more consistent.

I will split the changes into separate PRs.

[appilon]

Comment references Idle timeout (probably meant to be cross zone flag)

[bflad]

Thanks @mpilar for your work here! I'm going to pull this in now. You and @appilon can sort out the details of the next PR for HTTP/2 handling (please also fix that code comment). 😉

1 failure is unrelated

Tests failed: 1 (1 new), passed: 48
=== RUN   TestAccAWSLBListenerRule_multipleConditionThrowsError
--- PASS: TestAccAWSLBListenerRule_multipleConditionThrowsError (2.52s)
=== RUN   TestAccAWSLBCookieStickinessPolicy_basic
--- PASS: TestAccAWSLBCookieStickinessPolicy_basic (42.18s)
=== RUN   TestAccAWSLBCookieStickinessPolicy_missingLB
--- PASS: TestAccAWSLBCookieStickinessPolicy_missingLB (52.27s)
=== RUN   TestAccAWSLBCookieStickinessPolicy_drift
--- PASS: TestAccAWSLBCookieStickinessPolicy_drift (56.56s)
=== RUN   TestAccAWSLBTargetGroup_networkLB_TargetGroup
--- PASS: TestAccAWSLBTargetGroup_networkLB_TargetGroup (84.00s)
=== RUN   TestAccAWSLBSSLNegotiationPolicy_missingLB
--- PASS: TestAccAWSLBSSLNegotiationPolicy_missingLB (84.81s)
=== RUN   TestAccAWSLBTargetGroup_generatedName
--- PASS: TestAccAWSLBTargetGroup_generatedName (46.93s)
=== RUN   TestAccAWSLBSSLNegotiationPolicy_basic
--- PASS: TestAccAWSLBSSLNegotiationPolicy_basic (102.12s)
=== RUN   TestAccAWSLBTargetGroup_basic
--- PASS: TestAccAWSLBTargetGroup_basic (137.18s)
=== RUN   TestAccAWSLBTargetGroupBackwardsCompatibility
--- PASS: TestAccAWSLBTargetGroupBackwardsCompatibility (138.11s)
=== RUN   TestAccAWSLBTargetGroupAttachmentBackwardsCompatibility
--- PASS: TestAccAWSLBTargetGroupAttachmentBackwardsCompatibility (158.83s)
=== RUN   TestAccAWSLBTargetGroup_changeNameForceNew
--- PASS: TestAccAWSLBTargetGroup_changeNameForceNew (148.50s)
=== RUN   TestAccAWSLBTargetGroup_defaults_application
--- PASS: TestAccAWSLBTargetGroup_defaults_application (65.30s)
=== RUN   TestAccAWSLBTargetGroup_namePrefix
--- PASS: TestAccAWSLBTargetGroup_namePrefix (193.44s)
=== RUN   TestAccAWSLBTargetGroup_changeVpcForceNew
--- PASS: TestAccAWSLBTargetGroup_changeVpcForceNew (139.35s)
=== RUN   TestAccAWSLBTargetGroup_stickinessWithTCPEnabledShouldError
--- PASS: TestAccAWSLBTargetGroup_stickinessWithTCPEnabledShouldError (26.22s)
=== RUN   TestAccAWSLBTargetGroupAttachment_withoutPort
--- PASS: TestAccAWSLBTargetGroupAttachment_withoutPort (290.82s)
=== RUN   TestAccAWSLBTargetGroup_stickinessWithTCPDisabled
--- PASS: TestAccAWSLBTargetGroup_stickinessWithTCPDisabled (72.61s)
=== RUN   TestAccAWSLBTargetGroup_tags
--- PASS: TestAccAWSLBTargetGroup_tags (202.81s)
=== RUN   TestAccAWSLBTargetGroup_defaults_network
--- PASS: TestAccAWSLBTargetGroup_defaults_network (101.25s)
=== RUN   TestAccAWSLBListener_https
--- PASS: TestAccAWSLBListener_https (350.29s)
=== RUN   TestAccAWSLBTargetGroup_changeProtocolForceNew
--- PASS: TestAccAWSLBTargetGroup_changeProtocolForceNew (298.25s)
=== RUN   TestAccAWSLBTargetGroup_updateHealthCheck
--- PASS: TestAccAWSLBTargetGroup_updateHealthCheck (282.21s)
=== RUN   TestAccAWSLBListener_basic
--- PASS: TestAccAWSLBListener_basic (455.36s)
=== RUN   TestAccAWSLBListenerRuleBackwardsCompatibility
--- PASS: TestAccAWSLBListenerRuleBackwardsCompatibility (476.60s)
=== RUN   TestAccAWSLBListenerBackwardsCompatibility
--- PASS: TestAccAWSLBListenerBackwardsCompatibility (486.55s)
=== RUN   TestAccAWSLB_basic
--- PASS: TestAccAWSLB_basic (249.97s)
=== RUN   TestAccAWSLBTargetGroupAttachment_basic
--- PASS: TestAccAWSLBTargetGroupAttachment_basic (494.86s)
=== RUN   TestAccAWSLBListenerRule_changeListenerRuleArnForcesNew
--- PASS: TestAccAWSLBListenerRule_changeListenerRuleArnForcesNew (501.56s)
=== RUN   TestAccAWSLBListenerRule_basic
--- PASS: TestAccAWSLBListenerRule_basic (504.41s)
=== RUN   TestAccAWSLB_networkLoadbalancerBasic
--- PASS: TestAccAWSLB_networkLoadbalancerBasic (272.63s)
=== RUN   TestAccAWSLBTargetGroup_updateSticknessEnabled
--- PASS: TestAccAWSLBTargetGroup_updateSticknessEnabled (418.42s)
=== RUN   TestAccAWSLB_networkLoadbalancerEIP
--- PASS: TestAccAWSLB_networkLoadbalancerEIP (287.02s)
=== RUN   TestAccAWSLB_generatedName
--- PASS: TestAccAWSLB_generatedName (299.76s)
=== RUN   TestAccAWSLBBackwardsCompatibility
--- PASS: TestAccAWSLBBackwardsCompatibility (318.14s)
=== RUN   TestAccAWSLB_generatesNameForZeroValue
--- PASS: TestAccAWSLB_generatesNameForZeroValue (317.02s)
=== RUN   TestAccAWSLB_namePrefix
--- PASS: TestAccAWSLB_namePrefix (294.52s)
=== RUN   TestAccAWSLBListenerRule_updateRulePriority
--- PASS: TestAccAWSLBListenerRule_updateRulePriority (669.66s)
=== RUN   TestAccAWSLB_tags
--- PASS: TestAccAWSLB_tags (289.96s)
=== RUN   TestAccAWSLBTargetGroup_changePortForceNew
--- PASS: TestAccAWSLBTargetGroup_changePortForceNew (623.73s)
=== RUN   TestAccAWSLBListenerRule_priority
--- PASS: TestAccAWSLBListenerRule_priority (715.72s)
=== RUN   TestAccAWSLBTargetGroup_TCP_HTTPHealthCheck
--- PASS: TestAccAWSLBTargetGroup_TCP_HTTPHealthCheck (746.18s)
=== RUN   TestAccAWSLB_updatedIpAddressType
--- FAIL: TestAccAWSLB_updatedIpAddressType (266.23s)
=== RUN   TestAccAWSLB_noSecurityGroup
--- PASS: TestAccAWSLB_noSecurityGroup (288.93s)
=== RUN   TestAccAWSLB_networkLoadbalancer_updateCrossZone
--- PASS: TestAccAWSLB_networkLoadbalancer_updateCrossZone (370.61s)
=== RUN   TestAccAWSLB_updatedSecurityGroups
--- PASS: TestAccAWSLB_updatedSecurityGroups (335.40s)
=== RUN   TestAccAWSLB_networkLoadbalancer_subnet_change
--- PASS: TestAccAWSLB_networkLoadbalancer_subnet_change (311.68s)
=== RUN   TestAccAWSLB_updatedSubnets
--- PASS: TestAccAWSLB_updatedSubnets (337.23s)
=== RUN   TestAccAWSLB_accesslogs
--- PASS: TestAccAWSLB_accesslogs (343.91s)

[bflad]

This has been released in version 1.11.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!