2015-03-05 05:40:45 +01:00
|
|
|
package aws
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"log"
|
|
|
|
|
"time"
|
|
|
|
|
|
2015-06-03 20:36:57 +02:00
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
|
|
|
|
"github.com/aws/aws-sdk-go/aws/awserr"
|
|
|
|
|
"github.com/aws/aws-sdk-go/service/ec2"
|
2015-03-05 05:40:45 +01:00
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
|
|
|
"github.com/hashicorp/terraform/helper/schema"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func resourceAwsVpnGateway() *schema.Resource {
|
|
|
|
|
return &schema.Resource{
|
|
|
|
|
Create: resourceAwsVpnGatewayCreate,
|
|
|
|
|
Read: resourceAwsVpnGatewayRead,
|
|
|
|
|
Update: resourceAwsVpnGatewayUpdate,
|
|
|
|
|
Delete: resourceAwsVpnGatewayDelete,
|
2016-06-23 02:25:13 +02:00
|
|
|
Importer: &schema.ResourceImporter{
|
|
|
|
|
State: schema.ImportStatePassthrough,
|
|
|
|
|
},
|
2015-03-05 05:40:45 +01:00
|
|
|
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
|
"availability_zone": &schema.Schema{
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
},
|
|
|
|
|
|
2015-03-10 01:30:29 +01:00
|
|
|
"vpc_id": &schema.Schema{
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
2016-08-07 01:29:51 +02:00
|
|
|
Computed: true,
|
2015-03-10 01:30:29 +01:00
|
|
|
},
|
2015-03-05 07:24:14 +01:00
|
|
|
|
2015-03-10 01:30:29 +01:00
|
|
|
"tags": tagsSchema(),
|
2015-03-05 05:40:45 +01:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func resourceAwsVpnGatewayCreate(d *schema.ResourceData, meta interface{}) error {
|
2015-04-16 22:05:55 +02:00
|
|
|
conn := meta.(*AWSClient).ec2conn
|
2015-03-10 01:30:29 +01:00
|
|
|
|
2015-08-17 20:27:16 +02:00
|
|
|
createOpts := &ec2.CreateVpnGatewayInput{
|
2015-03-10 01:30:29 +01:00
|
|
|
AvailabilityZone: aws.String(d.Get("availability_zone").(string)),
|
|
|
|
|
Type: aws.String("ipsec.1"),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Create the VPN gateway
|
|
|
|
|
log.Printf("[DEBUG] Creating VPN gateway")
|
2015-08-17 20:27:16 +02:00
|
|
|
resp, err := conn.CreateVpnGateway(createOpts)
|
2015-03-10 01:30:29 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("Error creating VPN gateway: %s", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get the ID and store it
|
2015-08-17 20:27:16 +02:00
|
|
|
vpnGateway := resp.VpnGateway
|
|
|
|
|
d.SetId(*vpnGateway.VpnGatewayId)
|
|
|
|
|
log.Printf("[INFO] VPN Gateway ID: %s", *vpnGateway.VpnGatewayId)
|
2015-03-10 01:30:29 +01:00
|
|
|
|
|
|
|
|
// Attach the VPN gateway to the correct VPC
|
|
|
|
|
return resourceAwsVpnGatewayUpdate(d, meta)
|
2015-03-05 05:40:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func resourceAwsVpnGatewayRead(d *schema.ResourceData, meta interface{}) error {
|
2015-04-16 22:05:55 +02:00
|
|
|
conn := meta.(*AWSClient).ec2conn
|
2015-03-05 05:40:45 +01:00
|
|
|
|
2015-08-17 20:27:16 +02:00
|
|
|
resp, err := conn.DescribeVpnGateways(&ec2.DescribeVpnGatewaysInput{
|
|
|
|
|
VpnGatewayIds: []*string{aws.String(d.Id())},
|
2015-04-15 17:26:39 +02:00
|
|
|
})
|
2015-03-05 23:47:29 +01:00
|
|
|
if err != nil {
|
2015-05-20 13:21:23 +02:00
|
|
|
if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "InvalidVpnGatewayID.NotFound" {
|
2015-04-15 17:26:39 +02:00
|
|
|
d.SetId("")
|
|
|
|
|
return nil
|
|
|
|
|
} else {
|
|
|
|
|
log.Printf("[ERROR] Error finding VpnGateway: %s", err)
|
|
|
|
|
return err
|
|
|
|
|
}
|
2015-03-05 23:47:29 +01:00
|
|
|
}
|
2015-04-15 17:26:39 +02:00
|
|
|
|
2015-08-17 20:27:16 +02:00
|
|
|
vpnGateway := resp.VpnGateways[0]
|
2016-08-07 01:29:51 +02:00
|
|
|
if vpnGateway == nil || *vpnGateway.State == "deleted" {
|
2015-03-05 23:47:29 +01:00
|
|
|
// Seems we have lost our VPN gateway
|
|
|
|
|
d.SetId("")
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2015-03-05 05:40:45 +01:00
|
|
|
|
2016-08-07 01:29:51 +02:00
|
|
|
vpnAttachment := vpnGatewayGetAttachment(vpnGateway)
|
|
|
|
|
if len(vpnGateway.VpcAttachments) == 0 || *vpnAttachment.State == "detached" {
|
2015-03-05 23:47:29 +01:00
|
|
|
// Gateway exists but not attached to the VPC
|
|
|
|
|
d.Set("vpc_id", "")
|
|
|
|
|
} else {
|
2016-08-07 01:29:51 +02:00
|
|
|
d.Set("vpc_id", *vpnAttachment.VpcId)
|
2015-03-05 23:47:29 +01:00
|
|
|
}
|
2016-09-03 16:14:42 +02:00
|
|
|
|
|
|
|
|
if vpnGateway.AvailabilityZone != nil && *vpnGateway.AvailabilityZone != "" {
|
|
|
|
|
d.Set("availability_zone", vpnGateway.AvailabilityZone)
|
|
|
|
|
}
|
2015-05-12 21:58:10 +02:00
|
|
|
d.Set("tags", tagsToMap(vpnGateway.Tags))
|
2015-03-05 05:40:45 +01:00
|
|
|
|
2015-03-10 01:30:29 +01:00
|
|
|
return nil
|
2015-03-05 05:40:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func resourceAwsVpnGatewayUpdate(d *schema.ResourceData, meta interface{}) error {
|
2015-03-10 01:30:29 +01:00
|
|
|
if d.HasChange("vpc_id") {
|
|
|
|
|
// If we're already attached, detach it first
|
|
|
|
|
if err := resourceAwsVpnGatewayDetach(d, meta); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Attach the VPN gateway to the new vpc
|
|
|
|
|
if err := resourceAwsVpnGatewayAttach(d, meta); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-03-05 05:40:45 +01:00
|
|
|
|
2015-04-16 22:05:55 +02:00
|
|
|
conn := meta.(*AWSClient).ec2conn
|
2015-03-05 05:40:45 +01:00
|
|
|
|
2015-05-12 21:58:10 +02:00
|
|
|
if err := setTags(conn, d); err != nil {
|
2015-03-10 01:30:29 +01:00
|
|
|
return err
|
|
|
|
|
}
|
2015-03-05 05:40:45 +01:00
|
|
|
|
2015-03-10 01:30:29 +01:00
|
|
|
d.SetPartial("tags")
|
2015-03-05 05:40:45 +01:00
|
|
|
|
2015-03-10 01:30:29 +01:00
|
|
|
return resourceAwsVpnGatewayRead(d, meta)
|
2015-03-05 05:40:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func resourceAwsVpnGatewayDelete(d *schema.ResourceData, meta interface{}) error {
|
2015-04-16 22:05:55 +02:00
|
|
|
conn := meta.(*AWSClient).ec2conn
|
2015-03-10 01:30:29 +01:00
|
|
|
|
|
|
|
|
// Detach if it is attached
|
|
|
|
|
if err := resourceAwsVpnGatewayDetach(d, meta); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Printf("[INFO] Deleting VPN gateway: %s", d.Id())
|
|
|
|
|
|
2016-03-09 23:53:32 +01:00
|
|
|
return resource.Retry(5*time.Minute, func() *resource.RetryError {
|
2015-08-17 20:27:16 +02:00
|
|
|
_, err := conn.DeleteVpnGateway(&ec2.DeleteVpnGatewayInput{
|
|
|
|
|
VpnGatewayId: aws.String(d.Id()),
|
2015-03-10 01:30:29 +01:00
|
|
|
})
|
|
|
|
|
if err == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-20 13:21:23 +02:00
|
|
|
ec2err, ok := err.(awserr.Error)
|
2015-03-10 01:30:29 +01:00
|
|
|
if !ok {
|
2016-03-09 23:53:32 +01:00
|
|
|
return resource.RetryableError(err)
|
2015-03-10 01:30:29 +01:00
|
|
|
}
|
|
|
|
|
|
2015-05-20 13:21:23 +02:00
|
|
|
switch ec2err.Code() {
|
2015-03-10 01:30:29 +01:00
|
|
|
case "InvalidVpnGatewayID.NotFound":
|
|
|
|
|
return nil
|
|
|
|
|
case "IncorrectState":
|
2016-03-09 23:53:32 +01:00
|
|
|
return resource.RetryableError(err)
|
2015-03-10 01:30:29 +01:00
|
|
|
}
|
|
|
|
|
|
2016-03-09 23:53:32 +01:00
|
|
|
return resource.NonRetryableError(err)
|
2015-03-10 01:30:29 +01:00
|
|
|
})
|
2015-03-05 05:40:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func resourceAwsVpnGatewayAttach(d *schema.ResourceData, meta interface{}) error {
|
2015-04-16 22:05:55 +02:00
|
|
|
conn := meta.(*AWSClient).ec2conn
|
2015-03-10 01:30:29 +01:00
|
|
|
|
|
|
|
|
if d.Get("vpc_id").(string) == "" {
|
|
|
|
|
log.Printf(
|
|
|
|
|
"[DEBUG] Not attaching VPN Gateway '%s' as no VPC ID is set",
|
|
|
|
|
d.Id())
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Printf(
|
|
|
|
|
"[INFO] Attaching VPN Gateway '%s' to VPC '%s'",
|
|
|
|
|
d.Id(),
|
|
|
|
|
d.Get("vpc_id").(string))
|
|
|
|
|
|
2015-11-20 18:44:29 +01:00
|
|
|
req := &ec2.AttachVpnGatewayInput{
|
2015-08-17 20:27:16 +02:00
|
|
|
VpnGatewayId: aws.String(d.Id()),
|
|
|
|
|
VpcId: aws.String(d.Get("vpc_id").(string)),
|
2015-11-20 18:44:29 +01:00
|
|
|
}
|
|
|
|
|
|
2016-03-09 23:53:32 +01:00
|
|
|
err := resource.Retry(30*time.Second, func() *resource.RetryError {
|
2015-11-20 18:44:29 +01:00
|
|
|
_, err := conn.AttachVpnGateway(req)
|
|
|
|
|
if err != nil {
|
|
|
|
|
if ec2err, ok := err.(awserr.Error); ok {
|
|
|
|
|
if "InvalidVpnGatewayID.NotFound" == ec2err.Code() {
|
2016-03-09 23:53:32 +01:00
|
|
|
return resource.RetryableError(
|
|
|
|
|
fmt.Errorf("Gateway not found, retry for eventual consistancy"))
|
2015-11-20 18:44:29 +01:00
|
|
|
}
|
|
|
|
|
}
|
2016-03-09 23:53:32 +01:00
|
|
|
return resource.NonRetryableError(err)
|
2015-11-20 18:44:29 +01:00
|
|
|
}
|
|
|
|
|
return nil
|
2015-03-10 01:30:29 +01:00
|
|
|
})
|
2015-11-20 18:44:29 +01:00
|
|
|
|
2015-03-10 01:30:29 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2015-03-05 05:40:45 +01:00
|
|
|
|
2015-03-05 23:47:29 +01:00
|
|
|
// Wait for it to be fully attached before continuing
|
2015-03-10 01:30:29 +01:00
|
|
|
log.Printf("[DEBUG] Waiting for VPN gateway (%s) to attach", d.Id())
|
|
|
|
|
stateConf := &resource.StateChangeConf{
|
|
|
|
|
Pending: []string{"detached", "attaching"},
|
2016-01-21 02:20:41 +01:00
|
|
|
Target: []string{"attached"},
|
2015-04-15 17:26:39 +02:00
|
|
|
Refresh: vpnGatewayAttachStateRefreshFunc(conn, d.Id(), "available"),
|
2015-03-10 01:30:29 +01:00
|
|
|
Timeout: 1 * time.Minute,
|
|
|
|
|
}
|
|
|
|
|
if _, err := stateConf.WaitForState(); err != nil {
|
|
|
|
|
return fmt.Errorf(
|
|
|
|
|
"Error waiting for VPN gateway (%s) to attach: %s",
|
|
|
|
|
d.Id(), err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
2015-03-05 05:40:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func resourceAwsVpnGatewayDetach(d *schema.ResourceData, meta interface{}) error {
|
2015-04-16 22:05:55 +02:00
|
|
|
conn := meta.(*AWSClient).ec2conn
|
2015-03-10 01:30:29 +01:00
|
|
|
|
|
|
|
|
// Get the old VPC ID to detach from
|
|
|
|
|
vpcID, _ := d.GetChange("vpc_id")
|
|
|
|
|
|
|
|
|
|
if vpcID.(string) == "" {
|
|
|
|
|
log.Printf(
|
|
|
|
|
"[DEBUG] Not detaching VPN Gateway '%s' as no VPC ID is set",
|
|
|
|
|
d.Id())
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Printf(
|
|
|
|
|
"[INFO] Detaching VPN Gateway '%s' from VPC '%s'",
|
|
|
|
|
d.Id(),
|
|
|
|
|
vpcID.(string))
|
2015-03-05 05:40:45 +01:00
|
|
|
|
2015-03-10 01:30:29 +01:00
|
|
|
wait := true
|
2015-08-17 20:27:16 +02:00
|
|
|
_, err := conn.DetachVpnGateway(&ec2.DetachVpnGatewayInput{
|
|
|
|
|
VpnGatewayId: aws.String(d.Id()),
|
|
|
|
|
VpcId: aws.String(vpcID.(string)),
|
2015-03-10 01:30:29 +01:00
|
|
|
})
|
|
|
|
|
if err != nil {
|
2015-05-20 13:21:23 +02:00
|
|
|
ec2err, ok := err.(awserr.Error)
|
2015-03-10 01:30:29 +01:00
|
|
|
if ok {
|
2015-05-20 13:21:23 +02:00
|
|
|
if ec2err.Code() == "InvalidVpnGatewayID.NotFound" {
|
2015-03-10 01:30:29 +01:00
|
|
|
err = nil
|
|
|
|
|
wait = false
|
2015-05-20 13:21:23 +02:00
|
|
|
} else if ec2err.Code() == "InvalidVpnGatewayAttachment.NotFound" {
|
2015-03-10 01:30:29 +01:00
|
|
|
err = nil
|
|
|
|
|
wait = false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !wait {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait for it to be fully detached before continuing
|
|
|
|
|
log.Printf("[DEBUG] Waiting for VPN gateway (%s) to detach", d.Id())
|
|
|
|
|
stateConf := &resource.StateChangeConf{
|
|
|
|
|
Pending: []string{"attached", "detaching", "available"},
|
2016-01-21 02:20:41 +01:00
|
|
|
Target: []string{"detached"},
|
2015-04-15 17:26:39 +02:00
|
|
|
Refresh: vpnGatewayAttachStateRefreshFunc(conn, d.Id(), "detached"),
|
2015-03-10 01:30:29 +01:00
|
|
|
Timeout: 1 * time.Minute,
|
|
|
|
|
}
|
|
|
|
|
if _, err := stateConf.WaitForState(); err != nil {
|
|
|
|
|
return fmt.Errorf(
|
|
|
|
|
"Error waiting for vpn gateway (%s) to detach: %s",
|
|
|
|
|
d.Id(), err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2015-03-05 05:40:45 +01:00
|
|
|
|
2015-04-15 17:26:39 +02:00
|
|
|
// vpnGatewayAttachStateRefreshFunc returns a resource.StateRefreshFunc that is used to watch
|
2015-03-05 05:40:45 +01:00
|
|
|
// the state of a VPN gateway's attachment
|
2015-04-15 17:26:39 +02:00
|
|
|
func vpnGatewayAttachStateRefreshFunc(conn *ec2.EC2, id string, expected string) resource.StateRefreshFunc {
|
2015-03-10 01:30:29 +01:00
|
|
|
var start time.Time
|
|
|
|
|
return func() (interface{}, string, error) {
|
|
|
|
|
if start.IsZero() {
|
|
|
|
|
start = time.Now()
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-17 20:27:16 +02:00
|
|
|
resp, err := conn.DescribeVpnGateways(&ec2.DescribeVpnGatewaysInput{
|
|
|
|
|
VpnGatewayIds: []*string{aws.String(id)},
|
2015-03-10 01:30:29 +01:00
|
|
|
})
|
2015-11-20 18:44:29 +01:00
|
|
|
|
2015-03-10 01:30:29 +01:00
|
|
|
if err != nil {
|
2015-05-20 13:21:23 +02:00
|
|
|
if ec2err, ok := err.(awserr.Error); ok && ec2err.Code() == "InvalidVpnGatewayID.NotFound" {
|
2015-03-10 01:30:29 +01:00
|
|
|
resp = nil
|
|
|
|
|
} else {
|
|
|
|
|
log.Printf("[ERROR] Error on VpnGatewayStateRefresh: %s", err)
|
|
|
|
|
return nil, "", err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if resp == nil {
|
|
|
|
|
// Sometimes AWS just has consistency issues and doesn't see
|
|
|
|
|
// our instance yet. Return an empty state.
|
|
|
|
|
return nil, "", nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-17 20:27:16 +02:00
|
|
|
vpnGateway := resp.VpnGateways[0]
|
|
|
|
|
if len(vpnGateway.VpcAttachments) == 0 {
|
2015-03-10 01:30:29 +01:00
|
|
|
// No attachments, we're detached
|
|
|
|
|
return vpnGateway, "detached", nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-07 01:29:51 +02:00
|
|
|
vpnAttachment := vpnGatewayGetAttachment(vpnGateway)
|
|
|
|
|
return vpnGateway, *vpnAttachment.State, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func vpnGatewayGetAttachment(vgw *ec2.VpnGateway) *ec2.VpcAttachment {
|
|
|
|
|
for _, v := range vgw.VpcAttachments {
|
|
|
|
|
if *v.State == "attached" {
|
|
|
|
|
return v
|
|
|
|
|
}
|
2015-03-10 01:30:29 +01:00
|
|
|
}
|
2016-08-07 01:29:51 +02:00
|
|
|
return &ec2.VpcAttachment{State: aws.String("detached")}
|
2015-03-05 05:40:45 +01:00
|
|
|
}
|
