resilien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Tighten up documentation, same-account acceptance test, better error handling.

This commit is contained in:
Kit Ewbank 2017-02-02 18:46:23 -05:00
parent ea642dd1ee
commit 380aef9720
4 changed files with 94 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
builtin/providers/aws/resource_aws_vpc_peering_connection_accepter.go
View File

@ -4,6 +4,8 @@ import (
"errors" "errors"
"log" "log"
"fmt"
"github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/schema"
) )
@ -49,17 +51,22 @@ func resourceAwsVpcPeeringConnectionAccepter() *schema.Resource {
} }
func resourceAwsVPCPeeringAccepterCreate(d *schema.ResourceData, meta interface{}) error { func resourceAwsVPCPeeringAccepterCreate(d *schema.ResourceData, meta interface{}) error {
d.SetId(d.Get("vpc_peering_connection_id").(string)) id := d.Get("vpc_peering_connection_id").(string)
d.SetId(id)
if err := resourceAwsVPCPeeringUpdate(d, meta); err != nil { if err := resourceAwsVPCPeeringRead(d, meta); err != nil {
return err return err
} }
if d.Id() == "" {
return fmt.Errorf("VPC Peering Connection %q not found", id)
}
// Ensure that this IS as cross-account VPC peering connection. // Ensure that this IS as cross-account VPC peering connection.
if d.Get("peer_owner_id").(string) == meta.(*AWSClient).accountid { if d.Get("peer_owner_id").(string) == meta.(*AWSClient).accountid {
return errors.New("aws_vpc_peering_connection_accepter can only adopt into management cross-account VPC peering connections") return errors.New("aws_vpc_peering_connection_accepter can only adopt into management cross-account VPC peering connections")
} }
return nil
return resourceAwsVPCPeeringUpdate(d, meta)
} }
func resourceAwsVPCPeeringAccepterDelete(d *schema.ResourceData, meta interface{}) error { func resourceAwsVPCPeeringAccepterDelete(d *schema.ResourceData, meta interface{}) error {

71
builtin/providers/aws/resource_aws_vpc_peering_connection_accepter_test.go
View File

@ -2,32 +2,77 @@
package aws package aws
import ( import (
"regexp"
"testing" "testing"
"github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform" "github.com/hashicorp/terraform/terraform"
) )
func TestAccAwsVPCPeeringConnectionAccepter_basic(t *testing.T) { func TestAccAwsVPCPeeringConnectionAccepter_sameAccount(t *testing.T) {
resource.Test(t, resource.TestCase{ resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) }, PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders, Providers: testAccProviders,
CheckDestroy: testAccAwsVPCPeeringConnectionAccepterDestroy,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ resource.TestStep{
Config: testAccAwsVPCPeeringConnectionAccepterConfig, Config: testAccAwsVPCPeeringConnectionAccepterSameAccountConfig,
Check: resource.ComposeTestCheckFunc( ExpectError: regexp.MustCompile(`aws_vpc_peering_connection_accepter can only adopt into management cross-account VPC peering connections`),
testAccAwsVPCPeeringConnectionAccepterCheckSomething(""),
),
}, },
}, },
}) })
} }
func testAccAwsVPCPeeringConnectionAccepterCheckSomething(name string) resource.TestCheckFunc { func testAccAwsVPCPeeringConnectionAccepterDestroy(s *terraform.State) error {
return func(s *terraform.State) error { // We don't destroy the underlying VPC Peering Connection.
return nil return nil
}
} }
const testAccAwsVPCPeeringConnectionAccepterConfig = ` const testAccAwsVPCPeeringConnectionAccepterSameAccountConfig = `
provider "aws" {
region = "us-west-2"
// Requester's credentials.
}
provider "aws" {
alias = "peer"
region = "us-west-2"
// Accepter's credentials.
}
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}
resource "aws_vpc" "peer" {
provider = "aws.peer"
cidr_block = "10.1.0.0/16"
}
data "aws_caller_identity" "peer" {
provider = "aws.peer"
}
// Requester's side of the connection.
resource "aws_vpc_peering_connection" "peer" {
vpc_id = "${aws_vpc.main.id}"
peer_vpc_id = "${aws_vpc.peer.id}"
peer_owner_id = "${data.aws_caller_identity.peer.account_id}"
auto_accept = false
tags {
Side = "Requester"
}
}
// Accepter's side of the connection.
resource "aws_vpc_peering_connection_accepter" "peer" {
provider = "aws.peer"
vpc_peering_connection_id = "${aws_vpc_peering_connection.peer.id}"
auto_accept = true
tags {
Side = "Accepter"
}
}
` `

14
website/source/docs/providers/aws/r/vpc_peering.html.markdown
View File

@ -3,12 +3,16 @@ layout: "aws"
page_title: "AWS: aws_vpc_peering_connection" page_title: "AWS: aws_vpc_peering_connection"
sidebar_current: "docs-aws-resource-vpc-peering" sidebar_current: "docs-aws-resource-vpc-peering"
description: |- description: |-
Provides a VPC Peering Connection resource. Manage a VPC Peering Connection resource.
--- ---
# aws\_vpc\_peering\_connection # aws\_vpc\_peering\_connection
Provides a VPC Peering Connection resource. Provides a resource to manage a VPC Peering Connection resource.
-> **Note:** For cross-account (requester's AWS account differs from the accepter's AWS account) VPC Peering Connections
use the `aws_vpc_peering_connection` resource to manage the requester's side of the connection and
use the `aws_vpc_peering_connection_accepter` resource to manage the accepter's side of the connection.
## Example Usage ## Example Usage
@ -112,9 +116,9 @@ The following attributes are exported:
AWS only supports VPC peering within the same AWS region. AWS only supports VPC peering within the same AWS region.
If both VPCs are not in the same AWS account do not enable the `auto_accept` attribute. You will still If both VPCs are not in the same AWS account do not enable the `auto_accept` attribute.
have to accept the VPC Peering Connection request manually using the AWS Management Console, AWS CLI, The accepter can manage its side of the connection using the `aws_vpc_peering_connection_accepter` resource
through SDKs, etc. or accept the connection manually using the AWS Management Console, AWS CLI, through SDKs, etc.
## Import ## Import

25
website/source/docs/providers/aws/r/vpc_peering_accepter.html.markdown
View File

@ -3,17 +3,18 @@ layout: "aws"
page_title: "AWS: aws_vpc_peering_connection_accepter" page_title: "AWS: aws_vpc_peering_connection_accepter"
sidebar_current: "docs-aws-resource-vpc-peering-accepter" sidebar_current: "docs-aws-resource-vpc-peering-accepter"
description: |- description: |-
Manage the accepter's side of a cross-account VPC peering connection. Manage the accepter's side of a cross-account VPC Peering Connection.
--- ---
# aws\_vpc\_peering\_connection\_accepter # aws\_vpc\_peering\_connection\_accepter
Provides a resource to manage the accepter's side of a cross-account VPC peering connection. Provides a resource to manage the accepter's side of a cross-account VPC Peering Connection.
When a cross-account (requester's AWS account differs from the accepter's) VPC peering connection is created, When a cross-account (requester's AWS account differs from the accepter's AWS account) VPC Peering Connection
a VPC peering connection resource is automatically created in the accepter's account. The requester can use is created, a VPC Peering Connection resource is automatically created in the accepter's account.
the `aws_vpc_peering_connection` resource to manage its side of the connection and the accepter can use the The requester can use the `aws_vpc_peering_connection` resource to manage its side of the connection
`aws_vpc_peering_connection_accepter` resource to "adopt" its side of the connection into management. and the accepter can use the `aws_vpc_peering_connection_accepter` resource to "adopt" its side of the
connection into management.
## Example Usage ## Example Usage
@ -72,6 +73,14 @@ The following arguments are supported:
* `auto_accept` - (Optional) Whether or not to accept the peering request. Defaults to `false`. * `auto_accept` - (Optional) Whether or not to accept the peering request. Defaults to `false`.
* `tags` - (Optional) A mapping of tags to assign to the resource. * `tags` - (Optional) A mapping of tags to assign to the resource.
### Removing `aws_vpc_peering_connection_accepter` from your configuration
AWS allows a cross-account VPC Peering Connection to be deleted from either the requester's or accepter's side.
However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side
by removing the corresponding `aws_vpc_peering_connection` resource from your configuration.
Removing a `aws_vpc_peering_connection_accepter` resource from your configuration will remove it
from your statefile and management, **but will not destroy the VPC Peering Connection.**
## Attributes Reference ## Attributes Reference
All of the argument attributes except `auto_accept` are also exported as result attributes. All of the argument attributes except `auto_accept` are also exported as result attributes.
@ -91,6 +100,6 @@ All of the argument attributes except `auto_accept` are also exported as result
* `allow_remote_vpc_dns_resolution` - Indicates whether a local VPC can resolve public DNS hostnames to * `allow_remote_vpc_dns_resolution` - Indicates whether a local VPC can resolve public DNS hostnames to
private IP addresses when queried from instances in a peer VPC. private IP addresses when queried from instances in a peer VPC.
* `allow_classic_link_to_remote_vpc` - Indicates whether a local ClassicLink connection can communicate * `allow_classic_link_to_remote_vpc` - Indicates whether a local ClassicLink connection can communicate
with the peer VPC over the VPC peering connection. with the peer VPC over the VPC Peering Connection.
* `allow_vpc_to_remote_classic_link` - Indicates whether a local VPC can communicate with a ClassicLink * `allow_vpc_to_remote_classic_link` - Indicates whether a local VPC can communicate with a ClassicLink
connection in the peer VPC over the VPC peering connection. connection in the peer VPC over the VPC Peering Connection.