Tighten up documentation, same-account acceptance test, better error handling.
This commit is contained in:
parent
ea642dd1ee
commit
380aef9720
|
@ -4,6 +4,8 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"log"
|
"log"
|
||||||
|
|
||||||
|
"fmt"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/helper/schema"
|
"github.com/hashicorp/terraform/helper/schema"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -49,17 +51,22 @@ func resourceAwsVpcPeeringConnectionAccepter() *schema.Resource {
|
||||||
}
|
}
|
||||||
|
|
||||||
func resourceAwsVPCPeeringAccepterCreate(d *schema.ResourceData, meta interface{}) error {
|
func resourceAwsVPCPeeringAccepterCreate(d *schema.ResourceData, meta interface{}) error {
|
||||||
d.SetId(d.Get("vpc_peering_connection_id").(string))
|
id := d.Get("vpc_peering_connection_id").(string)
|
||||||
|
d.SetId(id)
|
||||||
|
|
||||||
if err := resourceAwsVPCPeeringUpdate(d, meta); err != nil {
|
if err := resourceAwsVPCPeeringRead(d, meta); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if d.Id() == "" {
|
||||||
|
return fmt.Errorf("VPC Peering Connection %q not found", id)
|
||||||
|
}
|
||||||
|
|
||||||
// Ensure that this IS as cross-account VPC peering connection.
|
// Ensure that this IS as cross-account VPC peering connection.
|
||||||
if d.Get("peer_owner_id").(string) == meta.(*AWSClient).accountid {
|
if d.Get("peer_owner_id").(string) == meta.(*AWSClient).accountid {
|
||||||
return errors.New("aws_vpc_peering_connection_accepter can only adopt into management cross-account VPC peering connections")
|
return errors.New("aws_vpc_peering_connection_accepter can only adopt into management cross-account VPC peering connections")
|
||||||
}
|
}
|
||||||
return nil
|
|
||||||
|
return resourceAwsVPCPeeringUpdate(d, meta)
|
||||||
}
|
}
|
||||||
|
|
||||||
func resourceAwsVPCPeeringAccepterDelete(d *schema.ResourceData, meta interface{}) error {
|
func resourceAwsVPCPeeringAccepterDelete(d *schema.ResourceData, meta interface{}) error {
|
||||||
|
|
|
@ -2,32 +2,77 @@
|
||||||
package aws
|
package aws
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"regexp"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/helper/resource"
|
"github.com/hashicorp/terraform/helper/resource"
|
||||||
"github.com/hashicorp/terraform/terraform"
|
"github.com/hashicorp/terraform/terraform"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestAccAwsVPCPeeringConnectionAccepter_basic(t *testing.T) {
|
func TestAccAwsVPCPeeringConnectionAccepter_sameAccount(t *testing.T) {
|
||||||
resource.Test(t, resource.TestCase{
|
resource.Test(t, resource.TestCase{
|
||||||
PreCheck: func() { testAccPreCheck(t) },
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
Providers: testAccProviders,
|
Providers: testAccProviders,
|
||||||
|
CheckDestroy: testAccAwsVPCPeeringConnectionAccepterDestroy,
|
||||||
Steps: []resource.TestStep{
|
Steps: []resource.TestStep{
|
||||||
{
|
resource.TestStep{
|
||||||
Config: testAccAwsVPCPeeringConnectionAccepterConfig,
|
Config: testAccAwsVPCPeeringConnectionAccepterSameAccountConfig,
|
||||||
Check: resource.ComposeTestCheckFunc(
|
ExpectError: regexp.MustCompile(`aws_vpc_peering_connection_accepter can only adopt into management cross-account VPC peering connections`),
|
||||||
testAccAwsVPCPeeringConnectionAccepterCheckSomething(""),
|
|
||||||
),
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func testAccAwsVPCPeeringConnectionAccepterCheckSomething(name string) resource.TestCheckFunc {
|
func testAccAwsVPCPeeringConnectionAccepterDestroy(s *terraform.State) error {
|
||||||
return func(s *terraform.State) error {
|
// We don't destroy the underlying VPC Peering Connection.
|
||||||
return nil
|
return nil
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
const testAccAwsVPCPeeringConnectionAccepterConfig = `
|
const testAccAwsVPCPeeringConnectionAccepterSameAccountConfig = `
|
||||||
|
provider "aws" {
|
||||||
|
region = "us-west-2"
|
||||||
|
// Requester's credentials.
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "aws" {
|
||||||
|
alias = "peer"
|
||||||
|
region = "us-west-2"
|
||||||
|
// Accepter's credentials.
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_vpc" "main" {
|
||||||
|
cidr_block = "10.0.0.0/16"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_vpc" "peer" {
|
||||||
|
provider = "aws.peer"
|
||||||
|
cidr_block = "10.1.0.0/16"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "aws_caller_identity" "peer" {
|
||||||
|
provider = "aws.peer"
|
||||||
|
}
|
||||||
|
|
||||||
|
// Requester's side of the connection.
|
||||||
|
resource "aws_vpc_peering_connection" "peer" {
|
||||||
|
vpc_id = "${aws_vpc.main.id}"
|
||||||
|
peer_vpc_id = "${aws_vpc.peer.id}"
|
||||||
|
peer_owner_id = "${data.aws_caller_identity.peer.account_id}"
|
||||||
|
auto_accept = false
|
||||||
|
|
||||||
|
tags {
|
||||||
|
Side = "Requester"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Accepter's side of the connection.
|
||||||
|
resource "aws_vpc_peering_connection_accepter" "peer" {
|
||||||
|
provider = "aws.peer"
|
||||||
|
vpc_peering_connection_id = "${aws_vpc_peering_connection.peer.id}"
|
||||||
|
auto_accept = true
|
||||||
|
|
||||||
|
tags {
|
||||||
|
Side = "Accepter"
|
||||||
|
}
|
||||||
|
}
|
||||||
`
|
`
|
||||||
|
|
|
@ -3,12 +3,16 @@ layout: "aws"
|
||||||
page_title: "AWS: aws_vpc_peering_connection"
|
page_title: "AWS: aws_vpc_peering_connection"
|
||||||
sidebar_current: "docs-aws-resource-vpc-peering"
|
sidebar_current: "docs-aws-resource-vpc-peering"
|
||||||
description: |-
|
description: |-
|
||||||
Provides a VPC Peering Connection resource.
|
Manage a VPC Peering Connection resource.
|
||||||
---
|
---
|
||||||
|
|
||||||
# aws\_vpc\_peering\_connection
|
# aws\_vpc\_peering\_connection
|
||||||
|
|
||||||
Provides a VPC Peering Connection resource.
|
Provides a resource to manage a VPC Peering Connection resource.
|
||||||
|
|
||||||
|
-> **Note:** For cross-account (requester's AWS account differs from the accepter's AWS account) VPC Peering Connections
|
||||||
|
use the `aws_vpc_peering_connection` resource to manage the requester's side of the connection and
|
||||||
|
use the `aws_vpc_peering_connection_accepter` resource to manage the accepter's side of the connection.
|
||||||
|
|
||||||
## Example Usage
|
## Example Usage
|
||||||
|
|
||||||
|
@ -112,9 +116,9 @@ The following attributes are exported:
|
||||||
|
|
||||||
AWS only supports VPC peering within the same AWS region.
|
AWS only supports VPC peering within the same AWS region.
|
||||||
|
|
||||||
If both VPCs are not in the same AWS account do not enable the `auto_accept` attribute. You will still
|
If both VPCs are not in the same AWS account do not enable the `auto_accept` attribute.
|
||||||
have to accept the VPC Peering Connection request manually using the AWS Management Console, AWS CLI,
|
The accepter can manage its side of the connection using the `aws_vpc_peering_connection_accepter` resource
|
||||||
through SDKs, etc.
|
or accept the connection manually using the AWS Management Console, AWS CLI, through SDKs, etc.
|
||||||
|
|
||||||
## Import
|
## Import
|
||||||
|
|
||||||
|
|
|
@ -3,17 +3,18 @@ layout: "aws"
|
||||||
page_title: "AWS: aws_vpc_peering_connection_accepter"
|
page_title: "AWS: aws_vpc_peering_connection_accepter"
|
||||||
sidebar_current: "docs-aws-resource-vpc-peering-accepter"
|
sidebar_current: "docs-aws-resource-vpc-peering-accepter"
|
||||||
description: |-
|
description: |-
|
||||||
Manage the accepter's side of a cross-account VPC peering connection.
|
Manage the accepter's side of a cross-account VPC Peering Connection.
|
||||||
---
|
---
|
||||||
|
|
||||||
# aws\_vpc\_peering\_connection\_accepter
|
# aws\_vpc\_peering\_connection\_accepter
|
||||||
|
|
||||||
Provides a resource to manage the accepter's side of a cross-account VPC peering connection.
|
Provides a resource to manage the accepter's side of a cross-account VPC Peering Connection.
|
||||||
|
|
||||||
When a cross-account (requester's AWS account differs from the accepter's) VPC peering connection is created,
|
When a cross-account (requester's AWS account differs from the accepter's AWS account) VPC Peering Connection
|
||||||
a VPC peering connection resource is automatically created in the accepter's account. The requester can use
|
is created, a VPC Peering Connection resource is automatically created in the accepter's account.
|
||||||
the `aws_vpc_peering_connection` resource to manage its side of the connection and the accepter can use the
|
The requester can use the `aws_vpc_peering_connection` resource to manage its side of the connection
|
||||||
`aws_vpc_peering_connection_accepter` resource to "adopt" its side of the connection into management.
|
and the accepter can use the `aws_vpc_peering_connection_accepter` resource to "adopt" its side of the
|
||||||
|
connection into management.
|
||||||
|
|
||||||
## Example Usage
|
## Example Usage
|
||||||
|
|
||||||
|
@ -72,6 +73,14 @@ The following arguments are supported:
|
||||||
* `auto_accept` - (Optional) Whether or not to accept the peering request. Defaults to `false`.
|
* `auto_accept` - (Optional) Whether or not to accept the peering request. Defaults to `false`.
|
||||||
* `tags` - (Optional) A mapping of tags to assign to the resource.
|
* `tags` - (Optional) A mapping of tags to assign to the resource.
|
||||||
|
|
||||||
|
### Removing `aws_vpc_peering_connection_accepter` from your configuration
|
||||||
|
|
||||||
|
AWS allows a cross-account VPC Peering Connection to be deleted from either the requester's or accepter's side.
|
||||||
|
However, Terraform only allows the VPC Peering Connection to be deleted from the requester's side
|
||||||
|
by removing the corresponding `aws_vpc_peering_connection` resource from your configuration.
|
||||||
|
Removing a `aws_vpc_peering_connection_accepter` resource from your configuration will remove it
|
||||||
|
from your statefile and management, **but will not destroy the VPC Peering Connection.**
|
||||||
|
|
||||||
## Attributes Reference
|
## Attributes Reference
|
||||||
|
|
||||||
All of the argument attributes except `auto_accept` are also exported as result attributes.
|
All of the argument attributes except `auto_accept` are also exported as result attributes.
|
||||||
|
@ -91,6 +100,6 @@ All of the argument attributes except `auto_accept` are also exported as result
|
||||||
* `allow_remote_vpc_dns_resolution` - Indicates whether a local VPC can resolve public DNS hostnames to
|
* `allow_remote_vpc_dns_resolution` - Indicates whether a local VPC can resolve public DNS hostnames to
|
||||||
private IP addresses when queried from instances in a peer VPC.
|
private IP addresses when queried from instances in a peer VPC.
|
||||||
* `allow_classic_link_to_remote_vpc` - Indicates whether a local ClassicLink connection can communicate
|
* `allow_classic_link_to_remote_vpc` - Indicates whether a local ClassicLink connection can communicate
|
||||||
with the peer VPC over the VPC peering connection.
|
with the peer VPC over the VPC Peering Connection.
|
||||||
* `allow_vpc_to_remote_classic_link` - Indicates whether a local VPC can communicate with a ClassicLink
|
* `allow_vpc_to_remote_classic_link` - Indicates whether a local VPC can communicate with a ClassicLink
|
||||||
connection in the peer VPC over the VPC peering connection.
|
connection in the peer VPC over the VPC Peering Connection.
|
||||||
|
|
Loading…
Reference in New Issue