Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Route 53 Resolver endpoint resource #6574

Merged
merged 10 commits into from
Mar 1, 2019
Merged

Add Route 53 Resolver endpoint resource #6574

merged 10 commits into from
Mar 1, 2019

Conversation

ewbankkit
Copy link
Contributor

Fixes #6563.
Includes:

Acceptance tests (so far):

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsRoute53ResolverEndpoint_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -parallel 20 -run=TestAccAwsRoute53ResolverEndpoint_ -timeout 120m
=== RUN   TestAccAwsRoute53ResolverEndpoint_importBasic
=== PAUSE TestAccAwsRoute53ResolverEndpoint_importBasic
=== RUN   TestAccAwsRoute53ResolverEndpoint_basicInbound
=== PAUSE TestAccAwsRoute53ResolverEndpoint_basicInbound
=== RUN   TestAccAwsRoute53ResolverEndpoint_updateOutbound
=== PAUSE TestAccAwsRoute53ResolverEndpoint_updateOutbound
=== CONT  TestAccAwsRoute53ResolverEndpoint_importBasic
=== CONT  TestAccAwsRoute53ResolverEndpoint_updateOutbound
=== CONT  TestAccAwsRoute53ResolverEndpoint_basicInbound
--- PASS: TestAccAwsRoute53ResolverEndpoint_importBasic (108.99s)
--- PASS: TestAccAwsRoute53ResolverEndpoint_basicInbound (129.35s)
--- PASS: TestAccAwsRoute53ResolverEndpoint_updateOutbound (503.80s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	503.819s

@ghost ghost added size/XXL Managed by automation to categorize the size of a PR. dependencies Used to indicate dependency changes. documentation Introduces or discusses updates to documentation. provider Pertains to the provider itself, rather than any interaction with AWS. service/route53 Issues and PRs that pertain to the route53 service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. labels Nov 24, 2018
@ewbankkit ewbankkit mentioned this pull request Nov 24, 2018
Closed
@ewbankkit
Copy link
Contributor Author

This is still a WIP as I'm having problems supporting more than one "IP address" (subnet ID and optional specified IP) per subnet.
The issue is that I want to use a TypeSet for the ip_address attribute (using TypeList has the problem that the order of IP addresses returned from ListResolverEndpointIpAddresses is non-deterministic and state diffs will keep showing) but there are a couple of wrinkles:

  • ip is computed - If it's blank when creating or updating the Resolver endpoint then AWS assigns a value, so it can't be used in the set's hash function
  • More than one ip_address per subnet_id is allowed so I can't just use the hash of the subnet ID as the set's hash value although that is what I am doing right now to get the tests working

@gazoakley
Copy link
Contributor

You might be able to use TypeList with DiffSuppressFunc and match things up by ip_id. That sounds like a pain, but it might work.

@gazoakley
Copy link
Contributor

Your DiffSuppressFunc might:

  • Check the ip_address entries where ip is specified all exist and are associated with the correct subnet_id
  • Check there are the correct number of entries per subnet_id for the remaining ip_address entries
  • Suppress the diff if all the above pass

@ewbankkit ewbankkit mentioned this pull request Nov 28, 2018
Closed
@bflad bflad added new-resource Introduces a new resource. and removed dependencies Used to indicate dependency changes. labels Nov 30, 2018
@ewbankkit
Copy link
Contributor Author

Not having much luck with the ip_address diff issue and won't have time to work on this for the next week or so.
I've reverted to a set for now with still the same concerns:

	// TODO
	// TODO * "ip" may be computed - Blank on input, set by API on output; How to handle?
	// TODO * Multiple "ip_address" values per "subnet_id" are allowed in the API
	// TODO   but a List (instead of a Set) won't work because of non-deterministic order
	// TODO   on listing ip_address, plus how to determine diffs for update?
	// TODO

Acceptance tests:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsRoute53ResolverEndpoint_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -parallel 20 -run=TestAccAwsRoute53ResolverEndpoint_ -timeout 120m
=== RUN   TestAccAwsRoute53ResolverEndpoint_basicInbound
=== PAUSE TestAccAwsRoute53ResolverEndpoint_basicInbound
=== RUN   TestAccAwsRoute53ResolverEndpoint_updateOutbound
=== PAUSE TestAccAwsRoute53ResolverEndpoint_updateOutbound
=== CONT  TestAccAwsRoute53ResolverEndpoint_basicInbound
=== CONT  TestAccAwsRoute53ResolverEndpoint_updateOutbound
--- PASS: TestAccAwsRoute53ResolverEndpoint_basicInbound (135.30s)
--- PASS: TestAccAwsRoute53ResolverEndpoint_updateOutbound (516.18s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	516.201s

@ewbankkit
Copy link
Contributor Author

Rebased to fix conflicts.
Re-ran acceptance tests:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsRoute53ResolverEndpoint_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -parallel 20 -run=TestAccAwsRoute53ResolverEndpoint_ -timeout 120m
=== RUN   TestAccAwsRoute53ResolverEndpoint_basicInbound
=== PAUSE TestAccAwsRoute53ResolverEndpoint_basicInbound
=== RUN   TestAccAwsRoute53ResolverEndpoint_updateOutbound
=== PAUSE TestAccAwsRoute53ResolverEndpoint_updateOutbound
=== CONT  TestAccAwsRoute53ResolverEndpoint_basicInbound
=== CONT  TestAccAwsRoute53ResolverEndpoint_updateOutbound
--- PASS: TestAccAwsRoute53ResolverEndpoint_basicInbound (132.30s)
--- PASS: TestAccAwsRoute53ResolverEndpoint_updateOutbound (569.06s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	569.081s

@ewbankkit
Copy link
Contributor Author

ewbankkit commented Dec 16, 2018
edited
Loading

@bflad Looking for advice on the best way of dealing with the set/list conundrum for the ip_address attribute. It best fits the requirements for a set - Order is unimportant, but there are problems with determining the correct hash function.
Maybe we leave as I have it now - Just use subnet_id, which is the one Required field, as the hash value?

@ewbankkit
Copy link
Contributor Author

ewbankkit commented Dec 18, 2018
edited
Loading

TODO: Update tag handling code to reflect comments here.

@rbadillo
Copy link

rbadillo commented Jan 4, 2019

Hi team, any updates when this will be available ?

@ewbankkit

@ewbankkit
Copy link
Contributor Author

@bflad Any thoughts on my stumbling block - #6574 (comment)?

@gazoakley gazoakley mentioned this pull request Jan 8, 2019
Closed
@aar6ncai
Copy link

aar6ncai commented Jan 9, 2019

hi guys, any update for this feature become available ? thanks

@ewbankkit
Copy link
Contributor Author

@aar6ncai I'm going to need this quite soon too 😄.
I'll remove WIP and submit for formal review with the caveat that there is the known concern around ip in the ip_address block.

@ewbankkit ewbankkit changed the title [WIP] Add Route 53 Resolver endpoint resource Add Route 53 Resolver endpoint resource Jan 9, 2019
@ewbankkit ewbankkit mentioned this pull request Jan 10, 2019
Closed
@kmcquade
Copy link

@ewbankkit @gazoakley - any word? We need this pretty soon as well.

@ewbankkit
Copy link
Contributor Author

  • Rebased to remove conflict
  • Correct acceptance tests to use tags = {} syntax for TF 0.12

Acceptance tests:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsRoute53ResolverEndpoint_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -parallel 20 -run=TestAccAwsRoute53ResolverEndpoint_ -timeout 120m
=== RUN   TestAccAwsRoute53ResolverEndpoint_basicInbound
=== PAUSE TestAccAwsRoute53ResolverEndpoint_basicInbound
=== RUN   TestAccAwsRoute53ResolverEndpoint_updateOutbound
=== PAUSE TestAccAwsRoute53ResolverEndpoint_updateOutbound
=== CONT  TestAccAwsRoute53ResolverEndpoint_basicInbound
=== CONT  TestAccAwsRoute53ResolverEndpoint_updateOutbound
--- PASS: TestAccAwsRoute53ResolverEndpoint_basicInbound (108.17s)
--- PASS: TestAccAwsRoute53ResolverEndpoint_updateOutbound (614.07s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	629.443s

@ewbankkit
Copy link
Contributor Author

Rebased to remove the merge conflict (and use route53resolverconn from the AWSClient structure).
Acceptance tests:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsRoute53ResolverEndpoint_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -parallel 20 -run=TestAccAwsRoute53ResolverEndpoint_ -timeout 120m
=== RUN   TestAccAwsRoute53ResolverEndpoint_basicInbound
=== PAUSE TestAccAwsRoute53ResolverEndpoint_basicInbound
=== RUN   TestAccAwsRoute53ResolverEndpoint_updateOutbound
=== PAUSE TestAccAwsRoute53ResolverEndpoint_updateOutbound
=== CONT  TestAccAwsRoute53ResolverEndpoint_basicInbound
=== CONT  TestAccAwsRoute53ResolverEndpoint_updateOutbound
--- PASS: TestAccAwsRoute53ResolverEndpoint_basicInbound (96.67s)
--- PASS: TestAccAwsRoute53ResolverEndpoint_updateOutbound (561.65s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	561.708s

@nywilken
Copy link
Contributor

Maybe we leave as I have it now - Just use subnet_id, which is the one Required field, as the hash value?

@ewbankkit @kmcquade do you have a sense of what the general use case would be for the subnet selection when creating resolvers? More specifically, would you say that the need is to configure resolvers with two different subnet_ids or is it likely that most consumers would need to define the same subnet_id multiple times? If it is the former that I would feel more comfortable merging this in its current state and handling the multiple subnet_id post release.

@ewbankkit
Copy link
Contributor Author

ewbankkit commented Feb 28, 2019
edited
Loading

The AWS recommendation is two or more IP addresses in different Availability Zones which means distinct subnet IDs (and I think the API even enforces this, I'll check on that) and that is certainly how we will configuring our setup.

Verified that distinct subnet IDs must be specified:

$ aws route53resolver create-resolver-endpoint --name foo --security-group-ids sg-01234567 --creator-request-id foo --direction INBOUND --ip-addresses SubnetId=subnet-01234567,SubnetId=subnet-01234567

An error occurred (InvalidRequestException) when calling the CreateResolverEndpoint operation: [RSLVR-00400] Resolver endpoint need to have at least 2 IP addresses.

@nywilken
Copy link
Contributor

The AWS recommendation is two or more IP addresses in different Availability Zones which means distinct subnet IDs (and I think the API even enforces this, I'll check on that) and that is certainly how we will configuring our setup.

I've tested locally using a TypeList and the API doesn't seem to enforce it. But I think we are in agreement on it not being a big enough use case.

> TF_LOG_PATH=log.txt TF_LOG=debug TF_ACC=1 go test ./aws -v -timeout 120m -parallel 10 -run=TestAccAwsRoute53ResolverEndpoint_basicInbound 
=== RUN   TestAccAwsRoute53ResolverEndpoint_basicInbound
=== PAUSE TestAccAwsRoute53ResolverEndpoint_basicInbound
=== CONT  TestAccAwsRoute53ResolverEndpoint_basicInbound
EXPAND [{
  SubnetId: "subnet-031524f87f5a1f18e"
} {
  SubnetId: "subnet-031524f87f5a1f18e"
}]
FLATTEN: [map[ip_id:rni-ea0df5ff66fa430d9 subnet_id:subnet-031524f87f5a1f18e ip:10.0.8.78] map[subnet_id:subnet-031524f87f5a1f18e ip:10.0.55.95 ip_id:rni-e638b90de437
4742a]]
FLATTEN: [map[subnet_id:subnet-031524f87f5a1f18e ip:10.0.8.78 ip_id:rni-ea0df5ff66fa430d9] map[subnet_id:subnet-031524f87f5a1f18e ip:10.0.55.95 ip_id:rni-e638b90de4374
742a]]
FLATTEN: [map[subnet_id:subnet-031524f87f5a1f18e ip:10.0.8.78 ip_id:rni-ea0df5ff66fa430d9] map[subnet_id:subnet-031524f87f5a1f18e ip:10.0.55.95 ip_id:rni-e638b90de4374
742a]]
FLATTEN: [map[ip_id:rni-ea0df5ff66fa430d9 subnet_id:subnet-031524f87f5a1f18e ip:10.0.8.78] map[subnet_id:subnet-031524f87f5a1f18e ip:10.0.55.95 ip_id:rni-e638b90de4374
742a]]
--- PASS: TestAccAwsRoute53ResolverEndpoint_basicInbound (372.50s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       372.519s

@ewbankkit
Copy link
Contributor Author

Agreed, my test may have not been a real test of the API as the CLI might have collapsed the duplicated subnet IDs.

@nywilken nywilken added this to the v2.2.0 milestone Feb 28, 2019
@bflad bflad modified the milestones: v2.2.0, v2.1.0 Feb 28, 2019
@kmcquade
Copy link

@nywilken - definitely not the same subnet_id multiple times... two or more different subnet IDs.

nywilken
nywilken reviewed Feb 28, 2019
View reviewed changes
Copy link
Contributor

@nywilken nywilken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ewbankkit thanks again for pushing this forward and for working through this PR with me. I left a few nitpicks around if/err checks but this is otherwise good to go.

aws/resource_aws_route53_resolver_endpoint.go
resp, err := conn.GetResolverEndpoint(&route53resolver.GetResolverEndpointInput{
ResolverEndpointId: aws.String(epId),
})
if err != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For readability we tend to go with the following convention:

if isAWSErr(err, route53resolver.ErrCodeResourceNotFoundException, "") {
  return &route53resolver.ResolverEndpoint{}, route53ResolverEndpointStatusDeleted, nil
}

if err != nil {
  return nil, "", err
}

aws/resource_aws_route53_resolver_endpoint.go Outdated
buf.WriteString(fmt.Sprintf("%s-", m["subnet_id"].(string)))
// TODO
// TODO * "ip" may be computed - Blank on input, set by API on output; How to handle?
// TODO * Multiple "ip_address" values per "subnet_id" are allowed in the API
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like we have debunked this via the documentation so it is safe to remove the multiple ip_address per subnet_id TODO.

aws/resource_aws_route53_resolver_endpoint_test.go
_, err := conn.GetResolverEndpoint(&route53resolver.GetResolverEndpointInput{
ResolverEndpointId: aws.String(rs.Primary.ID),
})
if err != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto

aws/resource_aws_route53_resolver_endpoint_test.go
_, err := conn.DeleteResolverEndpoint(&route53resolver.DeleteResolverEndpointInput{
ResolverEndpointId: aws.String(id),
})
if err != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto

@ewbankkit
Copy link
Contributor Author

Additional code review changes made.
Acceptance test:

$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAwsRoute53ResolverEndpoint_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws/ -v -parallel 20 -run=TestAccAwsRoute53ResolverEndpoint_ -timeout 120m
=== RUN   TestAccAwsRoute53ResolverEndpoint_basicInbound
=== PAUSE TestAccAwsRoute53ResolverEndpoint_basicInbound
=== RUN   TestAccAwsRoute53ResolverEndpoint_updateOutbound
=== PAUSE TestAccAwsRoute53ResolverEndpoint_updateOutbound
=== CONT  TestAccAwsRoute53ResolverEndpoint_basicInbound
=== CONT  TestAccAwsRoute53ResolverEndpoint_updateOutbound
--- PASS: TestAccAwsRoute53ResolverEndpoint_basicInbound (206.00s)
--- PASS: TestAccAwsRoute53ResolverEndpoint_updateOutbound (707.33s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	707.352s

nywilken
nywilken approved these changes Mar 1, 2019
View reviewed changes
Copy link
Contributor

@nywilken nywilken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great @ewbankkit! Thanks again.

@nywilken nywilken merged commit 27d2204 into hashicorp:master Mar 1, 2019
@ewbankkit ewbankkit deleted the issue-6563 branch March 1, 2019 18:44
@fabiendelpierre fabiendelpierre mentioned this pull request Mar 4, 2019
Merged
@mikecook mikecook mentioned this pull request Mar 15, 2019
Closed
@ewbankkit ewbankkit mentioned this pull request Mar 15, 2019
Closed
@yorinasub17 yorinasub17 mentioned this pull request Apr 17, 2019
Closed
@ewbankkit ewbankkit mentioned this pull request Jun 6, 2019
Closed
@ghost
Copy link

ghost commented Mar 31, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 31, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@paultyng paultyng paultyng left review comments

@nywilken nywilken nywilken approved these changes

Assignees
No one assigned
Labels
documentation Introduces or discusses updates to documentation. new-resource Introduces a new resource. provider Pertains to the provider itself, rather than any interaction with AWS. service/ec2 Issues and PRs that pertain to the ec2 service. service/route53 Issues and PRs that pertain to the route53 service. size/XXL Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Milestone
v2.1.0
Development

Successfully merging this pull request may close these issues.

Feature request: Route 53 Resolver endpoint resource
10 participants
@ewbankkit @gazoakley @rbadillo @aar6ncai @kmcquade @StyleT @johnjelinek @nywilken @paultyng @bflad