diff --git a/aws/dx_vif.go b/aws/dx_vif.go new file mode 100644 index 000000000000..ea659c7b6c99 --- /dev/null +++ b/aws/dx_vif.go @@ -0,0 +1,114 @@ +package aws + +import ( + "fmt" + "log" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/directconnect" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/helper/schema" +) + +func dxVirtualInterfaceRead(id string, conn *directconnect.DirectConnect) (*directconnect.VirtualInterface, error) { + resp, state, err := dxVirtualInterfaceStateRefresh(conn, id)() + if err != nil { + return nil, fmt.Errorf("Error reading Direct Connect virtual interface: %s", err) + } + if state == directconnect.VirtualInterfaceStateDeleted { + return nil, nil + } + + return resp.(*directconnect.VirtualInterface), nil +} + +func dxVirtualInterfaceUpdate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).dxconn + + if err := setTagsDX(conn, d, d.Get("arn").(string)); err != nil { + return err + } + + return nil +} + +func dxVirtualInterfaceDelete(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).dxconn + + log.Printf("[DEBUG] Deleting Direct Connect virtual interface: %s", d.Id()) + _, err := conn.DeleteVirtualInterface(&directconnect.DeleteVirtualInterfaceInput{ + VirtualInterfaceId: aws.String(d.Id()), + }) + if err != nil { + if isAWSErr(err, directconnect.ErrCodeClientException, "does not exist") { + return nil + } + return fmt.Errorf("Error deleting Direct Connect virtual interface: %s", err) + } + + deleteStateConf := &resource.StateChangeConf{ + Pending: []string{ + directconnect.VirtualInterfaceStateAvailable, + directconnect.VirtualInterfaceStateConfirming, + directconnect.VirtualInterfaceStateDeleting, + directconnect.VirtualInterfaceStateDown, + directconnect.VirtualInterfaceStatePending, + directconnect.VirtualInterfaceStateRejected, + directconnect.VirtualInterfaceStateVerifying, + }, + Target: []string{ + directconnect.VirtualInterfaceStateDeleted, + }, + Refresh: dxVirtualInterfaceStateRefresh(conn, d.Id()), + Timeout: d.Timeout(schema.TimeoutDelete), + Delay: 10 * time.Second, + MinTimeout: 5 * time.Second, + } + _, err = deleteStateConf.WaitForState() + if err != nil { + return fmt.Errorf("Error waiting for Direct Connect virtual interface (%s) to be deleted: %s", d.Id(), err) + } + + return nil +} + +func dxVirtualInterfaceStateRefresh(conn *directconnect.DirectConnect, vifId string) resource.StateRefreshFunc { + return func() (interface{}, string, error) { + resp, err := conn.DescribeVirtualInterfaces(&directconnect.DescribeVirtualInterfacesInput{ + VirtualInterfaceId: aws.String(vifId), + }) + if err != nil { + return nil, "", err + } + + n := len(resp.VirtualInterfaces) + switch n { + case 0: + return "", directconnect.VirtualInterfaceStateDeleted, nil + + case 1: + vif := resp.VirtualInterfaces[0] + return vif, aws.StringValue(vif.VirtualInterfaceState), nil + + default: + return nil, "", fmt.Errorf("Found %d Direct Connect virtual interfaces for %s, expected 1", n, vifId) + } + } +} + +func dxVirtualInterfaceWaitUntilAvailable(d *schema.ResourceData, conn *directconnect.DirectConnect, pending, target []string) error { + stateConf := &resource.StateChangeConf{ + Pending: pending, + Target: target, + Refresh: dxVirtualInterfaceStateRefresh(conn, d.Id()), + Timeout: d.Timeout(schema.TimeoutCreate), + Delay: 10 * time.Second, + MinTimeout: 5 * time.Second, + } + if _, err := stateConf.WaitForState(); err != nil { + return fmt.Errorf("Error waiting for Direct Connect virtual interface (%s) to become available: %s", d.Id(), err) + } + + return nil +} diff --git a/aws/provider.go b/aws/provider.go index 1939f4dd146a..4e51e4eb8ed6 100644 --- a/aws/provider.go +++ b/aws/provider.go @@ -371,6 +371,7 @@ func Provider() terraform.ResourceProvider { "aws_dx_connection_association": resourceAwsDxConnectionAssociation(), "aws_dx_gateway": resourceAwsDxGateway(), "aws_dx_gateway_association": resourceAwsDxGatewayAssociation(), + "aws_dx_public_virtual_interface": resourceAwsDxPublicVirtualInterface(), "aws_dynamodb_table": resourceAwsDynamoDbTable(), "aws_dynamodb_table_item": resourceAwsDynamoDbTableItem(), "aws_dynamodb_global_table": resourceAwsDynamoDbGlobalTable(), diff --git a/aws/resource_aws_dx_public_virtual_interface.go b/aws/resource_aws_dx_public_virtual_interface.go new file mode 100644 index 000000000000..c12ba2502f39 --- /dev/null +++ b/aws/resource_aws_dx_public_virtual_interface.go @@ -0,0 +1,223 @@ +package aws + +import ( + "fmt" + "log" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/arn" + "github.com/aws/aws-sdk-go/service/directconnect" + "github.com/hashicorp/terraform/helper/schema" + "github.com/hashicorp/terraform/helper/validation" +) + +func resourceAwsDxPublicVirtualInterface() *schema.Resource { + return &schema.Resource{ + Create: resourceAwsDxPublicVirtualInterfaceCreate, + Read: resourceAwsDxPublicVirtualInterfaceRead, + Update: resourceAwsDxPublicVirtualInterfaceUpdate, + Delete: resourceAwsDxPublicVirtualInterfaceDelete, + Importer: &schema.ResourceImporter{ + State: resourceAwsDxPublicVirtualInterfaceImport, + }, + CustomizeDiff: resourceAwsDxPublicVirtualInterfaceCustomizeDiff, + + Schema: map[string]*schema.Schema{ + "arn": { + Type: schema.TypeString, + Computed: true, + }, + "connection_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + "vlan": { + Type: schema.TypeInt, + Required: true, + ForceNew: true, + ValidateFunc: validation.IntBetween(1, 4094), + }, + "bgp_asn": { + Type: schema.TypeInt, + Required: true, + ForceNew: true, + }, + "bgp_auth_key": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + }, + "address_family": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: validation.StringInSlice([]string{directconnect.AddressFamilyIpv4, directconnect.AddressFamilyIpv6}, false), + }, + "customer_address": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + }, + "amazon_address": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + }, + "route_filter_prefixes": &schema.Schema{ + Type: schema.TypeSet, + Required: true, + ForceNew: true, + Elem: &schema.Schema{Type: schema.TypeString}, + MinItems: 1, + }, + "tags": tagsSchema(), + }, + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(10 * time.Minute), + Delete: schema.DefaultTimeout(10 * time.Minute), + }, + } +} + +func resourceAwsDxPublicVirtualInterfaceCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).dxconn + + req := &directconnect.CreatePublicVirtualInterfaceInput{ + ConnectionId: aws.String(d.Get("connection_id").(string)), + NewPublicVirtualInterface: &directconnect.NewPublicVirtualInterface{ + VirtualInterfaceName: aws.String(d.Get("name").(string)), + Vlan: aws.Int64(int64(d.Get("vlan").(int))), + Asn: aws.Int64(int64(d.Get("bgp_asn").(int))), + AddressFamily: aws.String(d.Get("address_family").(string)), + }, + } + if v, ok := d.GetOk("bgp_auth_key"); ok && v.(string) != "" { + req.NewPublicVirtualInterface.AuthKey = aws.String(v.(string)) + } + if v, ok := d.GetOk("customer_address"); ok && v.(string) != "" { + req.NewPublicVirtualInterface.CustomerAddress = aws.String(v.(string)) + } + if v, ok := d.GetOk("amazon_address"); ok && v.(string) != "" { + req.NewPublicVirtualInterface.AmazonAddress = aws.String(v.(string)) + } + if v, ok := d.GetOk("route_filter_prefixes"); ok { + req.NewPublicVirtualInterface.RouteFilterPrefixes = expandDxRouteFilterPrefixes(v.(*schema.Set).List()) + } + + log.Printf("[DEBUG] Creating Direct Connect public virtual interface: %#v", req) + resp, err := conn.CreatePublicVirtualInterface(req) + if err != nil { + return fmt.Errorf("Error creating Direct Connect public virtual interface: %s", err) + } + + d.SetId(aws.StringValue(resp.VirtualInterfaceId)) + arn := arn.ARN{ + Partition: meta.(*AWSClient).partition, + Region: meta.(*AWSClient).region, + Service: "directconnect", + AccountID: meta.(*AWSClient).accountid, + Resource: fmt.Sprintf("dxvif/%s", d.Id()), + }.String() + d.Set("arn", arn) + + if err := dxPublicVirtualInterfaceWaitUntilAvailable(d, conn); err != nil { + return err + } + + return resourceAwsDxPublicVirtualInterfaceUpdate(d, meta) +} + +func resourceAwsDxPublicVirtualInterfaceRead(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).dxconn + + vif, err := dxVirtualInterfaceRead(d.Id(), conn) + if err != nil { + return err + } + if vif == nil { + log.Printf("[WARN] Direct Connect virtual interface (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + d.Set("connection_id", vif.ConnectionId) + d.Set("name", vif.VirtualInterfaceName) + d.Set("vlan", vif.Vlan) + d.Set("bgp_asn", vif.Asn) + d.Set("bgp_auth_key", vif.AuthKey) + d.Set("address_family", vif.AddressFamily) + d.Set("customer_address", vif.CustomerAddress) + d.Set("amazon_address", vif.AmazonAddress) + d.Set("route_filter_prefixes", flattenDxRouteFilterPrefixes(vif.RouteFilterPrefixes)) + if err := getTagsDX(conn, d, d.Get("arn").(string)); err != nil { + return err + } + + return nil +} + +func resourceAwsDxPublicVirtualInterfaceUpdate(d *schema.ResourceData, meta interface{}) error { + if err := dxVirtualInterfaceUpdate(d, meta); err != nil { + return err + } + + return resourceAwsDxPublicVirtualInterfaceRead(d, meta) +} + +func resourceAwsDxPublicVirtualInterfaceDelete(d *schema.ResourceData, meta interface{}) error { + return dxVirtualInterfaceDelete(d, meta) +} + +func resourceAwsDxPublicVirtualInterfaceImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + arn := arn.ARN{ + Partition: meta.(*AWSClient).partition, + Region: meta.(*AWSClient).region, + Service: "directconnect", + AccountID: meta.(*AWSClient).accountid, + Resource: fmt.Sprintf("dxvif/%s", d.Id()), + }.String() + d.Set("arn", arn) + + return []*schema.ResourceData{d}, nil +} + +func resourceAwsDxPublicVirtualInterfaceCustomizeDiff(diff *schema.ResourceDiff, meta interface{}) error { + if diff.Id() == "" { + // New resource. + if addressFamily := diff.Get("address_family").(string); addressFamily == directconnect.AddressFamilyIpv4 { + if _, ok := diff.GetOk("customer_address"); !ok { + return fmt.Errorf("'customer_address' must be set when 'address_family' is '%s'", addressFamily) + } + if _, ok := diff.GetOk("amazon_address"); !ok { + return fmt.Errorf("'amazon_address' must be set when 'address_family' is '%s'", addressFamily) + } + } + } + + return nil +} + +func dxPublicVirtualInterfaceWaitUntilAvailable(d *schema.ResourceData, conn *directconnect.DirectConnect) error { + return dxVirtualInterfaceWaitUntilAvailable( + d, + conn, + []string{ + directconnect.VirtualInterfaceStatePending, + }, + []string{ + directconnect.VirtualInterfaceStateAvailable, + directconnect.VirtualInterfaceStateDown, + directconnect.VirtualInterfaceStateVerifying, + }) +} diff --git a/aws/resource_aws_dx_public_virtual_interface_test.go b/aws/resource_aws_dx_public_virtual_interface_test.go new file mode 100644 index 000000000000..e498651cbb85 --- /dev/null +++ b/aws/resource_aws_dx_public_virtual_interface_test.go @@ -0,0 +1,134 @@ +package aws + +import ( + "fmt" + "os" + "testing" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/directconnect" + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccAwsDxPublicVirtualInterface_basic(t *testing.T) { + key := "DX_CONNECTION_ID" + connectionId := os.Getenv(key) + if connectionId == "" { + t.Skipf("Environment variable %s is not set", key) + } + vifName := fmt.Sprintf("terraform-testacc-dxvif-%s", acctest.RandString(5)) + bgpAsn := randIntRange(64512, 65534) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAwsDxPublicVirtualInterfaceDestroy, + Steps: []resource.TestStep{ + { + Config: testAccDxPublicVirtualInterfaceConfig_noTags(connectionId, vifName, bgpAsn), + Check: resource.ComposeTestCheckFunc( + testAccCheckAwsDxPublicVirtualInterfaceExists("aws_dx_public_virtual_interface.foo"), + resource.TestCheckResourceAttr("aws_dx_public_virtual_interface.foo", "name", vifName), + resource.TestCheckResourceAttr("aws_dx_public_virtual_interface.foo", "tags.%", "0"), + ), + }, + { + Config: testAccDxPublicVirtualInterfaceConfig_tags(connectionId, vifName, bgpAsn), + Check: resource.ComposeTestCheckFunc( + testAccCheckAwsDxPublicVirtualInterfaceExists("aws_dx_public_virtual_interface.foo"), + resource.TestCheckResourceAttr("aws_dx_public_virtual_interface.foo", "name", vifName), + resource.TestCheckResourceAttr("aws_dx_public_virtual_interface.foo", "tags.%", "1"), + resource.TestCheckResourceAttr("aws_dx_public_virtual_interface.foo", "tags.Environment", "test"), + ), + }, + // Test import. + { + ResourceName: "aws_dx_public_virtual_interface.foo", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccCheckAwsDxPublicVirtualInterfaceDestroy(s *terraform.State) error { + conn := testAccProvider.Meta().(*AWSClient).dxconn + + for _, rs := range s.RootModule().Resources { + if rs.Type != "aws_dx_public_virtual_interface" { + continue + } + + input := &directconnect.DescribeVirtualInterfacesInput{ + VirtualInterfaceId: aws.String(rs.Primary.ID), + } + + resp, err := conn.DescribeVirtualInterfaces(input) + if err != nil { + return err + } + for _, v := range resp.VirtualInterfaces { + if *v.VirtualInterfaceId == rs.Primary.ID && !(*v.VirtualInterfaceState == directconnect.VirtualInterfaceStateDeleted) { + return fmt.Errorf("[DESTROY ERROR] Dx Public VIF (%s) not deleted", rs.Primary.ID) + } + } + } + return nil +} + +func testAccCheckAwsDxPublicVirtualInterfaceExists(name string) resource.TestCheckFunc { + return func(s *terraform.State) error { + _, ok := s.RootModule().Resources[name] + if !ok { + return fmt.Errorf("Not found: %s", name) + } + + return nil + } +} + +func testAccDxPublicVirtualInterfaceConfig_noTags(cid, n string, bgpAsn int) string { + return fmt.Sprintf(` +resource "aws_dx_public_virtual_interface" "foo" { + connection_id = "%s" + + name = "%s" + vlan = 4094 + address_family = "ipv4" + bgp_asn = %d + + customer_address = "175.45.176.1/30" + amazon_address = "175.45.176.2/30" + route_filter_prefixes = [ + "210.52.109.0/24", + "175.45.176.0/22" + ] +} +`, cid, n, bgpAsn) +} + +func testAccDxPublicVirtualInterfaceConfig_tags(cid, n string, bgpAsn int) string { + return fmt.Sprintf(` +resource "aws_dx_public_virtual_interface" "foo" { + connection_id = "%s" + + name = "%s" + vlan = 4094 + address_family = "ipv4" + bgp_asn = %d + + customer_address = "175.45.176.1/30" + amazon_address = "175.45.176.2/30" + route_filter_prefixes = [ + "210.52.109.0/24", + "175.45.176.0/22" + ] + + tags { + Environment = "test" + } +} +`, cid, n, bgpAsn) +} diff --git a/aws/structure.go b/aws/structure.go index 11eca3b1efb2..9370d54e4701 100644 --- a/aws/structure.go +++ b/aws/structure.go @@ -20,6 +20,7 @@ import ( "github.com/aws/aws-sdk-go/service/cognitoidentityprovider" "github.com/aws/aws-sdk-go/service/configservice" "github.com/aws/aws-sdk-go/service/dax" + "github.com/aws/aws-sdk-go/service/directconnect" "github.com/aws/aws-sdk-go/service/directoryservice" "github.com/aws/aws-sdk-go/service/dynamodb" "github.com/aws/aws-sdk-go/service/ec2" @@ -4268,3 +4269,22 @@ func expandVpcPeeringConnectionOptions(m map[string]interface{}) *ec2.PeeringCon return options } + +func expandDxRouteFilterPrefixes(cfg []interface{}) []*directconnect.RouteFilterPrefix { + prefixes := make([]*directconnect.RouteFilterPrefix, len(cfg), len(cfg)) + for i, p := range cfg { + prefix := &directconnect.RouteFilterPrefix{ + Cidr: aws.String(p.(string)), + } + prefixes[i] = prefix + } + return prefixes +} + +func flattenDxRouteFilterPrefixes(prefixes []*directconnect.RouteFilterPrefix) *schema.Set { + out := make([]interface{}, 0) + for _, prefix := range prefixes { + out = append(out, aws.StringValue(prefix.Cidr)) + } + return schema.NewSet(schema.HashString, out) +} diff --git a/aws/utils_test.go b/aws/utils_test.go index 8248f4384d27..785ad141ed33 100644 --- a/aws/utils_test.go +++ b/aws/utils_test.go @@ -1,6 +1,8 @@ package aws -import "testing" +import ( + "testing" +) var base64encodingTests = []struct { in []byte diff --git a/website/aws.erb b/website/aws.erb index 0e07c6a0f181..59beaff6c9b9 100644 --- a/website/aws.erb +++ b/website/aws.erb @@ -776,6 +776,9 @@ > aws_dx_lag + > + aws_dx_public_virtual_interface + diff --git a/website/docs/r/dx_public_virtual_interface.html.markdown b/website/docs/r/dx_public_virtual_interface.html.markdown new file mode 100644 index 000000000000..c8d3705613ae --- /dev/null +++ b/website/docs/r/dx_public_virtual_interface.html.markdown @@ -0,0 +1,69 @@ +--- +layout: "aws" +page_title: "AWS: aws_dx_public_virtual_interface" +sidebar_current: "docs-aws-resource-dx-public-virtual-interface" +description: |- + Provides a Direct Connect public virtual interface resource. +--- + +# aws_dx_public_virtual_interface + +Provides a Direct Connect public virtual interface resource. + +## Example Usage + +```hcl +resource "aws_dx_public_virtual_interface" "foo" { + connection_id = "dxcon-zzzzzzzz" + + name = "vif-foo" + vlan = 4094 + address_family = "ipv4" + bgp_asn = 65352 + + customer_address = "175.45.176.1/30" + amazon_address = "175.45.176.2/30" + route_filter_prefixes = [ + "210.52.109.0/24", + "175.45.176.0/22" + ] +} +``` + +## Argument Reference + +The following arguments are supported: + +* `address_family` - (Required) The address family for the BGP peer. `ipv4 ` or `ipv6`. +* `bgp_asn` - (Required) The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration. +* `connection_id` - (Required) The ID of the Direct Connect connection (or LAG) on which to create the virtual interface. +* `name` - (Required) The name for the virtual interface. +* `vlan` - (Required) The VLAN ID. +* `amazon_address` - (Optional) The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers. +* `bgp_auth_key` - (Optional) The authentication key for BGP configuration. +* `customer_address` - (Optional) The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers. +* `route_filter_prefixes` - (Required) A list of routes to be advertised to the AWS network in this region. +* `tags` - (Optional) A mapping of tags to assign to the resource. + +## Attributes Reference + +The following attributes are exported: + +* `id` - The ID of the virtual interface. +* `arn` - The ARN of the virtual interface. + +## Timeouts + +`aws_dx_public_virtual_interface` provides the following +[Timeouts](/docs/configuration/resources.html#timeouts) configuration options: + +- `create` - (Default `10 minutes`) Used for creating virtual interface +- `delete` - (Default `10 minutes`) Used for destroying virtual interface + +## Import + +Direct Connect public virtual interfaces can be imported using the `vif id`, e.g. + +``` +$ terraform import aws_dx_public_virtual_interface.test dxvif-33cc44dd +```