diff --git a/internal/service/ec2/exports_test.go b/internal/service/ec2/exports_test.go index e5d497c984e..ad90fc66e4e 100644 --- a/internal/service/ec2/exports_test.go +++ b/internal/service/ec2/exports_test.go @@ -5,6 +5,10 @@ package ec2 // Exports for use in tests only. var ( + ResourceClientVPNAuthorizationRule = resourceClientVPNAuthorizationRule + ResourceClientVPNEndpoint = resourceClientVPNEndpoint + ResourceClientVPNNetworkAssociation = resourceClientVPNNetworkAssociation + ResourceClientVPNRoute = resourceClientVPNRoute ResourceCustomerGateway = resourceCustomerGateway ResourceDefaultNetworkACL = resourceDefaultNetworkACL ResourceDefaultRouteTable = resourceDefaultRouteTable @@ -32,6 +36,10 @@ var ( ResourceVPNGatewayRoutePropagation = resourceVPNGatewayRoutePropagation CustomFiltersSchema = customFiltersSchema + FindClientVPNAuthorizationRuleByThreePartKey = findClientVPNAuthorizationRuleByThreePartKey + FindClientVPNEndpointByID = findClientVPNEndpointByID + FindClientVPNNetworkAssociationByTwoPartKey = findClientVPNNetworkAssociationByTwoPartKey + FindClientVPNRouteByThreePartKey = findClientVPNRouteByThreePartKey FindEBSVolumeAttachment = findVolumeAttachment FindEIPByAllocationID = findEIPByAllocationID FindEIPByAssociationID = findEIPByAssociationID diff --git a/internal/service/ec2/find.go b/internal/service/ec2/find.go index 0b801d4df28..c96e777b5db 100644 --- a/internal/service/ec2/find.go +++ b/internal/service/ec2/find.go @@ -216,276 +216,6 @@ func FindCarrierGatewayByID(ctx context.Context, conn *ec2.EC2, id string) (*ec2 return output, nil } -func FindClientVPNEndpoint(ctx context.Context, conn *ec2.EC2, input *ec2.DescribeClientVpnEndpointsInput) (*ec2.ClientVpnEndpoint, error) { - output, err := FindClientVPNEndpoints(ctx, conn, input) - - if err != nil { - return nil, err - } - - return tfresource.AssertSinglePtrResult(output, func(v *ec2.ClientVpnEndpoint) bool { return v.Status != nil }) -} - -func FindClientVPNEndpoints(ctx context.Context, conn *ec2.EC2, input *ec2.DescribeClientVpnEndpointsInput) ([]*ec2.ClientVpnEndpoint, error) { - var output []*ec2.ClientVpnEndpoint - - err := conn.DescribeClientVpnEndpointsPagesWithContext(ctx, input, func(page *ec2.DescribeClientVpnEndpointsOutput, lastPage bool) bool { - if page == nil { - return !lastPage - } - - for _, v := range page.ClientVpnEndpoints { - if v == nil { - continue - } - - output = append(output, v) - } - - return !lastPage - }) - - if tfawserr.ErrCodeEquals(err, errCodeInvalidClientVPNEndpointIdNotFound) { - return nil, &retry.NotFoundError{ - LastError: err, - LastRequest: input, - } - } - - if err != nil { - return nil, err - } - - return output, nil -} - -func FindClientVPNEndpointByID(ctx context.Context, conn *ec2.EC2, id string) (*ec2.ClientVpnEndpoint, error) { - input := &ec2.DescribeClientVpnEndpointsInput{ - ClientVpnEndpointIds: aws.StringSlice([]string{id}), - } - - output, err := FindClientVPNEndpoint(ctx, conn, input) - - if err != nil { - return nil, err - } - - if state := aws.StringValue(output.Status.Code); state == ec2.ClientVpnEndpointStatusCodeDeleted { - return nil, &retry.NotFoundError{ - Message: state, - LastRequest: input, - } - } - - // Eventual consistency check. - if aws.StringValue(output.ClientVpnEndpointId) != id { - return nil, &retry.NotFoundError{ - LastRequest: input, - } - } - - return output, nil -} - -func FindClientVPNEndpointClientConnectResponseOptionsByID(ctx context.Context, conn *ec2.EC2, id string) (*ec2.ClientConnectResponseOptions, error) { - output, err := FindClientVPNEndpointByID(ctx, conn, id) - - if err != nil { - return nil, err - } - - if output.ClientConnectOptions == nil || output.ClientConnectOptions.Status == nil { - return nil, tfresource.NewEmptyResultError(id) - } - - return output.ClientConnectOptions, nil -} - -func FindClientVPNAuthorizationRule(ctx context.Context, conn *ec2.EC2, input *ec2.DescribeClientVpnAuthorizationRulesInput) (*ec2.AuthorizationRule, error) { - output, err := FindClientVPNAuthorizationRules(ctx, conn, input) - - if err != nil { - return nil, err - } - - return tfresource.AssertSinglePtrResult(output, func(v *ec2.AuthorizationRule) bool { return v.Status != nil }) -} - -func FindClientVPNAuthorizationRules(ctx context.Context, conn *ec2.EC2, input *ec2.DescribeClientVpnAuthorizationRulesInput) ([]*ec2.AuthorizationRule, error) { - var output []*ec2.AuthorizationRule - - err := conn.DescribeClientVpnAuthorizationRulesPagesWithContext(ctx, input, func(page *ec2.DescribeClientVpnAuthorizationRulesOutput, lastPage bool) bool { - if page == nil { - return !lastPage - } - - for _, v := range page.AuthorizationRules { - if v == nil { - continue - } - - output = append(output, v) - } - - return !lastPage - }) - - if tfawserr.ErrCodeEquals(err, errCodeInvalidClientVPNEndpointIdNotFound) { - return nil, &retry.NotFoundError{ - LastError: err, - LastRequest: input, - } - } - - if err != nil { - return nil, err - } - - return output, nil -} - -func FindClientVPNAuthorizationRuleByThreePartKey(ctx context.Context, conn *ec2.EC2, endpointID, targetNetworkCIDR, accessGroupID string) (*ec2.AuthorizationRule, error) { - filters := map[string]string{ - "destination-cidr": targetNetworkCIDR, - } - if accessGroupID != "" { - filters["group-id"] = accessGroupID - } - input := &ec2.DescribeClientVpnAuthorizationRulesInput{ - ClientVpnEndpointId: aws.String(endpointID), - Filters: newAttributeFilterList(filters), - } - - return FindClientVPNAuthorizationRule(ctx, conn, input) -} - -func FindClientVPNNetworkAssociation(ctx context.Context, conn *ec2.EC2, input *ec2.DescribeClientVpnTargetNetworksInput) (*ec2.TargetNetwork, error) { - output, err := FindClientVPNNetworkAssociations(ctx, conn, input) - - if err != nil { - return nil, err - } - - return tfresource.AssertSinglePtrResult(output, func(v *ec2.TargetNetwork) bool { return v.Status != nil }) -} - -func FindClientVPNNetworkAssociations(ctx context.Context, conn *ec2.EC2, input *ec2.DescribeClientVpnTargetNetworksInput) ([]*ec2.TargetNetwork, error) { - var output []*ec2.TargetNetwork - - err := conn.DescribeClientVpnTargetNetworksPagesWithContext(ctx, input, func(page *ec2.DescribeClientVpnTargetNetworksOutput, lastPage bool) bool { - if page == nil { - return !lastPage - } - - for _, v := range page.ClientVpnTargetNetworks { - if v == nil { - continue - } - - output = append(output, v) - } - - return !lastPage - }) - - if tfawserr.ErrCodeEquals(err, errCodeInvalidClientVPNEndpointIdNotFound, errCodeInvalidClientVPNAssociationIdNotFound) { - return nil, &retry.NotFoundError{ - LastError: err, - LastRequest: input, - } - } - - if err != nil { - return nil, err - } - - return output, nil -} - -func FindClientVPNNetworkAssociationByIDs(ctx context.Context, conn *ec2.EC2, associationID, endpointID string) (*ec2.TargetNetwork, error) { - input := &ec2.DescribeClientVpnTargetNetworksInput{ - AssociationIds: aws.StringSlice([]string{associationID}), - ClientVpnEndpointId: aws.String(endpointID), - } - - output, err := FindClientVPNNetworkAssociation(ctx, conn, input) - - if err != nil { - return nil, err - } - - if state := aws.StringValue(output.Status.Code); state == ec2.AssociationStatusCodeDisassociated { - return nil, &retry.NotFoundError{ - Message: state, - LastRequest: input, - } - } - - // Eventual consistency check. - if aws.StringValue(output.ClientVpnEndpointId) != endpointID || aws.StringValue(output.AssociationId) != associationID { - return nil, &retry.NotFoundError{ - LastRequest: input, - } - } - - return output, nil -} - -func FindClientVPNRoute(ctx context.Context, conn *ec2.EC2, input *ec2.DescribeClientVpnRoutesInput) (*ec2.ClientVpnRoute, error) { - output, err := FindClientVPNRoutes(ctx, conn, input) - - if err != nil { - return nil, err - } - - return tfresource.AssertSinglePtrResult(output, func(v *ec2.ClientVpnRoute) bool { return v.Status != nil }) -} - -func FindClientVPNRoutes(ctx context.Context, conn *ec2.EC2, input *ec2.DescribeClientVpnRoutesInput) ([]*ec2.ClientVpnRoute, error) { - var output []*ec2.ClientVpnRoute - - err := conn.DescribeClientVpnRoutesPagesWithContext(ctx, input, func(page *ec2.DescribeClientVpnRoutesOutput, lastPage bool) bool { - if page == nil { - return !lastPage - } - - for _, v := range page.Routes { - if v == nil { - continue - } - - output = append(output, v) - } - - return !lastPage - }) - - if tfawserr.ErrCodeEquals(err, errCodeInvalidClientVPNEndpointIdNotFound) { - return nil, &retry.NotFoundError{ - LastError: err, - LastRequest: input, - } - } - - if err != nil { - return nil, err - } - - return output, nil -} - -func FindClientVPNRouteByThreePartKey(ctx context.Context, conn *ec2.EC2, endpointID, targetSubnetID, destinationCIDR string) (*ec2.ClientVpnRoute, error) { - input := &ec2.DescribeClientVpnRoutesInput{ - ClientVpnEndpointId: aws.String(endpointID), - Filters: newAttributeFilterList(map[string]string{ - "destination-cidr": destinationCIDR, - "target-subnet": targetSubnetID, - }), - } - - return FindClientVPNRoute(ctx, conn, input) -} - func FindCOIPPools(ctx context.Context, conn *ec2.EC2, input *ec2.DescribeCoipPoolsInput) ([]*ec2.CoipPool, error) { var output []*ec2.CoipPool diff --git a/internal/service/ec2/findv2.go b/internal/service/ec2/findv2.go index d52ed3bf411..b64d6f52aba 100644 --- a/internal/service/ec2/findv2.go +++ b/internal/service/ec2/findv2.go @@ -288,7 +288,6 @@ func findIPAMPoolAllocationsV2(ctx context.Context, conn *ec2.Client, input *ec2 var output []awstypes.IpamPoolAllocation pages := ec2.NewGetIpamPoolAllocationsPaginator(conn, input) - for pages.HasMorePages() { page, err := pages.NextPage(ctx) @@ -463,9 +462,9 @@ func findPrefixListV2(ctx context.Context, conn *ec2.Client, input *ec2.Describe func findPrefixListsV2(ctx context.Context, conn *ec2.Client, input *ec2.DescribePrefixListsInput) ([]awstypes.PrefixList, error) { var output []awstypes.PrefixList - paginator := ec2.NewDescribePrefixListsPaginator(conn, input) - for paginator.HasMorePages() { - page, err := paginator.NextPage(ctx) + pages := ec2.NewDescribePrefixListsPaginator(conn, input) + for pages.HasMorePages() { + page, err := pages.NextPage(ctx) if err != nil { if tfawserr.ErrCodeEquals(err, errCodeInvalidPrefixListIdNotFound) { @@ -524,9 +523,9 @@ func findVPCEndpointV2(ctx context.Context, conn *ec2.Client, input *ec2.Describ func findVPCEndpointsV2(ctx context.Context, conn *ec2.Client, input *ec2.DescribeVpcEndpointsInput) ([]awstypes.VpcEndpoint, error) { var output []awstypes.VpcEndpoint - paginator := ec2.NewDescribeVpcEndpointsPaginator(conn, input) - for paginator.HasMorePages() { - page, err := paginator.NextPage(ctx) + pages := ec2.NewDescribeVpcEndpointsPaginator(conn, input) + for pages.HasMorePages() { + page, err := pages.NextPage(ctx) if err != nil { if tfawserr.ErrCodeEquals(err, errCodeInvalidVPCEndpointIdNotFound) { @@ -577,9 +576,9 @@ func findVPCEndpointServiceConfigurationV2(ctx context.Context, conn *ec2.Client func findVPCEndpointServiceConfigurationsV2(ctx context.Context, conn *ec2.Client, input *ec2.DescribeVpcEndpointServiceConfigurationsInput) ([]awstypes.ServiceConfiguration, error) { var output []awstypes.ServiceConfiguration - paginator := ec2.NewDescribeVpcEndpointServiceConfigurationsPaginator(conn, input) - for paginator.HasMorePages() { - page, err := paginator.NextPage(ctx) + pages := ec2.NewDescribeVpcEndpointServiceConfigurationsPaginator(conn, input) + for pages.HasMorePages() { + page, err := pages.NextPage(ctx) if err != nil { if tfawserr.ErrCodeEquals(err, errCodeInvalidVPCEndpointServiceIdNotFound) { @@ -772,9 +771,9 @@ func findVPCEndpointServicePrivateDNSNameConfigurationByIDV2(ctx context.Context func findVPCEndpointServicePermissionsV2(ctx context.Context, conn *ec2.Client, input *ec2.DescribeVpcEndpointServicePermissionsInput) ([]awstypes.AllowedPrincipal, error) { var output []awstypes.AllowedPrincipal - paginator := ec2.NewDescribeVpcEndpointServicePermissionsPaginator(conn, input) - for paginator.HasMorePages() { - page, err := paginator.NextPage(ctx) + pages := ec2.NewDescribeVpcEndpointServicePermissionsPaginator(conn, input) + for pages.HasMorePages() { + page, err := pages.NextPage(ctx) if err != nil { if tfawserr.ErrCodeEquals(err, errCodeInvalidVPCEndpointServiceIdNotFound) { @@ -897,9 +896,9 @@ func findVPCEndpointConnectionByServiceIDAndVPCEndpointIDV2(ctx context.Context, var output *awstypes.VpcEndpointConnection - paginator := ec2.NewDescribeVpcEndpointConnectionsPaginator(conn, input) - for paginator.HasMorePages() { - page, err := paginator.NextPage(ctx) + pages := ec2.NewDescribeVpcEndpointConnectionsPaginator(conn, input) + for pages.HasMorePages() { + page, err := pages.NextPage(ctx) if err != nil { return nil, err } @@ -940,9 +939,9 @@ func findVPCEndpointConnectionNotificationV2(ctx context.Context, conn *ec2.Clie func findVPCEndpointConnectionNotificationsV2(ctx context.Context, conn *ec2.Client, input *ec2.DescribeVpcEndpointConnectionNotificationsInput) ([]awstypes.ConnectionNotification, error) { var output []awstypes.ConnectionNotification - paginator := ec2.NewDescribeVpcEndpointConnectionNotificationsPaginator(conn, input) - for paginator.HasMorePages() { - page, err := paginator.NextPage(ctx) + pages := ec2.NewDescribeVpcEndpointConnectionNotificationsPaginator(conn, input) + for pages.HasMorePages() { + page, err := pages.NextPage(ctx) if err != nil { if tfawserr.ErrCodeEquals(err, errCodeInvalidConnectionNotification) { @@ -1001,3 +1000,237 @@ func findVPCEndpointServicePermissionV2(ctx context.Context, conn *ec2.Client, s return tfresource.AssertSingleValueResult(allowedPrincipals) } + +func findClientVPNEndpoint(ctx context.Context, conn *ec2.Client, input *ec2.DescribeClientVpnEndpointsInput) (*awstypes.ClientVpnEndpoint, error) { + output, err := findClientVPNEndpoints(ctx, conn, input) + + if err != nil { + return nil, err + } + + return tfresource.AssertSingleValueResult(output) +} + +func findClientVPNEndpoints(ctx context.Context, conn *ec2.Client, input *ec2.DescribeClientVpnEndpointsInput) ([]awstypes.ClientVpnEndpoint, error) { + var output []awstypes.ClientVpnEndpoint + + pages := ec2.NewDescribeClientVpnEndpointsPaginator(conn, input) + for pages.HasMorePages() { + page, err := pages.NextPage(ctx) + + if tfawserr.ErrCodeEquals(err, errCodeInvalidClientVPNEndpointIdNotFound) { + return nil, &retry.NotFoundError{ + LastError: err, + LastRequest: input, + } + } + + if err != nil { + return nil, err + } + + output = append(output, page.ClientVpnEndpoints...) + } + + return output, nil +} + +func findClientVPNEndpointByID(ctx context.Context, conn *ec2.Client, id string) (*awstypes.ClientVpnEndpoint, error) { + input := &ec2.DescribeClientVpnEndpointsInput{ + ClientVpnEndpointIds: []string{id}, + } + + output, err := findClientVPNEndpoint(ctx, conn, input) + + if err != nil { + return nil, err + } + + if state := output.Status.Code; state == awstypes.ClientVpnEndpointStatusCodeDeleted { + return nil, &retry.NotFoundError{ + Message: string(state), + LastRequest: input, + } + } + + // Eventual consistency check. + if aws.ToString(output.ClientVpnEndpointId) != id { + return nil, &retry.NotFoundError{ + LastRequest: input, + } + } + + return output, nil +} + +func findClientVPNEndpointClientConnectResponseOptionsByID(ctx context.Context, conn *ec2.Client, id string) (*awstypes.ClientConnectResponseOptions, error) { + output, err := findClientVPNEndpointByID(ctx, conn, id) + + if err != nil { + return nil, err + } + + if output.ClientConnectOptions == nil || output.ClientConnectOptions.Status == nil { + return nil, tfresource.NewEmptyResultError(id) + } + + return output.ClientConnectOptions, nil +} + +func findClientVPNAuthorizationRule(ctx context.Context, conn *ec2.Client, input *ec2.DescribeClientVpnAuthorizationRulesInput) (*awstypes.AuthorizationRule, error) { + output, err := findClientVPNAuthorizationRules(ctx, conn, input) + + if err != nil { + return nil, err + } + + return tfresource.AssertSingleValueResult(output) +} + +func findClientVPNAuthorizationRules(ctx context.Context, conn *ec2.Client, input *ec2.DescribeClientVpnAuthorizationRulesInput) ([]awstypes.AuthorizationRule, error) { + var output []awstypes.AuthorizationRule + + pages := ec2.NewDescribeClientVpnAuthorizationRulesPaginator(conn, input) + for pages.HasMorePages() { + page, err := pages.NextPage(ctx) + + if tfawserr.ErrCodeEquals(err, errCodeInvalidClientVPNEndpointIdNotFound) { + return nil, &retry.NotFoundError{ + LastError: err, + LastRequest: input, + } + } + + if err != nil { + return nil, err + } + + output = append(output, page.AuthorizationRules...) + } + + return output, nil +} + +func findClientVPNAuthorizationRuleByThreePartKey(ctx context.Context, conn *ec2.Client, endpointID, targetNetworkCIDR, accessGroupID string) (*awstypes.AuthorizationRule, error) { + filters := map[string]string{ + "destination-cidr": targetNetworkCIDR, + } + if accessGroupID != "" { + filters["group-id"] = accessGroupID + } + input := &ec2.DescribeClientVpnAuthorizationRulesInput{ + ClientVpnEndpointId: aws.String(endpointID), + Filters: newAttributeFilterListV2(filters), + } + + return findClientVPNAuthorizationRule(ctx, conn, input) +} + +func findClientVPNNetworkAssociation(ctx context.Context, conn *ec2.Client, input *ec2.DescribeClientVpnTargetNetworksInput) (*awstypes.TargetNetwork, error) { + output, err := findClientVPNNetworkAssociations(ctx, conn, input) + + if err != nil { + return nil, err + } + + return tfresource.AssertSingleValueResult(output) +} + +func findClientVPNNetworkAssociations(ctx context.Context, conn *ec2.Client, input *ec2.DescribeClientVpnTargetNetworksInput) ([]awstypes.TargetNetwork, error) { + var output []awstypes.TargetNetwork + + pages := ec2.NewDescribeClientVpnTargetNetworksPaginator(conn, input) + for pages.HasMorePages() { + page, err := pages.NextPage(ctx) + + if tfawserr.ErrCodeEquals(err, errCodeInvalidClientVPNEndpointIdNotFound, errCodeInvalidClientVPNAssociationIdNotFound) { + return nil, &retry.NotFoundError{ + LastError: err, + LastRequest: input, + } + } + + if err != nil { + return nil, err + } + + output = append(output, page.ClientVpnTargetNetworks...) + } + + return output, nil +} + +func findClientVPNNetworkAssociationByTwoPartKey(ctx context.Context, conn *ec2.Client, associationID, endpointID string) (*awstypes.TargetNetwork, error) { + input := &ec2.DescribeClientVpnTargetNetworksInput{ + AssociationIds: []string{associationID}, + ClientVpnEndpointId: aws.String(endpointID), + } + + output, err := findClientVPNNetworkAssociation(ctx, conn, input) + + if err != nil { + return nil, err + } + + if state := output.Status.Code; state == awstypes.AssociationStatusCodeDisassociated { + return nil, &retry.NotFoundError{ + Message: string(state), + LastRequest: input, + } + } + + // Eventual consistency check. + if aws.ToString(output.ClientVpnEndpointId) != endpointID || aws.ToString(output.AssociationId) != associationID { + return nil, &retry.NotFoundError{ + LastRequest: input, + } + } + + return output, nil +} + +func findClientVPNRoute(ctx context.Context, conn *ec2.Client, input *ec2.DescribeClientVpnRoutesInput) (*awstypes.ClientVpnRoute, error) { + output, err := findClientVPNRoutes(ctx, conn, input) + + if err != nil { + return nil, err + } + + return tfresource.AssertSingleValueResult(output) +} + +func findClientVPNRoutes(ctx context.Context, conn *ec2.Client, input *ec2.DescribeClientVpnRoutesInput) ([]awstypes.ClientVpnRoute, error) { + var output []awstypes.ClientVpnRoute + + pages := ec2.NewDescribeClientVpnRoutesPaginator(conn, input) + for pages.HasMorePages() { + page, err := pages.NextPage(ctx) + + if tfawserr.ErrCodeEquals(err, errCodeInvalidClientVPNEndpointIdNotFound) { + return nil, &retry.NotFoundError{ + LastError: err, + LastRequest: input, + } + } + + if err != nil { + return nil, err + } + + output = append(output, page.Routes...) + } + + return output, nil +} + +func findClientVPNRouteByThreePartKey(ctx context.Context, conn *ec2.Client, endpointID, targetSubnetID, destinationCIDR string) (*awstypes.ClientVpnRoute, error) { + input := &ec2.DescribeClientVpnRoutesInput{ + ClientVpnEndpointId: aws.String(endpointID), + Filters: newAttributeFilterListV2(map[string]string{ + "destination-cidr": destinationCIDR, + "target-subnet": targetSubnetID, + }), + } + + return findClientVPNRoute(ctx, conn, input) +} diff --git a/internal/service/ec2/service_package_gen.go b/internal/service/ec2/service_package_gen.go index fbebd92570d..669c7482c64 100644 --- a/internal/service/ec2/service_package_gen.go +++ b/internal/service/ec2/service_package_gen.go @@ -120,8 +120,10 @@ func (p *servicePackage) SDKDataSources(ctx context.Context) []*types.ServicePac TypeName: "aws_ebs_volumes", }, { - Factory: DataSourceClientVPNEndpoint, + Factory: dataSourceClientVPNEndpoint, TypeName: "aws_ec2_client_vpn_endpoint", + Name: "Client VPN Endpoint", + Tags: &types.ServicePackageResourceTags{}, }, { Factory: DataSourceCoIPPool, @@ -565,12 +567,12 @@ func (p *servicePackage) SDKResources(ctx context.Context) []*types.ServicePacka }, }, { - Factory: ResourceClientVPNAuthorizationRule, + Factory: resourceClientVPNAuthorizationRule, TypeName: "aws_ec2_client_vpn_authorization_rule", Name: "Client VPN Authorization Rule", }, { - Factory: ResourceClientVPNEndpoint, + Factory: resourceClientVPNEndpoint, TypeName: "aws_ec2_client_vpn_endpoint", Name: "Client VPN Endpoint", Tags: &types.ServicePackageResourceTags{ @@ -578,12 +580,12 @@ func (p *servicePackage) SDKResources(ctx context.Context) []*types.ServicePacka }, }, { - Factory: ResourceClientVPNNetworkAssociation, + Factory: resourceClientVPNNetworkAssociation, TypeName: "aws_ec2_client_vpn_network_association", Name: "Client VPN Network Association", }, { - Factory: ResourceClientVPNRoute, + Factory: resourceClientVPNRoute, TypeName: "aws_ec2_client_vpn_route", Name: "Client VPN Route", }, diff --git a/internal/service/ec2/status.go b/internal/service/ec2/status.go index 93684441670..96d175b3a87 100644 --- a/internal/service/ec2/status.go +++ b/internal/service/ec2/status.go @@ -97,86 +97,6 @@ func StatusLocalGatewayRouteTableVPCAssociationState(ctx context.Context, conn * } } -func StatusClientVPNEndpointState(ctx context.Context, conn *ec2.EC2, id string) retry.StateRefreshFunc { - return func() (interface{}, string, error) { - output, err := FindClientVPNEndpointByID(ctx, conn, id) - - if tfresource.NotFound(err) { - return nil, "", nil - } - - if err != nil { - return nil, "", err - } - - return output, aws.StringValue(output.Status.Code), nil - } -} - -func StatusClientVPNEndpointClientConnectResponseOptionsState(ctx context.Context, conn *ec2.EC2, id string) retry.StateRefreshFunc { - return func() (interface{}, string, error) { - output, err := FindClientVPNEndpointClientConnectResponseOptionsByID(ctx, conn, id) - - if tfresource.NotFound(err) { - return nil, "", nil - } - - if err != nil { - return nil, "", err - } - - return output, aws.StringValue(output.Status.Code), nil - } -} - -func StatusClientVPNAuthorizationRule(ctx context.Context, conn *ec2.EC2, endpointID, targetNetworkCIDR, accessGroupID string) retry.StateRefreshFunc { - return func() (interface{}, string, error) { - output, err := FindClientVPNAuthorizationRuleByThreePartKey(ctx, conn, endpointID, targetNetworkCIDR, accessGroupID) - - if tfresource.NotFound(err) { - return nil, "", nil - } - - if err != nil { - return nil, "", err - } - - return output, aws.StringValue(output.Status.Code), nil - } -} - -func StatusClientVPNNetworkAssociation(ctx context.Context, conn *ec2.EC2, associationID, endpointID string) retry.StateRefreshFunc { - return func() (interface{}, string, error) { - output, err := FindClientVPNNetworkAssociationByIDs(ctx, conn, associationID, endpointID) - - if tfresource.NotFound(err) { - return nil, "", nil - } - - if err != nil { - return nil, "", err - } - - return output, aws.StringValue(output.Status.Code), nil - } -} - -func StatusClientVPNRoute(ctx context.Context, conn *ec2.EC2, endpointID, targetSubnetID, destinationCIDR string) retry.StateRefreshFunc { - return func() (interface{}, string, error) { - output, err := FindClientVPNRouteByThreePartKey(ctx, conn, endpointID, targetSubnetID, destinationCIDR) - - if tfresource.NotFound(err) { - return nil, "", nil - } - - if err != nil { - return nil, "", err - } - - return output, aws.StringValue(output.Status.Code), nil - } -} - func StatusFleetState(ctx context.Context, conn *ec2.EC2, id string) retry.StateRefreshFunc { return func() (interface{}, string, error) { // Don't call FindFleetByID as it maps useful status codes to NotFoundError. diff --git a/internal/service/ec2/statusv2.go b/internal/service/ec2/statusv2.go index 9b1b8db1d14..89d9487b01e 100644 --- a/internal/service/ec2/statusv2.go +++ b/internal/service/ec2/statusv2.go @@ -234,7 +234,88 @@ func statusVPCEndpointConnectionVPCEndpointStateV2(ctx context.Context, conn *ec func statusVPCEndpointServicePrivateDNSNameConfigurationV2(ctx context.Context, conn *ec2.Client, id string) retry.StateRefreshFunc { return func() (interface{}, string, error) { - out, err := findVPCEndpointServicePrivateDNSNameConfigurationByIDV2(ctx, conn, id) + output, err := findVPCEndpointServicePrivateDNSNameConfigurationByIDV2(ctx, conn, id) + + if tfresource.NotFound(err) { + return nil, "", nil + } + + if err != nil { + return nil, "", err + } + + return output, string(output.State), nil + } +} + +func statusClientVPNEndpointState(ctx context.Context, conn *ec2.Client, id string) retry.StateRefreshFunc { + return func() (interface{}, string, error) { + output, err := findClientVPNEndpointByID(ctx, conn, id) + + if tfresource.NotFound(err) { + return nil, "", nil + } + + if err != nil { + return nil, "", err + } + + return output, string(output.Status.Code), nil + } +} + +func statusClientVPNEndpointClientConnectResponseOptionsState(ctx context.Context, conn *ec2.Client, id string) retry.StateRefreshFunc { + return func() (interface{}, string, error) { + output, err := findClientVPNEndpointClientConnectResponseOptionsByID(ctx, conn, id) + + if tfresource.NotFound(err) { + return nil, "", nil + } + + if err != nil { + return nil, "", err + } + + return output, string(output.Status.Code), nil + } +} + +func statusClientVPNAuthorizationRule(ctx context.Context, conn *ec2.Client, endpointID, targetNetworkCIDR, accessGroupID string) retry.StateRefreshFunc { + return func() (interface{}, string, error) { + output, err := findClientVPNAuthorizationRuleByThreePartKey(ctx, conn, endpointID, targetNetworkCIDR, accessGroupID) + + if tfresource.NotFound(err) { + return nil, "", nil + } + + if err != nil { + return nil, "", err + } + + return output, string(output.Status.Code), nil + } +} + +func statusClientVPNNetworkAssociation(ctx context.Context, conn *ec2.Client, associationID, endpointID string) retry.StateRefreshFunc { + return func() (interface{}, string, error) { + output, err := findClientVPNNetworkAssociationByTwoPartKey(ctx, conn, associationID, endpointID) + + if tfresource.NotFound(err) { + return nil, "", nil + } + + if err != nil { + return nil, "", err + } + + return output, string(output.Status.Code), nil + } +} + +func statusClientVPNRoute(ctx context.Context, conn *ec2.Client, endpointID, targetSubnetID, destinationCIDR string) retry.StateRefreshFunc { + return func() (interface{}, string, error) { + output, err := findClientVPNRouteByThreePartKey(ctx, conn, endpointID, targetSubnetID, destinationCIDR) + if tfresource.NotFound(err) { return nil, "", nil } @@ -243,6 +324,6 @@ func statusVPCEndpointServicePrivateDNSNameConfigurationV2(ctx context.Context, return nil, "", err } - return out, string(out.State), nil + return output, string(output.Status.Code), nil } } diff --git a/internal/service/ec2/sweep.go b/internal/service/ec2/sweep.go index 7daf9612efb..28505b3363a 100644 --- a/internal/service/ec2/sweep.go +++ b/internal/service/ec2/sweep.go @@ -564,7 +564,7 @@ func sweepClientVPNEndpoints(region string) error { } for _, v := range page.ClientVpnEndpoints { - r := ResourceClientVPNEndpoint() + r := resourceClientVPNEndpoint() d := r.Data(nil) d.SetId(aws.StringValue(v.ClientVpnEndpointId)) @@ -619,7 +619,7 @@ func sweepClientVPNNetworkAssociations(region string) error { } for _, v := range page.ClientVpnTargetNetworks { - r := ResourceClientVPNNetworkAssociation() + r := resourceClientVPNNetworkAssociation() d := r.Data(nil) d.SetId(aws.StringValue(v.AssociationId)) d.Set("client_vpn_endpoint_id", v.ClientVpnEndpointId) diff --git a/internal/service/ec2/vpnclient_authorization_rule.go b/internal/service/ec2/vpnclient_authorization_rule.go index 1bf4ca7d7d6..3e7e4630c67 100644 --- a/internal/service/ec2/vpnclient_authorization_rule.go +++ b/internal/service/ec2/vpnclient_authorization_rule.go @@ -8,10 +8,11 @@ import ( "fmt" "log" "strings" + "time" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/ec2" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/ec2" + "github.com/hashicorp/aws-sdk-go-base/v2/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" sdkid "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -24,7 +25,7 @@ import ( ) // @SDKResource("aws_ec2_client_vpn_authorization_rule", name="Client VPN Authorization Rule") -func ResourceClientVPNAuthorizationRule() *schema.Resource { +func resourceClientVPNAuthorizationRule() *schema.Resource { return &schema.Resource{ CreateWithoutTimeout: resourceClientVPNAuthorizationRuleCreate, ReadWithoutTimeout: resourceClientVPNAuthorizationRuleRead, @@ -35,8 +36,8 @@ func ResourceClientVPNAuthorizationRule() *schema.Resource { }, Timeouts: &schema.ResourceTimeout{ - Create: schema.DefaultTimeout(ClientVPNAuthorizationRuleCreatedTimeout), - Delete: schema.DefaultTimeout(ClientVPNAuthorizationRuleDeletedTimeout), + Create: schema.DefaultTimeout(10 * time.Minute), + Delete: schema.DefaultTimeout(10 * time.Minute), }, Schema: map[string]*schema.Schema{ @@ -75,7 +76,7 @@ func ResourceClientVPNAuthorizationRule() *schema.Resource { func resourceClientVPNAuthorizationRuleCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) + conn := meta.(*conns.AWSClient).EC2Client(ctx) endpointID := d.Get("client_vpn_endpoint_id").(string) targetNetworkCIDR := d.Get("target_network_cidr").(string) @@ -100,7 +101,7 @@ func resourceClientVPNAuthorizationRuleCreate(ctx context.Context, d *schema.Res } id := ClientVPNAuthorizationRuleCreateResourceID(endpointID, targetNetworkCIDR, accessGroupID) - _, err := conn.AuthorizeClientVpnIngressWithContext(ctx, input) + _, err := conn.AuthorizeClientVpnIngress(ctx, input) if err != nil { return sdkdiag.AppendErrorf(diags, "authorizing EC2 Client VPN Authorization Rule (%s): %s", id, err) @@ -108,7 +109,7 @@ func resourceClientVPNAuthorizationRuleCreate(ctx context.Context, d *schema.Res d.SetId(id) - if _, err := WaitClientVPNAuthorizationRuleCreated(ctx, conn, endpointID, targetNetworkCIDR, accessGroupID, d.Timeout(schema.TimeoutCreate)); err != nil { + if _, err := waitClientVPNAuthorizationRuleCreated(ctx, conn, endpointID, targetNetworkCIDR, accessGroupID, d.Timeout(schema.TimeoutCreate)); err != nil { return sdkdiag.AppendErrorf(diags, "waiting for EC2 Client VPN Authorization Rule (%s) create: %s", d.Id(), err) } @@ -117,14 +118,14 @@ func resourceClientVPNAuthorizationRuleCreate(ctx context.Context, d *schema.Res func resourceClientVPNAuthorizationRuleRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) + conn := meta.(*conns.AWSClient).EC2Client(ctx) endpointID, targetNetworkCIDR, accessGroupID, err := ClientVPNAuthorizationRuleParseResourceID(d.Id()) if err != nil { return sdkdiag.AppendFromErr(diags, err) } - rule, err := FindClientVPNAuthorizationRuleByThreePartKey(ctx, conn, endpointID, targetNetworkCIDR, accessGroupID) + rule, err := findClientVPNAuthorizationRuleByThreePartKey(ctx, conn, endpointID, targetNetworkCIDR, accessGroupID) if !d.IsNewResource() && tfresource.NotFound(err) { log.Printf("[WARN] EC2 Client VPN Authorization Rule (%s) not found, removing from state", d.Id()) @@ -147,7 +148,7 @@ func resourceClientVPNAuthorizationRuleRead(ctx context.Context, d *schema.Resou func resourceClientVPNAuthorizationRuleDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) + conn := meta.(*conns.AWSClient).EC2Client(ctx) endpointID, targetNetworkCIDR, accessGroupID, err := ClientVPNAuthorizationRuleParseResourceID(d.Id()) if err != nil { @@ -164,7 +165,7 @@ func resourceClientVPNAuthorizationRuleDelete(ctx context.Context, d *schema.Res } log.Printf("[DEBUG] Deleting EC2 Client VPN Authorization Rule: %s", d.Id()) - _, err = conn.RevokeClientVpnIngressWithContext(ctx, input) + _, err = conn.RevokeClientVpnIngress(ctx, input) if tfawserr.ErrCodeEquals(err, errCodeInvalidClientVPNEndpointIdNotFound, errCodeInvalidClientVPNAuthorizationRuleNotFound) { return diags @@ -174,7 +175,7 @@ func resourceClientVPNAuthorizationRuleDelete(ctx context.Context, d *schema.Res return sdkdiag.AppendErrorf(diags, "deleting EC2 Client VPN Authorization Rule (%s): %s", d.Id(), err) } - if _, err := WaitClientVPNAuthorizationRuleDeleted(ctx, conn, endpointID, targetNetworkCIDR, accessGroupID, d.Timeout(schema.TimeoutDelete)); err != nil { + if _, err := waitClientVPNAuthorizationRuleDeleted(ctx, conn, endpointID, targetNetworkCIDR, accessGroupID, d.Timeout(schema.TimeoutDelete)); err != nil { return sdkdiag.AppendErrorf(diags, "deleting EC2 Client VPN Authorization Rule (%s): waiting for completion: %s", d.Id(), err) } diff --git a/internal/service/ec2/vpnclient_authorization_rule_test.go b/internal/service/ec2/vpnclient_authorization_rule_test.go index 0f86777b4cf..7463b6e6fb4 100644 --- a/internal/service/ec2/vpnclient_authorization_rule_test.go +++ b/internal/service/ec2/vpnclient_authorization_rule_test.go @@ -9,7 +9,7 @@ import ( "strings" "testing" - "github.com/aws/aws-sdk-go/service/ec2" + awstypes "github.com/aws/aws-sdk-go-v2/service/ec2/types" sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" @@ -23,7 +23,7 @@ import ( func testAccClientVPNAuthorizationRule_basic(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.AuthorizationRule + var v awstypes.AuthorizationRule rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_authorization_rule.test" subnetResourceName := "aws_subnet.test.0" @@ -57,7 +57,7 @@ func testAccClientVPNAuthorizationRule_basic(t *testing.T, semaphore tfsync.Sema func testAccClientVPNAuthorizationRule_disappears(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.AuthorizationRule + var v awstypes.AuthorizationRule rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_authorization_rule.test" @@ -84,7 +84,7 @@ func testAccClientVPNAuthorizationRule_disappears(t *testing.T, semaphore tfsync func testAccClientVPNAuthorizationRule_Disappears_endpoint(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.AuthorizationRule + var v awstypes.AuthorizationRule rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_authorization_rule.test" @@ -111,7 +111,7 @@ func testAccClientVPNAuthorizationRule_Disappears_endpoint(t *testing.T, semapho func testAccClientVPNAuthorizationRule_groups(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.AuthorizationRule + var v awstypes.AuthorizationRule rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource1Name := "aws_ec2_client_vpn_authorization_rule.test1" resource2Name := "aws_ec2_client_vpn_authorization_rule.test2" @@ -186,7 +186,7 @@ func testAccClientVPNAuthorizationRule_groups(t *testing.T, semaphore tfsync.Sem func testAccClientVPNAuthorizationRule_subnets(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.AuthorizationRule + var v awstypes.AuthorizationRule rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resource1Name := "aws_ec2_client_vpn_authorization_rule.test1" resource2Name := "aws_ec2_client_vpn_authorization_rule.test2" @@ -244,7 +244,7 @@ func testAccClientVPNAuthorizationRule_subnets(t *testing.T, semaphore tfsync.Se func testAccCheckClientVPNAuthorizationRuleDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { - conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Client(ctx) for _, rs := range s.RootModule().Resources { if rs.Type != "aws_ec2_client_vpn_authorization_rule" { @@ -273,7 +273,7 @@ func testAccCheckClientVPNAuthorizationRuleDestroy(ctx context.Context) resource } } -func testAccCheckClientVPNAuthorizationRuleExists(ctx context.Context, name string, v *ec2.AuthorizationRule) resource.TestCheckFunc { +func testAccCheckClientVPNAuthorizationRuleExists(ctx context.Context, name string, v *awstypes.AuthorizationRule) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[name] if !ok { @@ -285,7 +285,7 @@ func testAccCheckClientVPNAuthorizationRuleExists(ctx context.Context, name stri return err } - conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Client(ctx) output, err := tfec2.FindClientVPNAuthorizationRuleByThreePartKey(ctx, conn, endpointID, targetNetworkCIDR, accessGroupID) diff --git a/internal/service/ec2/vpnclient_endpoint.go b/internal/service/ec2/vpnclient_endpoint.go index 2d289d8cd88..bbfafa3206c 100644 --- a/internal/service/ec2/vpnclient_endpoint.go +++ b/internal/service/ec2/vpnclient_endpoint.go @@ -8,15 +8,17 @@ import ( "fmt" "log" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/arn" - "github.com/aws/aws-sdk-go/service/ec2" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/aws/arn" + "github.com/aws/aws-sdk-go-v2/service/ec2" + awstypes "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/hashicorp/aws-sdk-go-base/v2/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" "github.com/hashicorp/terraform-provider-aws/internal/conns" + "github.com/hashicorp/terraform-provider-aws/internal/enum" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" "github.com/hashicorp/terraform-provider-aws/internal/flex" tftags "github.com/hashicorp/terraform-provider-aws/internal/tags" @@ -27,7 +29,7 @@ import ( // @SDKResource("aws_ec2_client_vpn_endpoint", name="Client VPN Endpoint") // @Tags(identifierAttribute="id") -func ResourceClientVPNEndpoint() *schema.Resource { +func resourceClientVPNEndpoint() *schema.Resource { return &schema.Resource{ CreateWithoutTimeout: resourceClientVPNEndpointCreate, ReadWithoutTimeout: resourceClientVPNEndpointRead, @@ -76,10 +78,10 @@ func ResourceClientVPNEndpoint() *schema.Resource { ValidateFunc: verify.ValidARN, }, names.AttrType: { - Type: schema.TypeString, - Required: true, - ForceNew: true, - ValidateFunc: validation.StringInSlice(ec2.ClientVpnAuthenticationType_Values(), false), + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateDiagFunc: enum.Validate[awstypes.ClientVpnAuthenticationType](), }, }, }, @@ -176,10 +178,10 @@ func ResourceClientVPNEndpoint() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, }, "self_service_portal": { - Type: schema.TypeString, - Optional: true, - Default: ec2.SelfServicePortalDisabled, - ValidateFunc: validation.StringInSlice(ec2.SelfServicePortal_Values(), false), + Type: schema.TypeString, + Optional: true, + Default: awstypes.SelfServicePortalDisabled, + ValidateDiagFunc: enum.Validate[awstypes.SelfServicePortal](), }, "self_service_portal_url": { Type: schema.TypeString, @@ -204,11 +206,11 @@ func ResourceClientVPNEndpoint() *schema.Resource { names.AttrTags: tftags.TagsSchema(), names.AttrTagsAll: tftags.TagsSchemaComputed(), "transport_protocol": { - Type: schema.TypeString, - Optional: true, - ForceNew: true, - Default: ec2.TransportProtocolUdp, - ValidateFunc: validation.StringInSlice(ec2.TransportProtocol_Values(), false), + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Default: awstypes.TransportProtocolUdp, + ValidateDiagFunc: enum.Validate[awstypes.TransportProtocol](), }, names.AttrVPCID: { Type: schema.TypeString, @@ -230,16 +232,16 @@ func ResourceClientVPNEndpoint() *schema.Resource { func resourceClientVPNEndpointCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) + conn := meta.(*conns.AWSClient).EC2Client(ctx) input := &ec2.CreateClientVpnEndpointInput{ ClientCidrBlock: aws.String(d.Get("client_cidr_block").(string)), ClientToken: aws.String(id.UniqueId()), ServerCertificateArn: aws.String(d.Get("server_certificate_arn").(string)), SplitTunnel: aws.Bool(d.Get("split_tunnel").(bool)), - TagSpecifications: getTagSpecificationsIn(ctx, ec2.ResourceTypeClientVpnEndpoint), - TransportProtocol: aws.String(d.Get("transport_protocol").(string)), - VpnPort: aws.Int64(int64(d.Get("vpn_port").(int))), + TagSpecifications: getTagSpecificationsInV2(ctx, awstypes.ResourceTypeClientVpnEndpoint), + TransportProtocol: awstypes.TransportProtocol(d.Get("transport_protocol").(string)), + VpnPort: aws.Int32(int32(d.Get("vpn_port").(int))), } if v, ok := d.GetOk("authentication_options"); ok && v.(*schema.Set).Len() > 0 { @@ -263,41 +265,41 @@ func resourceClientVPNEndpointCreate(ctx context.Context, d *schema.ResourceData } if v, ok := d.GetOk("dns_servers"); ok && len(v.([]interface{})) > 0 { - input.DnsServers = flex.ExpandStringList(v.([]interface{})) + input.DnsServers = flex.ExpandStringValueList(v.([]interface{})) } if v, ok := d.GetOk(names.AttrSecurityGroupIDs); ok { - input.SecurityGroupIds = flex.ExpandStringSet(v.(*schema.Set)) + input.SecurityGroupIds = flex.ExpandStringValueSet(v.(*schema.Set)) } if v, ok := d.GetOk("self_service_portal"); ok { - input.SelfServicePortal = aws.String(v.(string)) + input.SelfServicePortal = awstypes.SelfServicePortal(v.(string)) } if v, ok := d.GetOk("session_timeout_hours"); ok { - input.SessionTimeoutHours = aws.Int64(int64(v.(int))) + input.SessionTimeoutHours = aws.Int32(int32(v.(int))) } if v, ok := d.GetOk(names.AttrVPCID); ok { input.VpcId = aws.String(v.(string)) } - output, err := conn.CreateClientVpnEndpointWithContext(ctx, input) + output, err := conn.CreateClientVpnEndpoint(ctx, input) if err != nil { return sdkdiag.AppendErrorf(diags, "creating EC2 Client VPN Endpoint: %s", err) } - d.SetId(aws.StringValue(output.ClientVpnEndpointId)) + d.SetId(aws.ToString(output.ClientVpnEndpointId)) return append(diags, resourceClientVPNEndpointRead(ctx, d, meta)...) } func resourceClientVPNEndpointRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) + conn := meta.(*conns.AWSClient).EC2Client(ctx) - ep, err := FindClientVPNEndpointByID(ctx, conn, d.Id()) + ep, err := findClientVPNEndpointByID(ctx, conn, d.Id()) if !d.IsNewResource() && tfresource.NotFound(err) { log.Printf("[WARN] EC2 Client VPN Endpoint (%s) not found, removing from state", d.Id()) @@ -311,7 +313,7 @@ func resourceClientVPNEndpointRead(ctx context.Context, d *schema.ResourceData, arn := arn.ARN{ Partition: meta.(*conns.AWSClient).Partition, - Service: ec2.ServiceName, + Service: names.EC2, Region: meta.(*conns.AWSClient).Region, AccountID: meta.(*conns.AWSClient).AccountID, Resource: fmt.Sprintf("client-vpn-endpoint/%s", d.Id()), @@ -344,12 +346,12 @@ func resourceClientVPNEndpointRead(ctx context.Context, d *schema.ResourceData, } d.Set(names.AttrDescription, ep.Description) d.Set(names.AttrDNSName, ep.DnsName) - d.Set("dns_servers", aws.StringValueSlice(ep.DnsServers)) - d.Set(names.AttrSecurityGroupIDs, aws.StringValueSlice(ep.SecurityGroupIds)) - if aws.StringValue(ep.SelfServicePortalUrl) != "" { - d.Set("self_service_portal", ec2.SelfServicePortalEnabled) + d.Set("dns_servers", aws.StringSlice(ep.DnsServers)) + d.Set(names.AttrSecurityGroupIDs, aws.StringSlice(ep.SecurityGroupIds)) + if aws.ToString(ep.SelfServicePortalUrl) != "" { + d.Set("self_service_portal", awstypes.SelfServicePortalEnabled) } else { - d.Set("self_service_portal", ec2.SelfServicePortalDisabled) + d.Set("self_service_portal", awstypes.SelfServicePortalDisabled) } d.Set("self_service_portal_url", ep.SelfServicePortalUrl) d.Set("server_certificate_arn", ep.ServerCertificateArn) @@ -359,14 +361,14 @@ func resourceClientVPNEndpointRead(ctx context.Context, d *schema.ResourceData, d.Set(names.AttrVPCID, ep.VpcId) d.Set("vpn_port", ep.VpnPort) - setTagsOut(ctx, ep.Tags) + setTagsOutV2(ctx, ep.Tags) return diags } func resourceClientVPNEndpointUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) + conn := meta.(*conns.AWSClient).EC2Client(ctx) if d.HasChangesExcept(names.AttrTags, names.AttrTagsAll) { var waitForClientConnectResponseOptionsUpdate bool @@ -402,26 +404,26 @@ func resourceClientVPNEndpointUpdate(ctx context.Context, d *schema.ResourceData dnsServers := d.Get("dns_servers").([]interface{}) enabled := len(dnsServers) > 0 - input.DnsServers = &ec2.DnsServersOptionsModifyStructure{ + input.DnsServers = &awstypes.DnsServersOptionsModifyStructure{ Enabled: aws.Bool(enabled), } if enabled { - input.DnsServers.CustomDnsServers = flex.ExpandStringList(dnsServers) + input.DnsServers.CustomDnsServers = flex.ExpandStringValueList(dnsServers) } } if d.HasChange(names.AttrSecurityGroupIDs) { - input.SecurityGroupIds = flex.ExpandStringSet(d.Get(names.AttrSecurityGroupIDs).(*schema.Set)) + input.SecurityGroupIds = flex.ExpandStringValueSet(d.Get(names.AttrSecurityGroupIDs).(*schema.Set)) // "InvalidParameterValue: Security Groups cannot be modified without specifying Vpc Id" input.VpcId = aws.String(d.Get(names.AttrVPCID).(string)) } if d.HasChange("self_service_portal") { - input.SelfServicePortal = aws.String(d.Get("self_service_portal").(string)) + input.SelfServicePortal = awstypes.SelfServicePortal(d.Get("self_service_portal").(string)) } if d.HasChange("session_timeout_hours") { - input.SessionTimeoutHours = aws.Int64(int64(d.Get("session_timeout_hours").(int))) + input.SessionTimeoutHours = aws.Int32(int32(d.Get("session_timeout_hours").(int))) } if d.HasChange("server_certificate_arn") { @@ -433,19 +435,19 @@ func resourceClientVPNEndpointUpdate(ctx context.Context, d *schema.ResourceData } if d.HasChange("vpn_port") { - input.VpnPort = aws.Int64(int64(d.Get("vpn_port").(int))) + input.VpnPort = aws.Int32(int32(d.Get("vpn_port").(int))) } if d.HasChange(names.AttrVPCID) { input.VpcId = aws.String(d.Get(names.AttrVPCID).(string)) } - if _, err := conn.ModifyClientVpnEndpointWithContext(ctx, input); err != nil { + if _, err := conn.ModifyClientVpnEndpoint(ctx, input); err != nil { return sdkdiag.AppendErrorf(diags, "modifying EC2 Client VPN Endpoint (%s): %s", d.Id(), err) } if waitForClientConnectResponseOptionsUpdate { - if _, err := WaitClientVPNEndpointClientConnectResponseOptionsUpdated(ctx, conn, d.Id()); err != nil { + if _, err := waitClientVPNEndpointClientConnectResponseOptionsUpdated(ctx, conn, d.Id()); err != nil { return sdkdiag.AppendErrorf(diags, "waiting for EC2 Client VPN Endpoint (%s) ClientConnectResponseOptions update: %s", d.Id(), err) } } @@ -456,10 +458,10 @@ func resourceClientVPNEndpointUpdate(ctx context.Context, d *schema.ResourceData func resourceClientVPNEndpointDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) + conn := meta.(*conns.AWSClient).EC2Client(ctx) log.Printf("[DEBUG] Deleting EC2 Client VPN Endpoint: %s", d.Id()) - _, err := conn.DeleteClientVpnEndpointWithContext(ctx, &ec2.DeleteClientVpnEndpointInput{ + _, err := conn.DeleteClientVpnEndpoint(ctx, &ec2.DeleteClientVpnEndpointInput{ ClientVpnEndpointId: aws.String(d.Id()), }) @@ -471,44 +473,44 @@ func resourceClientVPNEndpointDelete(ctx context.Context, d *schema.ResourceData return sdkdiag.AppendErrorf(diags, "deleting EC2 Client VPN Endpoint (%s): %s", d.Id(), err) } - if _, err := WaitClientVPNEndpointDeleted(ctx, conn, d.Id()); err != nil { + if _, err := waitClientVPNEndpointDeleted(ctx, conn, d.Id()); err != nil { return sdkdiag.AppendErrorf(diags, "waiting for EC2 Client VPN Endpoint (%s) delete: %s", d.Id(), err) } return diags } -func expandClientVPNAuthenticationRequest(tfMap map[string]interface{}) *ec2.ClientVpnAuthenticationRequest { +func expandClientVPNAuthenticationRequest(tfMap map[string]interface{}) *awstypes.ClientVpnAuthenticationRequest { if tfMap == nil { return nil } - apiObject := &ec2.ClientVpnAuthenticationRequest{} + apiObject := &awstypes.ClientVpnAuthenticationRequest{} var authnType string if v, ok := tfMap[names.AttrType].(string); ok && v != "" { authnType = v - apiObject.Type = aws.String(v) + apiObject.Type = awstypes.ClientVpnAuthenticationType(v) } switch authnType { - case ec2.ClientVpnAuthenticationTypeCertificateAuthentication: + case string(awstypes.ClientVpnAuthenticationTypeCertificateAuthentication): if v, ok := tfMap["root_certificate_chain_arn"].(string); ok && v != "" { - apiObject.MutualAuthentication = &ec2.CertificateAuthenticationRequest{ + apiObject.MutualAuthentication = &awstypes.CertificateAuthenticationRequest{ ClientRootCertificateChainArn: aws.String(v), } } - case ec2.ClientVpnAuthenticationTypeDirectoryServiceAuthentication: + case string(awstypes.ClientVpnAuthenticationTypeDirectoryServiceAuthentication): if v, ok := tfMap["active_directory_id"].(string); ok && v != "" { - apiObject.ActiveDirectory = &ec2.DirectoryServiceAuthenticationRequest{ + apiObject.ActiveDirectory = &awstypes.DirectoryServiceAuthenticationRequest{ DirectoryId: aws.String(v), } } - case ec2.ClientVpnAuthenticationTypeFederatedAuthentication: + case string(awstypes.ClientVpnAuthenticationTypeFederatedAuthentication): if v, ok := tfMap["saml_provider_arn"].(string); ok && v != "" { - apiObject.FederatedAuthentication = &ec2.FederatedAuthenticationRequest{ + apiObject.FederatedAuthentication = &awstypes.FederatedAuthenticationRequest{ SAMLProviderArn: aws.String(v), } @@ -521,12 +523,12 @@ func expandClientVPNAuthenticationRequest(tfMap map[string]interface{}) *ec2.Cli return apiObject } -func expandClientVPNAuthenticationRequests(tfList []interface{}) []*ec2.ClientVpnAuthenticationRequest { +func expandClientVPNAuthenticationRequests(tfList []interface{}) []awstypes.ClientVpnAuthenticationRequest { if len(tfList) == 0 { return nil } - var apiObjects []*ec2.ClientVpnAuthenticationRequest + var apiObjects []awstypes.ClientVpnAuthenticationRequest for _, tfMapRaw := range tfList { tfMap, ok := tfMapRaw.(map[string]interface{}) @@ -541,45 +543,38 @@ func expandClientVPNAuthenticationRequests(tfList []interface{}) []*ec2.ClientVp continue } - apiObjects = append(apiObjects, apiObject) + apiObjects = append(apiObjects, *apiObject) } return apiObjects } -func flattenClientVPNAuthentication(apiObject *ec2.ClientVpnAuthentication) map[string]interface{} { - if apiObject == nil { - return nil - } - +func flattenClientVPNAuthentication(apiObject awstypes.ClientVpnAuthentication) map[string]interface{} { tfMap := map[string]interface{}{} - - if v := apiObject.Type; v != nil { - tfMap[names.AttrType] = aws.StringValue(v) - } + tfMap[names.AttrType] = apiObject.Type if apiObject.MutualAuthentication != nil { if v := apiObject.MutualAuthentication.ClientRootCertificateChain; v != nil { - tfMap["root_certificate_chain_arn"] = aws.StringValue(v) + tfMap["root_certificate_chain_arn"] = aws.ToString(v) } } else if apiObject.ActiveDirectory != nil { if v := apiObject.ActiveDirectory.DirectoryId; v != nil { - tfMap["active_directory_id"] = aws.StringValue(v) + tfMap["active_directory_id"] = aws.ToString(v) } } else if apiObject.FederatedAuthentication != nil { if v := apiObject.FederatedAuthentication.SamlProviderArn; v != nil { - tfMap["saml_provider_arn"] = aws.StringValue(v) + tfMap["saml_provider_arn"] = aws.ToString(v) } if v := apiObject.FederatedAuthentication.SelfServiceSamlProviderArn; v != nil { - tfMap["self_service_saml_provider_arn"] = aws.StringValue(v) + tfMap["self_service_saml_provider_arn"] = aws.ToString(v) } } return tfMap } -func flattenClientVPNAuthentications(apiObjects []*ec2.ClientVpnAuthentication) []interface{} { +func flattenClientVPNAuthentications(apiObjects []awstypes.ClientVpnAuthentication) []interface{} { if len(apiObjects) == 0 { return nil } @@ -587,22 +582,18 @@ func flattenClientVPNAuthentications(apiObjects []*ec2.ClientVpnAuthentication) var tfList []interface{} for _, apiObject := range apiObjects { - if apiObject == nil { - continue - } - tfList = append(tfList, flattenClientVPNAuthentication(apiObject)) } return tfList } -func expandClientConnectOptions(tfMap map[string]interface{}) *ec2.ClientConnectOptions { +func expandClientConnectOptions(tfMap map[string]interface{}) *awstypes.ClientConnectOptions { if tfMap == nil { return nil } - apiObject := &ec2.ClientConnectOptions{} + apiObject := &awstypes.ClientConnectOptions{} var enabled bool if v, ok := tfMap[names.AttrEnabled].(bool); ok { @@ -620,7 +611,7 @@ func expandClientConnectOptions(tfMap map[string]interface{}) *ec2.ClientConnect return apiObject } -func flattenClientConnectResponseOptions(apiObject *ec2.ClientConnectResponseOptions) map[string]interface{} { +func flattenClientConnectResponseOptions(apiObject *awstypes.ClientConnectResponseOptions) map[string]interface{} { if apiObject == nil { return nil } @@ -628,22 +619,22 @@ func flattenClientConnectResponseOptions(apiObject *ec2.ClientConnectResponseOpt tfMap := map[string]interface{}{} if v := apiObject.Enabled; v != nil { - tfMap[names.AttrEnabled] = aws.BoolValue(v) + tfMap[names.AttrEnabled] = v } if v := apiObject.LambdaFunctionArn; v != nil { - tfMap["lambda_function_arn"] = aws.StringValue(v) + tfMap["lambda_function_arn"] = aws.ToString(v) } return tfMap } -func expandClientLoginBannerOptions(tfMap map[string]interface{}) *ec2.ClientLoginBannerOptions { +func expandClientLoginBannerOptions(tfMap map[string]interface{}) *awstypes.ClientLoginBannerOptions { if tfMap == nil { return nil } - apiObject := &ec2.ClientLoginBannerOptions{} + apiObject := &awstypes.ClientLoginBannerOptions{} var enabled bool if v, ok := tfMap[names.AttrEnabled].(bool); ok { @@ -661,7 +652,7 @@ func expandClientLoginBannerOptions(tfMap map[string]interface{}) *ec2.ClientLog return apiObject } -func flattenClientLoginBannerResponseOptions(apiObject *ec2.ClientLoginBannerResponseOptions) map[string]interface{} { +func flattenClientLoginBannerResponseOptions(apiObject *awstypes.ClientLoginBannerResponseOptions) map[string]interface{} { if apiObject == nil { return nil } @@ -669,22 +660,22 @@ func flattenClientLoginBannerResponseOptions(apiObject *ec2.ClientLoginBannerRes tfMap := map[string]interface{}{} if v := apiObject.BannerText; v != nil { - tfMap["banner_text"] = aws.StringValue(v) + tfMap["banner_text"] = aws.ToString(v) } if v := apiObject.Enabled; v != nil { - tfMap[names.AttrEnabled] = aws.BoolValue(v) + tfMap[names.AttrEnabled] = v } return tfMap } -func expandConnectionLogOptions(tfMap map[string]interface{}) *ec2.ConnectionLogOptions { +func expandConnectionLogOptions(tfMap map[string]interface{}) *awstypes.ConnectionLogOptions { if tfMap == nil { return nil } - apiObject := &ec2.ConnectionLogOptions{} + apiObject := &awstypes.ConnectionLogOptions{} var enabled bool if v, ok := tfMap[names.AttrEnabled].(bool); ok { @@ -706,7 +697,7 @@ func expandConnectionLogOptions(tfMap map[string]interface{}) *ec2.ConnectionLog return apiObject } -func flattenConnectionLogResponseOptions(apiObject *ec2.ConnectionLogResponseOptions) map[string]interface{} { +func flattenConnectionLogResponseOptions(apiObject *awstypes.ConnectionLogResponseOptions) map[string]interface{} { if apiObject == nil { return nil } @@ -714,15 +705,15 @@ func flattenConnectionLogResponseOptions(apiObject *ec2.ConnectionLogResponseOpt tfMap := map[string]interface{}{} if v := apiObject.CloudwatchLogGroup; v != nil { - tfMap["cloudwatch_log_group"] = aws.StringValue(v) + tfMap["cloudwatch_log_group"] = aws.ToString(v) } if v := apiObject.CloudwatchLogStream; v != nil { - tfMap["cloudwatch_log_stream"] = aws.StringValue(v) + tfMap["cloudwatch_log_stream"] = aws.ToString(v) } if v := apiObject.Enabled; v != nil { - tfMap[names.AttrEnabled] = aws.BoolValue(v) + tfMap[names.AttrEnabled] = v } return tfMap diff --git a/internal/service/ec2/vpnclient_endpoint_data_source.go b/internal/service/ec2/vpnclient_endpoint_data_source.go index c9b561aa5fb..86e9d803062 100644 --- a/internal/service/ec2/vpnclient_endpoint_data_source.go +++ b/internal/service/ec2/vpnclient_endpoint_data_source.go @@ -8,9 +8,10 @@ import ( "fmt" "time" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/aws/arn" - "github.com/aws/aws-sdk-go/service/ec2" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/aws/arn" + "github.com/aws/aws-sdk-go-v2/service/ec2" + awstypes "github.com/aws/aws-sdk-go-v2/service/ec2/types" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" @@ -20,8 +21,9 @@ import ( "github.com/hashicorp/terraform-provider-aws/names" ) -// @SDKDataSource("aws_ec2_client_vpn_endpoint") -func DataSourceClientVPNEndpoint() *schema.Resource { +// @SDKDataSource("aws_ec2_client_vpn_endpoint", name="Client VPN Endpoint") +// @Tags +func dataSourceClientVPNEndpoint() *schema.Resource { return &schema.Resource{ ReadWithoutTimeout: dataSourceClientVPNEndpointRead, @@ -181,20 +183,19 @@ func DataSourceClientVPNEndpoint() *schema.Resource { func dataSourceClientVPNEndpointRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) - ignoreTagsConfig := meta.(*conns.AWSClient).IgnoreTagsConfig + conn := meta.(*conns.AWSClient).EC2Client(ctx) input := &ec2.DescribeClientVpnEndpointsInput{} if v, ok := d.GetOk("client_vpn_endpoint_id"); ok { - input.ClientVpnEndpointIds = aws.StringSlice([]string{v.(string)}) + input.ClientVpnEndpointIds = []string{v.(string)} } - input.Filters = append(input.Filters, newTagFilterList( - Tags(tftags.New(ctx, d.Get(names.AttrTags).(map[string]interface{}))), + input.Filters = append(input.Filters, newTagFilterListV2( + TagsV2(tftags.New(ctx, d.Get(names.AttrTags).(map[string]interface{}))), )...) - input.Filters = append(input.Filters, newCustomFilterList( + input.Filters = append(input.Filters, newCustomFilterListV2( d.Get(names.AttrFilter).(*schema.Set), )...) @@ -202,16 +203,16 @@ func dataSourceClientVPNEndpointRead(ctx context.Context, d *schema.ResourceData input.Filters = nil } - ep, err := FindClientVPNEndpoint(ctx, conn, input) + ep, err := findClientVPNEndpoint(ctx, conn, input) if err != nil { return sdkdiag.AppendFromErr(diags, tfresource.SingularDataSourceFindError("EC2 Client VPN Endpoint", err)) } - d.SetId(aws.StringValue(ep.ClientVpnEndpointId)) + d.SetId(aws.ToString(ep.ClientVpnEndpointId)) arn := arn.ARN{ Partition: meta.(*conns.AWSClient).Partition, - Service: ec2.ServiceName, + Service: names.EC2, Region: meta.(*conns.AWSClient).Region, AccountID: meta.(*conns.AWSClient).AccountID, Resource: fmt.Sprintf("client-vpn-endpoint/%s", d.Id()), @@ -245,12 +246,12 @@ func dataSourceClientVPNEndpointRead(ctx context.Context, d *schema.ResourceData } d.Set(names.AttrDescription, ep.Description) d.Set(names.AttrDNSName, ep.DnsName) - d.Set("dns_servers", aws.StringValueSlice(ep.DnsServers)) - d.Set(names.AttrSecurityGroupIDs, aws.StringValueSlice(ep.SecurityGroupIds)) - if aws.StringValue(ep.SelfServicePortalUrl) != "" { - d.Set("self_service_portal", ec2.SelfServicePortalEnabled) + d.Set("dns_servers", aws.StringSlice(ep.DnsServers)) + d.Set(names.AttrSecurityGroupIDs, aws.StringSlice(ep.SecurityGroupIds)) + if aws.ToString(ep.SelfServicePortalUrl) != "" { + d.Set("self_service_portal", awstypes.SelfServicePortalEnabled) } else { - d.Set("self_service_portal", ec2.SelfServicePortalDisabled) + d.Set("self_service_portal", awstypes.SelfServicePortalDisabled) } d.Set("self_service_portal_url", ep.SelfServicePortalUrl) d.Set("server_certificate_arn", ep.ServerCertificateArn) @@ -260,9 +261,7 @@ func dataSourceClientVPNEndpointRead(ctx context.Context, d *schema.ResourceData d.Set(names.AttrVPCID, ep.VpcId) d.Set("vpn_port", ep.VpnPort) - if err := d.Set(names.AttrTags, KeyValueTags(ctx, ep.Tags).IgnoreAWS().IgnoreConfig(ignoreTagsConfig).Map()); err != nil { - return sdkdiag.AppendErrorf(diags, "setting tags: %s", err) - } + setTagsOutV2(ctx, ep.Tags) return diags } diff --git a/internal/service/ec2/vpnclient_endpoint_test.go b/internal/service/ec2/vpnclient_endpoint_test.go index 50094c8ed44..304fa01117e 100644 --- a/internal/service/ec2/vpnclient_endpoint_test.go +++ b/internal/service/ec2/vpnclient_endpoint_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/YakDriver/regexache" - "github.com/aws/aws-sdk-go/service/ec2" + awstypes "github.com/aws/aws-sdk-go-v2/service/ec2/types" sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" @@ -23,7 +23,7 @@ import ( func testAccClientVPNEndpoint_basic(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_endpoint.test" @@ -82,7 +82,7 @@ func testAccClientVPNEndpoint_basic(t *testing.T, semaphore tfsync.Semaphore) { func testAccClientVPNEndpoint_disappears(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_endpoint.test" @@ -109,7 +109,7 @@ func testAccClientVPNEndpoint_disappears(t *testing.T, semaphore tfsync.Semaphor func testAccClientVPNEndpoint_tags(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint resourceName := "aws_ec2_client_vpn_endpoint.test" resource.ParallelTest(t, resource.TestCase{ @@ -157,7 +157,7 @@ func testAccClientVPNEndpoint_tags(t *testing.T, semaphore tfsync.Semaphore) { func testAccClientVPNEndpoint_msADAuth(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_endpoint.test" domainName := acctest.RandomDomainName() @@ -196,7 +196,7 @@ func testAccClientVPNEndpoint_msADAuth(t *testing.T, semaphore tfsync.Semaphore) func testAccClientVPNEndpoint_msADAuthAndMutualAuth(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_endpoint.test" domainName := acctest.RandomDomainName() @@ -238,7 +238,7 @@ func testAccClientVPNEndpoint_msADAuthAndMutualAuth(t *testing.T, semaphore tfsy func testAccClientVPNEndpoint_federatedAuth(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) idpEntityID := fmt.Sprintf("https://%s", acctest.RandomDomainName()) resourceName := "aws_ec2_client_vpn_endpoint.test" @@ -273,7 +273,7 @@ func testAccClientVPNEndpoint_federatedAuth(t *testing.T, semaphore tfsync.Semap func testAccClientVPNEndpoint_federatedAuthWithSelfServiceProvider(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) idpEntityID := fmt.Sprintf("https://%s", acctest.RandomDomainName()) resourceName := "aws_ec2_client_vpn_endpoint.test" @@ -308,7 +308,7 @@ func testAccClientVPNEndpoint_federatedAuthWithSelfServiceProvider(t *testing.T, func testAccClientVPNEndpoint_withClientConnectOptions(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_endpoint.test" lambdaFunction1ResourceName := "aws_lambda_function.test1" @@ -361,7 +361,7 @@ func testAccClientVPNEndpoint_withClientConnectOptions(t *testing.T, semaphore t func testAccClientVPNEndpoint_withClientLoginBannerOptions(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_endpoint.test" @@ -412,7 +412,7 @@ func testAccClientVPNEndpoint_withClientLoginBannerOptions(t *testing.T, semapho func testAccClientVPNEndpoint_withConnectionLogOptions(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_endpoint.test" logGroupResourceName := "aws_cloudwatch_log_group.test" @@ -479,7 +479,7 @@ func testAccClientVPNEndpoint_withConnectionLogOptions(t *testing.T, semaphore t func testAccClientVPNEndpoint_withDNSServers(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_endpoint.test" @@ -527,7 +527,7 @@ func testAccClientVPNEndpoint_withDNSServers(t *testing.T, semaphore tfsync.Sema func testAccClientVPNEndpoint_simpleAttributesUpdate(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_endpoint.test" serverCertificate1ResourceName := "aws_acm_certificate.test1" @@ -577,7 +577,7 @@ func testAccClientVPNEndpoint_simpleAttributesUpdate(t *testing.T, semaphore tfs func testAccClientVPNEndpoint_selfServicePortal(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) idpEntityID := fmt.Sprintf("https://%s", acctest.RandomDomainName()) resourceName := "aws_ec2_client_vpn_endpoint.test" @@ -618,7 +618,7 @@ func testAccClientVPNEndpoint_selfServicePortal(t *testing.T, semaphore tfsync.S func testAccClientVPNEndpoint_vpcNoSecurityGroups(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_endpoint.test" defaultSecurityGroupResourceName := "aws_default_security_group.test" @@ -653,7 +653,7 @@ func testAccClientVPNEndpoint_vpcNoSecurityGroups(t *testing.T, semaphore tfsync func testAccClientVPNEndpoint_vpcSecurityGroups(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnEndpoint + var v awstypes.ClientVpnEndpoint rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_endpoint.test" securityGroup1ResourceName := "aws_security_group.test.0" @@ -699,7 +699,7 @@ func testAccClientVPNEndpoint_vpcSecurityGroups(t *testing.T, semaphore tfsync.S func testAccCheckClientVPNEndpointDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { - conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Client(ctx) for _, rs := range s.RootModule().Resources { if rs.Type != "aws_client_vpn_endpoint" { @@ -722,14 +722,14 @@ func testAccCheckClientVPNEndpointDestroy(ctx context.Context) resource.TestChec } } -func testAccCheckClientVPNEndpointExists(ctx context.Context, name string, v *ec2.ClientVpnEndpoint) resource.TestCheckFunc { +func testAccCheckClientVPNEndpointExists(ctx context.Context, name string, v *awstypes.ClientVpnEndpoint) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[name] if !ok { return fmt.Errorf("Not found: %s", name) } - conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Client(ctx) output, err := tfec2.FindClientVPNEndpointByID(ctx, conn, rs.Primary.ID) @@ -821,7 +821,7 @@ resource "aws_lambda_function" "test1" { function_name = "AWSClientVPN-%[1]s-1" role = aws_iam_role.iam_for_lambda.arn handler = "index.handler" - runtime = "nodejs14.x" + runtime = "nodejs20.x" } resource "aws_lambda_function" "test2" { @@ -829,7 +829,7 @@ resource "aws_lambda_function" "test2" { function_name = "AWSClientVPN-%[1]s-2" role = aws_iam_role.iam_for_lambda.arn handler = "index.handler" - runtime = "nodejs14.x" + runtime = "nodejs20.x" } locals { diff --git a/internal/service/ec2/vpnclient_network_association.go b/internal/service/ec2/vpnclient_network_association.go index 5d46be9a0ef..50e4dec58d4 100644 --- a/internal/service/ec2/vpnclient_network_association.go +++ b/internal/service/ec2/vpnclient_network_association.go @@ -8,10 +8,11 @@ import ( "fmt" "log" "strings" + "time" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/ec2" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/ec2" + "github.com/hashicorp/aws-sdk-go-base/v2/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -22,7 +23,7 @@ import ( ) // @SDKResource("aws_ec2_client_vpn_network_association", name="Client VPN Network Association") -func ResourceClientVPNNetworkAssociation() *schema.Resource { +func resourceClientVPNNetworkAssociation() *schema.Resource { return &schema.Resource{ CreateWithoutTimeout: resourceClientVPNNetworkAssociationCreate, ReadWithoutTimeout: resourceClientVPNNetworkAssociationRead, @@ -33,8 +34,8 @@ func ResourceClientVPNNetworkAssociation() *schema.Resource { }, Timeouts: &schema.ResourceTimeout{ - Create: schema.DefaultTimeout(ClientVPNNetworkAssociationCreatedTimeout), - Delete: schema.DefaultTimeout(ClientVPNNetworkAssociationDeletedTimeout), + Create: schema.DefaultTimeout(30 * time.Minute), + Delete: schema.DefaultTimeout(30 * time.Minute), }, Schema: map[string]*schema.Schema{ @@ -62,7 +63,7 @@ func ResourceClientVPNNetworkAssociation() *schema.Resource { func resourceClientVPNNetworkAssociationCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) + conn := meta.(*conns.AWSClient).EC2Client(ctx) endpointID := d.Get("client_vpn_endpoint_id").(string) input := &ec2.AssociateClientVpnTargetNetworkInput{ @@ -71,15 +72,15 @@ func resourceClientVPNNetworkAssociationCreate(ctx context.Context, d *schema.Re SubnetId: aws.String(d.Get(names.AttrSubnetID).(string)), } - output, err := conn.AssociateClientVpnTargetNetworkWithContext(ctx, input) + output, err := conn.AssociateClientVpnTargetNetwork(ctx, input) if err != nil { return sdkdiag.AppendErrorf(diags, "creating EC2 Client VPN Network Association: %s", err) } - d.SetId(aws.StringValue(output.AssociationId)) + d.SetId(aws.ToString(output.AssociationId)) - if _, err := WaitClientVPNNetworkAssociationCreated(ctx, conn, d.Id(), endpointID, d.Timeout(schema.TimeoutCreate)); err != nil { + if _, err := waitClientVPNNetworkAssociationCreated(ctx, conn, d.Id(), endpointID, d.Timeout(schema.TimeoutCreate)); err != nil { return sdkdiag.AppendErrorf(diags, "waiting for EC2 Client VPN Network Association (%s) create: %s", d.Id(), err) } @@ -88,10 +89,10 @@ func resourceClientVPNNetworkAssociationCreate(ctx context.Context, d *schema.Re func resourceClientVPNNetworkAssociationRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) + conn := meta.(*conns.AWSClient).EC2Client(ctx) endpointID := d.Get("client_vpn_endpoint_id").(string) - network, err := FindClientVPNNetworkAssociationByIDs(ctx, conn, d.Id(), endpointID) + network, err := findClientVPNNetworkAssociationByTwoPartKey(ctx, conn, d.Id(), endpointID) if !d.IsNewResource() && tfresource.NotFound(err) { log.Printf("[WARN] EC2 Client VPN Network Association (%s) not found, removing from state", d.Id()) @@ -113,12 +114,12 @@ func resourceClientVPNNetworkAssociationRead(ctx context.Context, d *schema.Reso func resourceClientVPNNetworkAssociationDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) + conn := meta.(*conns.AWSClient).EC2Client(ctx) endpointID := d.Get("client_vpn_endpoint_id").(string) log.Printf("[DEBUG] Deleting EC2 Client VPN Network Association: %s", d.Id()) - _, err := conn.DisassociateClientVpnTargetNetworkWithContext(ctx, &ec2.DisassociateClientVpnTargetNetworkInput{ + _, err := conn.DisassociateClientVpnTargetNetwork(ctx, &ec2.DisassociateClientVpnTargetNetworkInput{ ClientVpnEndpointId: aws.String(endpointID), AssociationId: aws.String(d.Id()), }) @@ -131,7 +132,7 @@ func resourceClientVPNNetworkAssociationDelete(ctx context.Context, d *schema.Re return sdkdiag.AppendErrorf(diags, "disassociating EC2 Client VPN Network Association (%s): %s", d.Id(), err) } - if _, err := WaitClientVPNNetworkAssociationDeleted(ctx, conn, d.Id(), endpointID, d.Timeout(schema.TimeoutDelete)); err != nil { + if _, err := waitClientVPNNetworkAssociationDeleted(ctx, conn, d.Id(), endpointID, d.Timeout(schema.TimeoutDelete)); err != nil { return sdkdiag.AppendErrorf(diags, "waiting for EC2 Client VPN Network Association (%s) delete: %s", d.Id(), err) } diff --git a/internal/service/ec2/vpnclient_network_association_test.go b/internal/service/ec2/vpnclient_network_association_test.go index c5e9a51ec30..ec744b56f96 100644 --- a/internal/service/ec2/vpnclient_network_association_test.go +++ b/internal/service/ec2/vpnclient_network_association_test.go @@ -9,7 +9,7 @@ import ( "testing" "github.com/YakDriver/regexache" - "github.com/aws/aws-sdk-go/service/ec2" + awstypes "github.com/aws/aws-sdk-go-v2/service/ec2/types" sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" @@ -23,7 +23,7 @@ import ( func testAccClientVPNNetworkAssociation_basic(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var assoc ec2.TargetNetwork + var assoc awstypes.TargetNetwork rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_network_association.test" endpointResourceName := "aws_ec2_client_vpn_endpoint.test" @@ -62,7 +62,7 @@ func testAccClientVPNNetworkAssociation_basic(t *testing.T, semaphore tfsync.Sem func testAccClientVPNNetworkAssociation_multipleSubnets(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var assoc ec2.TargetNetwork + var assoc awstypes.TargetNetwork rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceNames := []string{"aws_ec2_client_vpn_network_association.test.0", "aws_ec2_client_vpn_network_association.test.1"} endpointResourceName := "aws_ec2_client_vpn_endpoint.test" @@ -97,7 +97,7 @@ func testAccClientVPNNetworkAssociation_multipleSubnets(t *testing.T, semaphore func testAccClientVPNNetworkAssociation_disappears(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var assoc ec2.TargetNetwork + var assoc awstypes.TargetNetwork rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_network_association.test" @@ -124,14 +124,14 @@ func testAccClientVPNNetworkAssociation_disappears(t *testing.T, semaphore tfsyn func testAccCheckClientVPNNetworkAssociationDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { - conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Client(ctx) for _, rs := range s.RootModule().Resources { if rs.Type != "aws_ec2_client_vpn_network_association" { continue } - _, err := tfec2.FindClientVPNNetworkAssociationByIDs(ctx, conn, rs.Primary.ID, rs.Primary.Attributes["client_vpn_endpoint_id"]) + _, err := tfec2.FindClientVPNNetworkAssociationByTwoPartKey(ctx, conn, rs.Primary.ID, rs.Primary.Attributes["client_vpn_endpoint_id"]) if tfresource.NotFound(err) { continue @@ -148,16 +148,16 @@ func testAccCheckClientVPNNetworkAssociationDestroy(ctx context.Context) resourc } } -func testAccCheckClientVPNNetworkAssociationExists(ctx context.Context, name string, v *ec2.TargetNetwork) resource.TestCheckFunc { +func testAccCheckClientVPNNetworkAssociationExists(ctx context.Context, name string, v *awstypes.TargetNetwork) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[name] if !ok { return fmt.Errorf("Not found: %s", name) } - conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Client(ctx) - output, err := tfec2.FindClientVPNNetworkAssociationByIDs(ctx, conn, rs.Primary.ID, rs.Primary.Attributes["client_vpn_endpoint_id"]) + output, err := tfec2.FindClientVPNNetworkAssociationByTwoPartKey(ctx, conn, rs.Primary.ID, rs.Primary.Attributes["client_vpn_endpoint_id"]) if err != nil { return err diff --git a/internal/service/ec2/vpnclient_route.go b/internal/service/ec2/vpnclient_route.go index 590f1109362..b7d53481ac6 100644 --- a/internal/service/ec2/vpnclient_route.go +++ b/internal/service/ec2/vpnclient_route.go @@ -10,9 +10,9 @@ import ( "strings" "time" - "github.com/aws/aws-sdk-go/aws" - "github.com/aws/aws-sdk-go/service/ec2" - "github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr" + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/service/ec2" + "github.com/hashicorp/aws-sdk-go-base/v2/tfawserr" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" sdkid "github.com/hashicorp/terraform-plugin-sdk/v2/helper/id" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -24,7 +24,7 @@ import ( ) // @SDKResource("aws_ec2_client_vpn_route", name="Client VPN Route") -func ResourceClientVPNRoute() *schema.Resource { +func resourceClientVPNRoute() *schema.Resource { return &schema.Resource{ CreateWithoutTimeout: resourceClientVPNRouteCreate, ReadWithoutTimeout: resourceClientVPNRouteRead, @@ -75,7 +75,7 @@ func ResourceClientVPNRoute() *schema.Resource { func resourceClientVPNRouteCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) + conn := meta.(*conns.AWSClient).EC2Client(ctx) endpointID := d.Get("client_vpn_endpoint_id").(string) targetSubnetID := d.Get("target_vpc_subnet_id").(string) @@ -93,7 +93,7 @@ func resourceClientVPNRouteCreate(ctx context.Context, d *schema.ResourceData, m } _, err := tfresource.RetryWhenAWSErrCodeEquals(ctx, ec2PropagationTimeout, func() (interface{}, error) { - return conn.CreateClientVpnRouteWithContext(ctx, input) + return conn.CreateClientVpnRoute(ctx, input) }, errCodeInvalidClientVPNActiveAssociationNotFound) if err != nil { @@ -102,7 +102,7 @@ func resourceClientVPNRouteCreate(ctx context.Context, d *schema.ResourceData, m d.SetId(id) - if _, err := WaitClientVPNRouteCreated(ctx, conn, endpointID, targetSubnetID, destinationCIDR, d.Timeout(schema.TimeoutCreate)); err != nil { + if _, err := waitClientVPNRouteCreated(ctx, conn, endpointID, targetSubnetID, destinationCIDR, d.Timeout(schema.TimeoutCreate)); err != nil { return sdkdiag.AppendErrorf(diags, "waiting for EC2 Client VPN Route (%s) create: %s", d.Id(), err) } @@ -111,14 +111,14 @@ func resourceClientVPNRouteCreate(ctx context.Context, d *schema.ResourceData, m func resourceClientVPNRouteRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) + conn := meta.(*conns.AWSClient).EC2Client(ctx) endpointID, targetSubnetID, destinationCIDR, err := ClientVPNRouteParseResourceID(d.Id()) if err != nil { return sdkdiag.AppendFromErr(diags, err) } - route, err := FindClientVPNRouteByThreePartKey(ctx, conn, endpointID, targetSubnetID, destinationCIDR) + route, err := findClientVPNRouteByThreePartKey(ctx, conn, endpointID, targetSubnetID, destinationCIDR) if !d.IsNewResource() && tfresource.NotFound(err) { log.Printf("[WARN] EC2 Client VPN Route (%s) not found, removing from state", d.Id()) @@ -142,7 +142,7 @@ func resourceClientVPNRouteRead(ctx context.Context, d *schema.ResourceData, met func resourceClientVPNRouteDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn(ctx) + conn := meta.(*conns.AWSClient).EC2Client(ctx) endpointID, targetSubnetID, destinationCIDR, err := ClientVPNRouteParseResourceID(d.Id()) if err != nil { @@ -150,7 +150,7 @@ func resourceClientVPNRouteDelete(ctx context.Context, d *schema.ResourceData, m } log.Printf("[DEBUG] Deleting EC2 Client VPN Route: %s", d.Id()) - _, err = conn.DeleteClientVpnRouteWithContext(ctx, &ec2.DeleteClientVpnRouteInput{ + _, err = conn.DeleteClientVpnRoute(ctx, &ec2.DeleteClientVpnRouteInput{ ClientVpnEndpointId: aws.String(endpointID), DestinationCidrBlock: aws.String(destinationCIDR), TargetVpcSubnetId: aws.String(targetSubnetID), @@ -164,7 +164,7 @@ func resourceClientVPNRouteDelete(ctx context.Context, d *schema.ResourceData, m return sdkdiag.AppendErrorf(diags, "deleting EC2 Client VPN Route (%s): %s", d.Id(), err) } - if _, err := WaitClientVPNRouteDeleted(ctx, conn, endpointID, targetSubnetID, destinationCIDR, d.Timeout(schema.TimeoutDelete)); err != nil { + if _, err := waitClientVPNRouteDeleted(ctx, conn, endpointID, targetSubnetID, destinationCIDR, d.Timeout(schema.TimeoutDelete)); err != nil { return sdkdiag.AppendErrorf(diags, "deleting EC2 Client VPN Route (%s): waiting for completion: %s", d.Id(), err) } diff --git a/internal/service/ec2/vpnclient_route_test.go b/internal/service/ec2/vpnclient_route_test.go index 30041bc59e0..3a77a1ce348 100644 --- a/internal/service/ec2/vpnclient_route_test.go +++ b/internal/service/ec2/vpnclient_route_test.go @@ -8,7 +8,7 @@ import ( "fmt" "testing" - "github.com/aws/aws-sdk-go/service/ec2" + awstypes "github.com/aws/aws-sdk-go-v2/service/ec2/types" sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/terraform" @@ -22,7 +22,7 @@ import ( func testAccClientVPNRoute_basic(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnRoute + var v awstypes.ClientVpnRoute rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_route.test" endpointResourceName := "aws_ec2_client_vpn_endpoint.test" @@ -60,7 +60,7 @@ func testAccClientVPNRoute_basic(t *testing.T, semaphore tfsync.Semaphore) { func testAccClientVPNRoute_disappears(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnRoute + var v awstypes.ClientVpnRoute rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_route.test" @@ -87,7 +87,7 @@ func testAccClientVPNRoute_disappears(t *testing.T, semaphore tfsync.Semaphore) func testAccClientVPNRoute_description(t *testing.T, semaphore tfsync.Semaphore) { ctx := acctest.Context(t) - var v ec2.ClientVpnRoute + var v awstypes.ClientVpnRoute rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_route.test" @@ -118,7 +118,7 @@ func testAccClientVPNRoute_description(t *testing.T, semaphore tfsync.Semaphore) func testAccCheckClientVPNRouteDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { - conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Client(ctx) for _, rs := range s.RootModule().Resources { if rs.Type != "aws_ec2_client_vpn_route" { @@ -147,7 +147,7 @@ func testAccCheckClientVPNRouteDestroy(ctx context.Context) resource.TestCheckFu } } -func testAccCheckClientVPNRouteExists(ctx context.Context, name string, v *ec2.ClientVpnRoute) resource.TestCheckFunc { +func testAccCheckClientVPNRouteExists(ctx context.Context, name string, v *awstypes.ClientVpnRoute) resource.TestCheckFunc { return func(s *terraform.State) error { rs, ok := s.RootModule().Resources[name] if !ok { @@ -159,7 +159,7 @@ func testAccCheckClientVPNRouteExists(ctx context.Context, name string, v *ec2.C return err } - conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn(ctx) + conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Client(ctx) output, err := tfec2.FindClientVPNRouteByThreePartKey(ctx, conn, endpointID, targetSubnetID, destinationCIDR) diff --git a/internal/service/ec2/wait.go b/internal/service/ec2/wait.go index 29a40b864d2..879e7fbce9b 100644 --- a/internal/service/ec2/wait.go +++ b/internal/service/ec2/wait.go @@ -204,180 +204,6 @@ func WaitLocalGatewayRouteTableVPCAssociationDisassociated(ctx context.Context, return nil, err } -const ( - ClientVPNEndpointDeletedTimeout = 5 * time.Minute - ClientVPNEndpointAttributeUpdatedTimeout = 5 * time.Minute -) - -func WaitClientVPNEndpointDeleted(ctx context.Context, conn *ec2.EC2, id string) (*ec2.ClientVpnEndpoint, error) { - stateConf := &retry.StateChangeConf{ - Pending: []string{ec2.ClientVpnEndpointStatusCodeDeleting}, - Target: []string{}, - Refresh: StatusClientVPNEndpointState(ctx, conn, id), - Timeout: ClientVPNEndpointDeletedTimeout, - } - - outputRaw, err := stateConf.WaitForStateContext(ctx) - - if output, ok := outputRaw.(*ec2.ClientVpnEndpoint); ok { - tfresource.SetLastError(err, errors.New(aws.StringValue(output.Status.Message))) - - return output, err - } - - return nil, err -} - -func WaitClientVPNEndpointClientConnectResponseOptionsUpdated(ctx context.Context, conn *ec2.EC2, id string) (*ec2.ClientConnectResponseOptions, error) { - stateConf := &retry.StateChangeConf{ - Pending: []string{ec2.ClientVpnEndpointAttributeStatusCodeApplying}, - Target: []string{ec2.ClientVpnEndpointAttributeStatusCodeApplied}, - Refresh: StatusClientVPNEndpointClientConnectResponseOptionsState(ctx, conn, id), - Timeout: ClientVPNEndpointAttributeUpdatedTimeout, - } - - outputRaw, err := stateConf.WaitForStateContext(ctx) - - if output, ok := outputRaw.(*ec2.ClientConnectResponseOptions); ok { - tfresource.SetLastError(err, errors.New(aws.StringValue(output.Status.Message))) - - return output, err - } - - return nil, err -} - -const ( - ClientVPNAuthorizationRuleCreatedTimeout = 10 * time.Minute - ClientVPNAuthorizationRuleDeletedTimeout = 10 * time.Minute -) - -func WaitClientVPNAuthorizationRuleCreated(ctx context.Context, conn *ec2.EC2, endpointID, targetNetworkCIDR, accessGroupID string, timeout time.Duration) (*ec2.AuthorizationRule, error) { - stateConf := &retry.StateChangeConf{ - Pending: []string{ec2.ClientVpnAuthorizationRuleStatusCodeAuthorizing}, - Target: []string{ec2.ClientVpnAuthorizationRuleStatusCodeActive}, - Refresh: StatusClientVPNAuthorizationRule(ctx, conn, endpointID, targetNetworkCIDR, accessGroupID), - Timeout: timeout, - } - - outputRaw, err := stateConf.WaitForStateContext(ctx) - - if output, ok := outputRaw.(*ec2.AuthorizationRule); ok { - tfresource.SetLastError(err, errors.New(aws.StringValue(output.Status.Message))) - - return output, err - } - - return nil, err -} - -func WaitClientVPNAuthorizationRuleDeleted(ctx context.Context, conn *ec2.EC2, endpointID, targetNetworkCIDR, accessGroupID string, timeout time.Duration) (*ec2.AuthorizationRule, error) { - stateConf := &retry.StateChangeConf{ - Pending: []string{ec2.ClientVpnAuthorizationRuleStatusCodeRevoking}, - Target: []string{}, - Refresh: StatusClientVPNAuthorizationRule(ctx, conn, endpointID, targetNetworkCIDR, accessGroupID), - Timeout: timeout, - } - - outputRaw, err := stateConf.WaitForStateContext(ctx) - - if output, ok := outputRaw.(*ec2.AuthorizationRule); ok { - tfresource.SetLastError(err, errors.New(aws.StringValue(output.Status.Message))) - - return output, err - } - - return nil, err -} - -const ( - ClientVPNNetworkAssociationCreatedTimeout = 30 * time.Minute - ClientVPNNetworkAssociationCreatedDelay = 4 * time.Minute - ClientVPNNetworkAssociationDeletedTimeout = 30 * time.Minute - ClientVPNNetworkAssociationDeletedDelay = 4 * time.Minute - ClientVPNNetworkAssociationStatusPollInterval = 10 * time.Second -) - -func WaitClientVPNNetworkAssociationCreated(ctx context.Context, conn *ec2.EC2, associationID, endpointID string, timeout time.Duration) (*ec2.TargetNetwork, error) { - stateConf := &retry.StateChangeConf{ - Pending: []string{ec2.AssociationStatusCodeAssociating}, - Target: []string{ec2.AssociationStatusCodeAssociated}, - Refresh: StatusClientVPNNetworkAssociation(ctx, conn, associationID, endpointID), - Timeout: timeout, - Delay: ClientVPNNetworkAssociationCreatedDelay, - PollInterval: ClientVPNNetworkAssociationStatusPollInterval, - } - - outputRaw, err := stateConf.WaitForStateContext(ctx) - - if output, ok := outputRaw.(*ec2.TargetNetwork); ok { - tfresource.SetLastError(err, errors.New(aws.StringValue(output.Status.Message))) - - return output, err - } - - return nil, err -} - -func WaitClientVPNNetworkAssociationDeleted(ctx context.Context, conn *ec2.EC2, associationID, endpointID string, timeout time.Duration) (*ec2.TargetNetwork, error) { - stateConf := &retry.StateChangeConf{ - Pending: []string{ec2.AssociationStatusCodeDisassociating}, - Target: []string{}, - Refresh: StatusClientVPNNetworkAssociation(ctx, conn, associationID, endpointID), - Timeout: timeout, - Delay: ClientVPNNetworkAssociationDeletedDelay, - PollInterval: ClientVPNNetworkAssociationStatusPollInterval, - } - - outputRaw, err := stateConf.WaitForStateContext(ctx) - - if output, ok := outputRaw.(*ec2.TargetNetwork); ok { - tfresource.SetLastError(err, errors.New(aws.StringValue(output.Status.Message))) - - return output, err - } - - return nil, err -} - -func WaitClientVPNRouteCreated(ctx context.Context, conn *ec2.EC2, endpointID, targetSubnetID, destinationCIDR string, timeout time.Duration) (*ec2.ClientVpnRoute, error) { - stateConf := &retry.StateChangeConf{ - Pending: []string{ec2.ClientVpnRouteStatusCodeCreating}, - Target: []string{ec2.ClientVpnRouteStatusCodeActive}, - Refresh: StatusClientVPNRoute(ctx, conn, endpointID, targetSubnetID, destinationCIDR), - Timeout: timeout, - } - - outputRaw, err := stateConf.WaitForStateContext(ctx) - - if output, ok := outputRaw.(*ec2.ClientVpnRoute); ok { - tfresource.SetLastError(err, errors.New(aws.StringValue(output.Status.Message))) - - return output, err - } - - return nil, err -} - -func WaitClientVPNRouteDeleted(ctx context.Context, conn *ec2.EC2, endpointID, targetSubnetID, destinationCIDR string, timeout time.Duration) (*ec2.ClientVpnRoute, error) { - stateConf := &retry.StateChangeConf{ - Pending: []string{ec2.ClientVpnRouteStatusCodeActive, ec2.ClientVpnRouteStatusCodeDeleting}, - Target: []string{}, - Refresh: StatusClientVPNRoute(ctx, conn, endpointID, targetSubnetID, destinationCIDR), - Timeout: timeout, - } - - outputRaw, err := stateConf.WaitForStateContext(ctx) - - if output, ok := outputRaw.(*ec2.ClientVpnRoute); ok { - tfresource.SetLastError(err, errors.New(aws.StringValue(output.Status.Message))) - - return output, err - } - - return nil, err -} - func WaitFleet(ctx context.Context, conn *ec2.EC2, id string, pending, target []string, timeout, delay time.Duration) (*ec2.FleetData, error) { stateConf := &retry.StateChangeConf{ Pending: pending, diff --git a/internal/service/ec2/waitv2.go b/internal/service/ec2/waitv2.go index 83845be7589..2b0d988ee51 100644 --- a/internal/service/ec2/waitv2.go +++ b/internal/service/ec2/waitv2.go @@ -478,3 +478,165 @@ func waitVPCEndpointServicePrivateDNSNameVerifiedV2(ctx context.Context, conn *e return nil, err } + +func waitClientVPNEndpointDeleted(ctx context.Context, conn *ec2.Client, id string) (*types.ClientVpnEndpoint, error) { + const ( + timeout = 5 * time.Minute + ) + stateConf := &retry.StateChangeConf{ + Pending: enum.Slice(types.ClientVpnEndpointStatusCodeDeleting), + Target: []string{}, + Refresh: statusClientVPNEndpointState(ctx, conn, id), + Timeout: timeout, + } + + outputRaw, err := stateConf.WaitForStateContext(ctx) + + if output, ok := outputRaw.(*types.ClientVpnEndpoint); ok { + tfresource.SetLastError(err, errors.New(aws.ToString(output.Status.Message))) + + return output, err + } + + return nil, err +} + +func waitClientVPNEndpointClientConnectResponseOptionsUpdated(ctx context.Context, conn *ec2.Client, id string) (*types.ClientConnectResponseOptions, error) { + const ( + timeout = 5 * time.Minute + ) + stateConf := &retry.StateChangeConf{ + Pending: enum.Slice(types.ClientVpnEndpointAttributeStatusCodeApplying), + Target: enum.Slice(types.ClientVpnEndpointAttributeStatusCodeApplied), + Refresh: statusClientVPNEndpointClientConnectResponseOptionsState(ctx, conn, id), + Timeout: timeout, + } + + outputRaw, err := stateConf.WaitForStateContext(ctx) + + if output, ok := outputRaw.(*types.ClientConnectResponseOptions); ok { + tfresource.SetLastError(err, errors.New(aws.ToString(output.Status.Message))) + + return output, err + } + + return nil, err +} + +func waitClientVPNAuthorizationRuleCreated(ctx context.Context, conn *ec2.Client, endpointID, targetNetworkCIDR, accessGroupID string, timeout time.Duration) (*types.AuthorizationRule, error) { + stateConf := &retry.StateChangeConf{ + Pending: enum.Slice(types.ClientVpnAuthorizationRuleStatusCodeAuthorizing), + Target: enum.Slice(types.ClientVpnAuthorizationRuleStatusCodeActive), + Refresh: statusClientVPNAuthorizationRule(ctx, conn, endpointID, targetNetworkCIDR, accessGroupID), + Timeout: timeout, + } + + outputRaw, err := stateConf.WaitForStateContext(ctx) + + if output, ok := outputRaw.(*types.AuthorizationRule); ok { + tfresource.SetLastError(err, errors.New(aws.ToString(output.Status.Message))) + + return output, err + } + + return nil, err +} + +func waitClientVPNAuthorizationRuleDeleted(ctx context.Context, conn *ec2.Client, endpointID, targetNetworkCIDR, accessGroupID string, timeout time.Duration) (*types.AuthorizationRule, error) { + stateConf := &retry.StateChangeConf{ + Pending: enum.Slice(types.ClientVpnAuthorizationRuleStatusCodeRevoking), + Target: []string{}, + Refresh: statusClientVPNAuthorizationRule(ctx, conn, endpointID, targetNetworkCIDR, accessGroupID), + Timeout: timeout, + } + + outputRaw, err := stateConf.WaitForStateContext(ctx) + + if output, ok := outputRaw.(*types.AuthorizationRule); ok { + tfresource.SetLastError(err, errors.New(aws.ToString(output.Status.Message))) + + return output, err + } + + return nil, err +} + +func waitClientVPNNetworkAssociationCreated(ctx context.Context, conn *ec2.Client, associationID, endpointID string, timeout time.Duration) (*types.TargetNetwork, error) { + stateConf := &retry.StateChangeConf{ + Pending: enum.Slice(types.AssociationStatusCodeAssociating), + Target: enum.Slice(types.AssociationStatusCodeAssociated), + Refresh: statusClientVPNNetworkAssociation(ctx, conn, associationID, endpointID), + Timeout: timeout, + Delay: 4 * time.Minute, + PollInterval: 10 * time.Second, + } + + outputRaw, err := stateConf.WaitForStateContext(ctx) + + if output, ok := outputRaw.(*types.TargetNetwork); ok { + tfresource.SetLastError(err, errors.New(aws.ToString(output.Status.Message))) + + return output, err + } + + return nil, err +} + +func waitClientVPNNetworkAssociationDeleted(ctx context.Context, conn *ec2.Client, associationID, endpointID string, timeout time.Duration) (*types.TargetNetwork, error) { + stateConf := &retry.StateChangeConf{ + Pending: enum.Slice(types.AssociationStatusCodeDisassociating), + Target: []string{}, + Refresh: statusClientVPNNetworkAssociation(ctx, conn, associationID, endpointID), + Timeout: timeout, + Delay: 4 * time.Minute, + PollInterval: 10 * time.Second, + } + + outputRaw, err := stateConf.WaitForStateContext(ctx) + + if output, ok := outputRaw.(*types.TargetNetwork); ok { + tfresource.SetLastError(err, errors.New(aws.ToString(output.Status.Message))) + + return output, err + } + + return nil, err +} + +func waitClientVPNRouteCreated(ctx context.Context, conn *ec2.Client, endpointID, targetSubnetID, destinationCIDR string, timeout time.Duration) (*types.ClientVpnRoute, error) { + stateConf := &retry.StateChangeConf{ + Pending: enum.Slice(types.ClientVpnRouteStatusCodeCreating), + Target: enum.Slice(types.ClientVpnRouteStatusCodeActive), + Refresh: statusClientVPNRoute(ctx, conn, endpointID, targetSubnetID, destinationCIDR), + Timeout: timeout, + } + + outputRaw, err := stateConf.WaitForStateContext(ctx) + + if output, ok := outputRaw.(*types.ClientVpnRoute); ok { + tfresource.SetLastError(err, errors.New(aws.ToString(output.Status.Message))) + + return output, err + } + + return nil, err +} + +func waitClientVPNRouteDeleted(ctx context.Context, conn *ec2.Client, endpointID, targetSubnetID, destinationCIDR string, timeout time.Duration) (*types.ClientVpnRoute, error) { + stateConf := &retry.StateChangeConf{ + Pending: enum.Slice(types.ClientVpnRouteStatusCodeActive, types.ClientVpnRouteStatusCodeDeleting), + Target: []string{}, + Refresh: statusClientVPNRoute(ctx, conn, endpointID, targetSubnetID, destinationCIDR), + Timeout: timeout, + } + + outputRaw, err := stateConf.WaitForStateContext(ctx) + + if output, ok := outputRaw.(*types.ClientVpnRoute); ok { + tfresource.SetLastError(err, errors.New(aws.ToString(output.Status.Message))) + + return output, err + } + + return nil, err +}