-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
resource/aws_route53_resolver_dnssec_config - new resource #17012
resource/aws_route53_resolver_dnssec_config - new resource #17012
Conversation
35e004f
to
d0a3545
Compare
log.Printf("[DEBUG] Creating Route53 Resolver DNSSEC config: %#v", req) | ||
resp, err := conn.UpdateResolverDnssecConfig(req) | ||
if err != nil { | ||
return fmt.Errorf("error creating Route53 Resolver DNSSEC config: %s", err) |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
|
||
vpc, err := vpcDescribe(ec2Conn, d.Id()) | ||
if err != nil { | ||
return fmt.Errorf("error getting VPC associated with Route53 Resolver DNSSEC config (%s): %s", d.Id(), err) |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
|
||
raw, state, err := route53ResolverDnssecConfigRefresh(conn, d.Id())() | ||
if err != nil { | ||
return fmt.Errorf("error getting Route53 Resolver DNSSEC config (%s): %s", d.Id(), err) |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
return nil | ||
} | ||
if err != nil { | ||
return fmt.Errorf("error deleting Route53 Resolver DNSSEC config (%s): %s", d.Id(), err) |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
MinTimeout: 5 * time.Second, | ||
} | ||
if _, err := stateConf.WaitForState(); err != nil { | ||
return fmt.Errorf("error waiting for Route53 Resolver DNSSEC config (%s) to reach target state: %s", id, err) |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
@shuheiktgw Thanks for the contribution 👏. Overall it looks great. DNSSEC configs seem to have ARNs even though it's not returned in the API. Could you please add a Computed I need to think about the cross-service call to verify the VPC's existence. I see why it is being used but we usually try and avoid such calls. |
return fmt.Errorf("error creating Route53 Resolver DNSSEC config: %s", err) | ||
} | ||
|
||
d.SetId(aws.StringValue(resp.ResolverDNSSECConfig.ResourceId)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use ResolvedDNSSECConfig.Id
as that is the actual resource's ID.
Agree that we should use the resource ID on import as that is what users would expect (as this is surfaced per-VPC in the AWS Console).
It seems that you can update a DNSSEC config even if the associated resource (VPC) has been deleted: $ aws --region us-west-2 route53resolver list-resolver-dnssec-configs
{
"ResolverDnssecConfigs": [
{
"Id": "rdsc-5a4960f0b41d3a5b",
"OwnerId": "123456789012",
"ResourceId": "vpc-0f2f5c603499f6c6b",
"ValidationStatus": "DISABLED"
},
{
"Id": "rdsc-9da58af749336ba",
"OwnerId": "123456789012",
"ResourceId": "vpc-0674233a9456aba43",
"ValidationStatus": "DISABLED"
},
{
"Id": "rdsc-be1866ecc1683e95",
"OwnerId": "123456789012",
"ResourceId": "vpc-0f993cbbf558be638",
"ValidationStatus": "ENABLED"
},
{
"Id": "rdsc-ca0760426d4a326b",
"OwnerId": "123456789012",
"ResourceId": "vpc-09925a270fdbb4206",
"ValidationStatus": "ENABLED"
}
]
}
$ aws --region us-west-2 route53resolver update-resolver-dnssec-config --resource-id "vpc-0f993cbbf558be638" --validation DISABLE
{
"ResolverDNSSECConfig": {
"Id": "rdsc-be1866ecc1683e95",
"OwnerId": "123456789012",
"ResourceId": "vpc-0f993cbbf558be638",
"ValidationStatus": "DISABLING"
}
} I suggest moving the |
06930aa
to
b2a8f22
Compare
b2a8f22
to
e22f485
Compare
@ewbankkit Thank you for your review! I believe I fixed them up so would you review the PR again? 🙏 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
$ make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSRoute53ResolverDnssecConfig_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSRoute53ResolverDnssecConfig_ -timeout 120m
=== RUN TestAccAWSRoute53ResolverDnssecConfig_basic
=== PAUSE TestAccAWSRoute53ResolverDnssecConfig_basic
=== RUN TestAccAWSRoute53ResolverDnssecConfig_disappear
=== PAUSE TestAccAWSRoute53ResolverDnssecConfig_disappear
=== CONT TestAccAWSRoute53ResolverDnssecConfig_basic
=== CONT TestAccAWSRoute53ResolverDnssecConfig_disappear
--- PASS: TestAccAWSRoute53ResolverDnssecConfig_disappear (397.50s)
--- PASS: TestAccAWSRoute53ResolverDnssecConfig_basic (399.44s)
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws 399.527s
LGTM 🚀 Thanks @shuheiktgw! Verified Acceptance Tests in Commercial (us-west-2) make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSRoute53ResolverDnssecConfig_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSRoute53ResolverDnssecConfig_ -timeout 120m
=== RUN TestAccAWSRoute53ResolverDnssecConfig_basic
=== PAUSE TestAccAWSRoute53ResolverDnssecConfig_basic
=== RUN TestAccAWSRoute53ResolverDnssecConfig_disappear
=== PAUSE TestAccAWSRoute53ResolverDnssecConfig_disappear
=== CONT TestAccAWSRoute53ResolverDnssecConfig_basic
=== CONT TestAccAWSRoute53ResolverDnssecConfig_disappear
--- PASS: TestAccAWSRoute53ResolverDnssecConfig_disappear (380.47s)
--- PASS: TestAccAWSRoute53ResolverDnssecConfig_basic (393.46s)
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws 395.145s Verified Acceptance Tests in GovCloud (us-gov-west-1) make testacc TEST=./aws/ TESTARGS='-run=TestAccAWSRoute53ResolverDnssecConfig_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSRoute53ResolverDnssecConfig_ -timeout 120m
=== RUN TestAccAWSRoute53ResolverDnssecConfig_basic
=== PAUSE TestAccAWSRoute53ResolverDnssecConfig_basic
=== RUN TestAccAWSRoute53ResolverDnssecConfig_disappear
=== PAUSE TestAccAWSRoute53ResolverDnssecConfig_disappear
=== CONT TestAccAWSRoute53ResolverDnssecConfig_basic
=== CONT TestAccAWSRoute53ResolverDnssecConfig_disappear
--- PASS: TestAccAWSRoute53ResolverDnssecConfig_disappear (121.67s)
--- PASS: TestAccAWSRoute53ResolverDnssecConfig_basic (123.07s)
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws 124.742s |
Thank you all for your review! |
This has been released in version 3.24.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Closes #16837
Release note for CHANGELOG:
Output from acceptance testing:
Thank you for your review! 👍