Skip to content

Commit

Permalink
HCCP-138 breaking changes for Peering and TGW attachment (#128)
Browse files Browse the repository at this point in the history
* HCCP-138 required id and removed cidr from peering

* HCCP-138 fixed tgw-attachment resource import

* HCCP-138 removed cidrs from tgw-attachment

* bonus: drop deleted guide example

* update peering examples in guides

Co-authored-by: Brenna Hewer-Darroch <[email protected]>
  • Loading branch information
smaant and bcmdarroch committed Jun 4, 2021
1 parent 19091f2 commit d8f57dd
Show file tree
Hide file tree
Showing 17 changed files with 118 additions and 130 deletions.
1 change: 0 additions & 1 deletion docs/data-sources/aws_network_peering.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ data "hcp_aws_network_peering" "test" {
- **expires_at** (String) The time after which the network peering will be considered expired if it hasn't transitioned into `ACCEPTED` or `ACTIVE` state.
- **organization_id** (String) The ID of the HCP organization where the network peering is located. Always matches the HVN's organization.
- **peer_account_id** (String) The account ID of the peer VPC in AWS.
- **peer_vpc_cidr_block** (String) The CIDR range of the peer VPC in AWS.
- **peer_vpc_id** (String) The ID of the peer VPC in AWS.
- **peer_vpc_region** (String) The region of the peer VPC in AWS.
- **project_id** (String) The ID of the HCP project where the network peering is located. Always matches the HVN's project.
Expand Down
1 change: 0 additions & 1 deletion docs/data-sources/aws_transit_gateway_attachment.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ data "hcp_aws_transit_gateway_attachment" "test" {
### Read-Only

- **created_at** (String) The time that the transit gateway attachment was created.
- **destination_cidrs** (List of String) The list of associated CIDR ranges. Traffic from these CIDRs will be allowed for all resources in the HVN. Traffic to these CIDRs will be routed into this transit gateway attachment.
- **expires_at** (String) The time after which the transit gateway attachment will be considered expired if it hasn't transitioned into `ACCEPTED` or `ACTIVE` state.
- **organization_id** (String) The ID of the HCP organization where the transit gateway attachment is located. Always matches the HVN's organization.
- **project_id** (String) The ID of the HCP project where the transit gateway attachment is located. Always matches the HVN's project.
Expand Down
19 changes: 13 additions & 6 deletions docs/guides/peering.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,19 @@ resource "aws_vpc" "peer" {
// Create an HCP network peering to peer your HVN with your AWS VPC.
resource "hcp_aws_network_peering" "example" {
peering_id = var.peer_id
hvn_id = hcp_hvn.example.hvn_id
peer_vpc_id = aws_vpc.peer.id
peer_account_id = aws_vpc.peer.owner_id
peer_vpc_region = var.region
peer_vpc_cidr_block = aws_vpc.peer.cidr_block
peering_id = var.peer_id
hvn_id = hcp_hvn.example.hvn_id
peer_vpc_id = aws_vpc.peer.id
peer_account_id = aws_vpc.peer.owner_id
peer_vpc_region = var.region
}
// Create an HVN route that targets your HCP network peering and matches your AWS VPC's CIDR block
resource "hcp_hvn_route" "example" {
hvn_link = hcp_hvn.hvn.self_link
hvn_route_id = var.route_id
destination_cidr = aws_vpc.peer.cidr_block
target_link = hcp_aws_network_peering.example.self_link
}
// Accept the VPC peering within your AWS account.
Expand Down
20 changes: 14 additions & 6 deletions docs/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -73,12 +73,20 @@ resource "aws_vpc_peering_connection_accepter" "main" {
}
// Create a network peering between the HVN and the AWS VPC
resource "hcp_aws_network_peering" "example_peering" {
hvn_id = hcp_hvn.example_hvn.hvn_id
peer_vpc_id = aws_vpc.main.id
peer_account_id = aws_vpc.main.owner_id
peer_vpc_region = data.aws_arn.main.region
peer_vpc_cidr_block = aws_vpc.main.cidr_block
resource "hcp_aws_network_peering" "example" {
hvn_id = hcp_hvn.example_hvn.hvn_id
peering_id = "hcp-tf-example-peering"
peer_vpc_id = aws_vpc.main.id
peer_account_id = aws_vpc.main.owner_id
peer_vpc_region = data.aws_arn.main.region
}
// Create an HVN route that targets your HCP network peering and matches your AWS VPC's CIDR block
resource "hcp_hvn_route" "example" {
hvn_link = hcp_hvn.hvn.self_link
hvn_route_id = "hcp-tf-example-hvn-route"
destination_cidr = aws_vpc.main.cidr_block
target_link = hcp_aws_network_peering.example.self_link
}
// Create a Consul cluster in the same region and cloud provider as the HVN
Expand Down
24 changes: 15 additions & 9 deletions docs/resources/aws_network_peering.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,16 +32,23 @@ data "aws_arn" "peer" {
arn = aws_vpc.peer.arn
}
resource "hcp_aws_network_peering" "peer" {
hvn_id = hcp_hvn.main.hvn_id
peer_vpc_id = aws_vpc.peer.id
peer_account_id = aws_vpc.peer.owner_id
peer_vpc_region = data.aws_arn.peer.region
peer_vpc_cidr_block = aws_vpc.peer.cidr_block
resource "hcp_aws_network_peering" "dev" {
hvn_id = hcp_hvn.main.hvn_id
peering_id = "dev"
peer_vpc_id = aws_vpc.peer.id
peer_account_id = aws_vpc.peer.owner_id
peer_vpc_region = data.aws_arn.peer.region
}
resource "hcp_hvn_route" "main-to-dev" {
hvn_link = hcp_hvn.main.self_link
hvn_route_id = "main-to-dev"
destination_cidr = "172.31.0.0/16"
target_link = hcp_aws_network_peering.dev.self_link
}
resource "aws_vpc_peering_connection_accepter" "peer" {
vpc_peering_connection_id = hcp_aws_network_peering.peer.provider_peering_id
vpc_peering_connection_id = hcp_aws_network_peering.dev.provider_peering_id
auto_accept = true
}
```
Expand All @@ -53,14 +60,13 @@ resource "aws_vpc_peering_connection_accepter" "peer" {

- **hvn_id** (String) The ID of the HashiCorp Virtual Network (HVN).
- **peer_account_id** (String) The account ID of the peer VPC in AWS.
- **peer_vpc_cidr_block** (String) The CIDR range of the peer VPC in AWS.
- **peer_vpc_id** (String) The ID of the peer VPC in AWS.
- **peer_vpc_region** (String) The region of the peer VPC in AWS.
- **peering_id** (String) The ID of the network peering.

### Optional

- **id** (String) The ID of this resource.
- **peering_id** (String) The ID of the network peering.
- **timeouts** (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))

### Read-Only
Expand Down
9 changes: 7 additions & 2 deletions docs/resources/aws_transit_gateway_attachment.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,13 @@ resource "hcp_aws_transit_gateway_attachment" "example" {
transit_gateway_attachment_id = "example-tgw-attachment"
transit_gateway_id = aws_ec2_transit_gateway.example.id
resource_share_arn = aws_ram_resource_share.example.arn
destination_cidrs = [aws_vpc.example.cidr_block]
}
resource "hcp_hvn_route" "route" {
hvn_link = hcp_hvn.main.self_link
hvn_route_id = "hvn-to-tgw-attachment"
destination_cidr = aws_vpc.example.cidr_block
target_link = hcp_aws_transit_gateway_attachment.example.self_link
}
resource "aws_ec2_transit_gateway_vpc_attachment_accepter" "example" {
Expand All @@ -75,7 +81,6 @@ resource "aws_ec2_transit_gateway_vpc_attachment_accepter" "example" {

### Required

- **destination_cidrs** (List of String) The list of associated CIDR ranges. Traffic from these CIDRs will be allowed for all resources in the HVN. Traffic to these CIDRs will be routed into this transit gateway attachment.
- **hvn_id** (String) The ID of the HashiCorp Virtual Network (HVN).
- **resource_share_arn** (String, Sensitive) The Amazon Resource Name (ARN) of the Resource Share that is needed to grant HCP access to the transit gateway in AWS. The Resource Share should be associated with the HCP AWS account principal (see [aws_ram_principal_association](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_principal_association)) and the transit gateway resource (see [aws_ram_resource_association](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ram_resource_association))
- **transit_gateway_attachment_id** (String) The user-settable name of the transit gateway attachment in HCP.
Expand Down
19 changes: 13 additions & 6 deletions examples/guides/peering/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,19 @@ resource "aws_vpc" "peer" {

// Create an HCP network peering to peer your HVN with your AWS VPC.
resource "hcp_aws_network_peering" "example" {
peering_id = var.peer_id
hvn_id = hcp_hvn.example.hvn_id
peer_vpc_id = aws_vpc.peer.id
peer_account_id = aws_vpc.peer.owner_id
peer_vpc_region = var.region
peer_vpc_cidr_block = aws_vpc.peer.cidr_block
peering_id = var.peer_id
hvn_id = hcp_hvn.example.hvn_id
peer_vpc_id = aws_vpc.peer.id
peer_account_id = aws_vpc.peer.owner_id
peer_vpc_region = var.region
}

// Create an HVN route that targets your HCP network peering and matches your AWS VPC's CIDR block
resource "hcp_hvn_route" "example" {
hvn_link = hcp_hvn.hvn.self_link
hvn_route_id = var.route_id
destination_cidr = aws_vpc.peer.cidr_block
target_link = hcp_aws_network_peering.example.self_link
}

// Accept the VPC peering within your AWS account.
Expand Down
5 changes: 5 additions & 0 deletions examples/guides/peering/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,8 @@ variable "peer_id" {
description = "The ID to use for the HCP network peering."
type = string
}

variable "route_id" {
description = "The ID to use for the HCP HVN route."
type = string
}
1 change: 0 additions & 1 deletion examples/guides/quick_start/_config.tf

This file was deleted.

20 changes: 0 additions & 20 deletions examples/guides/quick_start/main.tf

This file was deleted.

20 changes: 14 additions & 6 deletions examples/provider/provider.tf
Original file line number Diff line number Diff line change
Expand Up @@ -39,12 +39,20 @@ resource "aws_vpc_peering_connection_accepter" "main" {
}

// Create a network peering between the HVN and the AWS VPC
resource "hcp_aws_network_peering" "example_peering" {
hvn_id = hcp_hvn.example_hvn.hvn_id
peer_vpc_id = aws_vpc.main.id
peer_account_id = aws_vpc.main.owner_id
peer_vpc_region = data.aws_arn.main.region
peer_vpc_cidr_block = aws_vpc.main.cidr_block
resource "hcp_aws_network_peering" "example" {
hvn_id = hcp_hvn.example_hvn.hvn_id
peering_id = "hcp-tf-example-peering"
peer_vpc_id = aws_vpc.main.id
peer_account_id = aws_vpc.main.owner_id
peer_vpc_region = data.aws_arn.main.region
}

// Create an HVN route that targets your HCP network peering and matches your AWS VPC's CIDR block
resource "hcp_hvn_route" "example" {
hvn_link = hcp_hvn.hvn.self_link
hvn_route_id = "hcp-tf-example-hvn-route"
destination_cidr = aws_vpc.main.cidr_block
target_link = hcp_aws_network_peering.example.self_link
}

// Create a Consul cluster in the same region and cloud provider as the HVN
Expand Down
21 changes: 14 additions & 7 deletions examples/resources/hcp_aws_network_peering/resource.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,22 @@ data "aws_arn" "peer" {
arn = aws_vpc.peer.arn
}

resource "hcp_aws_network_peering" "peer" {
hvn_id = hcp_hvn.main.hvn_id
peer_vpc_id = aws_vpc.peer.id
peer_account_id = aws_vpc.peer.owner_id
peer_vpc_region = data.aws_arn.peer.region
peer_vpc_cidr_block = aws_vpc.peer.cidr_block
resource "hcp_aws_network_peering" "dev" {
hvn_id = hcp_hvn.main.hvn_id
peering_id = "dev"
peer_vpc_id = aws_vpc.peer.id
peer_account_id = aws_vpc.peer.owner_id
peer_vpc_region = data.aws_arn.peer.region
}

resource "hcp_hvn_route" "main-to-dev" {
hvn_link = hcp_hvn.main.self_link
hvn_route_id = "main-to-dev"
destination_cidr = "172.31.0.0/16"
target_link = hcp_aws_network_peering.dev.self_link
}

resource "aws_vpc_peering_connection_accepter" "peer" {
vpc_peering_connection_id = hcp_aws_network_peering.peer.provider_peering_id
vpc_peering_connection_id = hcp_aws_network_peering.dev.provider_peering_id
auto_accept = true
}
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,13 @@ resource "hcp_aws_transit_gateway_attachment" "example" {
transit_gateway_attachment_id = "example-tgw-attachment"
transit_gateway_id = aws_ec2_transit_gateway.example.id
resource_share_arn = aws_ram_resource_share.example.arn
destination_cidrs = [aws_vpc.example.cidr_block]
}

resource "hcp_hvn_route" "route" {
hvn_link = hcp_hvn.main.self_link
hvn_route_id = "hvn-to-tgw-attachment"
destination_cidr = aws_vpc.example.cidr_block
target_link = hcp_aws_transit_gateway_attachment.example.self_link
}

resource "aws_ec2_transit_gateway_vpc_attachment_accepter" "example" {
Expand Down
5 changes: 0 additions & 5 deletions internal/provider/data_source_aws_network_peering.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,11 +57,6 @@ func dataSourceAwsNetworkPeering() *schema.Resource {
Type: schema.TypeString,
Computed: true,
},
"peer_vpc_cidr_block": {
Description: "The CIDR range of the peer VPC in AWS.",
Type: schema.TypeString,
Computed: true,
},
"provider_peering_id": {
Description: "The peering connection ID used by AWS.",
Type: schema.TypeString,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,14 +55,6 @@ func dataSourceAwsTransitGatewayAttachment() *schema.Resource {
Type: schema.TypeString,
Computed: true,
},
"destination_cidrs": {
Description: "The list of associated CIDR ranges. Traffic from these CIDRs will be allowed for all resources in the HVN. Traffic to these CIDRs will be routed into this transit gateway attachment.",
Type: schema.TypeList,
Elem: &schema.Schema{
Type: schema.TypeString,
},
Computed: true,
},
"provider_transit_gateway_attachment_id": {
Description: "The transit gateway attachment ID used by AWS.",
Type: schema.TypeString,
Expand Down
30 changes: 8 additions & 22 deletions internal/provider/resource_aws_network_peering.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import (
sharedmodels "github.com/hashicorp/hcp-sdk-go/clients/cloud-shared/v1/models"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"

"github.com/hashicorp/terraform-provider-hcp/internal/clients"
)

Expand Down Expand Up @@ -45,6 +45,13 @@ func resourceAwsNetworkPeering() *schema.Resource {
ForceNew: true,
ValidateDiagFunc: validateSlugID,
},
"peering_id": {
Description: "The ID of the network peering.",
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateDiagFunc: validateSlugID,
},
"peer_account_id": {
Description: "The account ID of the peer VPC in AWS.",
Type: schema.TypeString,
Expand All @@ -66,22 +73,6 @@ func resourceAwsNetworkPeering() *schema.Resource {
return strings.ToLower(old) == strings.ToLower(new)
},
},
"peer_vpc_cidr_block": {
Description: "The CIDR range of the peer VPC in AWS.",
Type: schema.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validation.IsCIDR,
},
// Optional inputs
"peering_id": {
Description: "The ID of the network peering.",
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Computed: true,
ValidateDiagFunc: validateSlugID,
},
// Computed outputs
"organization_id": {
Description: "The ID of the HCP organization where the network peering is located. Always matches the HVN's organization.",
Expand Down Expand Up @@ -125,7 +116,6 @@ func resourceAwsNetworkPeeringCreate(ctx context.Context, d *schema.ResourceData
peerAccountID := d.Get("peer_account_id").(string)
peerVpcID := d.Get("peer_vpc_id").(string)
peerVpcRegion := d.Get("peer_vpc_region").(string)
peerVpcCidr := d.Get("peer_vpc_cidr_block").(string)

loc := &sharedmodels.HashicorpCloudLocationLocation{
OrganizationID: client.Config.OrganizationID,
Expand Down Expand Up @@ -174,7 +164,6 @@ func resourceAwsNetworkPeeringCreate(ctx context.Context, d *schema.ResourceData
AccountID: peerAccountID,
VpcID: peerVpcID,
Region: peerVpcRegion,
Cidr: peerVpcCidr,
},
},
},
Expand Down Expand Up @@ -316,9 +305,6 @@ func setPeeringResourceData(d *schema.ResourceData, peering *networkmodels.Hashi
if err := d.Set("peer_vpc_region", peering.Target.AwsTarget.Region); err != nil {
return err
}
if err := d.Set("peer_vpc_cidr_block", peering.Target.AwsTarget.Cidr); err != nil {
return err
}
if err := d.Set("organization_id", peering.Hvn.Location.OrganizationID); err != nil {
return err
}
Expand Down
Loading

0 comments on commit d8f57dd

Please sign in to comment.