Add auto peering for Consul Federation (#154)

* update to hcp-sdk-go 0.10.0

* add auto_hvn_to_hvn_peering

* update docs

* add test

* add to datasource as well

* update notes

* comment on when peering happens

* update guide

* remove unused example

* update docs

* add docs

* riddhis feedback

* Update templates/resources/consul_cluster.md.tmpl

Co-authored-by: Brenna Hewer-Darroch <[email protected]>

* Update templates/guides/consul-federation.md.tmpl

Co-authored-by: Brenna Hewer-Darroch <[email protected]>

* fix docs

Co-authored-by: Brenna Hewer-Darroch <[email protected]>

docs/data-sources/consul_cluster.md

@@ -32,6 +32,7 @@ data "hcp_consul_cluster" "example" {
 
 ### Read-Only
 
+- **auto_hvn_to_hvn_peering** (Boolean) Enables automatic HVN to HVN peering when creating a secondary cluster in a federation.
 - **cloud_provider** (String) The provider where the HCP Consul cluster is located. Only 'aws' is available at this time.
 - **connect_enabled** (Boolean) Denotes the Consul connect feature should be enabled for this cluster.  Default to true.
 - **consul_automatic_upgrades** (Boolean) Denotes that automatic Consul upgrades are enabled.

docs/guides/consul-federation.md

@@ -1,31 +1,40 @@
 ---
 subcategory: ""
-page_title: "Federate HCP Consul clusters - HCP Provider"
+page_title: "Federation with Auto HVN Peering - HCP Provider"
 description: |-
-    An example of federating a new HCP Consul cluster with an existing one.
+    An example of federating a new HCP Consul cluster with an existing one via auto peering.
 ---
 
-# Federate a new HCP Consul cluster with an existing one
+# Federation with Auto HVN Peering
 
 Once you have a HCP Consul cluster, you can create a new Consul cluster to federate with the existing one.
+By providing `auto_hvn_to_hvn_peering` as a parameter on the secondary cluster, the HVNs are being peered
+automatically ensuring full connectivity. This parameter only ever has to be provided on secondary clusters.
 
 ```terraform
-resource "hcp_hvn" "example" {
-  hvn_id         = var.hvn_id
+resource "hcp_hvn" "primary" {
+  hvn_id         = var.primary_hvn_id
   cloud_provider = var.cloud_provider
-  region         = var.region
+  region         = var.primary_region
+}
+
+resource "hcp_hvn" "secondary" {
+  hvn_id         = var.secondary_hvn_id
+  cloud_provider = var.cloud_provider
+  region         = var.secondary_region
 }
 
 resource "hcp_consul_cluster" "primary" {
-  hvn_id     = hcp_hvn.example.hvn_id
+  hvn_id     = hcp_hvn.primary.hvn_id
   cluster_id = var.primary_cluster_id
   tier       = "development"
 }
 
 resource "hcp_consul_cluster" "secondary" {
-  hvn_id       = hcp_hvn.example.hvn_id
-  cluster_id   = var.secondary_cluster_id
-  tier         = "development"
-  primary_link = hcp_consul_cluster.primary.self_link
+  hvn_id                  = hcp_hvn.secondary.hvn_id
+  cluster_id              = var.secondary_cluster_id
+  tier                    = "development"
+  primary_link            = hcp_consul_cluster.primary.self_link
+  auto_hvn_to_hvn_peering = true
 }
-```
+```

docs/resources/consul_cluster.md

@@ -7,7 +7,7 @@ description: |-
 
 # hcp_consul_cluster (Resource)
 
--> **Note:** The `primary_link` attribute is related to federation, a feature that is currently in private beta.
+-> **Note:** The `primary_link` and `auto_hvn_to_hvn_peering` attributes are related to federation, a feature that is currently in private beta.
 
 -> **Note:** The `plus` tier is currently in private beta.
 
@@ -41,6 +41,7 @@ resource "hcp_consul_cluster" "example" {
 
 ### Optional
 
+- **auto_hvn_to_hvn_peering** (Boolean) Enables automatic HVN to HVN peering when creating a secondary cluster in a federation.
 - **connect_enabled** (Boolean) Denotes the Consul connect feature should be enabled for this cluster.  Default to true.
 - **datacenter** (String) The Consul data center name of the cluster. If not specified, it is defaulted to the value of `cluster_id`.
 - **id** (String) The ID of this resource.
@@ -86,4 +87,4 @@ Import is supported using the following syntax:
 ```shell
 # The import ID is {cluster_id}
 terraform import hcp_consul_cluster.example consul-cluster
-```
+```

examples/guides/consul_cluster_federation/main.tf

@@ -1,18 +1,25 @@
-resource "hcp_hvn" "example" {
-  hvn_id         = var.hvn_id
+resource "hcp_hvn" "primary" {
+  hvn_id         = var.primary_hvn_id
   cloud_provider = var.cloud_provider
-  region         = var.region
+  region         = var.primary_region
+}
+
+resource "hcp_hvn" "secondary" {
+  hvn_id         = var.secondary_hvn_id
+  cloud_provider = var.cloud_provider
+  region         = var.secondary_region
 }
 
 resource "hcp_consul_cluster" "primary" {
-  hvn_id     = hcp_hvn.example.hvn_id
+  hvn_id     = hcp_hvn.primary.hvn_id
   cluster_id = var.primary_cluster_id
   tier       = "development"
 }
 
 resource "hcp_consul_cluster" "secondary" {
-  hvn_id       = hcp_hvn.example.hvn_id
-  cluster_id   = var.secondary_cluster_id
-  tier         = "development"
-  primary_link = hcp_consul_cluster.primary.self_link
+  hvn_id                  = hcp_hvn.secondary.hvn_id
+  cluster_id              = var.secondary_cluster_id
+  tier                    = "development"
+  primary_link            = hcp_consul_cluster.primary.self_link
+  auto_hvn_to_hvn_peering = true
 }

examples/guides/consul_cluster_federation/variables.tf

@@ -1,5 +1,10 @@
-variable "hvn_id" {
-  description = "The ID of the HCP HVN."
+variable "primary_hvn_id" {
+  description = "The ID of the primary HCP HVN."
+  type        = string
+}
+
+variable "secondary_hvn_id" {
+  description = "The ID of the secondary HCP HVN."
   type        = string
 }
 
@@ -8,8 +13,13 @@ variable "cloud_provider" {
   type        = string
 }
 
-variable "region" {
-  description = "The region of the HCP HVN and Consul cluster."
+variable "primary_region" {
+  description = "The region of the HCP HVN and primary Consul cluster."
+  type        = string
+}
+
+variable "secondary_region" {
+  description = "The region of the HCP HVN and secondary Consul cluster."
   type        = string
 }
 

go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/google/uuid v1.2.0
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/hcl/v2 v2.8.2 // indirect
-	github.com/hashicorp/hcp-sdk-go v0.9.0
+	github.com/hashicorp/hcp-sdk-go v0.10.0
 	github.com/hashicorp/terraform-exec v0.13.3 // indirect
 	github.com/hashicorp/terraform-plugin-docs v0.4.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.5.0

go.sum

@@ -351,8 +351,8 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/hcl/v2 v2.3.0/go.mod h1:d+FwDBbOLvpAM3Z6J7gPj/VoAGkNe/gm352ZhjJ/Zv8=
 github.com/hashicorp/hcl/v2 v2.8.2 h1:wmFle3D1vu0okesm8BTLVDyJ6/OL9DCLUwn0b2OptiY=
 github.com/hashicorp/hcl/v2 v2.8.2/go.mod h1:bQTN5mpo+jewjJgh8jr0JUguIi7qPHUF6yIfAEN3jqY=
-github.com/hashicorp/hcp-sdk-go v0.9.0 h1:vwwIuCJO4dDRpMW5lhogc8TPtE3EiDVHF0u8iIklcQ4=
-github.com/hashicorp/hcp-sdk-go v0.9.0/go.mod h1:Tm9BAlTkp6jknZ0YNxF/556JBC/meCN1LUmWFN38HsU=
+github.com/hashicorp/hcp-sdk-go v0.10.0 h1:RB2GD9orNtINInggRmsw1iC4ODj5X7JagXK5CY+7Db4=
+github.com/hashicorp/hcp-sdk-go v0.10.0/go.mod h1:Tm9BAlTkp6jknZ0YNxF/556JBC/meCN1LUmWFN38HsU=
 github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/terraform-exec v0.12.0/go.mod h1:SGhto91bVRlgXQWcJ5znSz+29UZIa8kpBbkGwQ+g9E8=

internal/provider/data_source_consul_cluster.go

@@ -132,6 +132,11 @@ func dataSourceConsulCluster() *schema.Resource {
 				Type:        schema.TypeString,
 				Computed:    true,
 			},
+			"auto_hvn_to_hvn_peering": {
+				Description: "Enables automatic HVN to HVN peering when creating a secondary cluster in a federation.",
+				Type:        schema.TypeBool,
+				Computed:    true,
+			},
 		},
 	}
 }

internal/provider/resource_consul_cluster.go

@@ -129,6 +129,13 @@ func resourceConsulCluster() *schema.Resource {
 					return strings.ToLower(old) == strings.ToLower(new)
 				},
 			},
+			"auto_hvn_to_hvn_peering": {
+				Description: "Enables automatic HVN to HVN peering when creating a secondary cluster in a federation.",
+				Type:        schema.TypeBool,
+				Optional:    true,
+				ForceNew:    true,
+				Computed:    true,
+			},
 			// computed outputs
 			"organization_id": {
 				Description: "The ID of the organization this HCP Consul cluster is located in.",
@@ -296,6 +303,10 @@ func resourceConsulClusterCreate(ctx context.Context, d *schema.ResourceData, me
 	connectEnabled := d.Get("connect_enabled").(bool)
 	publicEndpoint := d.Get("public_endpoint").(bool)
 
+	// Enabling auto peering will peer this cluster's HVN with every other HVN with members in this federation.
+	// The peering happens within the secondary cluster create operation.
+	autoHvnToHvnPeering := d.Get("auto_hvn_to_hvn_peering").(bool)
+
 	log.Printf("[INFO] Creating Consul cluster (%s)", clusterID)
 
 	consulCuster := &consulmodels.HashicorpCloudConsul20210204Cluster{
@@ -314,6 +325,7 @@ func resourceConsulClusterCreate(ctx context.Context, d *schema.ResourceData, me
 				Network: newLink(loc, "hvn", hvnID),
 				Private: !publicEndpoint,
 			},
+			AutoHvnToHvnPeering: autoHvnToHvnPeering,
 		},
 		ConsulVersion: consulVersion,
 		ID:            clusterID,
@@ -449,6 +461,10 @@ func setConsulClusterResourceData(d *schema.ResourceData, cluster *consulmodels.
 		return err
 	}
 
+	if err := d.Set("auto_hvn_to_hvn_peering", cluster.Config.AutoHvnToHvnPeering); err != nil {
+		return err
+	}
+
 	if publicEndpoint {
 		// No port needed to communicate with HCP Consul via HTTPS
 		if err := d.Set("consul_public_endpoint_url", fmt.Sprintf("https://%s", cluster.DNSNames.Public)); err != nil {

internal/provider/resource_consul_cluster_test.go

@@ -61,6 +61,7 @@ func TestAccConsulCluster(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "consul_snapshot_interval", "24h"),
 					resource.TestCheckResourceAttr(resourceName, "consul_snapshot_retention", "30d"),
 					resource.TestCheckResourceAttr(resourceName, "connect_enabled", "true"),
+					resource.TestCheckResourceAttr(resourceName, "auto_hvn_to_hvn_peering", "false"),
 					resource.TestCheckResourceAttrSet(resourceName, "organization_id"),
 					resource.TestCheckResourceAttrSet(resourceName, "project_id"),
 					resource.TestCheckResourceAttrSet(resourceName, "consul_config_file"),

templates/guides/consul-federation.md.tmpl

@@ -1,12 +1,14 @@
 ---
 subcategory: ""
-page_title: "Federate HCP Consul clusters - HCP Provider"
+page_title: "Federation with Auto HVN Peering - HCP Provider"
 description: |-
-    An example of federating a new HCP Consul cluster with an existing one.
+    An example of federating a new HCP Consul cluster with an existing one via auto peering.
 ---
 
-# Federate a new HCP Consul cluster with an existing one
+# Federation with Auto HVN Peering
 
 Once you have a HCP Consul cluster, you can create a new Consul cluster to federate with the existing one.
+By providing `auto_hvn_to_hvn_peering` as a parameter on the secondary cluster, the HVNs are being peered
+automatically ensuring full connectivity. This parameter only ever has to be provided on secondary clusters.
 
-{{ tffile "examples/guides/consul_cluster_federation/main.tf" }}
+{{ tffile "examples/guides/consul_cluster_federation/main.tf" }}

templates/resources/consul_cluster.md.tmpl

@@ -7,7 +7,7 @@ description: |-
 
 # {{.Type}} ({{.Name}})
 
--> **Note:** The `primary_link` attribute is related to federation, a feature that is currently in private beta.
+-> **Note:** The `primary_link` and `auto_hvn_to_hvn_peering` attributes are related to federation, a feature that is currently in private beta.
 
 -> **Note:** The `plus` tier is currently in private beta.
 
@@ -23,4 +23,4 @@ description: |-
 
 Import is supported using the following syntax:
 
-{{ codefile "shell" "examples/resources/hcp_consul_cluster/import.sh" }}
+{{ codefile "shell" "examples/resources/hcp_consul_cluster/import.sh" }}