HCCP-138 breaking changes for Peering and TGW attachment #128

smaant · 2021-05-21T19:48:24Z

🛠️ Description

This PR introduces a few breaking changes:

hcp_aws_network_peering resource now requires peering_id to be specified and doesn't accept peer_vpc_cidr_block
hcp_aws_network_peering datasource no longer returns peer_vpc_cidr_block
hcp_aws_transit_gateway_attachment resource doesn't accept destination_cidrs anymore
hcp_aws_transit_gateway_attachment datasource no longer returns destination_cidrs

In order to associate CIDRs with Peerings and TGW attachments one would have to use hcp_hvn_route resource, example:

resource "hcp_hvn_route" "hvn-to-peering" {
  hvn_link = hcp_hvn.hvn.self_link
  hvn_route_id = "hvn-to-peering"
  destination_cidr = "10.1.0.0/24"
  target_link = hcp_aws_network_peering.prod.self_link
}

Migrating existing Terraform managed Peerings and TGW attachments

There are two ways to migrate existing Peerings and TGW attachments managed by Terraform:

Recreate Resources with Updated Schema
- This option is quicker but will result in downtime and possible data loss. Best for test environments. Will allow you to specify human-readable ids for the resources.
- Comment out all hcp_aws_network_peering and hcp_aws_transit_gateway_attachment resources.
- Run terraform apply to destroy currently existing connections.
- Uncomment and update all hcp_aws_network_peering and hcp_aws_transit_gateway_attachment resource definitions to match the new schema.
- Add corresponding hcp_hvn_route resources for each CIDR targeting corresponding peering connections or transit gateway attachment.
- Run terraform apply to recreate connections.
Re-Import with Updated Syntax:
- This option allows you to avoid downtime or data loss.
- Update any hcp_aws_network_peering and hcp_aws_transit_gateway_attachment resource definitions to match the new schema. All values needed can be found on the details pages of Peerings and TGW attachment in the HCP UI.
- Add corresponding hcp_hvn_route resources for each CIDR targeting corresponding peering connections or transit gateway attachments.
- Run terraform import hcp_hvn_route.<route-name> <hvn-id>:<hvn-route-id> for each hcp_hvn_route. <hvn-route-id> can be found on the details pages of the corresponding HVN connection in the HCP UI.
- Run terraform plan and make sure that there are no changes detected by the Terraform.

Example of Re-Importing Peering:
Given:

resource "hcp_hvn" "hvn" {
  hvn_id = "prod-hvn"
  region = "us-west-2"
  cloud_provider = "aws"
}

resource "hcp_aws_network_peering" "peering" {
  hvn_id = hcp_hvn.hvn.hvn_id
  peer_vpc_id = "vpc-845f29fc"
  peer_account_id = "572816266891"
  peer_vpc_region = "us-west-2"
  peer_vpc_cidr_block = "172.31.0.0/16"
}

Rewrite it to the new schema and add corresponding HVN route:

resource "hcp_hvn" "hvn" {
  hvn_id = "prod-hvn"
  region = "us-west-2"
  cloud_provider = "aws"
}

resource "hcp_aws_network_peering" "peering" {
  hvn_id = hcp_hvn.hvn.hvn_id
  // add `peering_id` that you can find in the HCP UI
  peering_id = "f03324a9-4377-4a54-9c15-958fd07ad77b"
  peer_vpc_id = "vpc-845f29fc"
  peer_account_id = "572816266891"
  peer_vpc_region = "us-west-2"
  // remove `peer_vpc_cidr_block`
  // peer_vpc_cidr_block = "172.31.0.0/16"
}

// Add a `hcp_hvn_route` resource for the peering's cidr
resource "hcp_hvn_route" "peering-route" {
  hvn_link = hcp_hvn.hvn.self_link
  // you can find this id in the HCP UI in the peering details page in the list of Routes
  hvn_route_id = "a8dda9a8-0f69-4fa0-b38c-55be302fdddb"
  destination_cidr = "172.31.0.0/16"
  target_link = hcp_aws_network_peering.peering.self_link
}

Run import for the hcp_hvn_route:

$ terraform import hcp_hvn_route.peering-route prod-hvn:a8dda9a8-0f69-4fa0-b38c-55be302fdddb

Run terraform plan to make sure there are no changes detected by the Terraform:

$ terraform plan
No changes. Infrastructure is up-to-date.

Example of Re-Importing TGW Attachment:
Given:

resource "hcp_hvn" "hvn" {
  hvn_id = "prod-hvn"
  region = "us-west-2"
  cloud_provider = "aws"
}

resource "hcp_aws_transit_gateway_attachment" "prod" {
  hvn_id                        = hcp_hvn.hvn.hvn_id
  transit_gateway_attachment_id = "prod-tgw-attachment"
  transit_gateway_id            = "tgw-0ee94b1a1167cf89d"
  resource_share_arn            = "arn:aws:ram:us-west-2:..."
  destination_cidrs             = ["10.1.0.0/24", "10.2.0.0/24"]
}

Rewrite it to the new schema and add corresponding HVN route:

resource "hcp_hvn" "hvn" {
  hvn_id = "prod-hvn"
  region = "us-west-2"
  cloud_provider = "aws"
}

resource "hcp_aws_transit_gateway_attachment" "prod" {
  hvn_id                        = hcp_hvn.hvn.hvn_id
  transit_gateway_attachment_id = "prod-tgw-attachment"
  transit_gateway_id            = "tgw-0ee94b1a1167cf89d"
  resource_share_arn            = "arn:aws:ram:us-west-2:..."
  // remove `destination_cidrs`
  // destination_cidrs             = ["10.1.0.0/24", "10.2.0.0/24"]
}

// add `hcp_hvn_route` for each cidr associated with the TGW attachment
resource "hcp_hvn_route" "tgw-route-1" {
  hvn_link = hcp_hvn.hvn.self_link
  // you can find this id in the HCP UI in the TGW attachment details page in the list of Routes
  hvn_route_id = "35392425-215a-44ec-bbd0-051bb777ce5f"
  destination_cidr = "10.1.0.0/24"
  target_link = hcp_aws_transit_gateway_attachment.prod.self_link
}

resource "hcp_hvn_route" "tgw-route-2" {
  hvn_link = hcp_hvn.hvn.self_link
  // you can find this id in the HCP UI in the TGW attachment details page in the list of Routes
  hvn_route_id = "9867959a-d81b-4e52-ae8e-ca56f9dd06fc"
  destination_cidr = "10.2.0.0/24"
  target_link = hcp_aws_transit_gateway_attachment.prod.self_link
}

Run import for each hcp_hvn_route you've added:

$ terraform import hcp_hvn_route.tgw-route-1 prod-hvn:35392425-215a-44ec-bbd0-051bb777ce5f
...

$ terraform import hcp_hvn_route.tgw-route-2 prod-hvn:9867959a-d81b-4e52-ae8e-ca56f9dd06fc
...

Run terraform plan to make sure there are no changes detected by the Terraform:

$ terraform plan
No changes. Infrastructure is up-to-date.

xargs-P · 2021-05-21T23:12:24Z

Well written @smaant 💪 ,as hvn_routes are a new concept to users. In your description can you refer/link to the docs for that?
Come to think of it 🤔 is hvn routes commited yet?

Either way, I am thinking...

It would be good to have your description point to that hvn route documentation so the change log will have good pointers .
The README.md example updated to reflect the new changes.
Create an update or migration guide doc, containing the details of your PR description . This will help with users who may not visit the github changelog page. CC @bcmdarroch from the conversation on the other doc. You may be doing this in another PR.

bcmdarroch

Excellent work! 👍 We paired on testing all the migration steps and they worked as expected. ✅

smaant · 2021-05-24T18:06:40Z

@xargs-P I've updated description to include a link to the hcp_hvn_route doc, which is still only on this feature branch but it should be enough for now. I think Brenna took care of the rest of your suggestions. Gonna merge this into the feature-hvn-routes branch where we collect all hvn-routes related changes. This PR will be closed but still available via the link.

* HCCP-138 required id and removed cidr from peering * HCCP-138 fixed tgw-attachment resource import * HCCP-138 removed cidrs from tgw-attachment * bonus: drop deleted guide example * update peering examples in guides Co-authored-by: Brenna Hewer-Darroch <[email protected]>

* HCCP-91 HVN route resource (#122) * added create, scaffolded read and delete for hvn route resource * Adds delete for HVN route resource * Adds hvn route import function * Handle both peering and tgw attachment resource types in HVN route resources * Regenerate docs, add example s for hvn route resource * Re-run go generate after adding example * ACreate hvn route function checks for target existence before proceeding * Add peering to example for hvn route, regenerate docs * Resolves comments - better logging and commenting for HVN route resource * removed unnecessary validation * removed todos * removed tgw attachment from hvn route example * added examples of the hvn route target * moved hvn route creation into clients * simplified parsing target_link for the hvn route resource * dropped checking for hvn route existance * fixed hvn routes import * gofmt hvn_route.go * redo hvn route import to use route ID * go mod tidy * redo hvn route datasource to use route ID * renamed hvn -> hvn_link * refactored WaitForHVNRouteToBeActive * unified hvn route errors/logs * small refactoring * improved logs * messages improvements * regenarated docs * HCCP-138 breaking changes for Peering and TGW attachment (#128) * HCCP-138 required id and removed cidr from peering * HCCP-138 fixed tgw-attachment resource import * HCCP-138 removed cidrs from tgw-attachment * bonus: drop deleted guide example * update peering examples in guides * HVN route migration guide (#129) * add note to changelog * update readme * add hvn route migration guide * id -> ID * bonus: fix error typo * go gen * add context to HVN route intro * update link in banner to registry migration guide * update changelog * update version in examples * add warning banner to hvn route doc * added handling 404 when deleting hvn route (#137) * HCCP-184 acceptance tests for HVN route, TGW attachment and network peering (#130) * HCCP-184 added acceptance tests for HVN route resource * HCCP-184 added acceptance tests for TGW attachment resource * HCCP-184 added acceptance tests for network peering resource * HCCP-138 added clarification about AWS credentials * HCCP-184 renamed tgw attachment acceptance test resource * HCCP-184 improved tests doc * HCCP-184 fixed test after rebasing * added dedicated timeout for hvn route delete (#138) Co-authored-by: Ti Zhang <[email protected]> Co-authored-by: Anton Panferov <[email protected]> Co-authored-by: Brenna Hewer-Darroch <[email protected]>

smaant requested a review from bcmdarroch May 21, 2021 19:49

Base automatically changed from HCCP-91-HVN-route-resource to feature-hvn-routes May 21, 2021 21:13

smaant added 3 commits May 21, 2021 14:17

HCCP-138 required id and removed cidr from peering

2174304

HCCP-138 fixed tgw-attachment resource import

db58f1f

HCCP-138 removed cidrs from tgw-attachment

dbf389c

smaant force-pushed the HCCP-138-peerings-tga-breaking-change branch from 9929b0a to dbf389c Compare May 21, 2021 21:17

smaant marked this pull request as ready for review May 21, 2021 22:25

smaant requested a review from a team May 21, 2021 22:25

bcmdarroch added 2 commits May 21, 2021 16:26

bonus: drop deleted guide example

232363c

update peering examples in guides

356e6e0

bcmdarroch approved these changes May 21, 2021

View reviewed changes

bcmdarroch mentioned this pull request May 22, 2021

HVN route migration guide #129

Merged

smaant merged commit 7a7a8ba into feature-hvn-routes May 24, 2021

smaant deleted the HCCP-138-peerings-tga-breaking-change branch May 24, 2021 18:09

smaant mentioned this pull request Jun 4, 2021

HVN routes support #139

Merged

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HCCP-138 breaking changes for Peering and TGW attachment #128

HCCP-138 breaking changes for Peering and TGW attachment #128

smaant commented May 21, 2021 •

edited

Loading

xargs-P commented May 21, 2021

bcmdarroch left a comment

smaant commented May 24, 2021

HCCP-138 breaking changes for Peering and TGW attachment #128

HCCP-138 breaking changes for Peering and TGW attachment #128

Conversation

smaant commented May 21, 2021 • edited Loading

🛠️ Description

Migrating existing Terraform managed Peerings and TGW attachments

xargs-P commented May 21, 2021

bcmdarroch left a comment

Choose a reason for hiding this comment

smaant commented May 24, 2021

smaant commented May 21, 2021 •

edited

Loading