Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

f-aws_directconnect_connection_macsec #26274

Merged

Conversation

ddericco
Copy link
Contributor

@ddericco ddericco commented Aug 12, 2022

Adds support for MACsec on Direct Connect connections:

  • Add new resource aws_dx_macsec_key
  • Add argument macsec_requested to resource aws_dx_connection to support requesting MACsec on new connections
  • Add arguments encryption_mode, macsec_capable, and port_encryption_status to resource aws_dx_connection

Notes

  • The acceptance tests require an existing DX connection in an available state. You will need to set an environmental variable DX_CONNECTION_ID with a valid DX connection ID before running the tests.
  • The acceptance tests for resource aws_dx_macsec_key will change the DX connection to a pending state as part of the add/remove operation. If the DX connection is in any state other than available when starting the tests, the acceptance test will fail with error: DirectConnectClientException: The port is not in available state to associate the key for account <accountID>.

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #21082

Output from acceptance testing:

$ make testacc TESTS=TestAccDirectConnectMacSecKey_withCkn PKG=directconnect   
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/directconnect/... -v -count 1 -parallel 20 -run='TestAccDirectConnectMacSecKey_withCkn'  -timeout 180m
=== RUN   TestAccDirectConnectMacSecKey_withCkn
=== PAUSE TestAccDirectConnectMacSecKey_withCkn
=== CONT  TestAccDirectConnectMacSecKey_withCkn
--- PASS: TestAccDirectConnectMacSecKey_withCkn (11.17s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/directconnect      13.493s
$ make testacc TESTS=TestAccDirectConnectMacSecKey_withSecret PKG=directconnect
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/directconnect/... -v -count 1 -parallel 20 -run='TestAccDirectConnectMacSecKey_withSecret'  -timeout 180m
=== RUN   TestAccDirectConnectMacSecKey_withSecret
=== PAUSE TestAccDirectConnectMacSecKey_withSecret
=== CONT  TestAccDirectConnectMacSecKey_withSecret
--- PASS: TestAccDirectConnectMacSecKey_withSecret (13.35s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/directconnect      15.696s
$ make testacc TESTS=TestAccDirectConnectConnection_macsecRequested PKG=directconnect
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/directconnect/... -v -count 1 -parallel 20 -run='TestAccDirectConnectConnection_macsecRequested'  -timeout 180m
=== RUN   TestAccDirectConnectConnection_macsecRequested
=== PAUSE TestAccDirectConnectConnection_macsecRequested
=== CONT  TestAccDirectConnectConnection_macsecRequested
--- PASS: TestAccDirectConnectConnection_macsecRequested (22.88s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/directconnect      25.215s

@github-actions github-actions bot added provider Pertains to the provider itself, rather than any interaction with AWS. service/directconnect Issues and PRs that pertain to the directconnect service. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. needs-triage Waiting for first response or review from a maintainer. size/XL Managed by automation to categorize the size of a PR. labels Aug 12, 2022
@justinretzolk justinretzolk added enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels Aug 23, 2022
@github-actions github-actions bot added the documentation Introduces or discusses updates to documentation. label Aug 23, 2022
@github-actions github-actions bot added the sweeper Pertains to changes to or issues with the sweeper. label Sep 15, 2022
@ddericco ddericco force-pushed the f-aws_directconnect_connection-macsec branch from 694c200 to ae5cc7f Compare September 15, 2022 16:43
@ddericco ddericco marked this pull request as ready for review September 15, 2022 21:39
@ddericco ddericco changed the title [WIP] f-aws_directconnect_connection_macsec f-aws_directconnect_connection_macsec Sep 16, 2022
@NetDevAutomate
Copy link
Contributor

@ddericco All tests pass other than the TestAccDirectConnectConnection_macsecRequested test:

I get an error 'Failed state verification, resource with ID <site ID> not found'

@ddericco
Copy link
Contributor Author

@ddericco All tests pass other than the TestAccDirectConnectConnection_macsecRequested test:

I get an error 'Failed state verification, resource with ID <site ID> not found'

@NetDevAutomate I haven't been able to reproduce this locally - I've tried manually setting AWS_DEFAULT_REGION to different regions - but I do see an possible issue with the acceptance test trying to create MACsec connections in unsupported locations. I'll try to fix this.

Copy link
Contributor

@silvaalbert silvaalbert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks pretty good thus far! I provided repeated comments/suggestions on a resource and schema names for your consideration.

internal/service/directconnect/connection.go Show resolved Hide resolved
internal/service/directconnect/connection.go Outdated Show resolved Hide resolved
internal/service/directconnect/connection.go Outdated Show resolved Hide resolved
internal/service/directconnect/connection.go Outdated Show resolved Hide resolved
internal/service/directconnect/connection_test.go Outdated Show resolved Hide resolved
internal/service/directconnect/macsec_key_test.go Outdated Show resolved Hide resolved
internal/service/directconnect/macsec_key_test.go Outdated Show resolved Hide resolved
internal/service/directconnect/macsec_key_test.go Outdated Show resolved Hide resolved
internal/service/directconnect/macsec_key_test.go Outdated Show resolved Hide resolved
Update attribute name to align with API

Co-authored-by: Albert Silva <[email protected]>
Copy link
Contributor

@ewbankkit ewbankkit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀.

% make testacc TESTARGS='-run=TestAccDirectConnectConnection_' PKG=directconnect ACCTEST_PARALLELISM=3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/directconnect/... -v -count 1 -parallel 3  -run=TestAccDirectConnectConnection_ -timeout 180m
=== RUN   TestAccDirectConnectConnection_basic
=== PAUSE TestAccDirectConnectConnection_basic
=== RUN   TestAccDirectConnectConnection_disappears
=== PAUSE TestAccDirectConnectConnection_disappears
=== RUN   TestAccDirectConnectConnection_encryptionMode
    connection_test.go:82: Environment variable DX_CONNECTION_ID is not set
--- SKIP: TestAccDirectConnectConnection_encryptionMode (0.00s)
=== RUN   TestAccDirectConnectConnection_macsecRequested
=== PAUSE TestAccDirectConnectConnection_macsecRequested
=== RUN   TestAccDirectConnectConnection_providerName
=== PAUSE TestAccDirectConnectConnection_providerName
=== RUN   TestAccDirectConnectConnection_skipDestroy
=== PAUSE TestAccDirectConnectConnection_skipDestroy
=== RUN   TestAccDirectConnectConnection_tags
=== PAUSE TestAccDirectConnectConnection_tags
=== CONT  TestAccDirectConnectConnection_basic
=== CONT  TestAccDirectConnectConnection_providerName
=== CONT  TestAccDirectConnectConnection_macsecRequested
=== CONT  TestAccDirectConnectConnection_tags
--- PASS: TestAccDirectConnectConnection_basic (21.30s)
--- PASS: TestAccDirectConnectConnection_providerName (23.31s)
=== CONT  TestAccDirectConnectConnection_skipDestroy
--- PASS: TestAccDirectConnectConnection_macsecRequested (23.49s)
=== CONT  TestAccDirectConnectConnection_disappears
--- PASS: TestAccDirectConnectConnection_disappears (17.44s)
--- PASS: TestAccDirectConnectConnection_skipDestroy (18.00s)
--- PASS: TestAccDirectConnectConnection_tags (46.81s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/directconnect	73.409s
 make testacc TESTARGS='-run=TestAccDirectConnectMacSecKey_' PKG=directconnect ACCTEST_PARALLELISM=3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/directconnect/... -v -count 1 -parallel 3  -run=TestAccDirectConnectMacSecKey_ -timeout 180m
=== RUN   TestAccDirectConnectMacSecKey_withCkn
    macsec_key_test.go:21: Environment variable DX_CONNECTION_ID is not set
--- SKIP: TestAccDirectConnectMacSecKey_withCkn (0.00s)
=== RUN   TestAccDirectConnectMacSecKey_withSecret
    macsec_key_test.go:56: Environment variable DX_CONNECTION_ID is not set
--- SKIP: TestAccDirectConnectMacSecKey_withSecret (0.00s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/directconnect	4.897s

@ewbankkit
Copy link
Contributor

Verified that terraform plan on a connection created with the latest released version shows no significant diffs:

% terraform plan

aws_dx_connection.test: Refreshing state... [id=dxcon-ffjmkunm]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply":

  # aws_dx_connection.test has been changed
  ~ resource "aws_dx_connection" "test" {
      + aws_device             = "ECPO1-251t75d1q8gru"
      + encryption_mode        = "unknown"
      ~ has_logical_redundancy = "unknown" -> "no"
        id                     = "dxcon-ffjmkunm"
      ~ jumbo_frame_capable    = false -> true
      + macsec_capable         = false
        name                   = "ewbankkit-test"
      + port_encryption_status = "unknown"
      + tags                   = {}
        # (5 unchanged attributes hidden)
    }

Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the
following plan may include actions to undo or respond to these changes.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

No changes. Your infrastructure matches the configuration.

Your configuration already matches the changes detected above. If you'd like to update the Terraform state to match, create and
apply a refresh-only plan:
  terraform apply -refresh-only

@ddericco
Copy link
Contributor Author

$ make testacc TESTS=TestAccDirectConnectConnection_encryptionMode PKG=directconnect                                                       
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/directconnect/... -v -count 1 -parallel 20 -run='TestAccDirectConnectConnection_encryptionMode'  -timeout 180m
=== RUN   TestAccDirectConnectConnection_encryptionMode
=== PAUSE TestAccDirectConnectConnection_encryptionMode
=== CONT  TestAccDirectConnectConnection_encryptionMode
--- PASS: TestAccDirectConnectConnection_encryptionMode (626.40s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/directconnect      629.449s
$ make testacc TESTS=TestAccDirectConnectMacSecKey_withCkn PKG=directconnect                                                                 
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/directconnect/... -v -count 1 -parallel 20 -run='TestAccDirectConnectMacSecKey_withCkn'  -timeout 180m
=== RUN   TestAccDirectConnectMacSecKey_withCkn
=== PAUSE TestAccDirectConnectMacSecKey_withCkn
=== CONT  TestAccDirectConnectMacSecKey_withCkn
--- PASS: TestAccDirectConnectMacSecKey_withCkn (13.46s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/directconnect      16.370s
$ make testacc TESTS=TestAccDirectConnectMacSecKey_withSecret PKG=directconnect                                                              
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/directconnect/... -v -count 1 -parallel 20 -run='TestAccDirectConnectMacSecKey_withSecret'  -timeout 180m
=== RUN   TestAccDirectConnectMacSecKey_withSecret
=== PAUSE TestAccDirectConnectMacSecKey_withSecret
=== CONT  TestAccDirectConnectMacSecKey_withSecret
--- PASS: TestAccDirectConnectMacSecKey_withSecret (15.78s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/directconnect      18.793s

@ewbankkit
Copy link
Contributor

% make testacc TESTARGS='-run=TestAccDirectConnectConnection_\|TestAccDirectConnectMacSecKey_' PKG=directconnect ACCTEST_PARALLELISM=3
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/directconnect/... -v -count 1 -parallel 3  -run=TestAccDirectConnectConnection_\|TestAccDirectConnectMacSecKey_ -timeout 180m
=== RUN   TestAccDirectConnectConnection_basic
=== PAUSE TestAccDirectConnectConnection_basic
=== RUN   TestAccDirectConnectConnection_disappears
=== PAUSE TestAccDirectConnectConnection_disappears
=== RUN   TestAccDirectConnectConnection_encryptionMode
    connection_test.go:82: Environment variable DX_CONNECTION_ID is not set
--- SKIP: TestAccDirectConnectConnection_encryptionMode (0.00s)
=== RUN   TestAccDirectConnectConnection_macsecRequested
=== PAUSE TestAccDirectConnectConnection_macsecRequested
=== RUN   TestAccDirectConnectConnection_providerName
=== PAUSE TestAccDirectConnectConnection_providerName
=== RUN   TestAccDirectConnectConnection_skipDestroy
=== PAUSE TestAccDirectConnectConnection_skipDestroy
=== RUN   TestAccDirectConnectConnection_tags
=== PAUSE TestAccDirectConnectConnection_tags
=== RUN   TestAccDirectConnectMacSecKey_withCkn
    macsec_key_test.go:21: Environment variable DX_CONNECTION_ID is not set
--- SKIP: TestAccDirectConnectMacSecKey_withCkn (0.00s)
=== RUN   TestAccDirectConnectMacSecKey_withSecret
    macsec_key_test.go:56: Environment variable DX_CONNECTION_ID is not set
--- SKIP: TestAccDirectConnectMacSecKey_withSecret (0.00s)
=== CONT  TestAccDirectConnectConnection_basic
=== CONT  TestAccDirectConnectConnection_providerName
=== CONT  TestAccDirectConnectConnection_tags
--- PASS: TestAccDirectConnectConnection_basic (29.07s)
=== CONT  TestAccDirectConnectConnection_skipDestroy
--- PASS: TestAccDirectConnectConnection_providerName (30.32s)
=== CONT  TestAccDirectConnectConnection_macsecRequested
--- PASS: TestAccDirectConnectConnection_skipDestroy (27.34s)
=== CONT  TestAccDirectConnectConnection_disappears
--- PASS: TestAccDirectConnectConnection_macsecRequested (35.14s)
--- PASS: TestAccDirectConnectConnection_tags (72.86s)
--- PASS: TestAccDirectConnectConnection_disappears (21.99s)
PASS
ok  	github.com/hashicorp/terraform-provider-aws/internal/service/directconnect	88.039s

@ewbankkit
Copy link
Contributor

@ddericco Thanks for the contribution 🎉 👏.

@ewbankkit ewbankkit merged commit 8e36aaf into hashicorp:main Dec 19, 2022
@github-actions github-actions bot added this to the v4.48.0 milestone Dec 19, 2022
@github-actions
Copy link

This functionality has been released in v4.48.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@ddericco ddericco deleted the f-aws_directconnect_connection-macsec branch December 27, 2022 15:41
@ddericco ddericco restored the f-aws_directconnect_connection-macsec branch December 27, 2022 15:42
@ddericco ddericco deleted the f-aws_directconnect_connection-macsec branch December 27, 2022 15:42
@ddericco ddericco restored the f-aws_directconnect_connection-macsec branch December 27, 2022 15:42
@ddericco ddericco deleted the f-aws_directconnect_connection-macsec branch January 3, 2023 14:09
@github-actions
Copy link

github-actions bot commented Feb 3, 2023

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 3, 2023
@justinretzolk justinretzolk added the partner Contribution from a partner. label May 16, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. partner Contribution from a partner. provider Pertains to the provider itself, rather than any interaction with AWS. service/directconnect Issues and PRs that pertain to the directconnect service. size/XL Managed by automation to categorize the size of a PR. sweeper Pertains to changes to or issues with the sweeper. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

aws_dx_connection: support macsec
5 participants