Add AWS direct connect virtual interface resources

[mhlias]

Hello,

This PR is adding support for DirectConnect virtual interfaces as seen in the documentation here: http://docs.aws.amazon.com/directconnect/latest/UserGuide/createhostedvirtualinterface.html

I decided to not create separate resources for public and private virtual interfaces as they only have minor differences at creation time and from there they are described as the same resource by the API. So I am handling them with parameters instead. I am not sure if that is a good way of doing it or not, so any feedback on that would be welcome.

I also have two types of resources. One for interfaces that will be created on the same AWS account where the direct connect connection has been created and one for when the virtual interface will be created for usage on a separate AWS account to the one that has the direct connect connection.
I provide an example in the documentation on how to use the latter case.

I wasn't sure how to handle some metaparameters that are used for internal logic and not directly for the resource itself. Also how to have required parameters or not based on another parameter's value. e.g. interface_type private or public require 2 different things, the former requires a virtual_gateway_id and the latter requires a route_filter_prefixes. I would appreciate some feedback on that.

I added some testing but it is not easy to run as it requires a pre-existing direct connect connection which requires an offline procedure to get it set up. Please provide some feedback on how testing should be for this kind of resource.

Best,

Ilias.

[pixitha]

I should be able to help test this as I have an existing direct connect already up and in service.

[mhlias]

@pixitha Did you get a chance to test it ?
Please let me know if you have any questions about it.

[williamrhancock]

I'd be available to assist in testing as well, we have a direct connect in several environment that we could work with.

[mhlias]

@williamrhancock Please check out the documentation included in the PR as it contains examples for usage.
Let me know if you have any questions.

[mcraig88]

Any update on this? I have a need to connect an existing VGW to our DirectConnect after destroy/apply of our VPC.

[mhlias]

@mcraig88 I personally use it without any issues in a custom version. I haven't got back any feedback and it doesn't seem to be a priority at the moment to merge. Please vote for the PR and/or open a feature request mentioning the PR. It should help move things faster.

[mcraig88]

I actually found another way to accomplish what I needed.
Just needed to set this on the route table.

propagating_vgws = ["${var.direct_connect_vgw}"]

Thank you.

On Wed, Jun 15, 2016 at 3:31 AM, mhlias notifications@github.com wrote:

@mcraig88 https://github.com/mcraig88 I personally use it without any
issues in a custom version. I haven't got back any feedback and it doesn't
seem to be a priority at the moment to merge. Please vote for the PR and/or
open a feature request mentioning the PR. It should help move things faster.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#5212 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/AIFybcXTz9SivikV3W4cv2xzAacr24-wks5qL9STgaJpZM4Hd1Gl
.

[spkane]

+1
I'd love to see this support get added into Terraform. Is there anything specific holding this up?

[mhlias]

Rebased but it seems something fails in the tests. Need to get up to date with what has changed.

[mhlias]

@stack72 Any comments on the PR please ?

[stack72]

Hi @mhlias

Will get this on my list to review this week - sorry for the delay!

Paul

[mhlias]

Great thanks! No worries, just found some time myself to rebase and fix some issues.

[stack72]

Hi @mhlias

Thanks for the work here - I belive there are some changes needed. I have gone through and left some general styling comments WRT to the Read funcs and deref - please have a look at rolling those across how all resources in the PR are

Apart from that, the only other file that needs updated is:

website/source/layouts/aws.erb

As this will add the links to the DC pages. I suggest a section of it's own

Please can you include an output of the acceptance tests in the fix up?

Thanks

Paul

[stack72]

Is there a chance that someone can delete the VirtualInterface from the AWS Console? If so, this will error out. We should handle the case of 404 and then remove from state if necessary

[akumria]

Yes, a VirtualInterface can be deleted from the AWS Console.

[stack72]

Why do we error on > 1 VirtualInterfaces?

[mhlias]

@stack72 Because the DescribeVirtualInterfaces request is done with filter on VirtualInterfaceId and according to SDK documentation: "If a virtual interface ID is included then only a single virtual interface will be returned." which should be unique and return at most 1 VIF. so if we get 0 we didn't find it and if we get more than 1 something is terribly wrong.

[stack72]

Misleading error message - we have found a list of VirtualInterfaces

[stack72]

Can we guarantee that [0] VirtualInterface is the one we want? Shouldn't we range the list here?

[stack72]

d.Set takes care of pointer dereference in a safe way - you shouldn't need to deref before passing in - it's safer without it

[stack72]

Can we guarantee that the first found is the correct one?

[stack72]

do we not want to set an auth_key?

[mhlias]

I don't remember why I made that choice back then... it has been a while, but I suspect it was because I was trying to avoid printing the AuthKey. Since any change to a VIF forces a recreate as there is no update method it should not matter, unless I am mistaken and causes an issue with detecting a change in the AuthKey.

[stack72]

Casing is not consistent - we use CamelCase rather than UPPERCASE :)

[stack72]

v.(string)

[stack72]

we pass an empty slice here?

[mhlias]

@stack72 I made some changes based on your comments. In some cases I will need some more feedback. Please refer to the review comments replies above.

[stack72]

Hi @mhlias

ok, 1 last request, please can you standardise the names of your tests?

Right now I have tests like this:

TestAccAWSDCINTRAVIRTUALINTERFACE_

and this

TestAccAwsDcIntraVirtualInterfaceConfirm_basic

Thanks

Paul

[stack72]

also, FYI:

% make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSDC'
==> Checking that code complies with gofmt requirements...
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/11/18 13:50:12 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSDC -timeout 120m
=== RUN   TestAccAWSDCINTRAVIRTUALINTERFACE_basic
--- FAIL: TestAccAWSDCINTRAVIRTUALINTERFACE_basic (44.85s)
    testing.go:265: Step 0 error: Error applying: 1 error(s) occurred:

        * aws_dc_virtual_interface.vif: Error creating DirectConnect connection: DirectConnectClientException: ConnectionID dxcon-xyz has an invalid format.
            status code: 400, request id: 46f75aa1-ad85-11e6-8f57-21f8b033b1fe
=== RUN   TestAccAWSDCVIRTUALINTERFACE_basic
--- FAIL: TestAccAWSDCVIRTUALINTERFACE_basic (41.85s)
    testing.go:265: Step 0 error: Error applying: 1 error(s) occurred:

        * aws_dc_virtual_interface.vif: Error creating DirectConnect connection: DirectConnectClientException: ConnectionID dxcon-xyz has an invalid format.
            status code: 400, request id: 5feafd67-ad85-11e6-bb9f-2f120043637d
FAIL
exit status 1
FAIL    github.com/hashicorp/terraform/builtin/providers/aws    86.712s
make: *** [testacc] Error 1

[mhlias]

@stack72 I fixed the naming on the tests.

On the acceptance testing it is a bit of a tricky situation. You need a direct connect connection to create VIFs and those are not a resource that can be automated as it requires manual work on the Datacenter to get it up and running. I also no longer have access to a direct connect connection for testing.

I don't know if I could use https://docs.aws.amazon.com/sdk-for-go/api/service/directconnect/directconnectiface/ this to mock it instead.

[mubeta06]

What is the current status on this one? I have an upcoming project which will involve AWS Direct Connect it would be great to use Terraform to manage this resource. What is required to get this one over the line?

[mhlias]

@mubeta06 Testing remains as I don't currently have access to non-production-critical directconnect I can't test it and also the direct connect connection is a part that needs to be set up offline so not easy to create/expect one to be there for testing use. I found out the mocking interface provided in the AWS SDK but I didn't manage to find time to mock all those calls + missing sample data to return for success/failure scenarios.

[AndHei]

@mhlias @mubeta06
I might be able to help with QA/QC/testing. What would be next steps?

[bodgit]

I have a use case for this whereby a 3rd party we use for DirectConnect services handle most of the heavy lifting and just expose the VIF in our account so I just need to be able to confirm the VIF creation and then use the exposed attributes to create a CGW resource, etc.

[mhlias]

@AndHei
Next steps would be another rebase as by now it has more conflicts. Will try to do it over the weekend.
The thing that got this stuck is the difficulty to run test cases as the resource relies on a direct connect connection which is set up offline by AWS and the partner network and client.

It would be great if someone could modify the tests with their direct connect info and run them to get outputs. Right now I don't have access to a direct connect connection for testing so it is impossible for me to do.

[bentterp]

We would also very much like to see this. As we will be creating DC's "real soon" and don't have anything in production yet, there will be a window for testing.

Our plans include LACP, VLANs and VIFs in multiple accounts.

[doprdele]

Is DC support available yet?

[akumria]

AWS refer to direct connects as 'dx' is a fair amount of their documentation (see: https://aws.amazon.com/directconnect/faqs/)

[akumria]

It'd be great if this used the same shorthand that AWS use themselves (i.e. 'dx' rather than 'dc').

Obviously needs rebase (and, potentially, extracting with the forthcoming 0.10.x changes) and further testing.

[akumria]

Yes, a VirtualInterface can be deleted from the AWS Console.

[jescarri]

Is there any update on this?

I'm planing to create some vifs and I can help to test.

[mhlias]

If someone commits to testing with a DC connection I can rebase and bring it up to date with AWS API in the next 2 weeks.

…

On 17 July 2017 at 20:05, Jesus Rafael Carrillo ***@***.***> wrote: Is there any update on this? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#5212 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AJ9EIXyabjq9xHMyUgLwMyttd7LEu9Pzks5sO7BogaJpZM4Hd1Gl> .

[jescarri]

I might be able to test it, I have a DC and we are in the process of creating more vpcs /accounts.

[audynespinoza]

i work with Jesus Carrillo and part of the network team. We're in the process of working on a solution to automate direct connect deployments via terraform. I would love to commit to testing. let me know

[catsby]

Closing in favor of hashicorp/terraform-provider-aws#876 which is against the newly split out provider

[iliasbertsimas]

@catsby The one you mention only has support for a single resource to confirm a VIF and nothing else so it is not a replacement. If you want to move the PR to the new external structure just let me know.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.