New resource: azurerm_vpn_gateway_connection

[magodo]

Background

This resource helps users to create s2s connection under virtual wan. Essentially, it connects between a VPN Site (represents an on-premise network) and a vpn gateway in the virtual hub.

See the official tutorial for more info.

Test Result

💢 make testacc TEST=./azurerm/internal/services/network/tests TESTARGS='-run TestAccAzureRMVpnGatewayConnection_'
==> Checking that code complies with gofmt requirements...
==> Checking that Custom Timeouts are used...
==> Checking that acceptance test packages are used...
TF_ACC=1 go test ./azurerm/internal/services/network/tests -v -run TestAccAzureRMVpnGatewayConnection_ -timeout 180m -ldflags="-X=github.com/terraform-providers/terraform-provider-azurerm/version.ProviderVersion=acc"
=== RUN   TestAccAzureRMVpnGatewayConnection_basic
=== PAUSE TestAccAzureRMVpnGatewayConnection_basic
=== RUN   TestAccAzureRMVpnGatewayConnection_complete
=== PAUSE TestAccAzureRMVpnGatewayConnection_complete
=== RUN   TestAccAzureRMVpnGatewayConnection_update
=== PAUSE TestAccAzureRMVpnGatewayConnection_update
=== RUN   TestAccAzureRMVpnGatewayConnection_customRouteTable
=== PAUSE TestAccAzureRMVpnGatewayConnection_customRouteTable
=== RUN   TestAccAzureRMVpnGatewayConnection_requiresImport
=== PAUSE TestAccAzureRMVpnGatewayConnection_requiresImport
=== CONT  TestAccAzureRMVpnGatewayConnection_basic
=== CONT  TestAccAzureRMVpnGatewayConnection_customRouteTable
=== CONT  TestAccAzureRMVpnGatewayConnection_requiresImport
=== CONT  TestAccAzureRMVpnGatewayConnection_complete
=== CONT  TestAccAzureRMVpnGatewayConnection_update
--- PASS: TestAccAzureRMVpnGatewayConnection_requiresImport (4144.28s)
--- PASS: TestAccAzureRMVpnGatewayConnection_complete (4187.42s)
--- PASS: TestAccAzureRMVpnGatewayConnection_basic (4214.95s)
--- PASS: TestAccAzureRMVpnGatewayConnection_customRouteTable (4400.18s)
--- PASS: TestAccAzureRMVpnGatewayConnection_update (4593.23s)
PASS
ok      github.com/terraform-providers/terraform-provider-azurerm/azurerm/internal/services/network/tests       4593.302s

Design Concerns

One concern is that for routing_configuration property, if the user doesn't specify the route table, service will implicitly create one. This kind of behavior seems a leak of management from Terraform. So one alternative might be to set that property as Required and always force users to specify the route tables.

[katbyte]

Thanks @magodo, overall this looks good and i've left some comments inline to address. Is the reason we need to preserve the connections on the vpn gateway that these can be set via the new client & the existing vpn connection client?

[magodo]

@katbyte Thank you for the review, I have resolved the comments, please take another look!

Regarding the changes to vpn gateway, yes, it is for reserving the connections purpose. Whilst after resolving the conflicts after merging to master branch, it appears that currently the update of vpn gateway will only do "patch" on top of the GET on the existing resource, so it means the connection will not be cleaned. So the only guarantee we need to keep is that the read-then-write operation happens as atomic, so the lock is needed only in update.

[magodo]

The CI failure is unrelated to this PR...

[jackofallops]

@magodo - This upper boundary will break the 32-bit builds, I suspect that this change will need to be reverted. Is this field expecting asplain for the value, or can it take asdot+ also?

[katbyte]

@magodo - the CI failure is related to this PR, you have a 32bit int overflow

[katbyte]

Thanks @magodo - LGTM 👍

[ghost]

This has been released in version 2.37.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 2.37.0"
}
# ... other configuration ...

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!