Skip to content

Commit

Permalink
Merge pull request hashicorp#40235 from madhavvishnubhatta/f-vpc_bloc…
Browse files Browse the repository at this point in the history
…k_public_access_exclusion

New resource - aws_vpc_block_public_access_exclusion
  • Loading branch information
ewbankkit authored Nov 27, 2024
2 parents 7c46f31 + de6a362 commit 90aea1c
Show file tree
Hide file tree
Showing 21 changed files with 3,110 additions and 36 deletions.
3 changes: 3 additions & 0 deletions .changelog/40235.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:new-resource
aws_vpc_block_public_access_exclusion
```
1 change: 1 addition & 0 deletions internal/service/ec2/errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ const (
errCodeInvalidTransitGatewayMulticastDomainIdNotFound = "InvalidTransitGatewayMulticastDomainId.NotFound"
errCodeInvalidTransitGatewayPolicyTableAssociationNotFound = "InvalidTransitGatewayPolicyTableAssociation.NotFound"
errCodeInvalidTransitGatewayPolicyTableIdNotFound = "InvalidTransitGatewayPolicyTableId.NotFound"
errCodeInvalidVPCBlockPublicAccessExclusionIdNotFound = "InvalidVpcBlockPublicAccessExclusionId.NotFound"
errCodeInvalidVPCCIDRBlockAssociationIDNotFound = "InvalidVpcCidrBlockAssociationID.NotFound"
errCodeInvalidVPCEndpointIdNotFound = "InvalidVpcEndpointId.NotFound"
errCodeInvalidVPCEndpointNotFound = "InvalidVpcEndpoint.NotFound"
Expand Down
3 changes: 3 additions & 0 deletions internal/service/ec2/exports_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,8 @@ var (
ResourceTransitGatewayRouteTablePropagation = resourceTransitGatewayRouteTablePropagation
ResourceTransitGatewayVPCAttachment = resourceTransitGatewayVPCAttachment
ResourceTransitGatewayVPCAttachmentAccepter = resourceTransitGatewayVPCAttachmentAccepter
ResourceVPCBlockPublicAccessExclusion = newVPCBlockPublicAccessExclusionResource
ResourceVPCBlockPublicAccessOptions = newVPCBlockPublicAccessOptionsResource
ResourceVPCDHCPOptions = resourceVPCDHCPOptions
ResourceVPCDHCPOptionsAssociation = resourceVPCDHCPOptionsAssociation
ResourceVPCEndpoint = resourceVPCEndpoint
Expand Down Expand Up @@ -219,6 +221,7 @@ var (
FindTransitGatewayRouteTablePropagationByTwoPartKey = findTransitGatewayRouteTablePropagationByTwoPartKey
FindTransitGatewayStaticRoute = findTransitGatewayStaticRoute
FindTransitGatewayVPCAttachmentByID = findTransitGatewayVPCAttachmentByID
FindVPCBlockPublicAccessExclusionByID = findVPCBlockPublicAccessExclusionByID
FindVPCCIDRBlockAssociationByID = findVPCCIDRBlockAssociationByID
FindVPCDHCPOptionsAssociation = findVPCDHCPOptionsAssociation
FindVPCEndpointConnectionByServiceIDAndVPCEndpointID = findVPCEndpointConnectionByServiceIDAndVPCEndpointID
Expand Down
85 changes: 75 additions & 10 deletions internal/service/ec2/find.go
Original file line number Diff line number Diff line change
Expand Up @@ -6434,16 +6434,6 @@ func findTrafficMirrorTargetByID(ctx context.Context, conn *ec2.Client, id strin
return output, nil
}

func findNetworkInsightsPath(ctx context.Context, conn *ec2.Client, input *ec2.DescribeNetworkInsightsPathsInput) (*awstypes.NetworkInsightsPath, error) {
output, err := findNetworkInsightsPaths(ctx, conn, input)

if err != nil {
return nil, err
}

return tfresource.AssertSingleValueResult(output)
}

func findNetworkInsightsAnalysis(ctx context.Context, conn *ec2.Client, input *ec2.DescribeNetworkInsightsAnalysesInput) (*awstypes.NetworkInsightsAnalysis, error) {
output, err := findNetworkInsightsAnalyses(ctx, conn, input)

Expand Down Expand Up @@ -6499,6 +6489,16 @@ func findNetworkInsightsAnalysisByID(ctx context.Context, conn *ec2.Client, id s
return output, nil
}

func findNetworkInsightsPath(ctx context.Context, conn *ec2.Client, input *ec2.DescribeNetworkInsightsPathsInput) (*awstypes.NetworkInsightsPath, error) {
output, err := findNetworkInsightsPaths(ctx, conn, input)

if err != nil {
return nil, err
}

return tfresource.AssertSingleValueResult(output)
}

func findNetworkInsightsPaths(ctx context.Context, conn *ec2.Client, input *ec2.DescribeNetworkInsightsPathsInput) ([]awstypes.NetworkInsightsPath, error) {
var output []awstypes.NetworkInsightsPath

Expand Down Expand Up @@ -6593,3 +6593,68 @@ func findVPCBlockPublicAccessOptions(ctx context.Context, conn *ec2.Client) (*aw

return output.VpcBlockPublicAccessOptions, nil
}

func findVPCBlockPublicAccessExclusion(ctx context.Context, conn *ec2.Client, input *ec2.DescribeVpcBlockPublicAccessExclusionsInput) (*awstypes.VpcBlockPublicAccessExclusion, error) {
output, err := findVPCBlockPublicAccessExclusions(ctx, conn, input)

if err != nil {
return nil, err
}

return tfresource.AssertSingleValueResult(output)
}

func findVPCBlockPublicAccessExclusions(ctx context.Context, conn *ec2.Client, input *ec2.DescribeVpcBlockPublicAccessExclusionsInput) ([]awstypes.VpcBlockPublicAccessExclusion, error) {
var output []awstypes.VpcBlockPublicAccessExclusion

err := describeVPCBlockPublicAccessExclusionsPages(ctx, conn, input, func(page *ec2.DescribeVpcBlockPublicAccessExclusionsOutput, lastPage bool) bool {
if page == nil {
return !lastPage
}

output = append(output, page.VpcBlockPublicAccessExclusions...)

return !lastPage
})

if tfawserr.ErrCodeEquals(err, errCodeInvalidVPCBlockPublicAccessExclusionIdNotFound) {
return nil, &retry.NotFoundError{
LastError: err,
LastRequest: input,
}
}

if err != nil {
return nil, err
}

return output, nil
}

func findVPCBlockPublicAccessExclusionByID(ctx context.Context, conn *ec2.Client, id string) (*awstypes.VpcBlockPublicAccessExclusion, error) {
input := &ec2.DescribeVpcBlockPublicAccessExclusionsInput{
ExclusionIds: []string{id},
}

output, err := findVPCBlockPublicAccessExclusion(ctx, conn, input)

if err != nil {
return nil, err
}

if state := output.State; state == awstypes.VpcBlockPublicAccessExclusionStateDeleteComplete {
return nil, &retry.NotFoundError{
Message: string(state),
LastRequest: input,
}
}

// Eventual consistency check.
if aws.ToString(output.ExclusionId) != id {
return nil, &retry.NotFoundError{
LastRequest: input,
}
}

return output, nil
}
2 changes: 1 addition & 1 deletion internal/service/ec2/generate.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

//go:generate go run ../../generate/tagresource/main.go -IDAttribName=resource_id
//go:generate go run ../../generate/tags/main.go -GetTag -ListTags -ListTagsOp=DescribeTags -ListTagsOpPaginated -ListTagsInFiltIDName=resource-id -ServiceTagsSlice -KeyValueTagsFunc=keyValueTags -TagOp=CreateTags -TagInIDElem=Resources -TagInIDNeedValueSlice -TagType2=TagDescription -UntagOp=DeleteTags -UntagInNeedTagType -UntagInTagsElem=Tags -UpdateTags
//go:generate go run ../../generate/listpages/main.go -ListOps=DescribeSpotFleetInstances,DescribeSpotFleetRequestHistory,DescribeVpcEndpointServices
//go:generate go run ../../generate/listpages/main.go -ListOps=DescribeSpotFleetInstances,DescribeSpotFleetRequestHistory,DescribeVpcBlockPublicAccessExclusions,DescribeVpcEndpointServices
//go:generate go run ../../generate/servicepackage/main.go
//go:generate go run ../../generate/tagstests/main.go
// ONLY generate directives and package declaration! Do not add anything else to this file.
Expand Down
18 changes: 17 additions & 1 deletion internal/service/ec2/list_pages_gen.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions internal/service/ec2/service_package_gen.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 16 additions & 0 deletions internal/service/ec2/status.go
Original file line number Diff line number Diff line change
Expand Up @@ -1588,3 +1588,19 @@ func statusVPCBlockPublicAccessOptions(ctx context.Context, conn *ec2.Client) re
return output, string(output.State), nil
}
}

func statusVPCBlockPublicAccessExclusion(ctx context.Context, conn *ec2.Client, id string) retry.StateRefreshFunc {
return func() (interface{}, string, error) {
output, err := findVPCBlockPublicAccessExclusionByID(ctx, conn, id)

if tfresource.NotFound(err) {
return nil, "", nil
}

if err != nil {
return nil, "", err
}

return output, string(output.State), nil
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0

resource "aws_vpc" "test" {
cidr_block = "10.1.0.0/16"
}

resource "aws_vpc_block_public_access_exclusion" "test" {
internet_gateway_exclusion_mode = "allow-bidirectional"
vpc_id = aws_vpc.test.id

tags = var.resource_tags
}

variable "resource_tags" {
description = "Tags to set on resource. To specify no tags, set to `null`"
# Not setting a default, so that this must explicitly be set to `null` to specify no tags
type = map(string)
nullable = true
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0

provider "null" {}

resource "aws_vpc" "test" {
cidr_block = "10.1.0.0/16"
}

resource "aws_vpc_block_public_access_exclusion" "test" {
internet_gateway_exclusion_mode = "allow-bidirectional"
vpc_id = aws_vpc.test.id

tags = {
(var.unknownTagKey) = null_resource.test.id
}
}

resource "null_resource" "test" {}

variable "unknownTagKey" {
type = string
nullable = false
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0

provider "null" {}

resource "aws_vpc" "test" {
cidr_block = "10.1.0.0/16"
}

resource "aws_vpc_block_public_access_exclusion" "test" {
internet_gateway_exclusion_mode = "allow-bidirectional"
vpc_id = aws_vpc.test.id

tags = {
(var.unknownTagKey) = null_resource.test.id
(var.knownTagKey) = var.knownTagValue
}
}

resource "null_resource" "test" {}

variable "unknownTagKey" {
type = string
nullable = false
}

variable "knownTagKey" {
type = string
nullable = false
}

variable "knownTagValue" {
type = string
nullable = false
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0

provider "aws" {
default_tags {
tags = var.provider_tags
}
}

resource "aws_vpc" "test" {
cidr_block = "10.1.0.0/16"
}

resource "aws_vpc_block_public_access_exclusion" "test" {
internet_gateway_exclusion_mode = "allow-bidirectional"
vpc_id = aws_vpc.test.id

tags = var.resource_tags
}

variable "resource_tags" {
description = "Tags to set on resource. To specify no tags, set to `null`"
# Not setting a default, so that this must explicitly be set to `null` to specify no tags
type = map(string)
nullable = true
}

variable "provider_tags" {
type = map(string)
nullable = false
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0

provider "aws" {
default_tags {
tags = var.provider_tags
}
ignore_tags {
keys = var.ignore_tag_keys
}
}

resource "aws_vpc" "test" {
cidr_block = "10.1.0.0/16"
}

resource "aws_vpc_block_public_access_exclusion" "test" {
internet_gateway_exclusion_mode = "allow-bidirectional"
vpc_id = aws_vpc.test.id

tags = var.resource_tags
}

variable "resource_tags" {
description = "Tags to set on resource. To specify no tags, set to `null`"
# Not setting a default, so that this must explicitly be set to `null` to specify no tags
type = map(string)
nullable = true
}

variable "provider_tags" {
type = map(string)
nullable = true
default = null
}

variable "ignore_tag_keys" {
type = set(string)
nullable = false
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
resource "aws_vpc" "test" {
cidr_block = "10.1.0.0/16"
}

resource "aws_vpc_block_public_access_exclusion" "test" {
internet_gateway_exclusion_mode = "allow-bidirectional"
vpc_id = aws_vpc.test.id

{{- template "tags" . }}
}
Loading

0 comments on commit 90aea1c

Please sign in to comment.