From 24baa38408bfcb8a8ef57ecea5797b6fec51db4f Mon Sep 17 00:00:00 2001 From: Doug Neal Date: Thu, 8 Dec 2016 23:09:05 +0000 Subject: [PATCH] provider/aws: aws_vpc_peering_connection: import fix When importing an `aws_vpc_peering_connection`, the code assumes that the account under Terraform control is the initiator (requester) of the VPC peering request. This holds true when the peering connection is between two VPCs in the same account, or when the peering connection has been initiated from the controlled account to another. However, when the peering connection has been initiated from a foreign account towards the account under management, importing the peering connection into the statefile results in values of `peer_vpc_id` and `vpc_id` being the opposite way round to what they should be, and in the `peer_owner_id` being set to the managed account's ID rather than the foreign account's ID. This patch checks the Accepter and Requester Owner IDs against the AWS connection's reported owner ID, and reverses the mapping if it is determined that the VPC peering connection is owned by the foreign account. --- .../resource_aws_vpc_peering_connection.go | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/builtin/providers/aws/resource_aws_vpc_peering_connection.go b/builtin/providers/aws/resource_aws_vpc_peering_connection.go index f34170587..24a1912e4 100644 --- a/builtin/providers/aws/resource_aws_vpc_peering_connection.go +++ b/builtin/providers/aws/resource_aws_vpc_peering_connection.go @@ -99,7 +99,9 @@ func resourceAwsVPCPeeringCreate(d *schema.ResourceData, meta interface{}) error } func resourceAwsVPCPeeringRead(d *schema.ResourceData, meta interface{}) error { - conn := meta.(*AWSClient).ec2conn + client := meta.(*AWSClient) + conn := client.ec2conn + pcRaw, status, err := resourceAwsVPCPeeringConnectionStateRefreshFunc(conn, d.Id())() // Allow a failed VPC Peering Connection to fallthrough, // to allow rest of the logic below to do its work. @@ -134,10 +136,22 @@ func resourceAwsVPCPeeringRead(d *schema.ResourceData, meta interface{}) error { } log.Printf("[DEBUG] VPC Peering Connection response: %#v", pc) + log.Printf("[DEBUG] Account ID %s, VPC PeerConn Requester %s, Accepter %s", + client.accountid, *pc.RequesterVpcInfo.OwnerId, *pc.AccepterVpcInfo.OwnerId) + + if (client.accountid == *pc.AccepterVpcInfo.OwnerId) && (client.accountid != *pc.RequesterVpcInfo.OwnerId) { + // We're the accepter + d.Set("peer_owner_id", pc.RequesterVpcInfo.OwnerId) + d.Set("peer_vpc_id", pc.RequesterVpcInfo.VpcId) + d.Set("vpc_id", pc.AccepterVpcInfo.VpcId) + } else { + // We're the requester + d.Set("peer_owner_id", pc.AccepterVpcInfo.OwnerId) + d.Set("peer_vpc_id", pc.AccepterVpcInfo.VpcId) + d.Set("vpc_id", pc.RequesterVpcInfo.VpcId) + } + d.Set("accept_status", pc.Status.Code) - d.Set("peer_owner_id", pc.AccepterVpcInfo.OwnerId) - d.Set("peer_vpc_id", pc.AccepterVpcInfo.VpcId) - d.Set("vpc_id", pc.RequesterVpcInfo.VpcId) // When the VPC Peering Connection is pending acceptance, // the details about accepter and/or requester peering