From 2ed7297fa36041e22b910cde3a7ab94c9d006298 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 10 Feb 2017 08:55:02 -0500 Subject: [PATCH] Add 'aws_default_vpc' resource. --- builtin/providers/aws/provider.go | 37 ++++----- .../providers/aws/resource_aws_default_vpc.go | 61 +++++++++++++++ .../aws/resource_aws_default_vpc_test.go | 58 ++++++++++++++ .../providers/aws/r/default_vpc.html.markdown | 76 +++++++++++++++++++ website/source/layouts/aws.erb | 4 + 5 files changed, 218 insertions(+), 18 deletions(-) create mode 100644 builtin/providers/aws/resource_aws_default_vpc.go create mode 100644 builtin/providers/aws/resource_aws_default_vpc_test.go create mode 100644 website/source/docs/providers/aws/r/default_vpc.html.markdown diff --git a/builtin/providers/aws/provider.go b/builtin/providers/aws/provider.go index f486d2718..bba070e39 100644 --- a/builtin/providers/aws/provider.go +++ b/builtin/providers/aws/provider.go @@ -370,7 +370,6 @@ func Provider() terraform.ResourceProvider { "aws_nat_gateway": resourceAwsNatGateway(), "aws_network_acl": resourceAwsNetworkAcl(), "aws_default_network_acl": resourceAwsDefaultNetworkAcl(), - "aws_default_route_table": resourceAwsDefaultRouteTable(), "aws_network_acl_rule": resourceAwsNetworkAclRule(), "aws_network_interface": resourceAwsNetworkInterface(), "aws_network_interface_attachment": resourceAwsNetworkInterfaceAttachment(), @@ -406,6 +405,7 @@ func Provider() terraform.ResourceProvider { "aws_route53_health_check": resourceAwsRoute53HealthCheck(), "aws_route": resourceAwsRoute(), "aws_route_table": resourceAwsRouteTable(), + "aws_default_route_table": resourceAwsDefaultRouteTable(), "aws_route_table_association": resourceAwsRouteTableAssociation(), "aws_ses_active_receipt_rule_set": resourceAwsSesActiveReceiptRuleSet(), "aws_ses_domain_identity": resourceAwsSesDomainIdentity(), @@ -418,8 +418,8 @@ func Provider() terraform.ResourceProvider { "aws_s3_bucket_policy": resourceAwsS3BucketPolicy(), "aws_s3_bucket_object": resourceAwsS3BucketObject(), "aws_s3_bucket_notification": resourceAwsS3BucketNotification(), - "aws_default_security_group": resourceAwsDefaultSecurityGroup(), "aws_security_group": resourceAwsSecurityGroup(), + "aws_default_security_group": resourceAwsDefaultSecurityGroup(), "aws_security_group_rule": resourceAwsSecurityGroupRule(), "aws_simpledb_domain": resourceAwsSimpleDBDomain(), "aws_ssm_activation": resourceAwsSsmActivation(), @@ -447,22 +447,23 @@ func Provider() terraform.ResourceProvider { "aws_vpc_dhcp_options": resourceAwsVpcDhcpOptions(), "aws_vpc_peering_connection": resourceAwsVpcPeeringConnection(), "aws_vpc_peering_connection_accepter": resourceAwsVpcPeeringConnectionAccepter(), - "aws_vpc": resourceAwsVpc(), - "aws_vpc_endpoint": resourceAwsVpcEndpoint(), - "aws_vpc_endpoint_route_table_association": resourceAwsVpcEndpointRouteTableAssociation(), - "aws_vpn_connection": resourceAwsVpnConnection(), - "aws_vpn_connection_route": resourceAwsVpnConnectionRoute(), - "aws_vpn_gateway": resourceAwsVpnGateway(), - "aws_vpn_gateway_attachment": resourceAwsVpnGatewayAttachment(), - "aws_waf_byte_match_set": resourceAwsWafByteMatchSet(), - "aws_waf_ipset": resourceAwsWafIPSet(), - "aws_waf_rule": resourceAwsWafRule(), - "aws_waf_size_constraint_set": resourceAwsWafSizeConstraintSet(), - "aws_waf_web_acl": resourceAwsWafWebAcl(), - "aws_waf_xss_match_set": resourceAwsWafXssMatchSet(), - "aws_waf_sql_injection_match_set": resourceAwsWafSqlInjectionMatchSet(), - "aws_wafregional_byte_match_set": resourceAwsWafRegionalByteMatchSet(), - "aws_wafregional_ipset": resourceAwsWafRegionalIPSet(), + "aws_default_vpc": resourceAwsDefaultVpc(), + "aws_vpc": resourceAwsVpc(), + "aws_vpc_endpoint": resourceAwsVpcEndpoint(), + "aws_vpc_endpoint_route_table_association": resourceAwsVpcEndpointRouteTableAssociation(), + "aws_vpn_connection": resourceAwsVpnConnection(), + "aws_vpn_connection_route": resourceAwsVpnConnectionRoute(), + "aws_vpn_gateway": resourceAwsVpnGateway(), + "aws_vpn_gateway_attachment": resourceAwsVpnGatewayAttachment(), + "aws_waf_byte_match_set": resourceAwsWafByteMatchSet(), + "aws_waf_ipset": resourceAwsWafIPSet(), + "aws_waf_rule": resourceAwsWafRule(), + "aws_waf_size_constraint_set": resourceAwsWafSizeConstraintSet(), + "aws_waf_web_acl": resourceAwsWafWebAcl(), + "aws_waf_xss_match_set": resourceAwsWafXssMatchSet(), + "aws_waf_sql_injection_match_set": resourceAwsWafSqlInjectionMatchSet(), + "aws_wafregional_byte_match_set": resourceAwsWafRegionalByteMatchSet(), + "aws_wafregional_ipset": resourceAwsWafRegionalIPSet(), }, ConfigureFunc: providerConfigure, } diff --git a/builtin/providers/aws/resource_aws_default_vpc.go b/builtin/providers/aws/resource_aws_default_vpc.go new file mode 100644 index 000000000..8767a85aa --- /dev/null +++ b/builtin/providers/aws/resource_aws_default_vpc.go @@ -0,0 +1,61 @@ +package aws + +import ( + "log" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/service/ec2" + "github.com/hashicorp/terraform/helper/schema" +) + +func resourceAwsDefaultVpc() *schema.Resource { + // reuse aws_vpc schema, and methods for READ, UPDATE + dvpc := resourceAwsVpc() + dvpc.Create = resourceAwsDefaultVpcCreate + dvpc.Delete = resourceAwsDefaultVpcDelete + + // cidr_block is a computed value for Default VPCs + dvpc.Schema["cidr_block"] = &schema.Schema{ + Type: schema.TypeString, + Computed: true, + } + // instance_tenancy is a computed value for Default VPCs + dvpc.Schema["instance_tenancy"] = &schema.Schema{ + Type: schema.TypeString, + Computed: true, + } + // assign_generated_ipv6_cidr_block is a computed value for Default VPCs + dvpc.Schema["assign_generated_ipv6_cidr_block"] = &schema.Schema{ + Type: schema.TypeBool, + Computed: true, + } + + return dvpc +} + +func resourceAwsDefaultVpcCreate(d *schema.ResourceData, meta interface{}) error { + conn := meta.(*AWSClient).ec2conn + req := &ec2.DescribeVpcsInput{ + Filters: []*ec2.Filter{ + &ec2.Filter{ + Name: aws.String("isDefault"), + Values: aws.StringSlice([]string{"true"}), + }, + }, + } + + resp, err := conn.DescribeVpcs(req) + if err != nil { + return err + } + + d.SetId(aws.StringValue(resp.Vpcs[0].VpcId)) + + return resourceAwsVpcUpdate(d, meta) +} + +func resourceAwsDefaultVpcDelete(d *schema.ResourceData, meta interface{}) error { + log.Printf("[WARN] Cannot destroy Default VPC. Terraform will remove this resource from the state file, however resources may remain.") + d.SetId("") + return nil +} diff --git a/builtin/providers/aws/resource_aws_default_vpc_test.go b/builtin/providers/aws/resource_aws_default_vpc_test.go new file mode 100644 index 000000000..1f14b6469 --- /dev/null +++ b/builtin/providers/aws/resource_aws_default_vpc_test.go @@ -0,0 +1,58 @@ +// make testacc TEST=./builtin/providers/aws/ TESTARGS='-run=TestAccAWSDefaultVpc_' +package aws + +import ( + "testing" + + "github.com/aws/aws-sdk-go/service/ec2" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccAWSDefaultVpc_basic(t *testing.T) { + var vpc ec2.Vpc + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSDefaultVpcDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSDefaultVpcConfigBasic, + Check: resource.ComposeTestCheckFunc( + testAccCheckVpcExists("aws_default_vpc.foo", &vpc), + testAccCheckVpcCidr(&vpc, "172.31.0.0/16"), + resource.TestCheckResourceAttr( + "aws_default_vpc.foo", "cidr_block", "172.31.0.0/16"), + resource.TestCheckResourceAttr( + "aws_default_vpc.foo", "tags.%", "1"), + resource.TestCheckResourceAttr( + "aws_default_vpc.foo", "tags.Name", "Default VPC"), + resource.TestCheckNoResourceAttr( + "aws_default_vpc.foo", "assign_generated_ipv6_cidr_block"), + resource.TestCheckNoResourceAttr( + "aws_default_vpc.foo", "ipv6_association_id"), + resource.TestCheckNoResourceAttr( + "aws_default_vpc.foo", "ipv6_cidr_block"), + ), + }, + }, + }) +} + +func testAccCheckAWSDefaultVpcDestroy(s *terraform.State) error { + // We expect VPC to still exist + return nil +} + +const testAccAWSDefaultVpcConfigBasic = ` +provider "aws" { + region = "us-west-2" +} + +resource "aws_default_vpc" "foo" { + tags { + Name = "Default VPC" + } +} +` diff --git a/website/source/docs/providers/aws/r/default_vpc.html.markdown b/website/source/docs/providers/aws/r/default_vpc.html.markdown new file mode 100644 index 000000000..acf9be792 --- /dev/null +++ b/website/source/docs/providers/aws/r/default_vpc.html.markdown @@ -0,0 +1,76 @@ +--- +layout: "aws" +page_title: "AWS: aws_default_vpc" +sidebar_current: "docs-aws-resource-default-vpc" +description: |- + Manage the default VPC resource. +--- + +# aws\_default\_vpc + +Provides a resource to manage the [default AWS VPC](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html) +in the current region. + +For AWS accounts created after 2013-12-04, each region comes with a Default VPC. +**This is an advanced resource**, and has special caveats to be aware of when +using it. Please read this document in its entirety before using this resource. + +The `aws_default_vpc` behaves differently from normal resources, in that +Terraform does not _create_ this resource, but instead "adopts" it +into management. + +## Example Usage + +Basic usage with tags: + +``` +resource "aws_default_vpc" "default" { + tags { + Name = "Default VPC" + } +} +``` + +## Argument Reference + +The arguments of an `aws_default_vpc` differ slightly from `aws_vpc` +resources. Namely, the `cidr_block`, `instance_tenancy` and `assign_generated_ipv6_cidr_block` +arguments are computed. The following arguments are still supported: + +* `enable_dns_support` - (Optional) A boolean flag to enable/disable DNS support in the VPC. Defaults true. +* `enable_dns_hostnames` - (Optional) A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false. +* `enable_classiclink` - (Optional) A boolean flag to enable/disable ClassicLink + for the VPC. Only valid in regions and accounts that support EC2 Classic. + See the [ClassicLink documentation][1] for more information. Defaults false. +* `tags` - (Optional) A mapping of tags to assign to the resource. + +### Removing `aws_default_vpc` from your configuration + +The `aws_default_vpc` resource allows you to manage a region's default VPC, +but Terraform cannot destroy it. Removing this resource from your configuration +will remove it from your statefile and management, but will not destroy the VPC. +You can resume managing the VPC via the AWS Console. + +## Attributes Reference + +The following attributes are exported: + +* `id` - The ID of the VPC +* `cidr_block` - The CIDR block of the VPC +* `instance_tenancy` - Tenancy of instances spin up within VPC. +* `enable_dns_support` - Whether or not the VPC has DNS support +* `enable_dns_hostnames` - Whether or not the VPC has DNS hostname support +* `enable_classiclink` - Whether or not the VPC has Classiclink enabled +* `assign_generated_ipv6_cidr_block` - Whether or not an Amazon-provided IPv6 CIDR +block with a /56 prefix length for the VPC was assigned +* `main_route_table_id` - The ID of the main route table associated with + this VPC. Note that you can change a VPC's main route table by using an + [`aws_main_route_table_association`](/docs/providers/aws/r/main_route_table_assoc.html) +* `default_network_acl_id` - The ID of the network ACL created by default on VPC creation +* `default_security_group_id` - The ID of the security group created by default on VPC creation +* `default_route_table_id` - The ID of the route table created by default on VPC creation +* `ipv6_association_id` - The association ID for the IPv6 CIDR block of the VPC +* `ipv6_cidr_block` - The IPv6 CIDR block of the VPC + + +[1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html diff --git a/website/source/layouts/aws.erb b/website/source/layouts/aws.erb index d6b2fe35b..3c56752a3 100644 --- a/website/source/layouts/aws.erb +++ b/website/source/layouts/aws.erb @@ -1349,6 +1349,10 @@ aws_default_subnet + > + aws_default_vpc + + > aws_default_vpc_dhcp_options