From 1ee4ecdc3bb93a584df874a7effa0bacb2f18d04 Mon Sep 17 00:00:00 2001 From: John Norton Date: Tue, 5 Dec 2017 15:23:42 -0700 Subject: [PATCH 01/10] add assign public ip property to network configuration --- aws/resource_aws_ecs_service.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/aws/resource_aws_ecs_service.go b/aws/resource_aws_ecs_service.go index e1942508400..d79b5c2bef4 100644 --- a/aws/resource_aws_ecs_service.go +++ b/aws/resource_aws_ecs_service.go @@ -112,21 +112,30 @@ func resourceAwsEcsService() *schema.Resource { "network_configuration": { Type: schema.TypeList, Optional: true, + ForceNew: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "security_groups": { Type: schema.TypeSet, Optional: true, + ForceNew: true, Elem: &schema.Schema{Type: schema.TypeString}, Set: schema.HashString, }, "subnets": { Type: schema.TypeSet, Required: true, + ForceNew: true, Elem: &schema.Schema{Type: schema.TypeString}, Set: schema.HashString, }, + "assign_public_ip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, }, }, }, @@ -403,6 +412,9 @@ func flattenEcsNetworkConfigration(nc *ecs.NetworkConfiguration) []interface{} { result := make(map[string]interface{}) result["security_groups"] = schema.NewSet(schema.HashString, flattenStringList(nc.AwsvpcConfiguration.SecurityGroups)) result["subnets"] = schema.NewSet(schema.HashString, flattenStringList(nc.AwsvpcConfiguration.Subnets)) + if val, ok := result["assign_public_ip"].(string); ok { + result["assign_public_ip"] = val + } return []interface{}{result} } @@ -416,6 +428,11 @@ func expandEcsNetworkConfigration(nc []interface{}) *ecs.NetworkConfiguration { awsVpcConfig.SecurityGroups = expandStringSet(val.(*schema.Set)) } awsVpcConfig.Subnets = expandStringSet(raw["subnets"].(*schema.Set)) + + //if val, ok := raw["assign_public_ip"].(string); ok { + // awsVpcConfig.AssignPublicIp = aws.String(val) + // } + return &ecs.NetworkConfiguration{AwsvpcConfiguration: awsVpcConfig} } From 927d68c187ef9f11f89242a0d840c4d38d33d9a8 Mon Sep 17 00:00:00 2001 From: John Norton Date: Tue, 5 Dec 2017 16:19:03 -0700 Subject: [PATCH 02/10] force new resource on network config change, update docs --- aws/resource_aws_ecs_service.go | 12 ++++++------ website/docs/r/ecs_service.html.markdown | 1 + 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/aws/resource_aws_ecs_service.go b/aws/resource_aws_ecs_service.go index d79b5c2bef4..371719bf9c6 100644 --- a/aws/resource_aws_ecs_service.go +++ b/aws/resource_aws_ecs_service.go @@ -409,12 +409,12 @@ func flattenEcsNetworkConfigration(nc *ecs.NetworkConfiguration) []interface{} { if nc == nil { return nil } + result := make(map[string]interface{}) result["security_groups"] = schema.NewSet(schema.HashString, flattenStringList(nc.AwsvpcConfiguration.SecurityGroups)) result["subnets"] = schema.NewSet(schema.HashString, flattenStringList(nc.AwsvpcConfiguration.Subnets)) - if val, ok := result["assign_public_ip"].(string); ok { - result["assign_public_ip"] = val - } + result["assign_public_ip"] = *nc.AwsvpcConfiguration.AssignPublicIp + return []interface{}{result} } @@ -429,9 +429,9 @@ func expandEcsNetworkConfigration(nc []interface{}) *ecs.NetworkConfiguration { } awsVpcConfig.Subnets = expandStringSet(raw["subnets"].(*schema.Set)) - //if val, ok := raw["assign_public_ip"].(string); ok { - // awsVpcConfig.AssignPublicIp = aws.String(val) - // } + if val, ok := raw["assign_public_ip"].(string); ok { + awsVpcConfig.AssignPublicIp = aws.String(val) + } return &ecs.NetworkConfiguration{AwsvpcConfiguration: awsVpcConfig} } diff --git a/website/docs/r/ecs_service.html.markdown b/website/docs/r/ecs_service.html.markdown index fe90a84088f..76082fa3fd2 100644 --- a/website/docs/r/ecs_service.html.markdown +++ b/website/docs/r/ecs_service.html.markdown @@ -100,6 +100,7 @@ Guide](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query- `network_configuration` support the following: * `subnets` - (Required) The subnets associated with the task or service. * `security_groups` - (Optional) The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. +* `assign_public_ip` - (Optional) Valid values are "ENABLED" or "DISABLED". Will assign a public IP address to the ENI. For more information, see [Task Networking](http://docs.aws.amazon.com/AmazonECS/latest/developerguidetask-networking.html) ## Attributes Reference From 36934737ab354734b6b7dee841d3a310df09907c Mon Sep 17 00:00:00 2001 From: John Norton Date: Tue, 5 Dec 2017 21:28:20 -0700 Subject: [PATCH 03/10] set default value for assign_public_ip --- aws/resource_aws_ecs_service.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/resource_aws_ecs_service.go b/aws/resource_aws_ecs_service.go index 371719bf9c6..0c255f9ab20 100644 --- a/aws/resource_aws_ecs_service.go +++ b/aws/resource_aws_ecs_service.go @@ -134,6 +134,7 @@ func resourceAwsEcsService() *schema.Resource { Type: schema.TypeString, Optional: true, ForceNew: true, + Default: "DISABLED", Elem: &schema.Schema{Type: schema.TypeString}, }, }, @@ -432,7 +433,6 @@ func expandEcsNetworkConfigration(nc []interface{}) *ecs.NetworkConfiguration { if val, ok := raw["assign_public_ip"].(string); ok { awsVpcConfig.AssignPublicIp = aws.String(val) } - return &ecs.NetworkConfiguration{AwsvpcConfiguration: awsVpcConfig} } From 8d71878089fb03b83b37d994780cc767153073fb Mon Sep 17 00:00:00 2001 From: John Norton Date: Thu, 7 Dec 2017 11:18:18 -0700 Subject: [PATCH 04/10] fix networkcofnig force new resource...add test --- aws/resource_aws_ecs_service.go | 13 ++++--------- aws/resource_aws_ecs_service_test.go | 1 + 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/aws/resource_aws_ecs_service.go b/aws/resource_aws_ecs_service.go index 0c255f9ab20..38a4ed5286f 100644 --- a/aws/resource_aws_ecs_service.go +++ b/aws/resource_aws_ecs_service.go @@ -112,30 +112,25 @@ func resourceAwsEcsService() *schema.Resource { "network_configuration": { Type: schema.TypeList, Optional: true, - ForceNew: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "security_groups": { Type: schema.TypeSet, Optional: true, - ForceNew: true, Elem: &schema.Schema{Type: schema.TypeString}, Set: schema.HashString, }, "subnets": { Type: schema.TypeSet, Required: true, - ForceNew: true, Elem: &schema.Schema{Type: schema.TypeString}, Set: schema.HashString, }, "assign_public_ip": &schema.Schema{ Type: schema.TypeString, Optional: true, - ForceNew: true, Default: "DISABLED", - Elem: &schema.Schema{Type: schema.TypeString}, }, }, }, @@ -429,9 +424,10 @@ func expandEcsNetworkConfigration(nc []interface{}) *ecs.NetworkConfiguration { awsVpcConfig.SecurityGroups = expandStringSet(val.(*schema.Set)) } awsVpcConfig.Subnets = expandStringSet(raw["subnets"].(*schema.Set)) - + log.Printf("[DEBUG] assign_public_ip %s", raw["assign_public_ip"]) if val, ok := raw["assign_public_ip"].(string); ok { awsVpcConfig.AssignPublicIp = aws.String(val) + log.Printf("[DEBUG] AssingPublicIp %s", awsVpcConfig.AssignPublicIp) } return &ecs.NetworkConfiguration{AwsvpcConfiguration: awsVpcConfig} } @@ -498,9 +494,8 @@ func resourceAwsEcsServiceUpdate(d *schema.ResourceData, meta interface{}) error } } - if d.HasChange("network_configration") { - input.NetworkConfiguration = expandEcsNetworkConfigration(d.Get("network_configuration").([]interface{})) - } + //d.HasChange("network_configration") is not working, so explicity calling method. + input.NetworkConfiguration = expandEcsNetworkConfigration(d.Get("network_configuration").([]interface{})) // Retry due to IAM & ECS eventual consistency err := resource.Retry(2*time.Minute, func() *resource.RetryError { diff --git a/aws/resource_aws_ecs_service_test.go b/aws/resource_aws_ecs_service_test.go index 2b10eaeaac4..fd77da3f0e2 100644 --- a/aws/resource_aws_ecs_service_test.go +++ b/aws/resource_aws_ecs_service_test.go @@ -1261,6 +1261,7 @@ resource "aws_ecs_service" "main" { network_configuration { security_groups = ["${aws_security_group.allow_all_a.id}", "${aws_security_group.allow_all_b.id}"] subnets = ["${aws_subnet.main.*.id}"] + assign_public_ip = "ENABLED" } } `, rName, rName) From b48ae4a0067627ec4d0d61b3fe1846520dcefb8f Mon Sep 17 00:00:00 2001 From: John Norton Date: Thu, 7 Dec 2017 11:24:58 -0700 Subject: [PATCH 05/10] remove debug output --- aws/resource_aws_ecs_service.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/aws/resource_aws_ecs_service.go b/aws/resource_aws_ecs_service.go index 38a4ed5286f..071f744881c 100644 --- a/aws/resource_aws_ecs_service.go +++ b/aws/resource_aws_ecs_service.go @@ -424,10 +424,8 @@ func expandEcsNetworkConfigration(nc []interface{}) *ecs.NetworkConfiguration { awsVpcConfig.SecurityGroups = expandStringSet(val.(*schema.Set)) } awsVpcConfig.Subnets = expandStringSet(raw["subnets"].(*schema.Set)) - log.Printf("[DEBUG] assign_public_ip %s", raw["assign_public_ip"]) if val, ok := raw["assign_public_ip"].(string); ok { awsVpcConfig.AssignPublicIp = aws.String(val) - log.Printf("[DEBUG] AssingPublicIp %s", awsVpcConfig.AssignPublicIp) } return &ecs.NetworkConfiguration{AwsvpcConfiguration: awsVpcConfig} } From 83d84067d63856eece61472a155f09e512c8e08a Mon Sep 17 00:00:00 2001 From: John Norton Date: Tue, 16 Jan 2018 11:41:48 -0700 Subject: [PATCH 06/10] Change assign_public_ip to boolean --- aws/resource_aws_ecs_service.go | 17 +++++++++++------ aws/resource_aws_ecs_service_test.go | 2 +- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/aws/resource_aws_ecs_service.go b/aws/resource_aws_ecs_service.go index 934e2dcabbf..f68edb990bc 100644 --- a/aws/resource_aws_ecs_service.go +++ b/aws/resource_aws_ecs_service.go @@ -134,9 +134,9 @@ func resourceAwsEcsService() *schema.Resource { Set: schema.HashString, }, "assign_public_ip": &schema.Schema{ - Type: schema.TypeString, + Type: schema.TypeBool, Optional: true, - Default: "DISABLED", + Default: false, }, }, }, @@ -419,8 +419,10 @@ func flattenEcsNetworkConfigration(nc *ecs.NetworkConfiguration) []interface{} { result := make(map[string]interface{}) result["security_groups"] = schema.NewSet(schema.HashString, flattenStringList(nc.AwsvpcConfiguration.SecurityGroups)) result["subnets"] = schema.NewSet(schema.HashString, flattenStringList(nc.AwsvpcConfiguration.Subnets)) - result["assign_public_ip"] = *nc.AwsvpcConfiguration.AssignPublicIp - + result["assign_public_ip"] = "true" + if *nc.AwsvpcConfiguration.AssignPublicIp == "DISABLED" { + result["assign_public_ip"] = "false" + } return []interface{}{result} } @@ -434,8 +436,11 @@ func expandEcsNetworkConfigration(nc []interface{}) *ecs.NetworkConfiguration { awsVpcConfig.SecurityGroups = expandStringSet(val.(*schema.Set)) } awsVpcConfig.Subnets = expandStringSet(raw["subnets"].(*schema.Set)) - if val, ok := raw["assign_public_ip"].(string); ok { - awsVpcConfig.AssignPublicIp = aws.String(val) + if val, ok := raw["assign_public_ip"].(bool); ok { + awsVpcConfig.AssignPublicIp = aws.String("DISABLED") + if val { + awsVpcConfig.AssignPublicIp = aws.String("ENABLED") + } } return &ecs.NetworkConfiguration{AwsvpcConfiguration: awsVpcConfig} } diff --git a/aws/resource_aws_ecs_service_test.go b/aws/resource_aws_ecs_service_test.go index 1a78244e283..6dc999199f2 100644 --- a/aws/resource_aws_ecs_service_test.go +++ b/aws/resource_aws_ecs_service_test.go @@ -1517,7 +1517,7 @@ resource "aws_ecs_service" "main" { network_configuration { security_groups = ["${aws_security_group.allow_all_a.id}", "${aws_security_group.allow_all_b.id}"] subnets = ["${aws_subnet.main.*.id}"] - assign_public_ip = "ENABLED" + assign_public_ip = true } } `, sg1Name, sg2Name, clusterName, tdName, svcName) From 5c56c41678d754f015d796895173956a87e9a6e5 Mon Sep 17 00:00:00 2001 From: John Norton Date: Wed, 24 Jan 2018 23:25:47 -0700 Subject: [PATCH 07/10] Update ecs_service.html.markdown --- website/docs/r/ecs_service.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/ecs_service.html.markdown b/website/docs/r/ecs_service.html.markdown index 17232ea4851..481ec7376ed 100644 --- a/website/docs/r/ecs_service.html.markdown +++ b/website/docs/r/ecs_service.html.markdown @@ -102,7 +102,7 @@ Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query * `subnets` - (Required) The subnets associated with the task or service. * `security_groups` - (Optional) The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. -* `assign_public_ip` - (Optional) Valid values are "ENABLED" or "DISABLED". Will assign a public IP address to the ENI. +* `assign_public_ip` - (Optional) Valid values are "true" or "false". Will assign a public IP address to the ENI. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) ## Attributes Reference From 1da6118bc70ccad26974a58c68a3aa8294fe4427 Mon Sep 17 00:00:00 2001 From: John Norton Date: Thu, 1 Feb 2018 22:37:39 -0700 Subject: [PATCH 08/10] change to true or false, update docs. --- aws/resource_aws_ecs_service_test.go | 34 ++++++++++++++++++++---- aws/resource_aws_lb_listener.go | 1 - examples/networking/region/numbering.tf | 1 - examples/networking/subnet/numbering.tf | 1 - website/docs/r/ecs_service.html.markdown | 2 +- 5 files changed, 30 insertions(+), 9 deletions(-) delete mode 120000 examples/networking/region/numbering.tf delete mode 120000 examples/networking/subnet/numbering.tf diff --git a/aws/resource_aws_ecs_service_test.go b/aws/resource_aws_ecs_service_test.go index 6dc999199f2..89496b4368e 100644 --- a/aws/resource_aws_ecs_service_test.go +++ b/aws/resource_aws_ecs_service_test.go @@ -486,7 +486,7 @@ func TestAccAWSEcsService_withLaunchTypeFargate(t *testing.T) { }) } -func TestAccAWSEcsService_withNetworkConfiguration(t *testing.T) { +func TestAccAWSEcsService_withNetworkConfigurationAssignPublicIp(t *testing.T) { rString := acctest.RandString(8) sg1Name := fmt.Sprintf("tf-acc-sg-1-svc-w-nc-%s", rString) @@ -501,7 +501,31 @@ func TestAccAWSEcsService_withNetworkConfiguration(t *testing.T) { CheckDestroy: testAccCheckAWSEcsServiceDestroy, Steps: []resource.TestStep{ { - Config: testAccAWSEcsServiceWithNetworkConfigration(sg1Name, sg2Name, clusterName, tdName, svcName), + Config: testAccAWSEcsServiceWithNetworkConfigration(sg1Name, sg2Name, clusterName, tdName, svcName, "true"), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSEcsServiceExists("aws_ecs_service.main"), + ), + }, + }, + }) +} + +func TestAccAWSEcsService_withNetworkConfigurationDoNotAssignPublicIp(t *testing.T) { + rString := acctest.RandString(8) + + sg1Name := fmt.Sprintf("tf-acc-sg-1-svc-w-nc-%s", rString) + sg2Name := fmt.Sprintf("tf-acc-sg-2-svc-w-nc-%s", rString) + clusterName := fmt.Sprintf("tf-acc-cluster-svc-w-nc-%s", rString) + tdName := fmt.Sprintf("tf-acc-td-svc-w-nc-%s", rString) + svcName := fmt.Sprintf("tf-acc-svc-w-nc-%s", rString) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSEcsServiceDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSEcsServiceWithNetworkConfigration(sg1Name, sg2Name, clusterName, tdName, svcName, "false"), Check: resource.ComposeTestCheckFunc( testAccCheckAWSEcsServiceExists("aws_ecs_service.main"), ), @@ -1448,7 +1472,7 @@ resource "aws_ecs_service" "with_alb" { `, clusterName, tdName, roleName, policyName, tgName, lbName, svcName) } -func testAccAWSEcsServiceWithNetworkConfigration(sg1Name, sg2Name, clusterName, tdName, svcName string) string { +func testAccAWSEcsServiceWithNetworkConfigration(sg1Name, sg2Name, clusterName, tdName, svcName, assignPublicIp string) string { return fmt.Sprintf(` data "aws_availability_zones" "available" {} @@ -1517,8 +1541,8 @@ resource "aws_ecs_service" "main" { network_configuration { security_groups = ["${aws_security_group.allow_all_a.id}", "${aws_security_group.allow_all_b.id}"] subnets = ["${aws_subnet.main.*.id}"] - assign_public_ip = true + assign_public_ip = %s } } -`, sg1Name, sg2Name, clusterName, tdName, svcName) +`, sg1Name, sg2Name, clusterName, tdName, svcName, assignPublicIp) } diff --git a/aws/resource_aws_lb_listener.go b/aws/resource_aws_lb_listener.go index ec99fa366f4..f96e6e6aa00 100644 --- a/aws/resource_aws_lb_listener.go +++ b/aws/resource_aws_lb_listener.go @@ -34,7 +34,6 @@ func resourceAwsLbListener() *schema.Resource { "load_balancer_arn": { Type: schema.TypeString, Required: true, - ForceNew: true, }, "port": { diff --git a/examples/networking/region/numbering.tf b/examples/networking/region/numbering.tf deleted file mode 120000 index 49f7617b054..00000000000 --- a/examples/networking/region/numbering.tf +++ /dev/null @@ -1 +0,0 @@ -../numbering/variables.tf \ No newline at end of file diff --git a/examples/networking/subnet/numbering.tf b/examples/networking/subnet/numbering.tf deleted file mode 120000 index 49f7617b054..00000000000 --- a/examples/networking/subnet/numbering.tf +++ /dev/null @@ -1 +0,0 @@ -../numbering/variables.tf \ No newline at end of file diff --git a/website/docs/r/ecs_service.html.markdown b/website/docs/r/ecs_service.html.markdown index 481ec7376ed..a427f15e2e7 100644 --- a/website/docs/r/ecs_service.html.markdown +++ b/website/docs/r/ecs_service.html.markdown @@ -102,7 +102,7 @@ Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query * `subnets` - (Required) The subnets associated with the task or service. * `security_groups` - (Optional) The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. -* `assign_public_ip` - (Optional) Valid values are "true" or "false". Will assign a public IP address to the ENI. +* `assign_public_ip` - (Optional) Valid values are "true" or "false". Will assign a public IP address to the ENI. Default value is "false". For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) ## Attributes Reference From 642d87085b973a3f09b3c6eecf0739c7100f00a0 Mon Sep 17 00:00:00 2001 From: John Norton Date: Thu, 1 Feb 2018 23:01:20 -0700 Subject: [PATCH 09/10] Use SDK Enum --- aws/resource_aws_ecs_service.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/aws/resource_aws_ecs_service.go b/aws/resource_aws_ecs_service.go index f68edb990bc..adeb7e6176b 100644 --- a/aws/resource_aws_ecs_service.go +++ b/aws/resource_aws_ecs_service.go @@ -420,7 +420,7 @@ func flattenEcsNetworkConfigration(nc *ecs.NetworkConfiguration) []interface{} { result["security_groups"] = schema.NewSet(schema.HashString, flattenStringList(nc.AwsvpcConfiguration.SecurityGroups)) result["subnets"] = schema.NewSet(schema.HashString, flattenStringList(nc.AwsvpcConfiguration.Subnets)) result["assign_public_ip"] = "true" - if *nc.AwsvpcConfiguration.AssignPublicIp == "DISABLED" { + if *nc.AwsvpcConfiguration.AssignPublicIp == ecs.AssignPublicIpDisabled { result["assign_public_ip"] = "false" } return []interface{}{result} @@ -437,11 +437,12 @@ func expandEcsNetworkConfigration(nc []interface{}) *ecs.NetworkConfiguration { } awsVpcConfig.Subnets = expandStringSet(raw["subnets"].(*schema.Set)) if val, ok := raw["assign_public_ip"].(bool); ok { - awsVpcConfig.AssignPublicIp = aws.String("DISABLED") + awsVpcConfig.AssignPublicIp = aws.String(ecs.AssignPublicIpDisabled) if val { - awsVpcConfig.AssignPublicIp = aws.String("ENABLED") + awsVpcConfig.AssignPublicIp = aws.String(ecs.AssignPublicIpEnabled) } } + return &ecs.NetworkConfiguration{AwsvpcConfiguration: awsVpcConfig} } From 554f63dc8e903c81775da3f961243745b6d97730 Mon Sep 17 00:00:00 2001 From: John Norton Date: Thu, 1 Feb 2018 23:03:13 -0700 Subject: [PATCH 10/10] remove &schema.Schema{ --- aws/resource_aws_ecs_service.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/resource_aws_ecs_service.go b/aws/resource_aws_ecs_service.go index adeb7e6176b..3c151589d95 100644 --- a/aws/resource_aws_ecs_service.go +++ b/aws/resource_aws_ecs_service.go @@ -133,7 +133,7 @@ func resourceAwsEcsService() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, Set: schema.HashString, }, - "assign_public_ip": &schema.Schema{ + "assign_public_ip": { Type: schema.TypeBool, Optional: true, Default: false,