-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New Resource: aws_workspaces_workspace #11608
Conversation
6735042
to
96e390f
Compare
Hey @Tensho, your PR now has a conflict (and fixing it is trivial). Could you please do so, to increase the chances of it getting merged? Thanks! |
4507ac4
to
6f7ab0c
Compare
Rebased, but still have to sort out defaults for attributes of the Set type. Asked more clarification in #142. Will resolve other issues after that. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR, @Tensho. I've gone through and added a number of changes that should be made for this.
aws/resource_aws_workspace_test.go
Outdated
}) | ||
} | ||
|
||
func testSweepWorkspaces(region string) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The aws_workspaces_directory
sweeper will probably need to add a dependency on this sweeper
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it? You can build aws_workspaces_directory
without needing an aws_workspaces_workspace
. Maybe I'm not understanding sweepers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess @gdavison means opposite direction – aws_workspaces_workspace
sweeper depends on aws_workspaces_directory
one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, when we add a dependency to a sweeper, it means that the other sweeper needs to be run before this one, or it will return an error.
aws/resource_aws_workspace.go
Outdated
Type: schema.TypeInt, | ||
Optional: true, | ||
Default: 80, | ||
ValidateFunc: validation.IntInSlice([]int{80, 175}), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on the documentation at https://docs.aws.amazon.com/workspaces/latest/adminguide/modify-workspaces.html, it looks like the valid values for root_volume_size_gib
are 80
or 175 to 2000
.
- If
root_volume_size_gib
is80
, thenuser_volume_size_gib
is one of10
,50
, or100
. - If
root_volume_size_gib
is175 to 2000
, thenuser_volume_size_gib
is100 to 2000
Validation should be updated to allow the higher values.
Also, root and user volumes cannot change size at the same time. The code should deal with that case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't' remember exactly why, but I failed to accomplish this. Will make another attempt and share the feedback. Thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gdavison Ah, I remembered, how can I refer to attribute A in the validation func of attribute B? Or should I handle this in resource Update
func?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gdavison The question about validation func for dependent attributes is still actual for me. Please could you answer the questions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the ValidateFunc
s in the resource schema, you can use validation.Any()
to chain together validation functions.
For root_volume_size_gib
, this could be
ValidateFunc: validation.Any(
validation.IntInSlice([]int{80}),
validation.IntBetween(175, 2000),
)
For final validation that the two fields are compatible, we'll have to let the AWS API handle it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. I've added one acceptance for user volume size validation, but I doubt this is the right way to test all possible cases. Please could you refer me to the good validation unit test example?
@gdavison I'll do the changes according to your review this week. Thank you very much 🙇 |
@gdavison @bflad @ewbankkit I iterate on
However, test framework still creates the resource on the second test case. What is generally the best way to work on long-launching resources? BTW, I switched |
9699935
to
f0a5ea9
Compare
@gdavison Good news, I'm on the finish line with this resource, hope to resolve some workspace properties modification snags with AWS Support and then tidy up tests to be self-sufficient. I guess I learned about Terraform providers here much more than from all other resources all together 🙂 Appreciate if you answer the questions left in the discussion 🙇 |
f0a5ea9
to
f4251a8
Compare
433a486
to
0c59e3a
Compare
@gdavison @DrFaust92 Thank you for the feedback 🙇 I've made required changes, please check out the current state. |
@Tensho, tagging logic fix is handled by #13089. can you the currently generated functions (this will cause failure but it will be fixed across all workspaces resources with the aforementioned PR) |
alternatively #13089 needs to be merged before this |
@DrFaust92 I'm pretty fine with prior #13089 merge, just whatever makes this resource public appearance sooner. |
34a430f
to
595a9bc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's looking great! A couple changes to make, and I'm going to merge #13089 first. This might create some merge conflicts
DirectoryId: aws.String(id), | ||
} | ||
err := conn.DescribeWorkspacesPages(input, func(resp *workspaces.DescribeWorkspacesOutput, _ bool) bool { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The delete function for a resource should only handle deleting itself. Terraform will use the resource dependency graph to handle the order. However, the sweeper for aws_workspaces_directory
should add aws_workspaces_workspace
to its Dependencies
array.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You shared knowledge and examples about sweepers and now I understand the concept better. Thank you 🙇 Fixed workspaces_directory
sweeper depend on worksapces_workspace
.
examples/workspaces/main.tf
Outdated
@@ -33,6 +33,32 @@ resource "aws_workspaces_directory" "main" { | |||
subnet_ids = ["${aws_subnet.private-a.id}", "${aws_subnet.private-b.id}"] | |||
} | |||
|
|||
data "aws_workspaces_bundle" "value_windows" { | |||
bundle_id = "b-ten5h0y19" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Examples should be runnable with minimal configuration by users. The bundle ID should be a variable, rather than hardcoded.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed to the public "Value with Windows 10 (English)"
bundle
# resource "aws_iam_role" "workspaces-default" { | ||
# name = "workspaces_DefaultRole" | ||
# assume_role_policy = data.aws_iam_policy_document.workspaces.json | ||
# } | ||
# | ||
# resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" { | ||
# role = aws_iam_role.workspaces-default.name | ||
# policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess" | ||
# } | ||
# | ||
# resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" { | ||
# role = aws_iam_role.workspaces-default.name | ||
# policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess" | ||
# } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If these aren't needed, we can just remove them
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, that's leaked from git stash. I have to comment out this section every time I run acctests, because the target account already have this role in place. I've compared the current workspaces default role inline policies and found some changed since I started this PR:
AmazonWorkSpacesServiceAccess
–>SkyLightServiceAccess
AmazonWorkSpacesSelfServiceAccess
–>SkyLightSelfServiceAccess
However manged policies (starts with AmazonWorkSpace
) are still in place and identical to the inline analogs.
Fixed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you are curious as me what does SkyLight
mean – it's a AWS workspace agent written in Go 😸
595a9bc
to
25cb6ae
Compare
25cb6ae
to
0762d2b
Compare
@gdavison I've rebased my branch to the lastest upstream |
Hi @Tensho, it's looking great. I'm getting some errors in our acceptance test accounts. Something about subnets not being found. I'll investigate those tomorrow, and we can get this merged! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've found the issue. It's related to the data source data "aws_subnet" "default" {...}
. I'm going to make the fix needed and merge it in once it's done.
I should be able to reuse the set up configuration from https://github.com/terraform-providers/terraform-provider-aws/blob/6cf84739011aa60bb8aa0c501b08dfc280716af7/aws/resource_aws_workspaces_directory_test.go#L370
Thanks for contributing! 🚀
@gdavison Please could you explain the issue with the default subnet? I intentionally switched to default VPC and subnets, because the test environment cleanup (destroy) constantly failed on VPC resources decommission. |
When the code was using the subnets data source, it was failing with a subnet not found error. Possibly because our account doesn't have a default subnet it all AZs in us-west-2. It took me a while, but I finally tracked down the error when using a new VPC for the test. If the role depends_on = [
aws_iam_role_policy_attachment.workspaces-default-service-access,
] |
@gdavison Thank you very much for your work and I'm so happy we can finally declare workspaces with Terraform 🙇 Have you found the bug with Let me check one moment with you. If I understood you right, workspaces directory and default role have a race due to the parallel destruction. The default role destruction is always faster workspaces directory one, that's why we need explicitly declare dependency. However, I'd expect workspace directory should depend on
What's your take on this? BTW, I didn't know about |
This has been released in version 2.62.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Release note for CHANGELOG:
New Data Source:
aws_workspaces_workspace
(#11608)Example
Acceptance Tests
Considerations
There is a warning which I'm not sure how I should address:
What is the general strategy for absent attributes?
References