Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: added create_before_destroy argument for customer gateway #53

Merged
merged 1 commit into from
Oct 16, 2024
Merged

fix: added create_before_destroy argument for customer gateway #53

merged 1 commit into from
Oct 16, 2024

Conversation

riccardolocci
Copy link
Contributor

what

Added meta-argument lifecycle to aws_customer_gateway.default to create the resource before it gets destroyed when an argument update generates a resource replacement

why

If the customer gateway needs to be replaced (for example, when attributes bgp_asn or device_name change), Terraform is unable to delete the resource because it is being used by the VPN connection and its updated substitute is not created beforehand:

aws_customer_gateway.default[0]: Destroying... [id=cgw-XXXXXXXXXXXXXXXXX]
╷
│ Error: deleting EC2 Customer Gateway (cgw-XXXXXXXXXXXXXXXXX): operation error EC2: DeleteCustomerGateway, https response error StatusCode: 400, RequestID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, api error IncorrectState: The customer gateway is in use.

@riccardolocci riccardolocci requested review from a team as code owners October 15, 2024 09:31
@mergify mergify bot added the triage Needs triage label Oct 15, 2024
@gberenice
Copy link
Contributor

@riccardolocci have you tested if a customer gateway is associated correctly with VPN connections in this case?

@riccardolocci
Copy link
Contributor Author

Hi @gberenice yes, here's the log of a terraform apply of the fix where a change in attribute customer_gateway_bgp_asn causes the replacement of the customer gateway:

$ terraform apply
module.vpn_connection.aws_customer_gateway.default[0]: Refreshing state... [id=cgw-xxxxxxxxxxxxxxxxx]
module.vpn_connection.aws_vpn_connection.default[0]: Refreshing state... [id=vpn-xxxxxxxxxxxxxxxxx]
module.vpn_connection.aws_ec2_tag.default["Stage"]: Refreshing state... [id=tgw-attach-xxxxxxxxxxxxxxxxx,Stage]
module.vpn_connection.aws_ec2_tag.default["Namespace"]: Refreshing state... [id=tgw-attach-xxxxxxxxxxxxxxxxx,Namespace]
module.vpn_connection.aws_ec2_tag.default["Name"]: Refreshing state... [id=tgw-attach-xxxxxxxxxxxxxxxxx,Name]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place
+/- create replacement and then destroy

Terraform will perform the following actions:

  # module.vpn_connection.aws_customer_gateway.default[0] must be replaced
+/- resource "aws_customer_gateway" "default" {
      ~ arn         = "arn:aws:ec2:eu-central-1:111111111111:customer-gateway/cgw-xxxxxxxxxxxxxxxxx" -> (known after apply)
      ~ bgp_asn     = "65000" -> "65100" # forces replacement
      ~ id          = "cgw-xxxxxxxxxxxxxxxxx" -> (known after apply)
        tags        = {
            "Name"      = "eg-dev-test"
            "Namespace" = "eg"
            "Stage"     = "dev"
        }
        # (4 unchanged attributes hidden)
    }

  # module.vpn_connection.aws_vpn_connection.default[0] will be updated in-place
  ~ resource "aws_vpn_connection" "default" {
      ~ customer_gateway_id                     = "cgw-xxxxxxxxxxxxxxxxx" -> (known after apply)
        id                                      = "vpn-xxxxxxxxxxxxxxxxx"
        tags                                    = {
            "Name"      = "eg-dev-test"
            "Namespace" = "eg"
            "Stage"     = "dev"
        }
        # (60 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

Plan: 1 to add, 1 to change, 1 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.vpn_connection.aws_customer_gateway.default[0]: Creating...
module.vpn_connection.aws_customer_gateway.default[0]: Still creating... [10s elapsed]
module.vpn_connection.aws_customer_gateway.default[0]: Creation complete after 11s [id=cgw-yyyyyyyyyyyyyyyyy]
module.vpn_connection.aws_vpn_connection.default[0]: Modifying... [id=vpn-xxxxxxxxxxxxxxxxx]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 10s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 20s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 30s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 40s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 50s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 1m0s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 1m10s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 1m20s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 1m30s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 1m40s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 1m50s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 2m0s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 2m10s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 2m20s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 2m30s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 2m40s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 2m50s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 3m0s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 3m10s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 3m20s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 3m30s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 3m40s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 3m50s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 4m0s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 4m10s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 4m20s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 4m30s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 4m40s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 4m50s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 5m0s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 5m10s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 5m20s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 5m30s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 5m40s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 5m50s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 6m0s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 6m10s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 6m20s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Still modifying... [id=vpn-xxxxxxxxxxxxxxxxx, 6m30s elapsed]
module.vpn_connection.aws_vpn_connection.default[0]: Modifications complete after 6m31s [id=vpn-xxxxxxxxxxxxxxxxx]
module.vpn_connection.aws_customer_gateway.default[0] (deposed object 5b6388b5): Destroying... [id=cgw-xxxxxxxxxxxxxxxxx]
module.vpn_connection.aws_customer_gateway.default[0]: Destruction complete after 0s

Apply complete! Resources: 1 added, 1 changed, 1 destroyed.

@gberenice
Copy link
Contributor

/terratest

@gberenice gberenice merged commit eb6043b into cloudposse:main Oct 16, 2024
27 checks passed
@mergify mergify bot removed the triage Needs triage label Oct 16, 2024
@github-actions GitHub Actions
Copy link

These changes were released in v1.4.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gberenice gberenice gberenice approved these changes

@hans-d hans-d Awaiting requested review from hans-d hans-d is a code owner automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@riccardolocci @gberenice