Closed rpadovani closed 2 years ago
/cc @Gowiem
(sorry for the direct ping, but this is currently a blocker for me)
/test all
/test all
@Gowiem, I don't have a stable state, all my 3 routes are tainted, so I tested in this way:
aws-vault exec dock-vpn -- terragrunt state rm "module.ec2_client_vpn[0].aws_ec2_client_vpn_route.default[2]"
aws-vault exec dock-vpn -- terragrunt import "module.ec2_client_vpn[0].aws_ec2_client_vpn_route.default[2]" "cvpn-endpoint-04da04851fedf3b7b,subnet-0805d79cdca015578,10.100.0.0/16"
➜ git --no-pager diff
diff --git a/client_vpn.tf b/client_vpn.tf
index 5e1e3ea..48206d2 100644
--- a/client_vpn.tf
+++ b/client_vpn.tf
@@ -22,8 +22,7 @@ locals {
}
module "ec2_client_vpn" {
- source = "cloudposse/ec2-client-vpn/aws"
- version = "0.11.0"
+ source = "git::git@github.com:rpadovani/terraform-aws-ec2-client-vpn.git?ref=patch-1"
count = var.client_vpn != null ? 1 : 0
aws-vault exec dock-vpn -- terragrunt plan -target="module.ec2_client_vpn[0]"
Initializing modules...
Downloading git::ssh://git@github.com/rpadovani/terraform-aws-ec2-client-vpn.git?ref=patch-1 for ec2_client_vpn...
- ec2_client_vpn in .terraform/modules/ec2_client_vpn
[...useless part...]
Terraform will perform the following actions:
# module.ec2_client_vpn[0].aws_ec2_client_vpn_route.default[0] is tainted, so must be replaced
-/+ resource "aws_ec2_client_vpn_route" "default" {
~ id = "cvpn-endpoint-04da04851fedf3b7b,subnet-0c9e828c615486624,10.100.0.0/16" -> (known after apply)
~ origin = "add-route" -> (known after apply)
~ type = "Nat" -> (known after apply)
# (4 unchanged attributes hidden)
+ timeouts {
+ create = "5m"
+ delete = "5m"
}
}
# module.ec2_client_vpn[0].aws_ec2_client_vpn_route.default[1] is tainted, so must be replaced
-/+ resource "aws_ec2_client_vpn_route" "default" {
~ id = "cvpn-endpoint-04da04851fedf3b7b,subnet-0477c31fa00337f2f,10.100.0.0/16" -> (known after apply)
~ origin = "add-route" -> (known after apply)
~ type = "Nat" -> (known after apply)
# (4 unchanged attributes hidden)
+ timeouts {
+ create = "5m"
+ delete = "5m"
}
}
Plan: 2 to add, 0 to change, 2 to destroy.
So, it seems to want to replace only the tainted routes, not the 3rd one I imported. I would say we are safe :-)
@rpadovani Thanks for the contribution! Released as https://github.com/cloudposse/terraform-aws-ec2-client-vpn/releases/tag/0.12.0
Default timeout for
aws_ec2_client_vpn_route
is 1 minute for all operations.Trying to attach routes in
eu-central-1
for a peered VPC, it constantly fails with:and
With this commit, we increment the timeout to 5 minutes. In my experiments, the route is always available in around 90 seconds. 5 minutes gives us plenty of time, and still is not too long to wait in case of problems.
Upstream issue: https://github.com/hashicorp/terraform-provider-aws/issues/23787
I think fixing here is good, until we wait for an upstream improvement, because I am currently blocked
what
aws_ec2_client_vpn_route
why
references