provider/aws: aws_vpc_peering_connection: import fix #10635
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When importing an `aws_vpc_peering_connection`, the code assumes that the account under Terraform control is the initiator (requester) of the VPC peering request. This holds true when the peering connection is between two VPCs in the same account, or when the peering connection has been initiated from the controlled account to another. However, when the peering connection has been initiated from a foreign account towards the account under management, importing the peering connection into the statefile results in values of `peer_vpc_id` and `vpc_id` being the opposite way round to what they should be, and in the `peer_owner_id` being set to the managed account's ID rather than the foreign account's ID. This patch checks the Accepter and Requester Owner IDs against the AWS connection's reported owner ID, and reverses the mapping if it is determined that the VPC peering connection is owned by the foreign account.
|
Looks good, thanks! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When importing an
aws_vpc_peering_connection, the code assumes that the account under Terraform control is the initiator (requester) of the VPC peering request. This holds true when the peering connection is between two VPCs in the same account, or when the peering connection hasbeen initiated from the controlled account to another.
However, when the peering connection has been initiated from a foreign account towards the account under management, importing the peering connection into the statefile results in values of
peer_vpc_idandvpc_idbeing the opposite way round to what they should be, and in thepeer_owner_idbeing set to the managed account's ID rather than the foreign account's ID.This patch checks the Accepter and Requester Owner IDs against the AWS connection's reported owner ID, and reverses the mapping if it is determined that the VPC peering connection is owned by the foreign account.