Merge pull request hashicorp#40546 from ddericco/f-aws_networkmanager…

…_dx_gateway_attachment

Add resource: aws_networkmanager_dx_gateway_attachment

.changelog/40546.txt

@@ -0,0 +1,15 @@
+```release-note:new-resource
+aws_networkmanager_dx_gateway_attachment
+```
+
+```release-note:enhancement
+resource/aws_networkmanager_attachment_accepter: Add `edge_locations` attribute
+```
+
+```release-note:enhancement
+resource/aws_dx_gateway: Add `arn` attribute
+```
+
+```release-note:enhancement
+data-source/aws_dx_gateway: Add `arn` attribute
+```

internal/conns/awsclient.go

@@ -98,6 +98,16 @@ func (c *AWSClient) PartitionHostname(ctx context.Context, prefix string) string
 	return fmt.Sprintf("%s.%s", prefix, c.DNSSuffix(ctx))
 }
 
+// GlobalARN returns a global (no Region) ARN for the specified service namespace and resource.
+func (c *AWSClient) GlobalARN(ctx context.Context, service, resource string) string {
+	return arn.ARN{
+		Partition: c.Partition(ctx),
+		Service:   service,
+		AccountID: c.AccountID(ctx),
+		Resource:  resource,
+	}.String()
+}
+
 // RegionalARN returns a regional ARN for the specified service namespace and resource.
 func (c *AWSClient) RegionalARN(ctx context.Context, service, resource string) string {
 	return arn.ARN{

internal/framework/types/listof.go

@@ -100,6 +100,11 @@ type ListValueOf[T attr.Value] struct {
 	basetypes.ListValue
 }
 
+type (
+	ListOfString = ListValueOf[basetypes.StringValue]
+	ListOfARN    = ListValueOf[ARN]
+)
+
 func (v ListValueOf[T]) Equal(o attr.Value) bool {
 	other, ok := o.(ListValueOf[T])
 

internal/service/directconnect/gateway.go

@@ -45,6 +45,10 @@ func resourceGateway() *schema.Resource {
 				ForceNew:     true,
 				ValidateFunc: verify.ValidAmazonSideASN,
 			},
+			names.AttrARN: {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			names.AttrName: {
 				Type:     schema.TypeString,
 				Required: true,
@@ -107,6 +111,7 @@ func resourceGatewayRead(ctx context.Context, d *schema.ResourceData, meta inter
 	}
 
 	d.Set("amazon_side_asn", flex.Int64ToStringValue(output.AmazonSideAsn))
+	d.Set(names.AttrARN, gatewayARN(ctx, meta.(*conns.AWSClient), d.Id()))
 	d.Set(names.AttrName, output.DirectConnectGatewayName)
 	d.Set(names.AttrOwnerAccountID, output.OwnerAccount)
 
@@ -264,3 +269,8 @@ func waitGatewayDeleted(ctx context.Context, conn *directconnect.Client, id stri
 
 	return nil, err
 }
+
+// See https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsdirectconnect.html#awsdirectconnect-resources-for-iam-policies.
+func gatewayARN(ctx context.Context, c *conns.AWSClient, id string) string {
+	return c.GlobalARN(ctx, "directconnect", "dx-gateway/"+id)
+}

internal/service/directconnect/gateway_data_source.go

@@ -28,6 +28,10 @@ func dataSourceGateway() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			names.AttrARN: {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 			names.AttrName: {
 				Type:     schema.TypeString,
 				Required: true,
@@ -57,6 +61,7 @@ func dataSourceGatewayRead(ctx context.Context, d *schema.ResourceData, meta int
 
 	d.SetId(aws.ToString(gateway.DirectConnectGatewayId))
 	d.Set("amazon_side_asn", strconv.FormatInt(aws.ToInt64(gateway.AmazonSideAsn), 10))
+	d.Set(names.AttrARN, gatewayARN(ctx, meta.(*conns.AWSClient), d.Id()))
 	d.Set(names.AttrOwnerAccountID, gateway.OwnerAccount)
 
 	return diags

internal/service/directconnect/gateway_data_source_test.go

@@ -28,6 +28,7 @@ func TestAccDirectConnectGatewayDataSource_basic(t *testing.T) {
 				Config: testAccGatewayDataSourceConfig_name(rName, sdkacctest.RandIntRange(64512, 65534)),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrPair(datasourceName, "amazon_side_asn", resourceName, "amazon_side_asn"),
+					resource.TestCheckResourceAttrPair(datasourceName, names.AttrARN, resourceName, names.AttrARN),
 					resource.TestCheckResourceAttrPair(datasourceName, names.AttrID, resourceName, names.AttrID),
 					resource.TestCheckResourceAttrPair(datasourceName, names.AttrName, resourceName, names.AttrName),
 					resource.TestCheckResourceAttrPair(datasourceName, names.AttrOwnerAccountID, resourceName, names.AttrOwnerAccountID),

internal/service/directconnect/gateway_test.go

@@ -36,6 +36,7 @@ func TestAccDirectConnectGateway_basic(t *testing.T) {
 				Config: testAccGatewayConfig_basic(rName, rBgpAsn),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGatewayExists(ctx, resourceName, &v),
+					resource.TestCheckResourceAttrSet(resourceName, names.AttrARN),
 					acctest.CheckResourceAttrAccountID(ctx, resourceName, names.AttrOwnerAccountID),
 				),
 			},

internal/service/directconnect/sweep.go

@@ -42,6 +42,7 @@ func RegisterSweepers() {
 		F:    sweepGateways,
 		Dependencies: []string{
 			"aws_dx_gateway_association",
+			"aws_networkmanager_dx_gateway_attachment",
 		},
 	})
 

internal/service/ec2/sweep.go

@@ -314,6 +314,7 @@ func RegisterSweepers() {
 			"aws_dx_gateway_association",
 			"aws_ec2_transit_gateway_vpc_attachment",
 			"aws_ec2_transit_gateway_peering_attachment",
+			"aws_networkmanager_transit_gateway_route_table_attachment",
 			"aws_vpn_connection",
 		},
 	})
@@ -328,6 +329,7 @@ func RegisterSweepers() {
 		F:    sweepTransitGatewayConnects,
 		Dependencies: []string{
 			"aws_ec2_transit_gateway_connect_peer",
+			"aws_networkmanager_connect_attachment",
 		},
 	})
 
@@ -381,6 +383,7 @@ func RegisterSweepers() {
 			"aws_internet_gateway",
 			"aws_nat_gateway",
 			"aws_network_acl",
+			"aws_networkmanager_vpc_attachment",
 			"aws_route_table",
 			"aws_security_group",
 			"aws_subnet",
@@ -402,6 +405,7 @@ func RegisterSweepers() {
 		F:    sweepVPNGateways,
 		Dependencies: []string{
 			"aws_dx_gateway_association",
+			"aws_networkmanager_site_to_site_vpn_attachment",
 			"aws_vpn_connection",
 		},
 	})

internal/service/networkmanager/attachment_accepter.go

@@ -65,6 +65,13 @@ func resourceAttachmentAccepter() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"edge_locations": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
 			names.AttrOwnerAccountID: {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -87,7 +94,6 @@ func resourceAttachmentAccepter() *schema.Resource {
 
 func resourceAttachmentAccepterCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
-
 	conn := meta.(*conns.AWSClient).NetworkManagerClient(ctx)
 
 	var state awstypes.AttachmentState
@@ -139,6 +145,17 @@ func resourceAttachmentAccepterCreate(ctx context.Context, d *schema.ResourceDat
 
 		d.SetId(attachmentID)
 
+	case awstypes.AttachmentTypeDirectConnectGateway:
+		dxgwAttachment, err := findDirectConnectGatewayAttachmentByID(ctx, conn, attachmentID)
+
+		if err != nil {
+			return sdkdiag.AppendErrorf(diags, "reading Network Manager Direct Connect Gateway Attachment (%s): %s", attachmentID, err)
+		}
+
+		state = dxgwAttachment.Attachment.State
+
+		d.SetId(attachmentID)
+
 	default:
 		return sdkdiag.AppendErrorf(diags, "unsupported Network Manager Attachment type: %s", attachmentType)
 	}
@@ -162,7 +179,7 @@ func resourceAttachmentAccepterCreate(ctx context.Context, d *schema.ResourceDat
 
 		case awstypes.AttachmentTypeSiteToSiteVpn:
 			if _, err := waitSiteToSiteVPNAttachmentAvailable(ctx, conn, attachmentID, d.Timeout(schema.TimeoutCreate)); err != nil {
-				return sdkdiag.AppendErrorf(diags, "waiting for Network Manager VPN Attachment (%s) create: %s", attachmentID, err)
+				return sdkdiag.AppendErrorf(diags, "waiting for Network Manager Site To Site VPN Attachment (%s) create: %s", attachmentID, err)
 			}
 
 		case awstypes.AttachmentTypeConnect:
@@ -174,6 +191,11 @@ func resourceAttachmentAccepterCreate(ctx context.Context, d *schema.ResourceDat
 			if _, err := waitTransitGatewayRouteTableAttachmentAvailable(ctx, conn, attachmentID, d.Timeout(schema.TimeoutCreate)); err != nil {
 				return sdkdiag.AppendErrorf(diags, "waiting for Network Manager Transit Gateway Route Table Attachment (%s) create: %s", attachmentID, err)
 			}
+
+		case awstypes.AttachmentTypeDirectConnectGateway:
+			if _, err := waitDirectConnectGatewayAttachmentAvailable(ctx, conn, attachmentID, d.Timeout(schema.TimeoutCreate)); err != nil {
+				return sdkdiag.AppendErrorf(diags, "waiting for Network Manager Direct Connect Gateway Attachment (%s) create: %s", attachmentID, err)
+			}
 		}
 	}
 
@@ -182,13 +204,10 @@ func resourceAttachmentAccepterCreate(ctx context.Context, d *schema.ResourceDat
 
 func resourceAttachmentAccepterRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
-
 	conn := meta.(*conns.AWSClient).NetworkManagerClient(ctx)
 
-	var a *awstypes.Attachment
-	attachmentType := awstypes.AttachmentType(d.Get("attachment_type").(string))
-
-	switch attachmentType {
+	var attachment *awstypes.Attachment
+	switch attachmentType := awstypes.AttachmentType(d.Get("attachment_type").(string)); attachmentType {
 	case awstypes.AttachmentTypeVpc:
 		vpcAttachment, err := findVPCAttachmentByID(ctx, conn, d.Id())
 
@@ -202,7 +221,9 @@ func resourceAttachmentAccepterRead(ctx context.Context, d *schema.ResourceData,
 			return sdkdiag.AppendErrorf(diags, "reading Network Manager VPC Attachment (%s): %s", d.Id(), err)
 		}
 
-		a = vpcAttachment.Attachment
+		attachment = vpcAttachment.Attachment
+		d.Set("edge_location", attachment.EdgeLocation)
+		d.Set("edge_locations", nil)
 
 	case awstypes.AttachmentTypeSiteToSiteVpn:
 		vpnAttachment, err := findSiteToSiteVPNAttachmentByID(ctx, conn, d.Id())
@@ -217,7 +238,9 @@ func resourceAttachmentAccepterRead(ctx context.Context, d *schema.ResourceData,
 			return sdkdiag.AppendErrorf(diags, "reading Network Manager Site To Site VPN Attachment (%s): %s", d.Id(), err)
 		}
 
-		a = vpnAttachment.Attachment
+		attachment = vpnAttachment.Attachment
+		d.Set("edge_location", attachment.EdgeLocation)
+		d.Set("edge_locations", nil)
 
 	case awstypes.AttachmentTypeConnect:
 		connectAttachment, err := findConnectAttachmentByID(ctx, conn, d.Id())
@@ -232,7 +255,9 @@ func resourceAttachmentAccepterRead(ctx context.Context, d *schema.ResourceData,
 			return sdkdiag.AppendErrorf(diags, "reading Network Manager Connect Attachment (%s): %s", d.Id(), err)
 		}
 
-		a = connectAttachment.Attachment
+		attachment = connectAttachment.Attachment
+		d.Set("edge_location", attachment.EdgeLocation)
+		d.Set("edge_locations", nil)
 
 	case awstypes.AttachmentTypeTransitGatewayRouteTable:
 		tgwAttachment, err := findTransitGatewayRouteTableAttachmentByID(ctx, conn, d.Id())
@@ -247,29 +272,44 @@ func resourceAttachmentAccepterRead(ctx context.Context, d *schema.ResourceData,
 			return sdkdiag.AppendErrorf(diags, "reading Network Manager Transit Gateway Route Table Attachment (%s): %s", d.Id(), err)
 		}
 
-		a = tgwAttachment.Attachment
+		attachment = tgwAttachment.Attachment
+		d.Set("edge_location", attachment.EdgeLocation)
+		d.Set("edge_locations", nil)
+
+	case awstypes.AttachmentTypeDirectConnectGateway:
+		dxgwAttachment, err := findDirectConnectGatewayAttachmentByID(ctx, conn, d.Id())
+
+		if !d.IsNewResource() && tfresource.NotFound(err) {
+			log.Printf("[WARN] Network Manager Direct Connect Gateway Attachment %s not found, removing from state", d.Id())
+			d.SetId("")
+			return diags
+		}
+
+		if err != nil {
+			return sdkdiag.AppendErrorf(diags, "reading Network Manager Direct Connect Gateway Attachment (%s): %s", d.Id(), err)
+		}
+
+		attachment = dxgwAttachment.Attachment
+		d.Set("edge_location", nil)
+		d.Set("edge_locations", attachment.EdgeLocations)
 	}
 
-	d.Set("attachment_policy_rule_number", a.AttachmentPolicyRuleNumber)
-	d.Set("core_network_arn", a.CoreNetworkArn)
-	d.Set("core_network_id", a.CoreNetworkId)
-	d.Set("edge_location", a.EdgeLocation)
-	d.Set(names.AttrOwnerAccountID, a.OwnerAccountId)
-	d.Set(names.AttrResourceARN, a.ResourceArn)
-	d.Set("segment_name", a.SegmentName)
-	d.Set(names.AttrState, a.State)
+	d.Set("attachment_policy_rule_number", attachment.AttachmentPolicyRuleNumber)
+	d.Set("core_network_arn", attachment.CoreNetworkArn)
+	d.Set("core_network_id", attachment.CoreNetworkId)
+	d.Set(names.AttrOwnerAccountID, attachment.OwnerAccountId)
+	d.Set(names.AttrResourceARN, attachment.ResourceArn)
+	d.Set("segment_name", attachment.SegmentName)
+	d.Set(names.AttrState, attachment.State)
 
 	return diags
 }
 
 func resourceAttachmentAccepterDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	var diags diag.Diagnostics
-
 	conn := meta.(*conns.AWSClient).NetworkManagerClient(ctx)
 
-	attachmentType := awstypes.AttachmentType(d.Get("attachment_type").(string))
-
-	switch attachmentType {
+	switch attachmentType := awstypes.AttachmentType(d.Get("attachment_type").(string)); attachmentType {
 	case awstypes.AttachmentTypeVpc:
 		_, err := conn.DeleteAttachment(ctx, &networkmanager.DeleteAttachmentInput{
 			AttachmentId: aws.String(d.Id()),