Skip to content

Commit

Permalink
Merge pull request #36236 from erikjoh/b-aws_vpn_connection-inside-ip…
Browse files Browse the repository at this point in the history 
…v6-cidr-validation

resource/aws_vpn_connection: Fixes CIDR validation for inside_ipv6_cidr fields
  • Loading branch information
@ewbankkit
ewbankkit authored Mar 11, 2024
2 parents f587d41 + 838fa67 commit fcf3dfa
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 3 deletions.
3 changes: 3 additions & 0 deletions .changelog/36236.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
resource/aws_vpn_connection: Correct plan-time validation of `tunnel1_inside_ipv6_cidr` and `tunnel2_inside_ipv6_cidr`
```
2 changes: 1 addition & 1 deletion internal/service/ec2/vpnsite_connection.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1696,7 +1696,7 @@ func validVPNConnectionTunnelInsideCIDR() schema.SchemaValidateFunc {
func validVPNConnectionTunnelInsideIPv6CIDR() schema.SchemaValidateFunc {
return validation.All(
validation.IsCIDRNetwork(126, 126),
validation.StringMatch(regexache.MustCompile(`^fd00:`), "must be within fd00::/8"),
validation.StringMatch(regexache.MustCompile(`^fd`), "must be within fd00::/8"),
)
}

Expand Down
12 changes: 10 additions & 2 deletions internal/service/ec2/vpnsite_connection_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -473,11 +473,19 @@ func TestAccSiteVPNConnection_tunnel1InsideIPv6CIDR(t *testing.T) {
CheckDestroy: testAccCheckVPNConnectionDestroy(ctx),
Steps: []resource.TestStep{
{
Config: testAccSiteVPNConnectionConfig_tunnel1InsideIPv6CIDR(rName, rBgpAsn, "fd00:2001:db8:2:2d1:81ff:fe41:d200/126", "fd00:2001:db8:2:2d1:81ff:fe41:d204/126"),
Config: testAccSiteVPNConnectionConfig_tunnel1InsideIPv6CIDR(rName, rBgpAsn, "fd00:2001:db8::1:0/125", "fd00:2001:db8::2:0/125"),
ExpectError: regexache.MustCompile(`expected "\w+" to contain a network Value with between 126 and 126 significant bits`),
},
{
Config: testAccSiteVPNConnectionConfig_tunnel1InsideIPv6CIDR(rName, rBgpAsn, "fcff:2001:db8:2:2d1:81ff:fe41:d200/126", "fcff:2001:db8:2:2d1:81ff:fe41:0/126"),
ExpectError: regexache.MustCompile(`must be within fd00::/8`),
},
{
Config: testAccSiteVPNConnectionConfig_tunnel1InsideIPv6CIDR(rName, rBgpAsn, "fd00:2001:db8:2:2d1:81ff:fe41:d200/126", "fdff:2001:db8:2:2d1:81ff:fe41:d204/126"),
Check: resource.ComposeAggregateTestCheckFunc(
testAccVPNConnectionExists(ctx, resourceName, &vpn),
resource.TestCheckResourceAttr(resourceName, "tunnel1_inside_ipv6_cidr", "fd00:2001:db8:2:2d1:81ff:fe41:d200/126"),
resource.TestCheckResourceAttr(resourceName, "tunnel2_inside_ipv6_cidr", "fd00:2001:db8:2:2d1:81ff:fe41:d204/126"),
resource.TestCheckResourceAttr(resourceName, "tunnel2_inside_ipv6_cidr", "fdff:2001:db8:2:2d1:81ff:fe41:d204/126"),
),
},
// NOTE: Import does not currently have access to the Terraform configuration,
Expand Down

0 comments on commit fcf3dfa

Please sign in to comment.