From f5cf449a686e2c7df23568d163286c62aedb6ac5 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 12 May 2023 16:20:17 -0400 Subject: [PATCH 1/5] r/aws_ec2_client_vpn_network_association: Remove 'security_groups' attribute. --- .changelog/#####.txt | 3 + .../service/ec2/vpnclient_endpoint_test.go | 1 - .../ec2/vpnclient_network_association.go | 50 +------ .../ec2/vpnclient_network_association_test.go | 135 ++---------------- website/docs/guides/version-5-upgrade.html.md | 4 +- .../r/ec2_client_vpn_endpoint.html.markdown | 2 - ...ient_vpn_network_association.html.markdown | 15 -- 7 files changed, 17 insertions(+), 193 deletions(-) create mode 100644 .changelog/#####.txt diff --git a/.changelog/#####.txt b/.changelog/#####.txt new file mode 100644 index 000000000000..7dffefa68e57 --- /dev/null +++ b/.changelog/#####.txt @@ -0,0 +1,3 @@ +```release-note:breaking-change +resource/aws_ec2_client_vpn_network_association: The `security_groups` attribute has been removed +``` \ No newline at end of file diff --git a/internal/service/ec2/vpnclient_endpoint_test.go b/internal/service/ec2/vpnclient_endpoint_test.go index 33383b883744..274da476094d 100644 --- a/internal/service/ec2/vpnclient_endpoint_test.go +++ b/internal/service/ec2/vpnclient_endpoint_test.go @@ -64,7 +64,6 @@ func TestAccClientVPNEndpoint_serial(t *testing.T) { "basic": testAccClientVPNNetworkAssociation_basic, "multipleSubnets": testAccClientVPNNetworkAssociation_multipleSubnets, "disappears": testAccClientVPNNetworkAssociation_disappears, - "securityGroups": testAccClientVPNNetworkAssociation_securityGroups, "securityGroupsOnEndpoint": testAccClientVPNNetworkAssociation_securityGroupsOnEndpoint, }, "Route": { diff --git a/internal/service/ec2/vpnclient_network_association.go b/internal/service/ec2/vpnclient_network_association.go index 2d3b559608ea..cbd8aba1f4a8 100644 --- a/internal/service/ec2/vpnclient_network_association.go +++ b/internal/service/ec2/vpnclient_network_association.go @@ -13,7 +13,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-aws/internal/conns" "github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag" - "github.com/hashicorp/terraform-provider-aws/internal/flex" "github.com/hashicorp/terraform-provider-aws/internal/tfresource" ) @@ -22,7 +21,6 @@ func ResourceClientVPNNetworkAssociation() *schema.Resource { return &schema.Resource{ CreateWithoutTimeout: resourceClientVPNNetworkAssociationCreate, ReadWithoutTimeout: resourceClientVPNNetworkAssociationRead, - UpdateWithoutTimeout: resourceClientVPNNetworkAssociationUpdate, DeleteWithoutTimeout: resourceClientVPNNetworkAssociationDelete, Importer: &schema.ResourceImporter{ @@ -44,16 +42,6 @@ func ResourceClientVPNNetworkAssociation() *schema.Resource { Required: true, ForceNew: true, }, - "security_groups": { - Type: schema.TypeSet, - MinItems: 1, - MaxItems: 5, - Optional: true, - Computed: true, - Elem: &schema.Schema{Type: schema.TypeString}, - Set: schema.HashString, - Deprecated: "Use the `security_group_ids` attribute of the `aws_ec2_client_vpn_endpoint` resource instead.", - }, "subnet_id": { Type: schema.TypeString, Required: true, @@ -87,26 +75,10 @@ func resourceClientVPNNetworkAssociationCreate(ctx context.Context, d *schema.Re d.SetId(aws.StringValue(output.AssociationId)) - targetNetwork, err := WaitClientVPNNetworkAssociationCreated(ctx, conn, d.Id(), endpointID, d.Timeout(schema.TimeoutCreate)) - - if err != nil { + if _, err := WaitClientVPNNetworkAssociationCreated(ctx, conn, d.Id(), endpointID, d.Timeout(schema.TimeoutCreate)); err != nil { return sdkdiag.AppendErrorf(diags, "waiting for EC2 Client VPN Network Association (%s) create: %s", d.Id(), err) } - if v, ok := d.GetOk("security_groups"); ok { - input := &ec2.ApplySecurityGroupsToClientVpnTargetNetworkInput{ - ClientVpnEndpointId: aws.String(endpointID), - SecurityGroupIds: flex.ExpandStringSet(v.(*schema.Set)), - VpcId: targetNetwork.VpcId, - } - - _, err := conn.ApplySecurityGroupsToClientVpnTargetNetworkWithContext(ctx, input) - - if err != nil { - return sdkdiag.AppendErrorf(diags, "applying Security Groups to EC2 Client VPN Network Association (%s): %s", d.Id(), err) - } - } - return append(diags, resourceClientVPNNetworkAssociationRead(ctx, d, meta)...) } @@ -129,32 +101,12 @@ func resourceClientVPNNetworkAssociationRead(ctx context.Context, d *schema.Reso d.Set("association_id", network.AssociationId) d.Set("client_vpn_endpoint_id", network.ClientVpnEndpointId) - d.Set("security_groups", aws.StringValueSlice(network.SecurityGroups)) d.Set("subnet_id", network.TargetNetworkId) d.Set("vpc_id", network.VpcId) return diags } -func resourceClientVPNNetworkAssociationUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { - var diags diag.Diagnostics - conn := meta.(*conns.AWSClient).EC2Conn() - - if d.HasChange("security_groups") { - input := &ec2.ApplySecurityGroupsToClientVpnTargetNetworkInput{ - ClientVpnEndpointId: aws.String(d.Get("client_vpn_endpoint_id").(string)), - SecurityGroupIds: flex.ExpandStringSet(d.Get("security_groups").(*schema.Set)), - VpcId: aws.String(d.Get("vpc_id").(string)), - } - - if _, err := conn.ApplySecurityGroupsToClientVpnTargetNetworkWithContext(ctx, input); err != nil { - return sdkdiag.AppendErrorf(diags, "applying Security Groups to EC2 Client VPN Network Association (%s): %s", d.Id(), err) - } - } - - return append(diags, resourceClientVPNNetworkAssociationRead(ctx, d, meta)...) -} - func resourceClientVPNNetworkAssociationDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics conn := meta.(*conns.AWSClient).EC2Conn() diff --git a/internal/service/ec2/vpnclient_network_association_test.go b/internal/service/ec2/vpnclient_network_association_test.go index 8bf74975f891..cedf97de6980 100644 --- a/internal/service/ec2/vpnclient_network_association_test.go +++ b/internal/service/ec2/vpnclient_network_association_test.go @@ -24,7 +24,7 @@ func testAccClientVPNNetworkAssociation_basic(t *testing.T) { rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_network_association.test" endpointResourceName := "aws_ec2_client_vpn_endpoint.test" - subnetResourceName := "aws_subnet.test1" + subnetResourceName := "aws_subnet.test.0" vpcResourceName := "aws_vpc.test" defaultSecurityGroupResourceName := "aws_default_security_group.test" @@ -63,9 +63,9 @@ func testAccClientVPNNetworkAssociation_multipleSubnets(t *testing.T) { var assoc ec2.TargetNetwork var group ec2.SecurityGroup rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) - resourceNames := []string{"aws_ec2_client_vpn_network_association.test1", "aws_ec2_client_vpn_network_association.test2"} + resourceNames := []string{"aws_ec2_client_vpn_network_association.test.0", "aws_ec2_client_vpn_network_association.test.1"} endpointResourceName := "aws_ec2_client_vpn_endpoint.test" - subnetResourceNames := []string{"aws_subnet.test1", "aws_subnet.test2"} + subnetResourceNames := []string{"aws_subnet.test.0", "aws_subnet.test.1"} vpcResourceName := "aws_vpc.test" defaultSecurityGroupResourceName := "aws_default_security_group.test" @@ -131,51 +131,6 @@ func testAccClientVPNNetworkAssociation_disappears(t *testing.T) { }) } -func testAccClientVPNNetworkAssociation_securityGroups(t *testing.T) { - ctx := acctest.Context(t) - var assoc1, assoc2 ec2.TargetNetwork - var group11, group12, group21 ec2.SecurityGroup - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) - resourceName := "aws_ec2_client_vpn_network_association.test" - securityGroup1ResourceName := "aws_security_group.test1" - securityGroup2ResourceName := "aws_security_group.test2" - - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acctest.PreCheck(ctx, t); testAccPreCheckClientVPNSyncronize(t) }, - ErrorCheck: acctest.ErrorCheck(t, ec2.EndpointsID), - ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, - CheckDestroy: testAccCheckClientVPNNetworkAssociationDestroy(ctx), - Steps: []resource.TestStep{ - { - Config: testAccClientVPNNetworkAssociationConfig_twoSecurityGroups(t, rName), - Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckClientVPNNetworkAssociationExists(ctx, resourceName, &assoc1), - testAccCheckSecurityGroupExists(ctx, securityGroup1ResourceName, &group11), - testAccCheckSecurityGroupExists(ctx, securityGroup2ResourceName, &group12), - resource.TestCheckResourceAttr(resourceName, "security_groups.#", "2"), - testAccCheckClientVPNNetworkAssociationSecurityGroupID(resourceName, "security_groups.*", &group11), - testAccCheckClientVPNNetworkAssociationSecurityGroupID(resourceName, "security_groups.*", &group12), - ), - }, - { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateIdFunc: testAccClientVPNNetworkAssociationImportStateIdFunc(resourceName), - }, - { - Config: testAccClientVPNNetworkAssociationConfig_oneSecurityGroup(t, rName), - Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckClientVPNNetworkAssociationExists(ctx, resourceName, &assoc2), - testAccCheckSecurityGroupExists(ctx, securityGroup1ResourceName, &group21), - resource.TestCheckResourceAttr(resourceName, "security_groups.#", "1"), - testAccCheckClientVPNNetworkAssociationSecurityGroupID(resourceName, "security_groups.*", &group21), - ), - }, - }, - }) -} - func testAccClientVPNNetworkAssociation_securityGroupsOnEndpoint(t *testing.T) { ctx := acctest.Context(t) var assoc ec2.TargetNetwork @@ -288,20 +243,11 @@ resource "aws_default_security_group" "test" { vpc_id = aws_vpc.test.id } -resource "aws_subnet" "test1" { - availability_zone = data.aws_availability_zones.available.names[0] - cidr_block = cidrsubnet(aws_vpc.test.cidr_block, 8, 0) - vpc_id = aws_vpc.test.id - map_public_ip_on_launch = true - - tags = { - Name = %[1]q - } -} +resource "aws_subnet" "test" { + count = 2 -resource "aws_subnet" "test2" { - availability_zone = data.aws_availability_zones.available.names[1] - cidr_block = cidrsubnet(aws_vpc.test.cidr_block, 8, 1) + availability_zone = data.aws_availability_zones.available.names[count.index] + cidr_block = cidrsubnet(aws_vpc.test.cidr_block, 8, count.index) vpc_id = aws_vpc.test.id map_public_ip_on_launch = true @@ -316,79 +262,20 @@ func testAccClientVPNNetworkAssociationConfig_basic(t *testing.T, rName string) return acctest.ConfigCompose(testAccClientVPNNetworkAssociationConfig_base(t, rName), ` resource "aws_ec2_client_vpn_network_association" "test" { client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.test.id - subnet_id = aws_subnet.test1.id + subnet_id = aws_subnet.test[0].id } `) } func testAccClientVPNNetworkAssociationConfig_multipleSubnets(t *testing.T, rName string) string { return acctest.ConfigCompose(testAccClientVPNNetworkAssociationConfig_base(t, rName), ` -resource "aws_ec2_client_vpn_network_association" "test1" { - client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.test.id - subnet_id = aws_subnet.test1.id -} - -resource "aws_ec2_client_vpn_network_association" "test2" { - client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.test.id - subnet_id = aws_subnet.test2.id -} -`) -} - -func testAccClientVPNNetworkAssociationConfig_twoSecurityGroups(t *testing.T, rName string) string { - return acctest.ConfigCompose(testAccClientVPNNetworkAssociationConfig_base(t, rName), fmt.Sprintf(` resource "aws_ec2_client_vpn_network_association" "test" { - client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.test.id - subnet_id = aws_subnet.test1.id - security_groups = [aws_security_group.test1.id, aws_security_group.test2.id] -} - -resource "aws_security_group" "test1" { - name = "%[1]s-1" - vpc_id = aws_vpc.test.id - - tags = { - Name = %[1]q - } -} - -resource "aws_security_group" "test2" { - name = "%[1]s-2" - vpc_id = aws_vpc.test.id - - tags = { - Name = %[1]q - } -} -`, rName)) -} + count = 2 -func testAccClientVPNNetworkAssociationConfig_oneSecurityGroup(t *testing.T, rName string) string { - return acctest.ConfigCompose(testAccClientVPNNetworkAssociationConfig_base(t, rName), fmt.Sprintf(` -resource "aws_ec2_client_vpn_network_association" "test" { client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.test.id - subnet_id = aws_subnet.test1.id - security_groups = [aws_security_group.test1.id] -} - -resource "aws_security_group" "test1" { - name = "%[1]s-1" - vpc_id = aws_vpc.test.id - - tags = { - Name = %[1]q - } -} - -resource "aws_security_group" "test2" { - name = "%[1]s-2" - vpc_id = aws_vpc.test.id - - tags = { - Name = %[1]q - } + subnet_id = aws_subnet.test[count.index].id } -`, rName)) +`) } func testAccClientVPNNetworkAssociationConfig_twoSecurityGroupsOnEndpoint(t *testing.T, rName string) string { diff --git a/website/docs/guides/version-5-upgrade.html.md b/website/docs/guides/version-5-upgrade.html.md index 5d60c2f7e7f5..b1bdb6ac6b25 100644 --- a/website/docs/guides/version-5-upgrade.html.md +++ b/website/docs/guides/version-5-upgrade.html.md @@ -30,7 +30,7 @@ Upgrade topics: - [Resource: aws_budgets_budget](#resource-aws_budgets_budget) - [Resource: aws_ce_anomaly_subscription](#resource-aws_ce_anomaly_subscription) - [Resource: aws_cloudwatch_event_target](#resource-aws_cloudwatch_event_target) -- [Resource: aws_connect_routing_profile](#resource-aws_connect_queue) +- [Resource: aws_connect_queue](#resource-aws_connect_queue) - [Resource: aws_connect_routing_profile](#resource-aws_connect_routing_profile) - [Resource: aws_docdb_cluster](#resource-aws_docdb_cluster) - [Resource: aws_ec2_client_vpn_endpoint](#resource-aws_ec2_client_vpn_endpoint) @@ -142,7 +142,7 @@ Automated snapshots **should not** be used for this attribute, unless from a dif ## Resource: aws_ec2_client_vpn_endpoint -The `status` attribute has been removed. +The `security_groups` and `status` attributes have been removed. ## Resource: aws_ec2_client_vpn_network_association diff --git a/website/docs/r/ec2_client_vpn_endpoint.html.markdown b/website/docs/r/ec2_client_vpn_endpoint.html.markdown index f62e971c3fdc..4d1654e6cd57 100644 --- a/website/docs/r/ec2_client_vpn_endpoint.html.markdown +++ b/website/docs/r/ec2_client_vpn_endpoint.html.markdown @@ -11,8 +11,6 @@ description: |- Provides an AWS Client VPN endpoint for OpenVPN clients. For more information on usage, please see the [AWS Client VPN Administrator's Guide](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html). -~> **NOTE on Client VPN endpoint target network security groups:** Terraform provides both a standalone [Client VPN endpoint network association](ec2_client_vpn_network_association.html) resource with a (deprecated) `security_groups` argument and a Client VPN endpoint resource with a `security_group_ids` argument. Do not specify security groups in both resources. Doing so will cause a conflict and will overwrite the target network security group association. - ## Example Usage ```terraform diff --git a/website/docs/r/ec2_client_vpn_network_association.html.markdown b/website/docs/r/ec2_client_vpn_network_association.html.markdown index 19aa0f74e3c0..1e7afcb78898 100644 --- a/website/docs/r/ec2_client_vpn_network_association.html.markdown +++ b/website/docs/r/ec2_client_vpn_network_association.html.markdown @@ -11,26 +11,12 @@ description: |- Provides network associations for AWS Client VPN endpoints. For more information on usage, please see the [AWS Client VPN Administrator's Guide](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html). -~> **NOTE on Client VPN endpoint target network security groups:** Terraform provides both a standalone Client VPN endpoint network association resource with a (deprecated) `security_groups` argument and a [Client VPN endpoint](ec2_client_vpn_endpoint.html) resource with a `security_group_ids` argument. Do not specify security groups in both resources. Doing so will cause a conflict and will overwrite the target network security group association. - ## Example Usage -### Using default security group - -```terraform -resource "aws_ec2_client_vpn_network_association" "example" { - client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.example.id - subnet_id = aws_subnet.example.id -} -``` - -### Using custom security groups - ```terraform resource "aws_ec2_client_vpn_network_association" "example" { client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.example.id subnet_id = aws_subnet.example.id - security_groups = [aws_security_group.example1.id, aws_security_group.example2.id] } ``` @@ -40,7 +26,6 @@ The following arguments are supported: * `client_vpn_endpoint_id` - (Required) The ID of the Client VPN endpoint. * `subnet_id` - (Required) The ID of the subnet to associate with the Client VPN endpoint. -* `security_groups` - (Optional, **Deprecated** use the `security_group_ids` argument of the `aws_ec2_client_vpn_endpoint` resource instead) A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned. ## Attributes Reference From 33b818b60caaa9e9e2daba81d3d16161d85a860e Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 12 May 2023 16:22:53 -0400 Subject: [PATCH 2/5] Correct CHANGELOG entry file name. --- .changelog/{#####.txt => 31396.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .changelog/{#####.txt => 31396.txt} (100%) diff --git a/.changelog/#####.txt b/.changelog/31396.txt similarity index 100% rename from .changelog/#####.txt rename to .changelog/31396.txt From 70363dbb0426ca2fcb3fa5dc8f6eab11ad37fb52 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 12 May 2023 16:50:01 -0400 Subject: [PATCH 3/5] Remove 'testAccClientVPNNetworkAssociation_securityGroupsOnEndpoint'. --- .../service/ec2/vpnclient_endpoint_test.go | 7 ++-- .../ec2/vpnclient_network_association_test.go | 39 ------------------- 2 files changed, 3 insertions(+), 43 deletions(-) diff --git a/internal/service/ec2/vpnclient_endpoint_test.go b/internal/service/ec2/vpnclient_endpoint_test.go index 274da476094d..845b233874ab 100644 --- a/internal/service/ec2/vpnclient_endpoint_test.go +++ b/internal/service/ec2/vpnclient_endpoint_test.go @@ -61,10 +61,9 @@ func TestAccClientVPNEndpoint_serial(t *testing.T) { "disappearsEndpoint": testAccClientVPNAuthorizationRule_Disappears_endpoint, }, "NetworkAssociation": { - "basic": testAccClientVPNNetworkAssociation_basic, - "multipleSubnets": testAccClientVPNNetworkAssociation_multipleSubnets, - "disappears": testAccClientVPNNetworkAssociation_disappears, - "securityGroupsOnEndpoint": testAccClientVPNNetworkAssociation_securityGroupsOnEndpoint, + "basic": testAccClientVPNNetworkAssociation_basic, + "multipleSubnets": testAccClientVPNNetworkAssociation_multipleSubnets, + "disappears": testAccClientVPNNetworkAssociation_disappears, }, "Route": { "basic": testAccClientVPNRoute_basic, diff --git a/internal/service/ec2/vpnclient_network_association_test.go b/internal/service/ec2/vpnclient_network_association_test.go index cedf97de6980..709138bd26a5 100644 --- a/internal/service/ec2/vpnclient_network_association_test.go +++ b/internal/service/ec2/vpnclient_network_association_test.go @@ -131,36 +131,6 @@ func testAccClientVPNNetworkAssociation_disappears(t *testing.T) { }) } -func testAccClientVPNNetworkAssociation_securityGroupsOnEndpoint(t *testing.T) { - ctx := acctest.Context(t) - var assoc ec2.TargetNetwork - rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) - resourceName := "aws_ec2_client_vpn_network_association.test" - - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { acctest.PreCheck(ctx, t); testAccPreCheckClientVPNSyncronize(t) }, - ErrorCheck: acctest.ErrorCheck(t, ec2.EndpointsID), - ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, - CheckDestroy: testAccCheckClientVPNNetworkAssociationDestroy(ctx), - Steps: []resource.TestStep{ - { - Config: testAccClientVPNNetworkAssociationConfig_twoSecurityGroupsOnEndpoint(t, rName), - Check: resource.ComposeAggregateTestCheckFunc( - testAccCheckClientVPNNetworkAssociationExists(ctx, resourceName, &assoc), - resource.TestCheckResourceAttr(resourceName, "security_groups.#", "2"), - resource.TestCheckResourceAttrSet(resourceName, "vpc_id"), - ), - }, - { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateIdFunc: testAccClientVPNNetworkAssociationImportStateIdFunc(resourceName), - }, - }, - }) -} - func testAccCheckClientVPNNetworkAssociationDestroy(ctx context.Context) resource.TestCheckFunc { return func(s *terraform.State) error { conn := acctest.Provider.Meta().(*conns.AWSClient).EC2Conn() @@ -277,12 +247,3 @@ resource "aws_ec2_client_vpn_network_association" "test" { } `) } - -func testAccClientVPNNetworkAssociationConfig_twoSecurityGroupsOnEndpoint(t *testing.T, rName string) string { - return acctest.ConfigCompose(testAccClientVPNEndpointConfig_securityGroups(t, rName, 2), ` -resource "aws_ec2_client_vpn_network_association" "test" { - client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.test.id - subnet_id = aws_subnet.test[0].id -} -`) -} From 54f542768e97a3ec9daa293e813bbc5658276f21 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 12 May 2023 17:07:29 -0400 Subject: [PATCH 4/5] Fixup acceptance tests. --- .../ec2/vpnclient_network_association_test.go | 21 ------------------- 1 file changed, 21 deletions(-) diff --git a/internal/service/ec2/vpnclient_network_association_test.go b/internal/service/ec2/vpnclient_network_association_test.go index 709138bd26a5..68448b7522ce 100644 --- a/internal/service/ec2/vpnclient_network_association_test.go +++ b/internal/service/ec2/vpnclient_network_association_test.go @@ -6,7 +6,6 @@ import ( "regexp" "testing" - "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/ec2" sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest" "github.com/hashicorp/terraform-plugin-testing/helper/resource" @@ -20,13 +19,11 @@ import ( func testAccClientVPNNetworkAssociation_basic(t *testing.T) { ctx := acctest.Context(t) var assoc ec2.TargetNetwork - var group ec2.SecurityGroup rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceName := "aws_ec2_client_vpn_network_association.test" endpointResourceName := "aws_ec2_client_vpn_endpoint.test" subnetResourceName := "aws_subnet.test.0" vpcResourceName := "aws_vpc.test" - defaultSecurityGroupResourceName := "aws_default_security_group.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheckClientVPNSyncronize(t); acctest.PreCheck(ctx, t) }, @@ -42,9 +39,6 @@ func testAccClientVPNNetworkAssociation_basic(t *testing.T) { resource.TestCheckResourceAttrPair(resourceName, "id", resourceName, "association_id"), resource.TestCheckResourceAttrPair(resourceName, "client_vpn_endpoint_id", endpointResourceName, "id"), resource.TestCheckResourceAttrPair(resourceName, "subnet_id", subnetResourceName, "id"), - testAccCheckSecurityGroupExists(ctx, defaultSecurityGroupResourceName, &group), - resource.TestCheckResourceAttr(resourceName, "security_groups.#", "1"), - testAccCheckClientVPNNetworkAssociationSecurityGroupID(resourceName, "security_groups.*", &group), resource.TestCheckResourceAttrPair(resourceName, "vpc_id", vpcResourceName, "id"), ), }, @@ -61,13 +55,11 @@ func testAccClientVPNNetworkAssociation_basic(t *testing.T) { func testAccClientVPNNetworkAssociation_multipleSubnets(t *testing.T) { ctx := acctest.Context(t) var assoc ec2.TargetNetwork - var group ec2.SecurityGroup rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) resourceNames := []string{"aws_ec2_client_vpn_network_association.test.0", "aws_ec2_client_vpn_network_association.test.1"} endpointResourceName := "aws_ec2_client_vpn_endpoint.test" subnetResourceNames := []string{"aws_subnet.test.0", "aws_subnet.test.1"} vpcResourceName := "aws_vpc.test" - defaultSecurityGroupResourceName := "aws_default_security_group.test" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { testAccPreCheckClientVPNSyncronize(t); acctest.PreCheck(ctx, t) }, @@ -85,9 +77,6 @@ func testAccClientVPNNetworkAssociation_multipleSubnets(t *testing.T) { resource.TestCheckResourceAttrPair(resourceNames[0], "client_vpn_endpoint_id", endpointResourceName, "id"), resource.TestCheckResourceAttrPair(resourceNames[0], "subnet_id", subnetResourceNames[0], "id"), resource.TestCheckResourceAttrPair(resourceNames[1], "subnet_id", subnetResourceNames[1], "id"), - testAccCheckSecurityGroupExists(ctx, defaultSecurityGroupResourceName, &group), - resource.TestCheckResourceAttr(resourceNames[0], "security_groups.#", "1"), - testAccCheckClientVPNNetworkAssociationSecurityGroupID(resourceNames[0], "security_groups.*", &group), resource.TestCheckResourceAttrPair(resourceNames[0], "vpc_id", vpcResourceName, "id"), ), }, @@ -182,12 +171,6 @@ func testAccCheckClientVPNNetworkAssociationExists(ctx context.Context, name str } } -func testAccCheckClientVPNNetworkAssociationSecurityGroupID(name, key string, group *ec2.SecurityGroup) resource.TestCheckFunc { - return func(s *terraform.State) error { - return resource.TestCheckTypeSetElemAttr(name, key, aws.StringValue(group.GroupId))(s) - } -} - func testAccClientVPNNetworkAssociationImportStateIdFunc(resourceName string) resource.ImportStateIdFunc { return func(s *terraform.State) (string, error) { rs, ok := s.RootModule().Resources[resourceName] @@ -209,10 +192,6 @@ resource "aws_vpc" "test" { } } -resource "aws_default_security_group" "test" { - vpc_id = aws_vpc.test.id -} - resource "aws_subnet" "test" { count = 2 From fa33ab63841677ce9311c282102d62d023ee40af Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Fri, 12 May 2023 17:31:05 -0400 Subject: [PATCH 5/5] Fixup 'testAccClientVPNNetworkAssociation_multipleSubnets'. --- .../ec2/vpnclient_network_association_test.go | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/internal/service/ec2/vpnclient_network_association_test.go b/internal/service/ec2/vpnclient_network_association_test.go index 68448b7522ce..101aa1da6578 100644 --- a/internal/service/ec2/vpnclient_network_association_test.go +++ b/internal/service/ec2/vpnclient_network_association_test.go @@ -80,18 +80,6 @@ func testAccClientVPNNetworkAssociation_multipleSubnets(t *testing.T) { resource.TestCheckResourceAttrPair(resourceNames[0], "vpc_id", vpcResourceName, "id"), ), }, - { - ResourceName: resourceNames[0], - ImportState: true, - ImportStateVerify: true, - ImportStateIdFunc: testAccClientVPNNetworkAssociationImportStateIdFunc(resourceNames[0]), - }, - { - ResourceName: resourceNames[1], - ImportState: true, - ImportStateVerify: true, - ImportStateIdFunc: testAccClientVPNNetworkAssociationImportStateIdFunc(resourceNames[1]), - }, }, }) }