From b0af84ab96e0c8eda34df31bcf9115a588fb68b7 Mon Sep 17 00:00:00 2001 From: Xu Wu Date: Wed, 19 Oct 2022 13:05:41 +0800 Subject: [PATCH] `azurerm_firewall_policy_rule_collection_group` - limit dnat rule destination port max number to 1 (#18766) * limit destination port max number as 1 for server side limitation * improve doc for only one destination port of dnat rule * doc improve Co-authored-by: stephybun Co-authored-by: xuwu1 Co-authored-by: stephybun --- .../firewall_policy_rule_collection_group_resource.go | 2 ++ .../r/firewall_policy_rule_collection_group.html.markdown | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/internal/services/firewall/firewall_policy_rule_collection_group_resource.go b/internal/services/firewall/firewall_policy_rule_collection_group_resource.go index b11bbea5fdeb..024feb76df78 100644 --- a/internal/services/firewall/firewall_policy_rule_collection_group_resource.go +++ b/internal/services/firewall/firewall_policy_rule_collection_group_resource.go @@ -386,6 +386,8 @@ func resourceFirewallPolicyRuleCollectionGroup() *pluginsdk.Resource { "destination_ports": { Type: pluginsdk.TypeList, Optional: true, + // only support 1 destination port in one DNAT rule + MaxItems: 1, Elem: &pluginsdk.Schema{ Type: pluginsdk.TypeString, ValidateFunc: azValidate.PortOrPortRangeWithin(1, 64000), diff --git a/website/docs/r/firewall_policy_rule_collection_group.html.markdown b/website/docs/r/firewall_policy_rule_collection_group.html.markdown index 502d456c28e8..82f92e48620f 100644 --- a/website/docs/r/firewall_policy_rule_collection_group.html.markdown +++ b/website/docs/r/firewall_policy_rule_collection_group.html.markdown @@ -69,7 +69,7 @@ resource "azurerm_firewall_policy_rule_collection_group" "example" { protocols = ["TCP", "UDP"] source_addresses = ["10.0.0.1", "10.0.0.2"] destination_address = "192.168.1.1" - destination_ports = ["80", "1000-2000"] + destination_ports = ["80"] translated_address = "192.168.0.1" translated_port = "8080" } @@ -192,7 +192,7 @@ A `rule` (NAT rule) block supports the following: * `destination_address` - (Optional) The destination IP address (including CIDR). -* `destination_ports` - (Optional) Specifies a list of destination ports. +* `destination_ports` - (Optional) Specifies a list of destination ports. Only one destination port is supported in a NAT rule. * `translated_address` - (Optional) Specifies the translated address.