azurerm_virtual_network_gateway_connection - shared_key is optional w…

…hen type is IPSec (#6565) fixes #5402
hashicorp · Apr 26, 2020 · ffb2046 · ffb2046
1 parent a665b43
commit ffb2046
Show file tree

Hide file tree

Showing 3 changed files with 94 additions and 10 deletions.
diff --git a/azurerm/internal/services/network/resource_arm_virtual_network_gateway_connection.go b/azurerm/internal/services/network/resource_arm_virtual_network_gateway_connection.go
@@ -510,23 +510,19 @@ func getArmVirtualNetworkGatewayConnectionProperties(d *schema.ResourceData) (*n
 
 	if props.ConnectionType == network.ExpressRoute {
 		if props.Peer == nil || props.Peer.ID == nil {
-			return nil, fmt.Errorf("`express_route_circuit_id` must be specified when `type` is set to `ExpressRoute")
+			return nil, fmt.Errorf("`express_route_circuit_id` must be specified when `type` is set to `ExpressRoute`")
 		}
 	}
 
 	if props.ConnectionType == network.IPsec {
 		if props.LocalNetworkGateway2 == nil || props.LocalNetworkGateway2.ID == nil {
-			return nil, fmt.Errorf("`local_network_gateway_id` and `shared_key` must be specified when `type` is set to `IPsec")
-		}
-
-		if props.SharedKey == nil {
-			return nil, fmt.Errorf("`local_network_gateway_id` and `shared_key` must be specified when `type` is set to `IPsec")
+			return nil, fmt.Errorf("`local_network_gateway_id` must be specified when `type` is set to `IPsec`")
 		}
 	}
 
 	if props.ConnectionType == network.Vnet2Vnet {
 		if props.VirtualNetworkGateway2 == nil || props.VirtualNetworkGateway2.ID == nil {
-			return nil, fmt.Errorf("`peer_virtual_network_gateway_id` and `shared_key` must be specified when `type` is set to `Vnet2Vnet")
+			return nil, fmt.Errorf("`peer_virtual_network_gateway_id` must be specified when `type` is set to `Vnet2Vnet`")
 		}
 	}
 

diff --git a/...m/internal/services/network/tests/resource_arm_virtual_network_gateway_connection_test.go b/...m/internal/services/network/tests/resource_arm_virtual_network_gateway_connection_test.go
@@ -52,6 +52,25 @@ func TestAccAzureRMVirtualNetworkGatewayConnection_requiresImport(t *testing.T)
 	})
 }
 
+func TestAccAzureRMVirtualNetworkGatewayConnection_sitetositeWithoutSharedKey(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_virtual_network_gateway_connection", "test")
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { acceptance.PreCheck(t) },
+		Providers:    acceptance.SupportedProviders,
+		CheckDestroy: testCheckAzureRMVirtualNetworkGatewayConnectionDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMVirtualNetworkGatewayConnection_sitetositeWithoutSharedKey(data),
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMVirtualNetworkGatewayConnectionExists(data.ResourceName),
+				),
+			},
+			data.ImportStep(),
+		},
+	})
+}
+
 func TestAccAzureRMVirtualNetworkGatewayConnection_vnettonet(t *testing.T) {
 	data1 := acceptance.BuildTestData(t, "azurerm_virtual_network_gateway_connection", "test_1")
 	data2 := acceptance.BuildTestData(t, "azurerm_virtual_network_gateway_connection", "test_2")
@@ -272,6 +291,76 @@ resource "azurerm_virtual_network_gateway_connection" "test" {
 `, data.RandomInteger, data.Locations.Primary)
 }
 
+func testAccAzureRMVirtualNetworkGatewayConnection_sitetositeWithoutSharedKey(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+variable "random" {
+  default = "%d"
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-${var.random}"
+  location = "%s"
+}
+
+resource "azurerm_virtual_network" "test" {
+  name                = "acctestvn-${var.random}"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  address_space       = ["10.0.0.0/16"]
+}
+
+resource "azurerm_subnet" "test" {
+  name                 = "GatewaySubnet"
+  resource_group_name  = azurerm_resource_group.test.name
+  virtual_network_name = azurerm_virtual_network.test.name
+  address_prefix       = "10.0.1.0/24"
+}
+
+resource "azurerm_public_ip" "test" {
+  name                = "acctest-${var.random}"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  allocation_method   = "Dynamic"
+}
+
+resource "azurerm_virtual_network_gateway" "test" {
+  name                = "acctest-${var.random}"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+
+  type     = "Vpn"
+  vpn_type = "RouteBased"
+  sku      = "Basic"
+
+  ip_configuration {
+    name                          = "vnetGatewayConfig"
+    public_ip_address_id          = azurerm_public_ip.test.id
+    private_ip_address_allocation = "Dynamic"
+    subnet_id                     = azurerm_subnet.test.id
+  }
+}
+
+resource "azurerm_local_network_gateway" "test" {
+  name                = "acctest-${var.random}"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+
+  gateway_address = "168.62.225.23"
+  address_space   = ["10.1.1.0/24"]
+}
+
+resource "azurerm_virtual_network_gateway_connection" "test" {
+  name                = "acctest-${var.random}"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+
+  type                       = "IPsec"
+  virtual_network_gateway_id = azurerm_virtual_network_gateway.test.id
+  local_network_gateway_id   = azurerm_local_network_gateway.test.id
+}
+`, data.RandomInteger, data.Locations.Primary)
+}
+
 func testAccAzureRMVirtualNetworkGatewayConnection_requiresImport(data acceptance.TestData) string {
 	template := testAccAzureRMVirtualNetworkGatewayConnection_sitetosite(data)
 	return fmt.Sprintf(`

diff --git a/website/docs/r/virtual_network_gateway_connection.html.markdown b/website/docs/r/virtual_network_gateway_connection.html.markdown
@@ -240,9 +240,8 @@ The following arguments are supported:
 
 * `routing_weight` - (Optional) The routing weight. Defaults to `10`.
 
-* `shared_key` - (Optional) The shared IPSec key. A key must be provided if a
-    Site-to-Site or VNet-to-VNet connection is created whereas ExpressRoute
-    connections do not need a shared key.
+* `shared_key` - (Optional) The shared IPSec key. A key could be provided if a
+    Site-to-Site, VNet-to-VNet or ExpressRoute connection is created.
 
 * `connection_protocol` - (Optional) The IKE protocol version to use. Possible
     values are `IKEv1` and `IKEv2`. Defaults to `IKEv2`.