diff --git a/azurerm/internal/services/network/resource_arm_virtual_network_gateway_connection.go b/azurerm/internal/services/network/resource_arm_virtual_network_gateway_connection.go index 08302929a5fa..6f32eba082f3 100644 --- a/azurerm/internal/services/network/resource_arm_virtual_network_gateway_connection.go +++ b/azurerm/internal/services/network/resource_arm_virtual_network_gateway_connection.go @@ -510,23 +510,19 @@ func getArmVirtualNetworkGatewayConnectionProperties(d *schema.ResourceData) (*n if props.ConnectionType == network.ExpressRoute { if props.Peer == nil || props.Peer.ID == nil { - return nil, fmt.Errorf("`express_route_circuit_id` must be specified when `type` is set to `ExpressRoute") + return nil, fmt.Errorf("`express_route_circuit_id` must be specified when `type` is set to `ExpressRoute`") } } if props.ConnectionType == network.IPsec { if props.LocalNetworkGateway2 == nil || props.LocalNetworkGateway2.ID == nil { - return nil, fmt.Errorf("`local_network_gateway_id` and `shared_key` must be specified when `type` is set to `IPsec") - } - - if props.SharedKey == nil { - return nil, fmt.Errorf("`local_network_gateway_id` and `shared_key` must be specified when `type` is set to `IPsec") + return nil, fmt.Errorf("`local_network_gateway_id` must be specified when `type` is set to `IPsec`") } } if props.ConnectionType == network.Vnet2Vnet { if props.VirtualNetworkGateway2 == nil || props.VirtualNetworkGateway2.ID == nil { - return nil, fmt.Errorf("`peer_virtual_network_gateway_id` and `shared_key` must be specified when `type` is set to `Vnet2Vnet") + return nil, fmt.Errorf("`peer_virtual_network_gateway_id` must be specified when `type` is set to `Vnet2Vnet`") } } diff --git a/azurerm/internal/services/network/tests/resource_arm_virtual_network_gateway_connection_test.go b/azurerm/internal/services/network/tests/resource_arm_virtual_network_gateway_connection_test.go index 211bc939164a..4f7d42158cf9 100644 --- a/azurerm/internal/services/network/tests/resource_arm_virtual_network_gateway_connection_test.go +++ b/azurerm/internal/services/network/tests/resource_arm_virtual_network_gateway_connection_test.go @@ -52,6 +52,25 @@ func TestAccAzureRMVirtualNetworkGatewayConnection_requiresImport(t *testing.T) }) } +func TestAccAzureRMVirtualNetworkGatewayConnection_sitetositeWithoutSharedKey(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_virtual_network_gateway_connection", "test") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acceptance.PreCheck(t) }, + Providers: acceptance.SupportedProviders, + CheckDestroy: testCheckAzureRMVirtualNetworkGatewayConnectionDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAzureRMVirtualNetworkGatewayConnection_sitetositeWithoutSharedKey(data), + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMVirtualNetworkGatewayConnectionExists(data.ResourceName), + ), + }, + data.ImportStep(), + }, + }) +} + func TestAccAzureRMVirtualNetworkGatewayConnection_vnettonet(t *testing.T) { data1 := acceptance.BuildTestData(t, "azurerm_virtual_network_gateway_connection", "test_1") data2 := acceptance.BuildTestData(t, "azurerm_virtual_network_gateway_connection", "test_2") @@ -272,6 +291,76 @@ resource "azurerm_virtual_network_gateway_connection" "test" { `, data.RandomInteger, data.Locations.Primary) } +func testAccAzureRMVirtualNetworkGatewayConnection_sitetositeWithoutSharedKey(data acceptance.TestData) string { + return fmt.Sprintf(` +variable "random" { + default = "%d" +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-${var.random}" + location = "%s" +} + +resource "azurerm_virtual_network" "test" { + name = "acctestvn-${var.random}" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + address_space = ["10.0.0.0/16"] +} + +resource "azurerm_subnet" "test" { + name = "GatewaySubnet" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefix = "10.0.1.0/24" +} + +resource "azurerm_public_ip" "test" { + name = "acctest-${var.random}" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + allocation_method = "Dynamic" +} + +resource "azurerm_virtual_network_gateway" "test" { + name = "acctest-${var.random}" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + type = "Vpn" + vpn_type = "RouteBased" + sku = "Basic" + + ip_configuration { + name = "vnetGatewayConfig" + public_ip_address_id = azurerm_public_ip.test.id + private_ip_address_allocation = "Dynamic" + subnet_id = azurerm_subnet.test.id + } +} + +resource "azurerm_local_network_gateway" "test" { + name = "acctest-${var.random}" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + gateway_address = "168.62.225.23" + address_space = ["10.1.1.0/24"] +} + +resource "azurerm_virtual_network_gateway_connection" "test" { + name = "acctest-${var.random}" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + type = "IPsec" + virtual_network_gateway_id = azurerm_virtual_network_gateway.test.id + local_network_gateway_id = azurerm_local_network_gateway.test.id +} +`, data.RandomInteger, data.Locations.Primary) +} + func testAccAzureRMVirtualNetworkGatewayConnection_requiresImport(data acceptance.TestData) string { template := testAccAzureRMVirtualNetworkGatewayConnection_sitetosite(data) return fmt.Sprintf(` diff --git a/website/docs/r/virtual_network_gateway_connection.html.markdown b/website/docs/r/virtual_network_gateway_connection.html.markdown index 378f1e0c5931..e899c13ec509 100644 --- a/website/docs/r/virtual_network_gateway_connection.html.markdown +++ b/website/docs/r/virtual_network_gateway_connection.html.markdown @@ -240,9 +240,8 @@ The following arguments are supported: * `routing_weight` - (Optional) The routing weight. Defaults to `10`. -* `shared_key` - (Optional) The shared IPSec key. A key must be provided if a - Site-to-Site or VNet-to-VNet connection is created whereas ExpressRoute - connections do not need a shared key. +* `shared_key` - (Optional) The shared IPSec key. A key could be provided if a + Site-to-Site, VNet-to-VNet or ExpressRoute connection is created. * `connection_protocol` - (Optional) The IKE protocol version to use. Possible values are `IKEv1` and `IKEv2`. Defaults to `IKEv2`.