Merge pull request #32896 from watarukura/chore/dns64_modify_after_ip…

…v6_cidr_attach Fix: Enabling IPv6 apply error
hashicorp · Aug 11, 2023 · 0865a74 · 0865a74
2 parents 7e8e161 + 5d93c08
commit 0865a74
Show file tree

Hide file tree

Showing 7 changed files with 110 additions and 18 deletions.
diff --git a/.changelog/32896.txt b/.changelog/32896.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_subnet: Fix allowing IPv6 to be enabled in an update after initial creation with IPv4 only
+```
diff --git a/.github/labeler-pr-triage.yml b/.github/labeler-pr-triage.yml
@@ -26,7 +26,7 @@ linter:
  - '.github/workflows/acctest-terraform-lint.yml'
  - '.github/workflows/providerlint.yml'
  - '.github/workflows/semgrep-ci.yml'
- - '.github/workflows/terraform_provider.yml'
+ - '.github/workflows/provider.yml'
  - '.github/workflows/website.yml'
  - '.github/workflows/workflow-lint.yml'
 pre-service-packages:

diff --git a/.github/workflows/terraform_provider.yml → .github/workflows/provider.yml b/.github/workflows/terraform_provider.yml → .github/workflows/provider.yml
@@ -7,7 +7,7 @@ on:
  - "release/**"
  pull_request:
  paths:
- - .github/workflows/terraform_provider.yml
+ - .github/workflows/provider.yml
  - .ci/.golangci.yml
  - .ci/tools/go.mod
  - .markdownlint.yml
@@ -116,7 +116,7 @@ jobs:
  go_test:
  name: go test
  needs: [go_build]
- runs-on: [custom, linux, large]
+ runs-on: [custom, linux, xl]
  steps:
  - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
  with:

diff --git a/.github/workflows/website.yml b/.github/workflows/website.yml
@@ -105,7 +105,7 @@ jobs:
  - run: terrafmt diff ./website --check --pattern '*.markdown'
 
  tflint:
- runs-on: ubuntu-latest
+ runs-on: [custom, linux, xl]
  steps:
  - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
  with:

diff --git a/internal/generate/prlabels/file.tmpl b/internal/generate/prlabels/file.tmpl
@@ -26,7 +26,7 @@ linter:
  - '.github/workflows/acctest-terraform-lint.yml'
  - '.github/workflows/providerlint.yml'
  - '.github/workflows/semgrep-ci.yml'
- - '.github/workflows/terraform_provider.yml'
+ - '.github/workflows/provider.yml'
  - '.github/workflows/website.yml'
  - '.github/workflows/workflow-lint.yml'
 pre-service-packages:

diff --git a/internal/service/ec2/vpc_subnet.go b/internal/service/ec2/vpc_subnet.go
@@ -300,6 +300,20 @@ func resourceSubnetUpdate(ctx context.Context, d *schema.ResourceData, meta inte
  }
  }
 
+ // If we're disabling IPv6 assignment for new ENIs, do that before modifying the IPv6 CIDR block.
+ if d.HasChange("assign_ipv6_address_on_creation") && !d.Get("assign_ipv6_address_on_creation").(bool) {
+ if err := modifySubnetAssignIPv6AddressOnCreation(ctx, conn, d.Id(), false); err != nil {
+ return sdkdiag.AppendFromErr(diags, err)
+ }
+ }
+
+ // If we're enabling dns64 and resource_name_dns_aaaa_record_on_launch, do that after modifying the IPv6 CIDR block.
+ if d.HasChange("ipv6_cidr_block") {
+ if err := modifySubnetIPv6CIDRBlockAssociation(ctx, conn, d.Id(), d.Get("ipv6_cidr_block_association_id").(string), d.Get("ipv6_cidr_block").(string)); err != nil {
+ return sdkdiag.AppendFromErr(diags, err)
+ }
+ }
+
  if d.HasChange("enable_dns64") {
  if err := modifySubnetEnableDNS64(ctx, conn, d.Id(), d.Get("enable_dns64").(bool)); err != nil {
  return sdkdiag.AppendFromErr(diags, err)
@@ -336,19 +350,6 @@ func resourceSubnetUpdate(ctx context.Context, d *schema.ResourceData, meta inte
  }
  }
 
- // If we're disabling IPv6 assignment for new ENIs, do that before modifying the IPv6 CIDR block.
- if d.HasChange("assign_ipv6_address_on_creation") && !d.Get("assign_ipv6_address_on_creation").(bool) {
- if err := modifySubnetAssignIPv6AddressOnCreation(ctx, conn, d.Id(), false); err != nil {
- return sdkdiag.AppendFromErr(diags, err)
- }
- }
-
- if d.HasChange("ipv6_cidr_block") {
- if err := modifySubnetIPv6CIDRBlockAssociation(ctx, conn, d.Id(), d.Get("ipv6_cidr_block_association_id").(string), d.Get("ipv6_cidr_block").(string)); err != nil {
- return sdkdiag.AppendFromErr(diags, err)
- }
- }
-
  // If we're enabling IPv6 assignment for new ENIs, do that after modifying the IPv6 CIDR block.
  if d.HasChange("assign_ipv6_address_on_creation") && d.Get("assign_ipv6_address_on_creation").(bool) {
  if err := modifySubnetAssignIPv6AddressOnCreation(ctx, conn, d.Id(), true); err != nil {

diff --git a/internal/service/ec2/vpc_subnet_test.go b/internal/service/ec2/vpc_subnet_test.go
@@ -799,6 +799,42 @@ func TestAccVPCSubnet_enableDNS64(t *testing.T) {
  })
 }
 
+func TestAccVPCSubnet_ipv4ToIPv6(t *testing.T) {
+ ctx := acctest.Context(t)
+ var subnet ec2.Subnet
+ resourceName := "aws_subnet.test"
+ rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+ resource.ParallelTest(t, resource.TestCase{
+ PreCheck: func() { acctest.PreCheck(ctx, t) },
+ ErrorCheck: acctest.ErrorCheck(t, ec2.EndpointsID),
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+ CheckDestroy: testAccCheckSubnetDestroy(ctx),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccVPCSubnetConfig_ipv4ToIPv6Before(rName),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckSubnetExists(ctx, resourceName, &subnet),
+ resource.TestCheckResourceAttr(resourceName, "assign_ipv6_address_on_creation", "false"),
+ resource.TestCheckResourceAttr(resourceName, "enable_dns64", "false"),
+ resource.TestCheckResourceAttr(resourceName, "enable_resource_name_dns_aaaa_record_on_launch", "false"),
+ resource.TestCheckResourceAttr(resourceName, "ipv6_cidr_block", ""),
+ ),
+ },
+ {
+ Config: testAccVPCSubnetConfig_ipv4ToIPv6After(rName),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckSubnetExists(ctx, resourceName, &subnet),
+ resource.TestCheckResourceAttr(resourceName, "assign_ipv6_address_on_creation", "true"),
+ resource.TestCheckResourceAttr(resourceName, "enable_dns64", "true"),
+ resource.TestCheckResourceAttr(resourceName, "enable_resource_name_dns_aaaa_record_on_launch", "true"),
+ resource.TestCheckResourceAttrSet(resourceName, "ipv6_cidr_block"),
+ ),
+ },
+ },
+ })
+}
+
 func TestAccVPCSubnet_enableLNIAtDeviceIndex(t *testing.T) {
  ctx := acctest.Context(t)
  var subnet ec2.Subnet
@@ -1497,3 +1533,55 @@ resource "aws_subnet" "test" {
 }
 `, rName)
 }
+
+func testAccVPCSubnetConfig_ipv4ToIPv6Before(rName string) string {
+ return fmt.Sprintf(`
+resource "aws_vpc" "test" {
+ cidr_block = "10.10.0.0/16"
+ assign_generated_ipv6_cidr_block = false
+
+ tags = {
+ Name = %[1]q
+ }
+}
+
+resource "aws_subnet" "test" {
+ assign_ipv6_address_on_creation = false
+ cidr_block = cidrsubnet(aws_vpc.test.cidr_block, 8, 1)
+ enable_dns64 = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ ipv6_cidr_block = null
+ vpc_id = aws_vpc.test.id
+
+ tags = {
+ Name = %[1]q
+ }
+}
+`, rName)
+}
+
+func testAccVPCSubnetConfig_ipv4ToIPv6After(rName string) string {
+ return fmt.Sprintf(`
+resource "aws_vpc" "test" {
+ cidr_block = "10.10.0.0/16"
+ assign_generated_ipv6_cidr_block = true
+
+ tags = {
+ Name = %[1]q
+ }
+}
+
+resource "aws_subnet" "test" {
+ assign_ipv6_address_on_creation = true
+ cidr_block = cidrsubnet(aws_vpc.test.cidr_block, 8, 1)
+ enable_dns64 = true
+ enable_resource_name_dns_aaaa_record_on_launch = true
+ ipv6_cidr_block = cidrsubnet(aws_vpc.test.ipv6_cidr_block, 8, 1)
+ vpc_id = aws_vpc.test.id
+
+ tags = {
+ Name = %[1]q
+ }
+}
+`, rName)
+}