Added tunnel options to vpn_connection

aws/resource_aws_vpn_connection.go

@@ -94,6 +94,36 @@ func resourceAwsVpnConnection() *schema.Resource {
 				ForceNew: true,
 			},
 
+			"tunnel1_inside_cidr": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+
+			"tunnel1_preshared_key": {
+				Type:      schema.TypeString,
+				Optional:  true,
+				Sensitive: true,
+				Computed:  true,
+				ForceNew:  true,
+			},
+
+			"tunnel2_inside_cidr": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+
+			"tunnel2_preshared_key": {
+				Type:      schema.TypeString,
+				Optional:  true,
+				Sensitive: true,
+				Computed:  true,
+				ForceNew:  true,
+			},
+
 			"tags": tagsSchema(),
 
 			// Begin read only attributes
@@ -107,22 +137,14 @@ func resourceAwsVpnConnection() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-
 			"tunnel1_cgw_inside_address": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-
 			"tunnel1_vgw_inside_address": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-
-			"tunnel1_preshared_key": {
-				Type:      schema.TypeString,
-				Sensitive: true,
-				Computed:  true,
-			},
 			"tunnel1_bgp_asn": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -131,26 +153,19 @@ func resourceAwsVpnConnection() *schema.Resource {
 				Type:     schema.TypeInt,
 				Computed: true,
 			},
+
 			"tunnel2_address": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-
 			"tunnel2_cgw_inside_address": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-
 			"tunnel2_vgw_inside_address": {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
-
-			"tunnel2_preshared_key": {
-				Type:      schema.TypeString,
-				Sensitive: true,
-				Computed:  true,
-			},
 			"tunnel2_bgp_asn": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -159,6 +174,7 @@ func resourceAwsVpnConnection() *schema.Resource {
 				Type:     schema.TypeInt,
 				Computed: true,
 			},
+
 			"routes": {
 				Type:     schema.TypeSet,
 				Computed: true,
@@ -245,8 +261,37 @@ func resourceAwsVpnConnection() *schema.Resource {
 func resourceAwsVpnConnectionCreate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).ec2conn
 
+	// Get the optional tunnel options
+	tunnel1_cidr := d.Get("tunnel1_inside_cidr").(string)
+	tunnel2_cidr := d.Get("tunnel2_inside_cidr").(string)
+
+	tunnel1_psk := d.Get("tunnel1_preshared_key").(string)
+	tunnel2_psk := d.Get("tunnel2_preshared_key").(string)
+
+	// Fill the tunnel options for the EC2 API
+	options := []*ec2.VpnTunnelOptionsSpecification{
+		{}, {},
+	}
+
+	if tunnel1_cidr != "" {
+		options[0].TunnelInsideCidr = aws.String(tunnel1_cidr)
+	}
+
+	if tunnel2_cidr != "" {
+		options[1].TunnelInsideCidr = aws.String(tunnel2_cidr)
+	}
+
+	if tunnel1_psk != "" {
+		options[0].PreSharedKey = aws.String(tunnel1_psk)
+	}
+
+	if tunnel2_psk != "" {
+		options[1].PreSharedKey = aws.String(tunnel2_psk)
+	}
+
 	connectOpts := &ec2.VpnConnectionOptionsSpecification{
 		StaticRoutesOnly: aws.Bool(d.Get("static_routes_only").(bool)),
+		TunnelOptions:    options,
 	}
 
 	createOpts := &ec2.CreateVpnConnectionInput{

aws/resource_aws_vpn_connection_test.go

@@ -53,10 +53,44 @@ func TestAccAWSVpnConnection_basic(t *testing.T) {
 	})
 }
 
+func TestAccAWSVpnConnection_tunnelOptions(t *testing.T) {
+	rBgpAsn := acctest.RandIntRange(64512, 65534)
+	var vpn ec2.VpnConnection
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:      func() { testAccPreCheck(t) },
+		IDRefreshName: "aws_vpn_connection.foo",
+		Providers:     testAccProviders,
+		CheckDestroy:  testAccAwsVpnConnectionDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAwsVpnConnectionConfigTunnelOptions(rBgpAsn),
+				Check: resource.ComposeTestCheckFunc(
+					testAccAwsVpnConnection(
+						"aws_vpc.vpc",
+						"aws_vpn_gateway.vpn_gateway",
+						"aws_customer_gateway.customer_gateway",
+						"aws_vpn_connection.foo",
+						&vpn,
+					),
+					resource.TestCheckResourceAttr("aws_vpn_connection.foo", "static_routes_only", "false"),
+
+					resource.TestCheckResourceAttr("aws_vpn_connection.foo", "tunnel1_inside_cidr", "169.254.8.0/30"),
+					resource.TestCheckResourceAttr("aws_vpn_connection.foo", "tunnel1_preshared_key", "lookatmethisisaprivatekey1"),
+
+					resource.TestCheckResourceAttr("aws_vpn_connection.foo", "tunnel2_inside_cidr", "169.254.9.0/30"),
+					resource.TestCheckResourceAttr("aws_vpn_connection.foo", "tunnel2_preshared_key", "lookatmethisisaprivatekey2"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAWSVpnConnection_withoutStaticRoutes(t *testing.T) {
 	rInt := acctest.RandInt()
 	rBgpAsn := acctest.RandIntRange(64512, 65534)
 	var vpn ec2.VpnConnection
+
 	resource.Test(t, resource.TestCase{
 		PreCheck:      func() { testAccPreCheck(t) },
 		IDRefreshName: "aws_vpn_connection.foo",
@@ -325,6 +359,38 @@ func testAccAwsVpnConnectionConfigUpdate(rInt, rBgpAsn int) string {
 	`, rBgpAsn, rInt)
 }
 
+func testAccAwsVpnConnectionConfigTunnelOptions(rBgpAsn int) string {
+	return fmt.Sprintf(`
+		resource "aws_vpn_gateway" "vpn_gateway" {
+		  tags {
+		    Name = "vpn_gateway"
+		  }
+		}
+
+		resource "aws_customer_gateway" "customer_gateway" {
+		  bgp_asn = %d
+		  ip_address = "178.0.0.1"
+		  type = "ipsec.1"
+			tags {
+				Name = "main-customer-gateway"
+			}
+		}
+
+		resource "aws_vpn_connection" "foo" {
+		  vpn_gateway_id = "${aws_vpn_gateway.vpn_gateway.id}"
+		  customer_gateway_id = "${aws_customer_gateway.customer_gateway.id}"
+		  type = "ipsec.1"
+	  	  static_routes_only = false
+
+		  tunnel1_inside_cidr = "169.254.8.0/30"
+		  tunnel1_preshared_key = "lookatmethisisaprivatekey1"
+
+		  tunnel2_inside_cidr = "169.254.9.0/30"
+		  tunnel2_preshared_key = "lookatmethisisaprivatekey2"
+		}
+		`, rBgpAsn)
+}
+
 // Test our VPN tunnel config XML parsing
 const testAccAwsVpnTunnelInfoXML = `
 <vpn_connection id="vpn-abc123">