feat(vpc): Enable addition amazon provided ipv6 cidr

* Extend existing `vpc_ipv6_cidr_block_association` resource to allow requesting additional ipv6 CIDR from the amazon pool
hashicorp · Oct 17, 2022 · e34f8f2 · e34f8f2
1 parent ff6947f
commit e34f8f2
Show file tree

Hide file tree

Showing 3 changed files with 98 additions and 16 deletions.
diff --git a/internal/service/ec2/vpc_ipv6_cidr_block_association.go b/internal/service/ec2/vpc_ipv6_cidr_block_association.go
@@ -37,6 +37,12 @@ func ResourceVPCIPv6CIDRBlockAssociation() *schema.Resource {
  return nil
  },
  Schema: map[string]*schema.Schema{
+ "assign_generated_ipv6_cidr_block": {
+ Type: schema.TypeBool,
+ Optional: true,
+ ForceNew: true,
+ ConflictsWith: []string{"ipv6_pool", "ipv6_ipam_pool_id", "ipv6_cidr_block", "ipv6_netmask_length"},
+ },
  "ipv6_cidr_block": {
  Type: schema.TypeString,
  Optional: true,
@@ -46,13 +52,11 @@ func ResourceVPCIPv6CIDRBlockAssociation() *schema.Resource {
  verify.ValidIPv6CIDRNetworkAddress,
  validation.IsCIDRNetwork(VPCCIDRMaxIPv6, VPCCIDRMaxIPv6)),
  },
- // ipam parameters are not required by the API but other usage mechanisms are not implemented yet. TODO ipv6 options:
- // --amazon-provided-ipv6-cidr-block
- // --ipv6-pool
  "ipv6_ipam_pool_id": {
- Type: schema.TypeString,
- Required: true,
- ForceNew: true,
+ Type: schema.TypeString,
+ Optional: true,
+ ForceNew: true,
+ ConflictsWith: []string{"assign_generated_ipv6_cidr_block", "ipv6_pool"},
  },
  "ipv6_netmask_length": {
  Type: schema.TypeInt,
@@ -63,6 +67,12 @@ func ResourceVPCIPv6CIDRBlockAssociation() *schema.Resource {
  // This RequiredWith setting should be applied once L57 is completed
  // RequiredWith: []string{"ipv6_ipam_pool_id"},
  },
+ "ipv6_pool": {
+ Type: schema.TypeString,
+ Optional: true,
+ ForceNew: true,
+ ConflictsWith: []string{"assign_generated_ipv6_cidr_block", "ipv6_ipam_pool_id"},
+ },
  "vpc_id": {
  Type: schema.TypeString,
  Required: true,
@@ -85,18 +95,26 @@ func resourceVPCIPv6CIDRBlockAssociationCreate(d *schema.ResourceData, meta inte
  VpcId: aws.String(vpcID),
  }
 
- if v, ok := d.GetOk("ipv6_cidr_block"); ok {
- input.Ipv6CidrBlock = aws.String(v.(string))
+ if v, ok := d.GetOk("assign_generated_ipv6_cidr_block"); ok {
+ input.AmazonProvidedIpv6CidrBlock = aws.Bool(v.(bool))
  }
 
  if v, ok := d.GetOk("ipv6_ipam_pool_id"); ok {
  input.Ipv6IpamPoolId = aws.String(v.(string))
  }
 
+ if v, ok := d.GetOk("ipv6_cidr_block"); ok {
+ input.Ipv6CidrBlock = aws.String(v.(string))
+ }
+
  if v, ok := d.GetOk("ipv6_netmask_length"); ok {
  input.Ipv6NetmaskLength = aws.Int64(int64(v.(int)))
  }
 
+ if v, ok := d.GetOk("ipv6_pool"); ok {
+ input.Ipv6Pool = aws.String(v.(string))
+ }
+
  log.Printf("[DEBUG] Creating EC2 VPC IPv6 CIDR Block Association: %s", input)
  output, err := conn.AssociateVpcCidrBlock(input)
 
@@ -132,7 +150,6 @@ func resourceVPCIPv6CIDRBlockAssociationRead(d *schema.ResourceData, meta interf
 
  d.Set("ipv6_cidr_block", vpcIpv6CidrBlockAssociation.Ipv6CidrBlock)
  d.Set("vpc_id", vpc.VpcId)
-
  return nil
 }
 

diff --git a/internal/service/ec2/vpc_ipv6_cidr_block_association_test.go b/internal/service/ec2/vpc_ipv6_cidr_block_association_test.go
@@ -3,9 +3,11 @@ package ec2_test
 import (
  "fmt"
  "strings"
+ "testing"
 
  "github.com/aws/aws-sdk-go/aws"
  "github.com/aws/aws-sdk-go/service/ec2"
+ sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
  "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
  "github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
  "github.com/hashicorp/terraform-provider-aws/internal/acctest"
@@ -72,3 +74,64 @@ func testAccCheckVPCAssociationIPv6CIDRPrefix(association *ec2.VpcIpv6CidrBlockA
  return nil
  }
 }
+
+func TestAccVPCIPv6CIDRBlockAssociation_basic(t *testing.T) {
+ var associationSecondary, associationTertiary ec2.VpcCidrBlockAssociation
+ resource1Name := "aws_vpc_ipv4_cidr_block_association.secondary_cidr"
+ resource2Name := "aws_vpc_ipv4_cidr_block_association.tertiary_cidr"
+ rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+ resource.ParallelTest(t, resource.TestCase{
+ PreCheck: func() { acctest.PreCheck(t) },
+ ErrorCheck: acctest.ErrorCheck(t, ec2.EndpointsID),
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+ CheckDestroy: testAccCheckVPCIPv4CIDRBlockAssociationDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccVPCIPv4CIDRBlockAssociationConfig_basic(rName),
+ Check: resource.ComposeTestCheckFunc(
+ testAccCheckVPCIPv4CIDRBlockAssociationExists(resource1Name, &associationSecondary),
+ testAccCheckAdditionalVPCIPv4CIDRBlock(&associationSecondary, "172.2.0.0/16"),
+ testAccCheckVPCIPv4CIDRBlockAssociationExists(resource2Name, &associationTertiary),
+ testAccCheckAdditionalVPCIPv4CIDRBlock(&associationTertiary, "170.2.0.0/16"),
+ ),
+ },
+ {
+ ResourceName: resource1Name,
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ {
+ ResourceName: resource2Name,
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ },
+ })
+}
+
+func testAccVPCIPv6CIDRBlockAssociationConfig_amazon_provided(rName string) string {
+ return fmt.Sprintf(`
+resource "aws_vpc" "test" {
+ cidr_block = "10.1.0.0/16"
+
+ assign_generated_ipv6_cidr_block = true
+
+ tags = {
+ Name = %[1]q
+ }
+}
+
+resource "aws_vpc_ipv6_cidr_block_association" "secondary_cidr" {
+ vpc_id = aws_vpc.test.id
+
+ assign_generated_ipv6_cidr_block = true
+}
+
+resource "aws_vpc_ipv6_cidr_block_association" "tertiary_cidr" {
+ vpc_id = aws_vpc.test.id
+
+ assign_generated_ipv6_cidr_block = true
+}
+`, rName)
+}
diff --git a/website/docs/r/vpc_ipv6_cidr_block_association.html.markdown b/website/docs/r/vpc_ipv6_cidr_block_association.html.markdown
@@ -20,19 +20,20 @@ resource "aws_vpc" "test" {
 }
 
 resource "aws_vpc_ipv6_cidr_block_association" "test" {
- ipv6_ipam_pool_id = aws_vpc_ipam_pool.test.id
- vpc_id = aws_vpc.test.id
+ assign_generated_ipv6_cidr_block = true
+ vpc_id  = aws_vpc.test.id
 }
 ```
 
 ## Argument Reference
 
 The following arguments are supported:
 
-* `ipv6_cidr_block` - (Optional) The IPv6 CIDR block for the VPC. CIDR can be explicitly set or it can be derived from IPAM using `ipv6_netmask_length`. This parameter is required if `ipv6_netmask_length` is not set and he IPAM pool does not have `allocation_default_netmask` set.
-* `ipv6_ipam_pool_id` - (Required) The ID of an IPv6 IPAM pool you want to use for allocating this VPC's CIDR. IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across AWS Regions and accounts.
-* `ipv6_netmask_length` - (Optional) The netmask length of the IPv6 CIDR you want to allocate to this VPC. Requires specifying a `ipv6_ipam_pool_id`. This parameter is optional if the IPAM pool has `allocation_default_netmask` set, otherwise it or `cidr_block` are required
-* `vpc_id` - (Required) The ID of the VPC to make the association with.
+- `assign_generated_ipv6_cidr_block` - (Optional) Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses, or the size of the CIDR block. Default is `false`. Conflicts with `ipv6_pam_pool_id`, `ipv6_pool`, `ipv6_cidr_block` and `ipv6_netmask_length`.
+- `ipv6_cidr_block` - (Optional) The IPv6 CIDR block for the VPC. CIDR can be explicitly set or it can be derived from IPAM using `ipv6_netmask_length`. This parameter is required if `ipv6_netmask_length` is not set and he IPAM pool does not have `allocation_default_netmask` set. Conflicts with `assign_generated_ipv6_cidr_block`.
+- `ipv6_ipam_pool_id` - (Optional) The ID of an IPv6 IPAM pool you want to use for allocating this VPC's CIDR. IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across AWS Regions and accounts. Conflict with `assign_generated_ipv6_cidr_block` and `ipv6_ipam_pool_id`.
+- `ipv6_netmask_length` - (Optional) The netmask length of the IPv6 CIDR you want to allocate to this VPC. Requires specifying a `ipv6_ipam_pool_id`. This parameter is optional if the IPAM pool has `allocation_default_netmask` set, otherwise it or `cidr_block` are required. Conflicts with `assign_generated_ipv6_cidr_block` and `ipv6_ipam_pool_id`.
+- `vpc_id` - (Required) The ID of the VPC to make the association with.
 
 ## Timeouts
 
@@ -45,7 +46,8 @@ The following arguments are supported:
 
 In addition to all arguments above, the following attributes are exported:
 
-* `id` - The ID of the VPC CIDR association
+- `id` - The ID of the VPC CIDR association
+- `ipv6_cidr_block` - The assigned IPv6 CIDR blok
 
 ## Import