Merge pull request #34109 from ddericco/f-aws_network_manager_connect…

…_attachment-add_no_encap_support [Enhancement] Add NO_ENCAP support to aws_networkmanager_connect_attachment
hashicorp · Oct 27, 2023 · e3609fb · e3609fb
2 parents 18e379b + c720787
commit e3609fb
Show file tree

Hide file tree

Showing 7 changed files with 232 additions and 24 deletions.
diff --git a/.changelog/34109.txt b/.changelog/34109.txt
@@ -0,0 +1,11 @@
+```release-note:enhancement
+resource/aws_networkmanager_connect_attachment: Add `NO_ENCAP` as a valid `options.protocol` value
+```
+
+```release-note:enhancement
+resource/aws_networkmanager_connect_peer: Add `subnet_arn` argument to support [Tunnel-less Connect attachments](https://docs.aws.amazon.com/network-manager/latest/cloudwan/cloudwan-connect-attachment.html#cloudwan-connect-tlc)
+```
+
+```release-note:enhancement
+resource/aws_networkmanager_connect_peer: `inside_cidr_blocks` is Optional
+```
diff --git a/internal/service/networkmanager/connect_attachment.go b/internal/service/networkmanager/connect_attachment.go
@@ -93,7 +93,7 @@ func ResourceConnectAttachment() *schema.Resource {
  "protocol": {
  Type: schema.TypeString,
  Optional: true,
- ValidateFunc: validation.StringInSlice([]string{"GRE"}, false),
+ ValidateFunc: validation.StringInSlice(networkmanager.TunnelProtocol_Values(), false),
  },
  },
  },

diff --git a/internal/service/networkmanager/connect_attachment_test.go b/internal/service/networkmanager/connect_attachment_test.go
@@ -39,6 +39,7 @@ func TestAccNetworkManagerConnectAttachment_basic(t *testing.T) {
  resource.TestCheckResourceAttr(resourceName, "attachment_type", "CONNECT"),
  resource.TestCheckResourceAttrSet(resourceName, "core_network_id"),
  resource.TestCheckResourceAttr(resourceName, "edge_location", acctest.Region()),
+ resource.TestCheckResourceAttr(resourceName, "options.0.protocol", "GRE"),
  acctest.CheckResourceAttrAccountID(resourceName, "owner_account_id"),
  resource.TestCheckResourceAttr(resourceName, "segment_name", "shared"),
  resource.TestCheckResourceAttrSet(resourceName, "state"),
@@ -74,6 +75,7 @@ func TestAccNetworkManagerConnectAttachment_basic_NoDependsOn(t *testing.T) {
  resource.TestCheckResourceAttr(resourceName, "attachment_type", "CONNECT"),
  resource.TestCheckResourceAttrSet(resourceName, "core_network_id"),
  resource.TestCheckResourceAttr(resourceName, "edge_location", acctest.Region()),
+ resource.TestCheckResourceAttr(resourceName, "options.0.protocol", "GRE"),
  acctest.CheckResourceAttrAccountID(resourceName, "owner_account_id"),
  resource.TestCheckResourceAttr(resourceName, "segment_name", "shared"),
  resource.TestCheckResourceAttrSet(resourceName, "state"),
@@ -113,6 +115,42 @@ func TestAccNetworkManagerConnectAttachment_disappears(t *testing.T) {
  })
 }
 
+func TestAccNetworkManagerConnectAttachment_protocolNoEncap(t *testing.T) {
+ ctx := acctest.Context(t)
+ var v networkmanager.ConnectAttachment
+ resourceName := "aws_networkmanager_connect_attachment.test"
+ rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+ resource.ParallelTest(t, resource.TestCase{
+ PreCheck: func() { acctest.PreCheck(ctx, t) },
+ ErrorCheck: acctest.ErrorCheck(t, networkmanager.EndpointsID),
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+ CheckDestroy: testAccCheckConnectAttachmentDestroy(ctx),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccConnectAttachmentConfig_protocolNoEncap(rName),
+ Check: resource.ComposeAggregateTestCheckFunc(
+ testAccCheckConnectAttachmentExists(ctx, resourceName, &v),
+ acctest.MatchResourceAttrGlobalARN(resourceName, "arn", "networkmanager", regexache.MustCompile(`attachment/.+`)),
+ resource.TestCheckResourceAttr(resourceName, "attachment_type", "CONNECT"),
+ resource.TestCheckResourceAttrSet(resourceName, "core_network_id"),
+ resource.TestCheckResourceAttr(resourceName, "edge_location", acctest.Region()),
+ resource.TestCheckResourceAttr(resourceName, "options.0.protocol", "NO_ENCAP"),
+ acctest.CheckResourceAttrAccountID(resourceName, "owner_account_id"),
+ resource.TestCheckResourceAttr(resourceName, "segment_name", "shared"),
+ resource.TestCheckResourceAttrSet(resourceName, "state"),
+ resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
+ ),
+ },
+ {
+ ResourceName: resourceName,
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ },
+ })
+}
+
 func TestAccNetworkManagerConnectAttachment_tags(t *testing.T) {
  ctx := acctest.Context(t)
  var v networkmanager.ConnectAttachment
@@ -370,6 +408,44 @@ resource "aws_networkmanager_attachment_accepter" "test2" {
 `)
 }
 
+func testAccConnectAttachmentConfig_protocolNoEncap(rName string) string {
+ return acctest.ConfigCompose(testAccConnectAttachmentConfig_base(rName), `
+resource "aws_networkmanager_vpc_attachment" "test" {
+ subnet_arns = aws_subnet.test[*].arn
+ core_network_id = aws_networkmanager_core_network_policy_attachment.test.core_network_id
+ vpc_arn = aws_vpc.test.arn
+ tags = {
+ segment = "shared"
+ }
+}
+
+resource "aws_networkmanager_attachment_accepter" "test" {
+ attachment_id = aws_networkmanager_vpc_attachment.test.id
+ attachment_type = aws_networkmanager_vpc_attachment.test.attachment_type
+}
+
+resource "aws_networkmanager_connect_attachment" "test" {
+ core_network_id = aws_networkmanager_core_network.test.id
+ transport_attachment_id = aws_networkmanager_vpc_attachment.test.id
+ edge_location = aws_networkmanager_vpc_attachment.test.edge_location
+ options {
+ protocol = "NO_ENCAP"
+ }
+ tags = {
+ segment = "shared"
+ }
+ depends_on = [
+ "aws_networkmanager_attachment_accepter.test"
+ ]
+}
+
+resource "aws_networkmanager_attachment_accepter" "test2" {
+ attachment_id = aws_networkmanager_connect_attachment.test.id
+ attachment_type = aws_networkmanager_connect_attachment.test.attachment_type
+}
+`)
+}
+
 func testAccConnectAttachmentConfig_tags1(rName, tagKey1, tagValue1 string) string {
  return acctest.ConfigCompose(testAccConnectAttachmentConfig_base(rName), fmt.Sprintf(`
 resource "aws_networkmanager_vpc_attachment" "test" {

diff --git a/internal/service/networkmanager/connect_peer.go b/internal/service/networkmanager/connect_peer.go
@@ -153,7 +153,7 @@ func ResourceConnectPeer() *schema.Resource {
  },
  "inside_cidr_blocks": {
  Type: schema.TypeList,
- Required: true,
+ Optional: true,
  ForceNew: true,
  MaxItems: 2,
  Elem: &schema.Schema{
@@ -170,6 +170,14 @@ func ResourceConnectPeer() *schema.Resource {
  validation.StringMatch(regexache.MustCompile(`[\s\S]*`), "Anything but whitespace"),
  ),
  },
+ "subnet_arn": {
+ Type: schema.TypeString,
+ Optional: true,
+ ValidateFunc: validation.All(
+ validation.StringLenBetween(0, 500),
+ validation.StringMatch(regexache.MustCompile(`^arn:[^:]{1,63}:ec2:[^:]{0,63}:[^:]{0,63}:subnet\/subnet-[0-9a-f]{8,17}$|^$`), "Must be a valid subnet ARN"),
+ ),
+ },
  "state": {
  Type: schema.TypeString,
  Computed: true,
@@ -184,13 +192,13 @@ func resourceConnectPeerCreate(ctx context.Context, d *schema.ResourceData, meta
  conn := meta.(*conns.AWSClient).NetworkManagerConn(ctx)
 
  connectAttachmentID := d.Get("connect_attachment_id").(string)
- insideCIDRBlocks := flex.ExpandStringList(d.Get("inside_cidr_blocks").([]interface{}))
+ // insideCIDRBlocks := flex.ExpandStringList(d.Get("inside_cidr_blocks").([]interface{}))
  peerAddress := d.Get("peer_address").(string)
  input := &networkmanager.CreateConnectPeerInput{
  ConnectAttachmentId: aws.String(connectAttachmentID),
- InsideCidrBlocks: insideCIDRBlocks,
- PeerAddress:  aws.String(peerAddress),
- Tags:  getTagsIn(ctx),
+ // InsideCidrBlocks: insideCIDRBlocks,
+ PeerAddress: aws.String(peerAddress),
+ Tags: getTagsIn(ctx),
  }
 
  if v, ok := d.GetOk("bgp_options"); ok && len(v.([]interface{})) > 0 {
@@ -201,6 +209,15 @@ func resourceConnectPeerCreate(ctx context.Context, d *schema.ResourceData, meta
  input.CoreNetworkAddress = aws.String(v.(string))
  }
 
+ if v, ok := d.GetOk("inside_cidr_blocks"); ok {
+ insideCIDRBlocks := flex.ExpandStringList(v.([]interface{}))
+ input.InsideCidrBlocks = insideCIDRBlocks
+ }
+
+ if v, ok := d.GetOk("subnet_arn"); ok {
+ input.SubnetArn = aws.String(v.(string))
+ }
+
  outputRaw, err := tfresource.RetryWhen(ctx, d.Timeout(schema.TimeoutCreate),
  func() (interface{}, error) {
  return conn.CreateConnectPeerWithContext(ctx, input)
@@ -277,6 +294,7 @@ func resourceConnectPeerRead(ctx context.Context, d *schema.ResourceData, meta i
  d.Set("connect_attachment_id", connectPeer.ConnectAttachmentId)
  d.Set("inside_cidr_blocks", connectPeer.Configuration.InsideCidrBlocks)
  d.Set("peer_address", connectPeer.Configuration.PeerAddress)
+ d.Set("subnet_arn", connectPeer.SubnetArn)
  d.Set("state", connectPeer.State)
 
  setTagsOut(ctx, connectPeer.Tags)