From dce76f8022724e3d03b71d1b01b90bb272aa9056 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 1 Mar 2022 08:46:41 -0500 Subject: [PATCH 1/4] r/aws_route: NAT Gateway targets support IPv6 destinations. --- internal/service/ec2/route.go | 7 +-- internal/service/ec2/route_test.go | 94 ++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+), 4 deletions(-) diff --git a/internal/service/ec2/route.go b/internal/service/ec2/route.go index 40dad165f92..da26207275b 100644 --- a/internal/service/ec2/route.go +++ b/internal/service/ec2/route.go @@ -115,10 +115,9 @@ func ResourceRoute() *schema.Resource { ExactlyOneOf: routeValidTargets, }, "nat_gateway_id": { - Type: schema.TypeString, - Optional: true, - ExactlyOneOf: routeValidTargets, - ConflictsWith: []string{"destination_ipv6_cidr_block"}, // IPv4 destinations only. + Type: schema.TypeString, + Optional: true, + ExactlyOneOf: routeValidTargets, }, "network_interface_id": { Type: schema.TypeString, diff --git a/internal/service/ec2/route_test.go b/internal/service/ec2/route_test.go index 0a6a542a2bb..b1ef18570a0 100644 --- a/internal/service/ec2/route_test.go +++ b/internal/service/ec2/route_test.go @@ -729,6 +729,51 @@ func TestAccEC2Route_ipv4ToNatGateway(t *testing.T) { }) } +func TestAccEC2Route_ipv6ToNatGateway(t *testing.T) { + var route ec2.Route + resourceName := "aws_route.test" + ngwResourceName := "aws_nat_gateway.test" + rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) + destinationCidr := "::/0" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(t) }, + ErrorCheck: acctest.ErrorCheck(t, ec2.EndpointsID), + Providers: acctest.Providers, + CheckDestroy: testAccCheckRouteDestroy, + Steps: []resource.TestStep{ + { + Config: testAccRouteIPv6NatGatewayConfig(rName, destinationCidr), + Check: resource.ComposeTestCheckFunc( + testAccCheckRouteExists(resourceName, &route), + resource.TestCheckResourceAttr(resourceName, "carrier_gateway_id", ""), + resource.TestCheckResourceAttr(resourceName, "destination_cidr_block", ""), + resource.TestCheckResourceAttr(resourceName, "destination_ipv6_cidr_block", destinationCidr), + resource.TestCheckResourceAttr(resourceName, "destination_prefix_list_id", ""), + resource.TestCheckResourceAttr(resourceName, "egress_only_gateway_id", ""), + resource.TestCheckResourceAttr(resourceName, "gateway_id", ""), + resource.TestCheckResourceAttr(resourceName, "instance_id", ""), + resource.TestCheckResourceAttr(resourceName, "instance_owner_id", ""), + resource.TestCheckResourceAttr(resourceName, "local_gateway_id", ""), + resource.TestCheckResourceAttrPair(resourceName, "nat_gateway_id", ngwResourceName, "id"), + resource.TestCheckResourceAttr(resourceName, "network_interface_id", ""), + resource.TestCheckResourceAttr(resourceName, "origin", ec2.RouteOriginCreateRoute), + resource.TestCheckResourceAttr(resourceName, "state", ec2.RouteStateActive), + resource.TestCheckResourceAttr(resourceName, "transit_gateway_id", ""), + resource.TestCheckResourceAttr(resourceName, "vpc_endpoint_id", ""), + resource.TestCheckResourceAttr(resourceName, "vpc_peering_connection_id", ""), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateIdFunc: testAccRouteImportStateIdFunc(resourceName), + ImportStateVerify: true, + }, + }, + }) +} + func TestAccEC2Route_doesNotCrashWithVPCEndpoint(t *testing.T) { var route ec2.Route var routeTable ec2.RouteTable @@ -2990,6 +3035,55 @@ resource "aws_route" "test" { `, rName, destinationCidr) } +func testAccRouteIPv6NatGatewayConfig(rName, destinationCidr string) string { + return fmt.Sprintf(` +resource "aws_vpc" "test" { + cidr_block = "10.1.0.0/16" + assign_generated_ipv6_cidr_block = true + + tags = { + Name = %[1]q + } +} + +resource "aws_subnet" "test" { + vpc_id = aws_vpc.test.id + cidr_block = "10.1.1.0/24" + ipv6_cidr_block = cidrsubnet(aws_vpc.test.ipv6_cidr_block, 8, 1) + assign_ipv6_address_on_creation = true + + enable_resource_name_dns_aaaa_record_on_launch = true + + tags = { + Name = %[1]q + } +} + +resource "aws_nat_gateway" "test" { + connectivity_type = "private" + subnet_id = aws_subnet.test.id + + tags = { + Name = %[1]q + } +} + +resource "aws_route_table" "test" { + vpc_id = aws_vpc.test.id + + tags = { + Name = %[1]q + } +} + +resource "aws_route" "test" { + route_table_id = aws_route_table.test.id + destination_ipv6_cidr_block = %[2]q + nat_gateway_id = aws_nat_gateway.test.id +} +`, rName, destinationCidr) +} + func testAccRouteIPv4VPNGatewayConfig(rName, destinationCidr string) string { return fmt.Sprintf(` resource "aws_vpc" "test" { From 1a7f69c32200a7f89a9e21a002c9e71286219670 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 1 Mar 2022 08:49:11 -0500 Subject: [PATCH 2/4] Add CHANGELOG entry. --- .changelog/23427.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/23427.txt diff --git a/.changelog/23427.txt b/.changelog/23427.txt new file mode 100644 index 00000000000..d95286398e0 --- /dev/null +++ b/.changelog/23427.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +resource/aws_route: `nat_gateway_id` target no longer conflicts with `destination_ipv6_cidr_block` +``` From c73043f76197f6f2e7fd823d696cd79af0e9380b Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 1 Mar 2022 09:58:19 -0500 Subject: [PATCH 3/4] Fix 'InvalidParameterValue: An interface that is part of a NAT gateway cannot be the next hop for an IPv6 destination CIDR block outside the CIDR range 64:ff9b::/96 or IPv6 prefix list.' error. --- internal/service/ec2/route_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/ec2/route_test.go b/internal/service/ec2/route_test.go index b1ef18570a0..8f633af3215 100644 --- a/internal/service/ec2/route_test.go +++ b/internal/service/ec2/route_test.go @@ -734,7 +734,7 @@ func TestAccEC2Route_ipv6ToNatGateway(t *testing.T) { resourceName := "aws_route.test" ngwResourceName := "aws_nat_gateway.test" rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix) - destinationCidr := "::/0" + destinationCidr := "64:ff9b::/96" resource.ParallelTest(t, resource.TestCase{ PreCheck: func() { acctest.PreCheck(t) }, From 136348f12ca0ec8e32d0af04f7bd1161b0fc8ecd Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Tue, 1 Mar 2022 09:59:08 -0500 Subject: [PATCH 4/4] Fix terrafmt error. --- internal/service/ec2/route_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/service/ec2/route_test.go b/internal/service/ec2/route_test.go index 8f633af3215..50c5c78c355 100644 --- a/internal/service/ec2/route_test.go +++ b/internal/service/ec2/route_test.go @@ -3048,7 +3048,7 @@ resource "aws_vpc" "test" { resource "aws_subnet" "test" { vpc_id = aws_vpc.test.id - cidr_block = "10.1.1.0/24" + cidr_block = "10.1.1.0/24" ipv6_cidr_block = cidrsubnet(aws_vpc.test.ipv6_cidr_block, 8, 1) assign_ipv6_address_on_creation = true