From 542ba6a3b891d6e1b2060785a30d60475ba672e4 Mon Sep 17 00:00:00 2001 From: Erik Engberg Date: Wed, 6 Mar 2024 14:55:19 +0100 Subject: [PATCH 1/3] resource/aws_vpn_connection: Fixes CIDR validation for inside_ipv6_cidr fields --- internal/service/ec2/vpnsite_connection.go | 2 +- internal/service/ec2/vpnsite_connection_test.go | 12 ++++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/internal/service/ec2/vpnsite_connection.go b/internal/service/ec2/vpnsite_connection.go index e34dd9e768b..b13870b919b 100644 --- a/internal/service/ec2/vpnsite_connection.go +++ b/internal/service/ec2/vpnsite_connection.go @@ -1696,7 +1696,7 @@ func validVPNConnectionTunnelInsideCIDR() schema.SchemaValidateFunc { func validVPNConnectionTunnelInsideIPv6CIDR() schema.SchemaValidateFunc { return validation.All( validation.IsCIDRNetwork(126, 126), - validation.StringMatch(regexache.MustCompile(`^fd00:`), "must be within fd00::/8"), + validation.StringMatch(regexache.MustCompile(`^fd`), "must be within fd00::/8"), ) } diff --git a/internal/service/ec2/vpnsite_connection_test.go b/internal/service/ec2/vpnsite_connection_test.go index 00d94ef910e..109cb929555 100644 --- a/internal/service/ec2/vpnsite_connection_test.go +++ b/internal/service/ec2/vpnsite_connection_test.go @@ -473,11 +473,19 @@ func TestAccSiteVPNConnection_tunnel1InsideIPv6CIDR(t *testing.T) { CheckDestroy: testAccCheckVPNConnectionDestroy(ctx), Steps: []resource.TestStep{ { - Config: testAccSiteVPNConnectionConfig_tunnel1InsideIPv6CIDR(rName, rBgpAsn, "fd00:2001:db8:2:2d1:81ff:fe41:d200/126", "fd00:2001:db8:2:2d1:81ff:fe41:d204/126"), + Config: testAccSiteVPNConnectionConfig_tunnel1InsideIPv6CIDR(rName, rBgpAsn, "fd00:2001:db8::1:0/125", "fd00:2001:db8::2:0/125"), + ExpectError: regexache.MustCompile(`expected "\w+" to contain a network Value with between 126 and 126 significant bits`), + }, + { + Config: testAccSiteVPNConnectionConfig_tunnel1InsideIPv6CIDR(rName, rBgpAsn, "fcff:2001:db8:2:2d1:81ff:fe41:d200/126", "fcff:2001:db8:2:2d1:81ff:fe41:0/126"), + ExpectError: regexache.MustCompile(`must be within fd00::/8`), + }, + { + Config: testAccSiteVPNConnectionConfig_tunnel1InsideIPv6CIDR(rName, rBgpAsn, "fd00:2001:db8:2:2d1:81ff:fe41:d200/126", "fdff:2001:db8:2:2d1:81ff:fe41:d204/126"), Check: resource.ComposeAggregateTestCheckFunc( testAccVPNConnectionExists(ctx, resourceName, &vpn), resource.TestCheckResourceAttr(resourceName, "tunnel1_inside_ipv6_cidr", "fd00:2001:db8:2:2d1:81ff:fe41:d200/126"), - resource.TestCheckResourceAttr(resourceName, "tunnel2_inside_ipv6_cidr", "fd00:2001:db8:2:2d1:81ff:fe41:d204/126"), + resource.TestCheckResourceAttr(resourceName, "tunnel2_inside_ipv6_cidr", "fdff:2001:db8:2:2d1:81ff:fe41:d204/126"), ), }, // NOTE: Import does not currently have access to the Terraform configuration, From f4815b43b37fdd56715e216e1acb5f7cac3b8f38 Mon Sep 17 00:00:00 2001 From: Erik Engberg Date: Wed, 6 Mar 2024 15:01:17 +0100 Subject: [PATCH 2/3] Adds CHANGELOG entry --- .changelog/36236.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/36236.txt diff --git a/.changelog/36236.txt b/.changelog/36236.txt new file mode 100644 index 00000000000..4ac322b95a3 --- /dev/null +++ b/.changelog/36236.txt @@ -0,0 +1,3 @@ +```release-note:bug +resource/aws_vpn_connection: Correctly validates `tunnel1_inside_ipv6_cidr` and `tunnel2_inside_ipv6_cidr` are in `fd00::/8`. +``` From 838fa67eac2f2e44134c0c3f1e2d29a1c86dd98b Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Mon, 11 Mar 2024 11:33:18 -0400 Subject: [PATCH 3/3] Update 36236.txt --- .changelog/36236.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changelog/36236.txt b/.changelog/36236.txt index 4ac322b95a3..2d593d542bb 100644 --- a/.changelog/36236.txt +++ b/.changelog/36236.txt @@ -1,3 +1,3 @@ ```release-note:bug -resource/aws_vpn_connection: Correctly validates `tunnel1_inside_ipv6_cidr` and `tunnel2_inside_ipv6_cidr` are in `fd00::/8`. +resource/aws_vpn_connection: Correct plan-time validation of `tunnel1_inside_ipv6_cidr` and `tunnel2_inside_ipv6_cidr` ```