Skip to content

Commit

Permalink
azurerm_virtual_network_gateway_connection - set `ingress_nat_rule_…
Browse files Browse the repository at this point in the history
…ids` in the update operation (#27022)

* azurerm_virtual_network_gateway_connection - set ingress_nat_rule_ids in the update operation

* add tc
  • Loading branch information
neil-yechenwei authored Aug 13, 2024
1 parent abe7e8d commit 745ee0f
Show file tree
Hide file tree
Showing 2 changed files with 356 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -623,7 +623,7 @@ func resourceVirtualNetworkGatewayConnectionUpdate(d *pluginsdk.ResourceData, me
}

if d.HasChange("ingress_nat_rule_ids") {
payload.Properties.EgressNatRules = expandVirtualNetworkGatewayConnectionNatRuleIds(d.Get("ingress_nat_rule_ids").(*pluginsdk.Set).List())
payload.Properties.IngressNatRules = expandVirtualNetworkGatewayConnectionNatRuleIds(d.Get("ingress_nat_rule_ids").(*pluginsdk.Set).List())
}

if d.HasChange("local_network_gateway_id") {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -297,6 +297,28 @@ func TestAccVirtualNetworkGatewayConnection_natRuleIds(t *testing.T) {
})
}

func TestAccVirtualNetworkGatewayConnection_ingressNatRules(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_virtual_network_gateway_connection", "test")
r := VirtualNetworkGatewayConnectionResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.withoutIngressNatRules(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
{
Config: r.withIngressNatRules(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
})
}

func (t VirtualNetworkGatewayConnectionResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
id, err := virtualnetworkgatewayconnections.ParseConnectionID(state.ID)
if err != nil {
Expand Down Expand Up @@ -1751,3 +1773,336 @@ resource "azurerm_virtual_network_gateway_connection" "test" {
}
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger)
}

func (VirtualNetworkGatewayConnectionResource) withoutIngressNatRules(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "test" {
name = "acctestRG-vnetgwconn-%d"
location = "%s"
}
resource "azurerm_virtual_network" "test" {
name = "acctestvn-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
address_space = ["10.1.0.0/16"]
}
resource "azurerm_subnet" "test" {
name = "GatewaySubnet"
resource_group_name = azurerm_resource_group.test.name
virtual_network_name = azurerm_virtual_network.test.name
address_prefixes = ["10.1.1.0/24"]
}
resource "azurerm_public_ip" "test" {
name = "acctestip-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_virtual_network_gateway" "test" {
name = "acctestgw-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
type = "Vpn"
vpn_type = "RouteBased"
enable_bgp = true
active_active = false
private_ip_address_enabled = false
sku = "VpnGw2"
generation = "Generation2"
ip_configuration {
name = "default"
public_ip_address_id = azurerm_public_ip.test.id
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.test.id
}
bgp_settings {
asn = "65000"
peering_addresses {
ip_configuration_name = "default"
apipa_addresses = [
"169.254.21.2",
"169.254.22.2"
]
}
}
}
resource "azurerm_local_network_gateway" "test" {
name = "acctestlgw-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
gateway_address = "168.62.225.23"
bgp_settings {
asn = "64512"
bgp_peering_address = "169.254.21.1"
}
}
data "azurerm_virtual_network_gateway" "test" {
name = azurerm_virtual_network_gateway.test.name
resource_group_name = azurerm_virtual_network_gateway.test.resource_group_name
}
resource "azurerm_virtual_network_gateway_nat_rule" "test" {
name = "acctestvnetgwegressnatrule-%d"
resource_group_name = azurerm_resource_group.test.name
virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id
mode = "EgressSnat"
type = "Dynamic"
ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id
external_mapping {
address_space = "10.1.0.0/26"
}
internal_mapping {
address_space = "10.2.0.0/26"
}
}
resource "azurerm_virtual_network_gateway_nat_rule" "test4" {
name = "acctestvnetgwegressnatrule-%d"
resource_group_name = azurerm_resource_group.test.name
virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id
mode = "EgressSnat"
type = "Dynamic"
ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id
external_mapping {
address_space = "10.3.0.0/26"
}
internal_mapping {
address_space = "10.4.0.0/26"
}
}
resource "azurerm_virtual_network_gateway_connection" "test" {
name = "acctestgwc-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
local_azure_ip_address_enabled = false
type = "IPsec"
connection_protocol = "IKEv2"
enable_bgp = true
dpd_timeout_seconds = 45
virtual_network_gateway_id = azurerm_virtual_network_gateway.test.id
local_network_gateway_id = azurerm_local_network_gateway.test.id
egress_nat_rule_ids = [azurerm_virtual_network_gateway_nat_rule.test.id, azurerm_virtual_network_gateway_nat_rule.test4.id]
shared_key = "4-v3ry-53cr37-1p53c-5h4r3d-k3y"
custom_bgp_addresses {
primary = "169.254.21.2"
}
ipsec_policy {
dh_group = "DHGroup14"
ike_encryption = "AES256"
ike_integrity = "SHA256"
ipsec_encryption = "AES256"
ipsec_integrity = "SHA256"
pfs_group = "None"
sa_lifetime = "3600"
}
}
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger)
}

func (VirtualNetworkGatewayConnectionResource) withIngressNatRules(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "test" {
name = "acctestRG-vnetgwconn-%d"
location = "%s"
}
resource "azurerm_virtual_network" "test" {
name = "acctestvn-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
address_space = ["10.1.0.0/16"]
}
resource "azurerm_subnet" "test" {
name = "GatewaySubnet"
resource_group_name = azurerm_resource_group.test.name
virtual_network_name = azurerm_virtual_network.test.name
address_prefixes = ["10.1.1.0/24"]
}
resource "azurerm_public_ip" "test" {
name = "acctestip-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_virtual_network_gateway" "test" {
name = "acctestgw-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
type = "Vpn"
vpn_type = "RouteBased"
enable_bgp = true
active_active = false
private_ip_address_enabled = false
sku = "VpnGw2"
generation = "Generation2"
ip_configuration {
name = "default"
public_ip_address_id = azurerm_public_ip.test.id
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.test.id
}
bgp_settings {
asn = "65000"
peering_addresses {
ip_configuration_name = "default"
apipa_addresses = [
"169.254.21.2",
"169.254.22.2"
]
}
}
}
resource "azurerm_local_network_gateway" "test" {
name = "acctestlgw-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
gateway_address = "168.62.225.23"
bgp_settings {
asn = "64512"
bgp_peering_address = "169.254.21.1"
}
}
data "azurerm_virtual_network_gateway" "test" {
name = azurerm_virtual_network_gateway.test.name
resource_group_name = azurerm_virtual_network_gateway.test.resource_group_name
}
resource "azurerm_virtual_network_gateway_nat_rule" "test" {
name = "acctestvnetgwegressnatrule-%d"
resource_group_name = azurerm_resource_group.test.name
virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id
mode = "EgressSnat"
type = "Dynamic"
ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id
external_mapping {
address_space = "10.1.0.0/26"
}
internal_mapping {
address_space = "10.2.0.0/26"
}
}
resource "azurerm_virtual_network_gateway_nat_rule" "test4" {
name = "acctestvnetgwegressnatrule-%d"
resource_group_name = azurerm_resource_group.test.name
virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id
mode = "EgressSnat"
type = "Dynamic"
ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id
external_mapping {
address_space = "10.3.0.0/26"
}
internal_mapping {
address_space = "10.4.0.0/26"
}
}
resource "azurerm_virtual_network_gateway_nat_rule" "test2" {
name = "acctestvnetgwingressnatrule-%d"
resource_group_name = azurerm_resource_group.test.name
virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id
mode = "IngressSnat"
type = "Dynamic"
ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id
external_mapping {
address_space = "10.7.0.0/26"
}
internal_mapping {
address_space = "10.8.0.0/26"
}
}
resource "azurerm_virtual_network_gateway_nat_rule" "test3" {
name = "acctestvnetgwingressnatrule-%d"
resource_group_name = azurerm_resource_group.test.name
virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id
mode = "IngressSnat"
type = "Dynamic"
ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id
external_mapping {
address_space = "10.9.0.0/26"
}
internal_mapping {
address_space = "10.10.0.0/26"
}
}
resource "azurerm_virtual_network_gateway_connection" "test" {
name = "acctestgwc-%d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
local_azure_ip_address_enabled = false
type = "IPsec"
connection_protocol = "IKEv2"
enable_bgp = true
dpd_timeout_seconds = 45
virtual_network_gateway_id = azurerm_virtual_network_gateway.test.id
local_network_gateway_id = azurerm_local_network_gateway.test.id
egress_nat_rule_ids = [azurerm_virtual_network_gateway_nat_rule.test.id, azurerm_virtual_network_gateway_nat_rule.test4.id]
ingress_nat_rule_ids = [azurerm_virtual_network_gateway_nat_rule.test2.id, azurerm_virtual_network_gateway_nat_rule.test3.id]
shared_key = "4-v3ry-53cr37-1p53c-5h4r3d-k3y"
custom_bgp_addresses {
primary = "169.254.21.2"
}
ipsec_policy {
dh_group = "DHGroup14"
ike_encryption = "AES256"
ike_integrity = "SHA256"
ipsec_encryption = "AES256"
ipsec_integrity = "SHA256"
pfs_group = "None"
sa_lifetime = "3600"
}
}
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger)
}

0 comments on commit 745ee0f

Please sign in to comment.