From a34f6bbb944ed14f05e7d696d75f34e1904a1888 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Tue, 13 Aug 2024 16:43:51 +0800 Subject: [PATCH 1/2] azurerm_virtual_network_gateway_connection - set ingress_nat_rule_ids in the update operation --- ...ual_network_gateway_connection_resource.go | 2 +- ...etwork_gateway_connection_resource_test.go | 333 ++++++++++++++++++ 2 files changed, 334 insertions(+), 1 deletion(-) diff --git a/internal/services/network/virtual_network_gateway_connection_resource.go b/internal/services/network/virtual_network_gateway_connection_resource.go index 8638551554a0..803d967899e2 100644 --- a/internal/services/network/virtual_network_gateway_connection_resource.go +++ b/internal/services/network/virtual_network_gateway_connection_resource.go @@ -623,7 +623,7 @@ func resourceVirtualNetworkGatewayConnectionUpdate(d *pluginsdk.ResourceData, me } if d.HasChange("ingress_nat_rule_ids") { - payload.Properties.EgressNatRules = expandVirtualNetworkGatewayConnectionNatRuleIds(d.Get("ingress_nat_rule_ids").(*pluginsdk.Set).List()) + payload.Properties.IngressNatRules = expandVirtualNetworkGatewayConnectionNatRuleIds(d.Get("ingress_nat_rule_ids").(*pluginsdk.Set).List()) } if d.HasChange("local_network_gateway_id") { diff --git a/internal/services/network/virtual_network_gateway_connection_resource_test.go b/internal/services/network/virtual_network_gateway_connection_resource_test.go index 1b6347d1b7fa..d9024e94834c 100644 --- a/internal/services/network/virtual_network_gateway_connection_resource_test.go +++ b/internal/services/network/virtual_network_gateway_connection_resource_test.go @@ -1751,3 +1751,336 @@ resource "azurerm_virtual_network_gateway_connection" "test" { } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) } + +func (VirtualNetworkGatewayConnectionResource) withoutIngressNatRules(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-vnetgwconn-%d" + location = "%s" +} + +resource "azurerm_virtual_network" "test" { + name = "acctestvn-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + address_space = ["10.1.0.0/16"] +} + +resource "azurerm_subnet" "test" { + name = "GatewaySubnet" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefixes = ["10.1.1.0/24"] +} + +resource "azurerm_public_ip" "test" { + name = "acctestip-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + allocation_method = "Static" + sku = "Standard" +} + +resource "azurerm_virtual_network_gateway" "test" { + name = "acctestgw-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + type = "Vpn" + vpn_type = "RouteBased" + enable_bgp = true + active_active = false + private_ip_address_enabled = false + sku = "VpnGw2" + generation = "Generation2" + + ip_configuration { + name = "default" + public_ip_address_id = azurerm_public_ip.test.id + private_ip_address_allocation = "Dynamic" + subnet_id = azurerm_subnet.test.id + } + + bgp_settings { + asn = "65000" + + peering_addresses { + ip_configuration_name = "default" + apipa_addresses = [ + "169.254.21.2", + "169.254.22.2" + ] + } + } +} + +resource "azurerm_local_network_gateway" "test" { + name = "acctestlgw-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + gateway_address = "168.62.225.23" + + bgp_settings { + asn = "64512" + bgp_peering_address = "169.254.21.1" + } +} + +data "azurerm_virtual_network_gateway" "test" { + name = azurerm_virtual_network_gateway.test.name + resource_group_name = azurerm_virtual_network_gateway.test.resource_group_name +} + +resource "azurerm_virtual_network_gateway_nat_rule" "test" { + name = "acctestvnetgwegressnatrule-%d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id + mode = "EgressSnat" + type = "Dynamic" + ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id + + external_mapping { + address_space = "10.1.0.0/26" + } + + internal_mapping { + address_space = "10.2.0.0/26" + } +} + +resource "azurerm_virtual_network_gateway_nat_rule" "test4" { + name = "acctestvnetgwegressnatrule-%d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id + mode = "EgressSnat" + type = "Dynamic" + ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id + + external_mapping { + address_space = "10.3.0.0/26" + } + + internal_mapping { + address_space = "10.4.0.0/26" + } +} + +resource "azurerm_virtual_network_gateway_connection" "test" { + name = "acctestgwc-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + local_azure_ip_address_enabled = false + type = "IPsec" + connection_protocol = "IKEv2" + enable_bgp = true + dpd_timeout_seconds = 45 + virtual_network_gateway_id = azurerm_virtual_network_gateway.test.id + local_network_gateway_id = azurerm_local_network_gateway.test.id + egress_nat_rule_ids = [azurerm_virtual_network_gateway_nat_rule.test.id, azurerm_virtual_network_gateway_nat_rule.test4.id] + shared_key = "4-v3ry-53cr37-1p53c-5h4r3d-k3y" + + custom_bgp_addresses { + primary = "169.254.21.2" + } + + ipsec_policy { + dh_group = "DHGroup14" + ike_encryption = "AES256" + ike_integrity = "SHA256" + ipsec_encryption = "AES256" + ipsec_integrity = "SHA256" + pfs_group = "None" + sa_lifetime = "3600" + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) +} + +func (VirtualNetworkGatewayConnectionResource) withIngressNatRules(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-vnetgwconn-%d" + location = "%s" +} + +resource "azurerm_virtual_network" "test" { + name = "acctestvn-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + address_space = ["10.1.0.0/16"] +} + +resource "azurerm_subnet" "test" { + name = "GatewaySubnet" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefixes = ["10.1.1.0/24"] +} + +resource "azurerm_public_ip" "test" { + name = "acctestip-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + allocation_method = "Static" + sku = "Standard" +} + +resource "azurerm_virtual_network_gateway" "test" { + name = "acctestgw-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + type = "Vpn" + vpn_type = "RouteBased" + enable_bgp = true + active_active = false + private_ip_address_enabled = false + sku = "VpnGw2" + generation = "Generation2" + + ip_configuration { + name = "default" + public_ip_address_id = azurerm_public_ip.test.id + private_ip_address_allocation = "Dynamic" + subnet_id = azurerm_subnet.test.id + } + + bgp_settings { + asn = "65000" + + peering_addresses { + ip_configuration_name = "default" + apipa_addresses = [ + "169.254.21.2", + "169.254.22.2" + ] + } + } +} + +resource "azurerm_local_network_gateway" "test" { + name = "acctestlgw-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + + gateway_address = "168.62.225.23" + + bgp_settings { + asn = "64512" + bgp_peering_address = "169.254.21.1" + } +} + +data "azurerm_virtual_network_gateway" "test" { + name = azurerm_virtual_network_gateway.test.name + resource_group_name = azurerm_virtual_network_gateway.test.resource_group_name +} + +resource "azurerm_virtual_network_gateway_nat_rule" "test" { + name = "acctestvnetgwegressnatrule-%d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id + mode = "EgressSnat" + type = "Dynamic" + ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id + + external_mapping { + address_space = "10.1.0.0/26" + } + + internal_mapping { + address_space = "10.2.0.0/26" + } +} + +resource "azurerm_virtual_network_gateway_nat_rule" "test4" { + name = "acctestvnetgwegressnatrule-%d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id + mode = "EgressSnat" + type = "Dynamic" + ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id + + external_mapping { + address_space = "10.3.0.0/26" + } + + internal_mapping { + address_space = "10.4.0.0/26" + } +} + +resource "azurerm_virtual_network_gateway_nat_rule" "test2" { + name = "acctestvnetgwingressnatrule-%d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id + mode = "IngressSnat" + type = "Dynamic" + ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id + + external_mapping { + address_space = "10.7.0.0/26" + } + + internal_mapping { + address_space = "10.8.0.0/26" + } +} + +resource "azurerm_virtual_network_gateway_nat_rule" "test3" { + name = "acctestvnetgwingressnatrule-%d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_gateway_id = data.azurerm_virtual_network_gateway.test.id + mode = "IngressSnat" + type = "Dynamic" + ip_configuration_id = data.azurerm_virtual_network_gateway.test.ip_configuration.0.id + + external_mapping { + address_space = "10.9.0.0/26" + } + + internal_mapping { + address_space = "10.10.0.0/26" + } +} + +resource "azurerm_virtual_network_gateway_connection" "test" { + name = "acctestgwc-%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + local_azure_ip_address_enabled = false + type = "IPsec" + connection_protocol = "IKEv2" + enable_bgp = true + dpd_timeout_seconds = 45 + virtual_network_gateway_id = azurerm_virtual_network_gateway.test.id + local_network_gateway_id = azurerm_local_network_gateway.test.id + egress_nat_rule_ids = [azurerm_virtual_network_gateway_nat_rule.test.id, azurerm_virtual_network_gateway_nat_rule.test4.id] + ingress_nat_rule_ids = [azurerm_virtual_network_gateway_nat_rule.test2.id, azurerm_virtual_network_gateway_nat_rule.test3.id] + shared_key = "4-v3ry-53cr37-1p53c-5h4r3d-k3y" + + custom_bgp_addresses { + primary = "169.254.21.2" + } + + ipsec_policy { + dh_group = "DHGroup14" + ike_encryption = "AES256" + ike_integrity = "SHA256" + ipsec_encryption = "AES256" + ipsec_integrity = "SHA256" + pfs_group = "None" + sa_lifetime = "3600" + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) +} From 1ec7b32153e6c30e6704933d0366b43ddcca5470 Mon Sep 17 00:00:00 2001 From: neil-yechenwei Date: Tue, 13 Aug 2024 16:53:48 +0800 Subject: [PATCH 2/2] add tc --- ...etwork_gateway_connection_resource_test.go | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/internal/services/network/virtual_network_gateway_connection_resource_test.go b/internal/services/network/virtual_network_gateway_connection_resource_test.go index d9024e94834c..7e4dd9d3d7e5 100644 --- a/internal/services/network/virtual_network_gateway_connection_resource_test.go +++ b/internal/services/network/virtual_network_gateway_connection_resource_test.go @@ -297,6 +297,28 @@ func TestAccVirtualNetworkGatewayConnection_natRuleIds(t *testing.T) { }) } +func TestAccVirtualNetworkGatewayConnection_ingressNatRules(t *testing.T) { + data := acceptance.BuildTestData(t, "azurerm_virtual_network_gateway_connection", "test") + r := VirtualNetworkGatewayConnectionResource{} + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.withoutIngressNatRules(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.withIngressNatRules(data), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) +} + func (t VirtualNetworkGatewayConnectionResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { id, err := virtualnetworkgatewayconnections.ParseConnectionID(state.ID) if err != nil {