diff --git a/internal/services/network/virtual_network_gateway_connection_resource.go b/internal/services/network/virtual_network_gateway_connection_resource.go index 4c9f4bfbc..5d3ff9769 100644 --- a/internal/services/network/virtual_network_gateway_connection_resource.go +++ b/internal/services/network/virtual_network_gateway_connection_resource.go @@ -59,7 +59,6 @@ func virtualNetworkGatewayConnection() *pluginsdk.Resource { ValidateFunc: validation.StringInSlice([]string{ string(network.ExpressRoute), string(network.IPsec), - string(network.Vnet2Vnet), }, true), DiffSuppressFunc: suppress.CaseDifference, }, @@ -155,6 +154,8 @@ func virtualNetworkGatewayConnection() *pluginsdk.Resource { string(network.AES256), string(network.DES), string(network.DES3), + string(network.GCMAES128), + string(network.GCMAES256), }, true), }, @@ -210,9 +211,11 @@ func virtualNetworkGatewayConnection() *pluginsdk.Resource { string(network.PfsGroupECP384), string(network.PfsGroupNone), string(network.PfsGroupPFS1), + string(network.PfsGroupPFS14), string(network.PfsGroupPFS2), string(network.PfsGroupPFS2048), string(network.PfsGroupPFS24), + string(network.PfsGroupPFSMM), }, true), }, diff --git a/internal/services/network/virtual_network_gateway_connection_resource_test.go b/internal/services/network/virtual_network_gateway_connection_resource_test.go index e6d387041..78396ca32 100644 --- a/internal/services/network/virtual_network_gateway_connection_resource_test.go +++ b/internal/services/network/virtual_network_gateway_connection_resource_test.go @@ -6,6 +6,7 @@ import ( "testing" "github.com/hashicorp/go-azure-helpers/lang/pointer" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" "github.com/hashicorp/terraform-provider-azurestack/internal/clients" "github.com/hashicorp/terraform-provider-azurestack/internal/tf/acceptance" "github.com/hashicorp/terraform-provider-azurestack/internal/tf/acceptance/check" @@ -62,25 +63,6 @@ func TestAccVirtualNetworkGatewayConnection_sitetositeWithoutSharedKey(t *testin }) } -func TestAccVirtualNetworkGatewayConnection_vnettonet(t *testing.T) { - data1 := acceptance.BuildTestData(t, "azurestack_virtual_network_gateway_connection", "test_1") - data2 := acceptance.BuildTestData(t, "azurestack_virtual_network_gateway_connection", "test_2") - r := VirtualNetworkGatewayConnectionResource{} - - sharedKey := "4-v3ry-53cr37-1p53c-5h4r3d-k3y" - - data1.ResourceTest(t, r, []acceptance.TestStep{ - { - Config: r.vnettovnet(data1, data2.RandomInteger, sharedKey), - Check: acceptance.ComposeTestCheckFunc( - check.That(data1.ResourceName).ExistsInAzure(r), - acceptance.TestCheckResourceAttr(data1.ResourceName, "shared_key", sharedKey), - acceptance.TestCheckResourceAttr(data2.ResourceName, "shared_key", sharedKey), - ), - }, - }) -} - func TestAccVirtualNetworkGatewayConnection_ipsecpolicy(t *testing.T) { data := acceptance.BuildTestData(t, "azurestack_virtual_network_gateway_connection", "test") r := VirtualNetworkGatewayConnectionResource{} @@ -95,36 +77,6 @@ func TestAccVirtualNetworkGatewayConnection_ipsecpolicy(t *testing.T) { }) } -func TestAccVirtualNetworkGatewayConnection_updatingSharedKey(t *testing.T) { - data1 := acceptance.BuildTestData(t, "azurestack_virtual_network_gateway_connection", "test_1") - data2 := acceptance.BuildTestData(t, "azurestack_virtual_network_gateway_connection", "test_2") - r := VirtualNetworkGatewayConnectionResource{} - - firstSharedKey := "4-v3ry-53cr37-1p53c-5h4r3d-k3y" - secondSharedKey := "4-r33ly-53cr37-1p53c-5h4r3d-k3y" - - data1.ResourceTest(t, r, []acceptance.TestStep{ - { - Config: r.vnettovnet(data1, data2.RandomInteger, firstSharedKey), - Check: acceptance.ComposeTestCheckFunc( - check.That(data1.ResourceName).ExistsInAzure(r), - check.That(data2.ResourceName).ExistsInAzure(r), - acceptance.TestCheckResourceAttr(data1.ResourceName, "shared_key", firstSharedKey), - acceptance.TestCheckResourceAttr(data2.ResourceName, "shared_key", firstSharedKey), - ), - }, - { - Config: r.vnettovnet(data1, data2.RandomInteger, secondSharedKey), - Check: acceptance.ComposeTestCheckFunc( - check.That(data1.ResourceName).ExistsInAzure(r), - check.That(data2.ResourceName).ExistsInAzure(r), - acceptance.TestCheckResourceAttr(data1.ResourceName, "shared_key", secondSharedKey), - acceptance.TestCheckResourceAttr(data2.ResourceName, "shared_key", secondSharedKey), - ), - }, - }) -} - func (t VirtualNetworkGatewayConnectionResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { gatewayName := state.Attributes["name"] resourceGroup := state.Attributes["resource_group_name"] @@ -191,7 +143,7 @@ resource "azurestack_local_network_gateway" "test" { location = azurestack_resource_group.test.location resource_group_name = azurestack_resource_group.test.name - gateway_address = "168.62.225.23" + gateway_address = "168.62.225.%d" address_space = ["10.1.1.0/24"] } @@ -206,7 +158,7 @@ resource "azurestack_virtual_network_gateway_connection" "test" { shared_key = "4-v3ry-53cr37-1p53c-5h4r3d-k3y" } -`, data.RandomInteger, data.Locations.Primary) +`, data.RandomInteger, data.Locations.Primary, acctest.RandIntRange(2, 253)) } func (VirtualNetworkGatewayConnectionResource) sitetositeWithoutSharedKey(data acceptance.TestData) string { @@ -263,7 +215,7 @@ resource "azurestack_local_network_gateway" "test" { location = azurestack_resource_group.test.location resource_group_name = azurestack_resource_group.test.name - gateway_address = "168.62.225.23" + gateway_address = "168.62.225.%d" address_space = ["10.1.1.0/24"] } @@ -276,7 +228,7 @@ resource "azurestack_virtual_network_gateway_connection" "test" { virtual_network_gateway_id = azurestack_virtual_network_gateway.test.id local_network_gateway_id = azurestack_local_network_gateway.test.id } -`, data.RandomInteger, data.Locations.Primary) +`, data.RandomInteger, data.Locations.Primary, acctest.RandIntRange(2, 253)) } func (r VirtualNetworkGatewayConnectionResource) requiresImport(data acceptance.TestData) string { @@ -295,132 +247,6 @@ resource "azurestack_virtual_network_gateway_connection" "import" { `, r.sitetosite(data)) } -func (VirtualNetworkGatewayConnectionResource) vnettovnet(data acceptance.TestData, rInt2 int, sharedKey string) string { - return fmt.Sprintf(` -variable "random1" { - default = "%d" -} - -variable "random2" { - default = "%d" -} - -variable "shared_key" { - default = "%s" -} - -resource "azurestack_resource_group" "test_1" { - name = "acctestRG-${var.random1}" - location = "%s" -} - -resource "azurestack_virtual_network" "test_1" { - name = "acctestvn-${var.random1}" - location = azurestack_resource_group.test_1.location - resource_group_name = azurestack_resource_group.test_1.name - address_space = ["10.0.0.0/16"] -} - -resource "azurestack_subnet" "test_1" { - name = "GatewaySubnet" - resource_group_name = azurestack_resource_group.test_1.name - virtual_network_name = azurestack_virtual_network.test_1.name - address_prefix = "10.0.1.0/24" -} - -resource "azurestack_public_ip" "test_1" { - name = "acctest-${var.random1}" - location = azurestack_resource_group.test_1.location - resource_group_name = azurestack_resource_group.test_1.name - allocation_method = "Dynamic" -} - -resource "azurestack_virtual_network_gateway" "test_1" { - name = "acctest-${var.random1}" - location = azurestack_resource_group.test_1.location - resource_group_name = azurestack_resource_group.test_1.name - - type = "Vpn" - vpn_type = "RouteBased" - sku = "Basic" - - ip_configuration { - name = "vnetGatewayConfig" - public_ip_address_id = azurestack_public_ip.test_1.id - private_ip_address_allocation = "Dynamic" - subnet_id = azurestack_subnet.test_1.id - } -} - -resource "azurestack_virtual_network_gateway_connection" "test_1" { - name = "acctest-${var.random1}" - location = azurestack_resource_group.test_1.location - resource_group_name = azurestack_resource_group.test_1.name - - type = "Vnet2Vnet" - virtual_network_gateway_id = azurestack_virtual_network_gateway.test_1.id - peer_virtual_network_gateway_id = azurestack_virtual_network_gateway.test_2.id - - shared_key = var.shared_key -} - -resource "azurestack_resource_group" "test_2" { - name = "acctestRG-${var.random2}" - location = "%s" -} - -resource "azurestack_virtual_network" "test_2" { - name = "acctest-${var.random2}" - location = azurestack_resource_group.test_2.location - resource_group_name = azurestack_resource_group.test_2.name - address_space = ["10.1.0.0/16"] -} - -resource "azurestack_subnet" "test_2" { - name = "GatewaySubnet" - resource_group_name = azurestack_resource_group.test_2.name - virtual_network_name = azurestack_virtual_network.test_2.name - address_prefix = "10.1.1.0/24" -} - -resource "azurestack_public_ip" "test_2" { - name = "acctest-${var.random2}" - location = azurestack_resource_group.test_2.location - resource_group_name = azurestack_resource_group.test_2.name - allocation_method = "Dynamic" -} - -resource "azurestack_virtual_network_gateway" "test_2" { - name = "acctest-${var.random2}" - location = azurestack_resource_group.test_2.location - resource_group_name = azurestack_resource_group.test_2.name - - type = "Vpn" - vpn_type = "RouteBased" - sku = "Basic" - - ip_configuration { - name = "vnetGatewayConfig" - public_ip_address_id = azurestack_public_ip.test_2.id - private_ip_address_allocation = "Dynamic" - subnet_id = azurestack_subnet.test_2.id - } -} - -resource "azurestack_virtual_network_gateway_connection" "test_2" { - name = "acctest-${var.random2}" - location = azurestack_resource_group.test_2.location - resource_group_name = azurestack_resource_group.test_2.name - - type = "Vnet2Vnet" - virtual_network_gateway_id = azurestack_virtual_network_gateway.test_2.id - peer_virtual_network_gateway_id = azurestack_virtual_network_gateway.test_1.id - - shared_key = var.shared_key -} -`, data.RandomInteger, rInt2, sharedKey, data.Locations.Primary, data.Locations.Secondary) -} - func (VirtualNetworkGatewayConnectionResource) ipsecpolicy(data acceptance.TestData) string { return fmt.Sprintf(` variable "random" { @@ -460,7 +286,7 @@ resource "azurestack_virtual_network_gateway" "test" { type = "Vpn" vpn_type = "RouteBased" - sku = "VpnGw1" + sku = "Standard" ip_configuration { name = "vnetGatewayConfig" @@ -475,7 +301,7 @@ resource "azurestack_local_network_gateway" "test" { location = azurestack_resource_group.test.location resource_group_name = azurestack_resource_group.test.name - gateway_address = "168.62.225.23" + gateway_address = "168.62.225.%d" address_space = ["10.1.1.0/24"] } @@ -504,5 +330,5 @@ resource "azurestack_virtual_network_gateway_connection" "test" { shared_key = "4-v3ry-53cr37-1p53c-5h4r3d-k3y" } -`, data.RandomInteger, data.Locations.Primary) +`, data.RandomInteger, data.Locations.Primary, acctest.RandIntRange(2, 253)) } diff --git a/website/docs/r/virtual_network_gateway_connection.html.markdown b/website/docs/r/virtual_network_gateway_connection.html.markdown index 7ba6299a4..804db7dd5 100644 --- a/website/docs/r/virtual_network_gateway_connection.html.markdown +++ b/website/docs/r/virtual_network_gateway_connection.html.markdown @@ -90,110 +90,66 @@ The following example shows a connection between two Azure virtual network in different locations/regions. ```hcl -resource "azurestack_resource_group" "us" { +resource "azurestack_resource_group" "example" { name = "us" location = "East US" } -resource "azurestack_virtual_network" "us" { - name = "us" - location = azurestack_resource_group.us.location - resource_group_name = azurestack_resource_group.us.name +resource "azurestack_virtual_network" "example" { + name = "example" + location = azurestack_resource_group.example.location + resource_group_name = azurestack_resource_group.example.name address_space = ["10.0.0.0/16"] } -resource "azurestack_subnet" "us_gateway" { +resource "azurestack_subnet" "example" { name = "GatewaySubnet" - resource_group_name = azurestack_resource_group.us.name - virtual_network_name = azurestack_virtual_network.us.name + resource_group_name = azurestack_resource_group.example.name + virtual_network_name = azurestack_virtual_network.example.name address_prefix = "10.0.1.0/24" } -resource "azurestack_public_ip" "us" { - name = "us" - location = azurestack_resource_group.us.location - resource_group_name = azurestack_resource_group.us.name - public_ip_address_allocation = "Dynamic" -} - -resource "azurestack_virtual_network_gateway" "us" { - name = "us-gateway" - location = azurestack_resource_group.us.location - resource_group_name = azurestack_resource_group.us.name - - type = "Vpn" - vpn_type = "RouteBased" - sku = "Basic" - - ip_configuration { - public_ip_address_id = azurestack_public_ip.us.id - private_ip_address_allocation = "Dynamic" - subnet_id = azurestack_subnet.us_gateway.id - } -} - -resource "azurestack_resource_group" "europe" { - name = "europe" - location = "West Europe" -} - -resource "azurestack_virtual_network" "europe" { - name = "europe" - location = azurestack_resource_group.europe.location - resource_group_name = azurestack_resource_group.europe.name - address_space = ["10.1.0.0/16"] -} - -resource "azurestack_subnet" "europe_gateway" { - name = "GatewaySubnet" - resource_group_name = azurestack_resource_group.europe.name - virtual_network_name = azurestack_virtual_network.europe.name - address_prefix = "10.1.1.0/24" +resource "azurestack_public_ip" "example" { + name = "example" + location = azurestack_resource_group.example.location + resource_group_name = azurestack_resource_group.example.name + allocation_method = "Dynamic" } -resource "azurestack_public_ip" "europe" { - name = "europe" - location = azurestack_resource_group.europe.location - resource_group_name = azurestack_resource_group.europe.name - public_ip_address_allocation = "Dynamic" -} - -resource "azurestack_virtual_network_gateway" "europe" { - name = "europe-gateway" - location = azurestack_resource_group.europe.location - resource_group_name = azurestack_resource_group.europe.name +resource "azurestack_virtual_network_gateway" "example" { + name = "example" + location = azurestack_resource_group.example.location + resource_group_name = azurestack_resource_group.example.name type = "Vpn" vpn_type = "RouteBased" sku = "Basic" ip_configuration { - public_ip_address_id = azurestack_public_ip.europe.id + name = "vnetGatewayConfig" + public_ip_address_id = azurestack_public_ip.example.id private_ip_address_allocation = "Dynamic" - subnet_id = azurestack_subnet.europe_gateway.id + subnet_id = azurestack_subnet.example.id } } -resource "azurestack_virtual_network_gateway_connection" "us_to_europe" { - name = "us-to-europe" - location = azurestack_resource_group.us.location - resource_group_name = azurestack_resource_group.us.name +resource "azurestack_local_network_gateway" "example" { + name = "example" + location = azurestack_resource_group.example.location + resource_group_name = azurestack_resource_group.example.name - type = "Vnet2Vnet" - virtual_network_gateway_id = azurestack_virtual_network_gateway.us.id - peer_virtual_network_gateway_id = azurestack_virtual_network_gateway.europe.id - - shared_key = "4-v3ry-53cr37-1p53c-5h4r3d-k3y" + gateway_address = "168.62.225.12" + address_space = ["10.1.1.0/24"] } -resource "azurestack_virtual_network_gateway_connection" "europe_to_us" { - name = "europe-to-us" - location = azurestack_resource_group.europe.location - resource_group_name = azurestack_resource_group.europe.name +resource "azurestack_virtual_network_gateway_connection" "test" { + name = "example" + location = azurestack_resource_group.example.location + resource_group_name = azurestack_resource_group.example.name - type = "Vnet2Vnet" - virtual_network_gateway_id = azurestack_virtual_network_gateway.europe.id - peer_virtual_network_gateway_id = azurestack_virtual_network_gateway.us.id + type = "IPsec" + virtual_network_gateway_id = azurestack_virtual_network_gateway.example.id + local_network_gateway_id = azurestack_local_network_gateway.example.id shared_key = "4-v3ry-53cr37-1p53c-5h4r3d-k3y" } @@ -213,7 +169,7 @@ The following arguments are supported: located. Changing this forces a new resource to be created. * `type` - (Required) The type of connection. Valid options are `IPsec` - (Site-to-Site), `ExpressRoute` (ExpressRoute), and `Vnet2Vnet` (VNet-to-VNet). + (Site-to-Site), `ExpressRoute` (ExpressRoute). Each connection type requires different mandatory arguments (refer to the examples above). Changing the connection type will force a new connection to be created.