From 13e9b878907e15f4c3deb7ab1b3ad7f14fcc5025 Mon Sep 17 00:00:00 2001
From: Brian Flad <bflad417@gmail.com>
Date: Tue, 4 Dec 2018 22:31:26 -0500
Subject: [PATCH] resource/aws_vpc: Set ipv6_association_id and ipv6_cidr_block
 attributes as updated for assign_generated_ipv6_cidr_block updates

Previously:

```
--- FAIL: TestAccAWSNetworkAclRule_ipv6VpcAssignGeneratedIpv6CidrBlockUpdate (36.59s)
    testing.go:538: Step 1 error: Error applying: 1 error occurred:
        	* aws_network_acl_rule.test: aws_network_acl_rule.test: diffs didn't match during apply. This is a bug with Terraform and should be reported as a GitHub Issue.

        Please include the following information in your report:

            Terraform Version: 0.11.9
            Resource ID: aws_network_acl_rule.test
            Mismatch reason: extra attributes: ipv6_cidr_block
            Diff One (usually from plan): *terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{"egress":*terraform.ResourceAttrDiff{Old:"", New:"false", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "rule_number":*terraform.ResourceAttrDiff{Old:"", New:"150", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "protocol":*terraform.ResourceAttrDiff{Old:"", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "rule_action":*terraform.ResourceAttrDiff{Old:"", New:"allow", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "from_port":*terraform.ResourceAttrDiff{Old:"", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "to_port":*terraform.ResourceAttrDiff{Old:"", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "network_acl_id":*terraform.ResourceAttrDiff{Old:"", New:"acl-0af5440f0c4b982b2", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, Meta:map[string]interface {}(nil)}
            Diff Two (usually from apply): *terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{"from_port":*terraform.ResourceAttrDiff{Old:"", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "rule_action":*terraform.ResourceAttrDiff{Old:"", New:"allow", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "ipv6_cidr_block":*terraform.ResourceAttrDiff{Old:"", New:"2600:1f14:3b0:c100::/56", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "rule_number":*terraform.ResourceAttrDiff{Old:"", New:"150", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "egress":*terraform.ResourceAttrDiff{Old:"", New:"false", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "to_port":*terraform.ResourceAttrDiff{Old:"", New:"22", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "network_acl_id":*terraform.ResourceAttrDiff{Old:"", New:"acl-0af5440f0c4b982b2", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}, "protocol":*terraform.ResourceAttrDiff{Old:"", New:"tcp", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:true, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, Meta:map[string]interface {}(nil)}

        Also include as much context as you can about your config, state, and the steps you performed to trigger this error.
```

With upstream updates:

```
--- PASS: TestAccAWSNetworkAclRule_ipv6VpcAssignGeneratedIpv6CidrBlockUpdate (47.27s)
```
---
 aws/resource_aws_network_acl_rule_test.go | 67 +++++++++++++++++++++++
 aws/resource_aws_vpc.go                   |  8 +++
 2 files changed, 75 insertions(+)

diff --git a/aws/resource_aws_network_acl_rule_test.go b/aws/resource_aws_network_acl_rule_test.go
index 478633a1ae88..b9afe078a1c7 100644
--- a/aws/resource_aws_network_acl_rule_test.go
+++ b/aws/resource_aws_network_acl_rule_test.go
@@ -87,6 +87,40 @@ func TestAccAWSNetworkAclRule_ipv6ICMP(t *testing.T) {
 	})
 }
 
+// Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/6710
+func TestAccAWSNetworkAclRule_ipv6VpcAssignGeneratedIpv6CidrBlockUpdate(t *testing.T) {
+	var networkAcl ec2.NetworkAcl
+	var vpc ec2.Vpc
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	vpcResourceName := "aws_vpc.test"
+	resourceName := "aws_network_acl_rule.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSNetworkAclRuleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAWSNetworkAclRuleConfigIpv6VpcAssignGeneratedIpv6CidrBlockUpdate(rName, false),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckVpcExists(vpcResourceName, &vpc),
+					resource.TestCheckResourceAttr(vpcResourceName, "assign_generated_ipv6_cidr_block", "false"),
+					resource.TestCheckResourceAttr(vpcResourceName, "ipv6_cidr_block", ""),
+				),
+			},
+			{
+				Config: testAccAWSNetworkAclRuleConfigIpv6VpcAssignGeneratedIpv6CidrBlockUpdate(rName, true),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckVpcExists(vpcResourceName, &vpc),
+					resource.TestCheckResourceAttr(vpcResourceName, "assign_generated_ipv6_cidr_block", "true"),
+					resource.TestMatchResourceAttr(vpcResourceName, "ipv6_cidr_block", regexp.MustCompile(`/56$`)),
+					testAccCheckAWSNetworkAclRuleExists(resourceName, &networkAcl),
+				),
+			},
+		},
+	})
+}
+
 func TestAccAWSNetworkAclRule_allProtocol(t *testing.T) {
 
 	resource.ParallelTest(t, resource.TestCase{
@@ -540,3 +574,36 @@ resource "aws_network_acl_rule" "test" {
 }
 `, rName, rName)
 }
+
+func testAccAWSNetworkAclRuleConfigIpv6VpcAssignGeneratedIpv6CidrBlockUpdate(rName string, ipv6Enabled bool) string {
+	return fmt.Sprintf(`
+resource "aws_vpc" "test" {
+  assign_generated_ipv6_cidr_block = %t
+  cidr_block                       = "10.3.0.0/16"
+
+  tags {
+    Name = %q
+  }
+}
+
+resource "aws_network_acl" "test" {
+  vpc_id = "${aws_vpc.test.id}"
+
+  tags {
+    Name = %q
+  }
+}
+
+resource "aws_network_acl_rule" "test" {
+  count = "${%t ? 1 : 0}"
+
+  from_port       = 22
+  ipv6_cidr_block = "${aws_vpc.test.ipv6_cidr_block}"
+  network_acl_id  = "${aws_network_acl.test.id}"
+  protocol        = "tcp"
+  rule_action     = "allow"
+  rule_number     = 150
+  to_port         = 22
+}
+`, ipv6Enabled, rName, rName, ipv6Enabled)
+}
diff --git a/aws/resource_aws_vpc.go b/aws/resource_aws_vpc.go
index 83f8b6da4184..5e07be0af68e 100644
--- a/aws/resource_aws_vpc.go
+++ b/aws/resource_aws_vpc.go
@@ -501,6 +501,14 @@ func resourceAwsVpcDelete(d *schema.ResourceData, meta interface{}) error {
 }
 
 func resourceAwsVpcCustomizeDiff(diff *schema.ResourceDiff, v interface{}) error {
+	if diff.HasChange("assign_generated_ipv6_cidr_block") {
+		if err := diff.SetNewComputed("ipv6_association_id"); err != nil {
+			return fmt.Errorf("error setting ipv6_association_id to computed: %s", err)
+		}
+		if err := diff.SetNewComputed("ipv6_cidr_block"); err != nil {
+			return fmt.Errorf("error setting ipv6_cidr_block to computed: %s", err)
+		}
+	}
 	if diff.HasChange("instance_tenancy") {
 		old, new := diff.GetChange("instance_tenancy")
 		if old.(string) != ec2.TenancyDedicated || new.(string) != ec2.TenancyDefault {