diff --git a/aws/resource_aws_network_acl_rule_test.go b/aws/resource_aws_network_acl_rule_test.go index 1666705f11b0..67896693b18f 100644 --- a/aws/resource_aws_network_acl_rule_test.go +++ b/aws/resource_aws_network_acl_rule_test.go @@ -87,6 +87,39 @@ func TestAccAWSNetworkAclRule_ipv6ICMP(t *testing.T) { }) } +// Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/6710 +func TestAccAWSNetworkAclRule_ipv6VpcAssignGeneratedIpv6CidrBlockUpdate(t *testing.T) { + var networkAcl ec2.NetworkAcl + var vpc ec2.Vpc + vpcResourceName := "aws_vpc.test" + resourceName := "aws_network_acl_rule.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSNetworkAclRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSNetworkAclRuleConfigIpv6VpcAssignGeneratedIpv6CidrBlockUpdate(false), + Check: resource.ComposeTestCheckFunc( + testAccCheckVpcExists(vpcResourceName, &vpc), + resource.TestCheckResourceAttr(vpcResourceName, "assign_generated_ipv6_cidr_block", "false"), + resource.TestCheckResourceAttr(vpcResourceName, "ipv6_cidr_block", ""), + ), + }, + { + Config: testAccAWSNetworkAclRuleConfigIpv6VpcAssignGeneratedIpv6CidrBlockUpdate(true), + Check: resource.ComposeTestCheckFunc( + testAccCheckVpcExists(vpcResourceName, &vpc), + resource.TestCheckResourceAttr(vpcResourceName, "assign_generated_ipv6_cidr_block", "true"), + resource.TestMatchResourceAttr(vpcResourceName, "ipv6_cidr_block", regexp.MustCompile(`/56$`)), + testAccCheckAWSNetworkAclRuleExists(resourceName, &networkAcl), + ), + }, + }, + }) +} + func TestAccAWSNetworkAclRule_allProtocol(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ @@ -304,10 +337,6 @@ func testAccCheckAWSNetworkAclRuleDelete(n string) resource.TestCheckFunc { } const testAccAWSNetworkAclRuleBasicConfig = ` -provider "aws" { - region = "us-east-1" -} - resource "aws_vpc" "foo" { cidr_block = "10.3.0.0/16" tags = { @@ -355,10 +384,6 @@ resource "aws_network_acl_rule" "wibble" { ` const testAccAWSNetworkAclRuleMissingParam = ` -provider "aws" { - region = "us-east-1" -} - resource "aws_vpc" "foo" { cidr_block = "10.3.0.0/16" tags = { @@ -540,3 +565,36 @@ resource "aws_network_acl_rule" "test" { } `, rName, rName) } + +func testAccAWSNetworkAclRuleConfigIpv6VpcAssignGeneratedIpv6CidrBlockUpdate(ipv6Enabled bool) string { + return fmt.Sprintf(` +resource "aws_vpc" "test" { + assign_generated_ipv6_cidr_block = %[1]t + cidr_block = "10.3.0.0/16" + + tags = { + Name = "tf-acc-test-network-acl-rule-ipv6-enabled" + } +} + +resource "aws_network_acl" "test" { + vpc_id = "${aws_vpc.test.id}" + + tags = { + Name = "tf-acc-test-network-acl-rule-ipv6-enabled" + } +} + +resource "aws_network_acl_rule" "test" { + count = "${%[1]t ? 1 : 0}" + + from_port = 22 + ipv6_cidr_block = "${aws_vpc.test.ipv6_cidr_block}" + network_acl_id = "${aws_network_acl.test.id}" + protocol = "tcp" + rule_action = "allow" + rule_number = 150 + to_port = 22 +} +`, ipv6Enabled) +} diff --git a/aws/resource_aws_vpc.go b/aws/resource_aws_vpc.go index 83f8b6da4184..5e07be0af68e 100644 --- a/aws/resource_aws_vpc.go +++ b/aws/resource_aws_vpc.go @@ -501,6 +501,14 @@ func resourceAwsVpcDelete(d *schema.ResourceData, meta interface{}) error { } func resourceAwsVpcCustomizeDiff(diff *schema.ResourceDiff, v interface{}) error { + if diff.HasChange("assign_generated_ipv6_cidr_block") { + if err := diff.SetNewComputed("ipv6_association_id"); err != nil { + return fmt.Errorf("error setting ipv6_association_id to computed: %s", err) + } + if err := diff.SetNewComputed("ipv6_cidr_block"); err != nil { + return fmt.Errorf("error setting ipv6_cidr_block to computed: %s", err) + } + } if diff.HasChange("instance_tenancy") { old, new := diff.GetChange("instance_tenancy") if old.(string) != ec2.TenancyDedicated || new.(string) != ec2.TenancyDefault {