From 241e75042237519c4896416ec12686513c240d1c Mon Sep 17 00:00:00 2001 From: Brian Flad Date: Thu, 25 Oct 2018 00:18:16 -0700 Subject: [PATCH] resource/aws_network_acl_rule: Properly handle ICMP code and type with IPv6 ICMP (protocol 58) Previously: ``` --- FAIL: TestAccAWSNetworkAclRule_ipv6ICMP (12.47s) testing.go:538: Step 0 error: Error applying: 1 error occurred: * aws_network_acl_rule.test: 1 error occurred: * aws_network_acl_rule.test: Error Creating Network Acl Rule: MissingParameter: The request must contain the parameter icmpTypeCode.type status code: 400, request id: a0e8e287-af99-4da9-9b5f-e641e41d3fe7 ``` Output from acceptance testing: ``` --- PASS: TestAccAWSNetworkAclRule_ipv6ICMP (24.21s) ``` --- aws/resource_aws_network_acl_rule.go | 2 +- aws/resource_aws_network_acl_rule_test.go | 53 +++++++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/aws/resource_aws_network_acl_rule.go b/aws/resource_aws_network_acl_rule.go index 5c1fecf6f085..6fe843ca70da 100644 --- a/aws/resource_aws_network_acl_rule.go +++ b/aws/resource_aws_network_acl_rule.go @@ -139,7 +139,7 @@ func resourceAwsNetworkAclRuleCreate(d *schema.ResourceData, meta interface{}) e // Specify additional required fields for ICMP. For the list // of ICMP codes and types, see: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml - if p == 1 { + if p == 1 || p == 58 { params.IcmpTypeCode = &ec2.IcmpTypeCode{} if v, ok := d.GetOk("icmp_type"); ok { icmpType, err := strconv.Atoi(v.(string)) diff --git a/aws/resource_aws_network_acl_rule_test.go b/aws/resource_aws_network_acl_rule_test.go index 5d144c70eb02..478633a1ae88 100644 --- a/aws/resource_aws_network_acl_rule_test.go +++ b/aws/resource_aws_network_acl_rule_test.go @@ -9,6 +9,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/ec2" + "github.com/hashicorp/terraform/helper/acctest" "github.com/hashicorp/terraform/helper/resource" "github.com/hashicorp/terraform/terraform" ) @@ -66,6 +67,26 @@ func TestAccAWSNetworkAclRule_ipv6(t *testing.T) { }) } +func TestAccAWSNetworkAclRule_ipv6ICMP(t *testing.T) { + var networkAcl ec2.NetworkAcl + rName := acctest.RandomWithPrefix("tf-acc-test") + resourceName := "aws_network_acl_rule.test" + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckAWSNetworkAclRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccAWSNetworkAclRuleConfigIpv6ICMP(rName), + Check: resource.ComposeTestCheckFunc( + testAccCheckAWSNetworkAclRuleExists(resourceName, &networkAcl), + ), + }, + }, + }) +} + func TestAccAWSNetworkAclRule_allProtocol(t *testing.T) { resource.ParallelTest(t, resource.TestCase{ @@ -487,3 +508,35 @@ resource "aws_network_acl_rule" "baz" { to_port = 22 } ` + +func testAccAWSNetworkAclRuleConfigIpv6ICMP(rName string) string { + return fmt.Sprintf(` +resource "aws_vpc" "test" { + cidr_block = "10.3.0.0/16" + + tags { + Name = %q + } +} + +resource "aws_network_acl" "test" { + vpc_id = "${aws_vpc.test.id}" + + tags { + Name = %q + } +} + +resource "aws_network_acl_rule" "test" { + from_port = -1 + icmp_code = -1 + icmp_type = -1 + ipv6_cidr_block = "::/0" + network_acl_id = "${aws_network_acl.test.id}" + protocol = 58 + rule_action = "allow" + rule_number = 150 + to_port = -1 +} +`, rName, rName) +}