squash all

.changelog/30167.txt

@@ -0,0 +1,4 @@
+```release-note:enhancement
+resource/aws_route53_resolver_endpoint: Add `resolver_endpoint_type` argument
+resource/aws_route53_resolver_rule: Add `ipv6` optional argument to the `target_ip` object
+```

internal/service/route53resolver/endpoint.go

@@ -64,6 +64,12 @@ func ResourceEndpoint() *schema.Resource {
  Computed: true,
  ValidateFunc: validation.IsIPAddress,
  },
+ "ipv6": {
+ Type: schema.TypeString,
+ Optional: true,
+ Computed: true,
+ ValidateFunc: validation.IsIPv6Address,
+ },
  "ip_id": {
  Type: schema.TypeString,
  Computed: true,
@@ -76,6 +82,11 @@ func ResourceEndpoint() *schema.Resource {
  },
  Set: endpointHashIPAddress,
  },
+ "resolver_endpoint_type": {
+ Type: schema.TypeString,
+ Optional: true,
+ ValidateFunc: validation.StringInSlice(route53resolver.ResolverEndpointType_Values(), false),
+ },
  "name": {
  Type: schema.TypeString,
  Optional: true,
@@ -109,10 +120,11 @@ func resourceEndpointCreate(ctx context.Context, d *schema.ResourceData, meta in
  tags := defaultTagsConfig.MergeTags(tftags.New(ctx, d.Get("tags").(map[string]interface{})))
 
  input := &route53resolver.CreateResolverEndpointInput{
- CreatorRequestId: aws.String(id.PrefixedUniqueId("tf-r53-resolver-endpoint-")),
- Direction: aws.String(d.Get("direction").(string)),
- IpAddresses: expandEndpointIPAddresses(d.Get("ip_address").(*schema.Set)),
- SecurityGroupIds: flex.ExpandStringSet(d.Get("security_group_ids").(*schema.Set)),
+ CreatorRequestId: aws.String(id.PrefixedUniqueId("tf-r53-resolver-endpoint-")),
+ Direction: aws.String(d.Get("direction").(string)),
+ ResolverEndpointType: aws.String(d.Get("resolver_endpoint_type").(string)),
+ IpAddresses: expandEndpointIPAddresses(d.Get("ip_address").(*schema.Set)),
+ SecurityGroupIds: flex.ExpandStringSet(d.Get("security_group_ids").(*schema.Set)),
  }
 
  if v, ok := d.GetOk("name"); ok {
@@ -158,6 +170,7 @@ func resourceEndpointRead(ctx context.Context, d *schema.ResourceData, meta inte
  arn := aws.StringValue(ep.Arn)
  d.Set("arn", arn)
  d.Set("direction", ep.Direction)
+ d.Set("resolver_endpoint_type", ep.ResolverEndpointType)
  d.Set("host_vpc_id", ep.HostVPCId)
  d.Set("name", ep.Name)
  d.Set("security_group_ids", aws.StringValueSlice(ep.SecurityGroupIds))
@@ -428,6 +441,9 @@ func expandEndpointIPAddressUpdate(vIpAddress interface{}) *route53resolver.IpAd
  if vIp, ok := mIpAddress["ip"].(string); ok && vIp != "" {
  ipAddressUpdate.Ip = aws.String(vIp)
  }
+ if vIpv6, ok := mIpAddress["ipv6"].(string); ok && vIpv6 != "" {
+ ipAddressUpdate.Ipv6 = aws.String(vIpv6)
+ }
  if vIpId, ok := mIpAddress["ip_id"].(string); ok && vIpId != "" {
  ipAddressUpdate.IpId = aws.String(vIpId)
  }
@@ -449,6 +465,9 @@ func expandEndpointIPAddresses(vIpAddresses *schema.Set) []*route53resolver.IpAd
  if vIp, ok := mIpAddress["ip"].(string); ok && vIp != "" {
  ipAddressRequest.Ip = aws.String(vIp)
  }
+ if vIpv6, ok := mIpAddress["ipv6"].(string); ok && vIpv6 != "" {
+ ipAddressRequest.Ipv6 = aws.String(vIpv6)
+ }
 
  ipAddressRequests = append(ipAddressRequests, ipAddressRequest)
  }
@@ -467,6 +486,7 @@ func flattenEndpointIPAddresses(ipAddresses []*route53resolver.IpAddressResponse
  mIpAddress := map[string]interface{}{
  "subnet_id": aws.StringValue(ipAddress.SubnetId),
  "ip": aws.StringValue(ipAddress.Ip),
+ "ipv6": aws.StringValue(ipAddress.Ipv6),
  "ip_id": aws.StringValue(ipAddress.IpId),
  }
 

internal/service/route53resolver/endpoint_data_source.go

@@ -125,7 +125,12 @@ func dataSourceEndpointRead(ctx context.Context, d *schema.ResourceData, meta in
  var ips []*string
 
  for _, v := range ipAddresses {
- ips = append(ips, v.Ip)
+ if v.Ip != nil {
+ ips = append(ips, v.Ip)
+ }
+ if v.Ipv6 != nil {
+ ips = append(ips, v.Ipv6)
+ }
  }
 
  d.Set("ip_addresses", aws.StringValueSlice(ips))

internal/service/route53resolver/endpoint_test.go

@@ -34,6 +34,43 @@ func TestAccRoute53ResolverEndpoint_basic(t *testing.T) {
  testAccCheckEndpointExists(ctx, resourceName, &ep),
  resource.TestCheckResourceAttrSet(resourceName, "arn"),
  resource.TestCheckResourceAttr(resourceName, "direction", "INBOUND"),
+ resource.TestCheckResourceAttr(resourceName, "resolver_endpoint_type", "IPV4"),
+ resource.TestCheckResourceAttrPair(resourceName, "host_vpc_id", vpcResourceName, "id"),
+ resource.TestCheckResourceAttr(resourceName, "ip_address.#", "3"),
+ resource.TestCheckResourceAttr(resourceName, "name", ""),
+ resource.TestCheckResourceAttr(resourceName, "security_group_ids.#", "2"),
+ resource.TestCheckResourceAttr(resourceName, "tags.%", "0"),
+ ),
+ },
+ {
+ ResourceName: resourceName,
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ },
+ })
+}
+
+func TestAccRoute53ResolverEndpoint_basic_ipv6(t *testing.T) {
+ ctx := acctest.Context(t)
+ var ep route53resolver.ResolverEndpoint
+ resourceName := "aws_route53_resolver_endpoint.test"
+ vpcResourceName := "aws_vpc.test"
+ rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+ resource.ParallelTest(t, resource.TestCase{
+ PreCheck: func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) },
+ ErrorCheck: acctest.ErrorCheck(t, route53resolver.EndpointsID),
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+ CheckDestroy: testAccCheckEndpointDestroy(ctx),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccEndpointConfig_basic_ipv6(rName),
+ Check: resource.ComposeAggregateTestCheckFunc(
+ testAccCheckEndpointExists(ctx, resourceName, &ep),
+ resource.TestCheckResourceAttrSet(resourceName, "arn"),
+ resource.TestCheckResourceAttr(resourceName, "direction", "INBOUND"),
+ resource.TestCheckResourceAttr(resourceName, "resolver_endpoint_type", "IPV6"),
  resource.TestCheckResourceAttrPair(resourceName, "host_vpc_id", vpcResourceName, "id"),
  resource.TestCheckResourceAttr(resourceName, "ip_address.#", "3"),
  resource.TestCheckResourceAttr(resourceName, "name", ""),
@@ -139,6 +176,7 @@ func TestAccRoute53ResolverEndpoint_updateOutbound(t *testing.T) {
  Check: resource.ComposeTestCheckFunc(
  testAccCheckEndpointExists(ctx, resourceName, &ep),
  resource.TestCheckResourceAttr(resourceName, "direction", "OUTBOUND"),
+ resource.TestCheckResourceAttr(resourceName, "resolver_endpoint_type", "IPV4"),
  resource.TestCheckResourceAttr(resourceName, "ip_address.#", "2"),
  resource.TestCheckResourceAttr(resourceName, "name", initialName),
  ),
@@ -148,6 +186,7 @@ func TestAccRoute53ResolverEndpoint_updateOutbound(t *testing.T) {
  Check: resource.ComposeTestCheckFunc(
  testAccCheckEndpointExists(ctx, resourceName, &ep),
  resource.TestCheckResourceAttr(resourceName, "direction", "OUTBOUND"),
+ resource.TestCheckResourceAttr(resourceName, "resolver_endpoint_type", "IPV4"),
  resource.TestCheckResourceAttr(resourceName, "ip_address.#", "3"),
  resource.TestCheckResourceAttr(resourceName, "name", updatedName),
  ),
@@ -226,9 +265,10 @@ func testAccPreCheck(ctx context.Context, t *testing.T) {
 func testAccEndpointConfig_base(rName string) string {
  return acctest.ConfigCompose(acctest.ConfigAvailableAZsNoOptIn(), fmt.Sprintf(`
 resource "aws_vpc" "test" {
- cidr_block = "10.0.0.0/16"
- enable_dns_support = true
- enable_dns_hostnames = true
+ cidr_block = "10.0.0.0/16"
+ assign_generated_ipv6_cidr_block = true
+ enable_dns_support = true
+ enable_dns_hostnames = true
 
  tags = {
  Name = %[1]q
@@ -260,11 +300,78 @@ resource "aws_security_group" "test" {
 `, rName))
 }
 
+func testAccEndpointConfig_base_ipv6(rName string) string {
+ return acctest.ConfigCompose(acctest.ConfigAvailableAZsNoOptIn(), fmt.Sprintf(`
+resource "aws_vpc" "test" {
+ cidr_block = "10.0.0.0/16"
+ assign_generated_ipv6_cidr_block = true
+ enable_dns_support = true
+ enable_dns_hostnames = true
+
+ tags = {
+ Name = %[1]q
+ }
+}
+
+resource "aws_subnet" "test" {
+ count = 3
+
+ vpc_id = aws_vpc.test.id
+ availability_zone = data.aws_availability_zones.available.names[count.index]
+ ipv6_cidr_block = cidrsubnet(aws_vpc.test.ipv6_cidr_block, 8, count.index)
+ assign_ipv6_address_on_creation = true
+ ipv6_native = true
+ enable_resource_name_dns_aaaa_record_on_launch = true
+
+ tags = {
+ Name = %[1]q
+ }
+}
+
+resource "aws_security_group" "test" {
+ count = 2
+
+ vpc_id = aws_vpc.test.id
+ name = "%[1]s-${count.index}"
+
+ tags = {
+ Name = %[1]q
+ }
+}
+`, rName))
+}
+
 func testAccEndpointConfig_basic(rName string) string {
  return acctest.ConfigCompose(testAccEndpointConfig_base(rName), `
 resource "aws_route53_resolver_endpoint" "test" {
  direction = "INBOUND"
 
+ resolver_endpoint_type = "IPV4"
+
+ security_group_ids = aws_security_group.test[*].id
+
+ ip_address {
+ subnet_id = aws_subnet.test[0].id
+ }
+
+ ip_address {
+ subnet_id = aws_subnet.test[1].id
+ }
+
+ ip_address {
+ subnet_id = aws_subnet.test[2].id
+ }
+}
+`)
+}
+
+func testAccEndpointConfig_basic_ipv6(rName string) string {
+ return acctest.ConfigCompose(testAccEndpointConfig_base_ipv6(rName), `
+resource "aws_route53_resolver_endpoint" "test" {
+ direction = "INBOUND"
+
+ resolver_endpoint_type = "IPV6"
+
  security_group_ids = aws_security_group.test[*].id
 
  ip_address {
@@ -287,6 +394,8 @@ func testAccEndpointConfig_tags1(rName, tagKey1, tagValue1 string) string {
 resource "aws_route53_resolver_endpoint" "test" {
  direction = "INBOUND"
 
+ resolver_endpoint_type = "IPV4"
+
  security_group_ids = aws_security_group.test[*].id
 
  ip_address {
@@ -313,6 +422,8 @@ func testAccEndpointConfig_tags2(rName, tagKey1, tagValue1, tagKey2, tagValue2 s
 resource "aws_route53_resolver_endpoint" "test" {
  direction = "INBOUND"
 
+ resolver_endpoint_type = "IPV4"
+
  security_group_ids = aws_security_group.test[*].id
 
  ip_address {
@@ -338,8 +449,10 @@ resource "aws_route53_resolver_endpoint" "test" {
 func testAccEndpointConfig_outbound(rName, name string) string {
  return acctest.ConfigCompose(testAccEndpointConfig_base(rName), fmt.Sprintf(`
 resource "aws_route53_resolver_endpoint" "test" {
- direction = "OUTBOUND"
- name = %[1]q
+ direction = "OUTBOUND"
+ resolver_endpoint_type = "IPV4"
+
+ name = %[1]q
 
  security_group_ids = aws_security_group.test[*].id
 
@@ -361,6 +474,8 @@ resource "aws_route53_resolver_endpoint" "test" {
  direction = "OUTBOUND"
  name = %[1]q
 
+ resolver_endpoint_type = "IPV4"
+
  security_group_ids = aws_security_group.test[*].id
 
  ip_address {

internal/service/route53resolver/rule.go

@@ -84,8 +84,13 @@ func ResourceRule() *schema.Resource {
  Schema: map[string]*schema.Schema{
  "ip": {
  Type: schema.TypeString,
- Required: true,
- ValidateFunc: validation.IsIPAddress,
+ Optional: true,
+ ValidateFunc: validation.IsIPv4Address,
+ },
+ "ipv6": {
+ Type: schema.TypeString,
+ Optional: true,
+ ValidateFunc: validation.IsIPv6Address,
  },
  "port": {
  Type: schema.TypeInt,
@@ -392,6 +397,9 @@ func expandRuleTargetIPs(vTargetIps *schema.Set) []*route53resolver.TargetAddres
  if vIp, ok := mTargetIp["ip"].(string); ok && vIp != "" {
  targetAddress.Ip = aws.String(vIp)
  }
+ if vIpv6, ok := mTargetIp["ipv6"].(string); ok && vIpv6 != "" {
+ targetAddress.Ipv6 = aws.String(vIpv6)
+ }
  if vPort, ok := mTargetIp["port"].(int); ok {
  targetAddress.Port = aws.Int64(int64(vPort))
  }
@@ -412,6 +420,7 @@ func flattenRuleTargetIPs(targetAddresses []*route53resolver.TargetAddress) []in
  for _, targetAddress := range targetAddresses {
  mTargetIp := map[string]interface{}{
  "ip": aws.StringValue(targetAddress.Ip),
+ "ipv6": aws.StringValue(targetAddress.Ipv6),
  "port": int(aws.Int64Value(targetAddress.Port)),
  }