diff --git a/.changelog/22928.txt b/.changelog/22928.txt new file mode 100644 index 000000000000..4db0975cd1e0 --- /dev/null +++ b/.changelog/22928.txt @@ -0,0 +1,7 @@ +```release-note:breaking-change +resource/aws_default_network_acl: These arguments can no longer be set to `""`: `egress.*.cidr_block`, `egress.*.ipv6_cidr_block`, `ingress.*.cidr_block`, or `ingress.*.ipv6_cidr_block` +``` + +```release-note:breaking-change +resource/aws_network_acl: These arguments can no longer be set to `""`: `egress.*.cidr_block`, `egress.*.ipv6_cidr_block`, `ingress.*.cidr_block`, or `ingress.*.ipv6_cidr_block` +``` \ No newline at end of file diff --git a/internal/service/ec2/default_network_acl.go b/internal/service/ec2/default_network_acl.go index aff48e9887ab..a019ca9044c6 100644 --- a/internal/service/ec2/default_network_acl.go +++ b/internal/service/ec2/default_network_acl.go @@ -97,20 +97,14 @@ func ResourceDefaultNetworkACL() *schema.Resource { Required: true, }, "cidr_block": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.Any( - validation.StringIsEmpty, - validation.IsCIDR, - ), + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.IsCIDR, }, "ipv6_cidr_block": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.Any( - validation.StringIsEmpty, - validation.IsCIDR, - ), + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.IsCIDR, }, "icmp_type": { Type: schema.TypeInt, @@ -157,20 +151,14 @@ func ResourceDefaultNetworkACL() *schema.Resource { Required: true, }, "cidr_block": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.Any( - validation.StringIsEmpty, - validation.IsCIDR, - ), + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.IsCIDR, }, "ipv6_cidr_block": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.Any( - validation.StringIsEmpty, - validation.IsCIDR, - ), + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.IsCIDR, }, "icmp_type": { Type: schema.TypeInt, diff --git a/internal/service/ec2/network_acl.go b/internal/service/ec2/network_acl.go index 7a0be1f53ea8..6a65d6c7589a 100644 --- a/internal/service/ec2/network_acl.go +++ b/internal/service/ec2/network_acl.go @@ -88,20 +88,14 @@ func ResourceNetworkACL() *schema.Resource { Required: true, }, "cidr_block": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.Any( - validation.StringIsEmpty, - validation.IsCIDR, - ), + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.IsCIDR, }, "ipv6_cidr_block": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.Any( - validation.StringIsEmpty, - validation.IsCIDR, - ), + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.IsCIDR, }, "icmp_type": { Type: schema.TypeInt, @@ -153,20 +147,14 @@ func ResourceNetworkACL() *schema.Resource { Required: true, }, "cidr_block": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.Any( - validation.StringIsEmpty, - validation.IsCIDR, - ), + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.IsCIDR, }, "ipv6_cidr_block": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: validation.Any( - validation.StringIsEmpty, - validation.IsCIDR, - ), + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.IsCIDR, }, "icmp_type": { Type: schema.TypeInt, diff --git a/website/docs/guides/version-4-upgrade.html.md b/website/docs/guides/version-4-upgrade.html.md index 5d38f88f3f0d..910849c4b464 100644 --- a/website/docs/guides/version-4-upgrade.html.md +++ b/website/docs/guides/version-4-upgrade.html.md @@ -32,10 +32,12 @@ Upgrade topics: - [Resource: aws_batch_compute_environment](#resource-aws_batch_compute_environment) - [Resource: aws_cloudwatch_event_target](#resource-aws_cloudwatch_event_target) - [Resource: aws_customer_gateway](#resource-aws_customer_gateway) +- [Resource: aws_default_network_acl](#resource-aws_default_network_acl) - [Resource: aws_elasticache_cluster](#resource-aws_elasticache_cluster) - [Resource: aws_elasticache_global_replication_group](#resource-aws_elasticache_global_replication_group) - [Resource: aws_elasticache_replication_group](#resource-aws_elasticache_replication_group) - [Resource: aws_fsx_ontap_storage_virtual_machine](#resource-aws_fsx_ontap_storage_virtual_machine) +- [Resource: aws_network_acl](#resource-aws_network_acl) - [Resource: aws_network_interface](#resource-aws_network_interface) - [Resource: aws_s3_bucket](#resource-aws_s3_bucket) - [Resource: aws_s3_bucket_object](#resource-aws_s3_bucket_object) @@ -411,6 +413,35 @@ resource "aws_cloudwatch_event_target" "test" { Previously, `ip_address` could be set to `""`, which would result in an AWS error. However, this value is no longer accepted by the provider. +## Resource: aws_default_network_acl + +Previously, `egress.*.cidr_block`, `egress.*.ipv6_cidr_block`, `ingress.*.cidr_block`, or `ingress.*.ipv6_cidr_block` could be set to `""`. However, the value `""` is no longer valid. + +For example, previously this type of configuration was valid: + +```terraform +resource "aws_default_network_acl" "default" { + # ... + egress { + cidr_block = "0.0.0.0/0" + ipv6_cidr_block = "" + # ... + } +} +``` + +Now, set the argument to null (`ipv6_cidr_block = null`) or simply remove the empty-value configuration: + +```terraform +resource "aws_default_network_acl" "default" { + # ... + egress { + cidr_block = "0.0.0.0/0" + # ... + } +} +``` + ## Resource: aws_elasticache_cluster ### Error raised if neither `engine` nor `replication_group_id` is specified @@ -469,6 +500,35 @@ output "elasticache_global_replication_group_version_result" { We removed the misspelled argument `active_directory_configuration.0.self_managed_active_directory_configuration.0.organizational_unit_distinguidshed_name` that was previously deprecated. Use `active_directory_configuration.0.self_managed_active_directory_configuration.0.organizational_unit_distinguished_name` now instead. Terraform will automatically migrate the state to `active_directory_configuration.0.self_managed_active_directory_configuration.0.organizational_unit_distinguished_name` during planning. +## Resource: aws_network_acl + +Previously, `egress.*.cidr_block`, `egress.*.ipv6_cidr_block`, `ingress.*.cidr_block`, or `ingress.*.ipv6_cidr_block` could be set to `""`. However, the value `""` is no longer valid. + +For example, previously this type of configuration was valid: + +```terraform +resource "aws_network_acl" "default" { + # ... + egress { + cidr_block = "0.0.0.0/0" + ipv6_cidr_block = "" + # ... + } +} +``` + +Now, set the argument to null (`ipv6_cidr_block = null`) or simply remove the empty-value configuration: + +```terraform +resource "aws_network_acl" "default" { + # ... + egress { + cidr_block = "0.0.0.0/0" + # ... + } +} +``` + ## Resource: aws_network_interface !> **WARNING:** This topic is placeholder documentation.