hashicorp · ewbankkit · Oct 27, 2023 · Oct 25, 2023 · Oct 25, 2023 · Oct 25, 2023
@@ -0,0 +1,11 @@
+```release-note:enhancement
+resource/aws_networkmanager_connect_attachment: Add `NO_ENCAP` as a valid `options.protocol` value
+```
+
+```release-note:enhancement
+resource/aws_networkmanager_connect_peer: Add `subnet_arn` argument to support [Tunnel-less Connect attachments](https://docs.aws.amazon.com/network-manager/latest/cloudwan/cloudwan-connect-attachment.html#cloudwan-connect-tlc)
+```
+
+```release-note:enhancement
+resource/aws_networkmanager_connect_peer: `inside_cidr_blocks` is Optional
+```
@@ -93,7 +93,7 @@ func ResourceConnectAttachment() *schema.Resource {
 						"protocol": {
 							Type:         schema.TypeString,
 							Optional:     true,
-							ValidateFunc: validation.StringInSlice([]string{"GRE"}, false),
+							ValidateFunc: validation.StringInSlice(networkmanager.TunnelProtocol_Values(), false),
 						},
 					},
 				},

@@ -39,6 +39,7 @@ func TestAccNetworkManagerConnectAttachment_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "attachment_type", "CONNECT"),
 					resource.TestCheckResourceAttrSet(resourceName, "core_network_id"),
 					resource.TestCheckResourceAttr(resourceName, "edge_location", acctest.Region()),
+					resource.TestCheckResourceAttr(resourceName, "options.0.protocol", "GRE"),
 					acctest.CheckResourceAttrAccountID(resourceName, "owner_account_id"),
 					resource.TestCheckResourceAttr(resourceName, "segment_name", "shared"),
 					resource.TestCheckResourceAttrSet(resourceName, "state"),
@@ -74,6 +75,7 @@ func TestAccNetworkManagerConnectAttachment_basic_NoDependsOn(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "attachment_type", "CONNECT"),
 					resource.TestCheckResourceAttrSet(resourceName, "core_network_id"),
 					resource.TestCheckResourceAttr(resourceName, "edge_location", acctest.Region()),
+					resource.TestCheckResourceAttr(resourceName, "options.0.protocol", "GRE"),
 					acctest.CheckResourceAttrAccountID(resourceName, "owner_account_id"),
 					resource.TestCheckResourceAttr(resourceName, "segment_name", "shared"),
 					resource.TestCheckResourceAttrSet(resourceName, "state"),
@@ -113,6 +115,42 @@ func TestAccNetworkManagerConnectAttachment_disappears(t *testing.T) {
 	})
 }
 
+func TestAccNetworkManagerConnectAttachment_protocolNoEncap(t *testing.T) {
+	ctx := acctest.Context(t)
+	var v networkmanager.ConnectAttachment
+	resourceName := "aws_networkmanager_connect_attachment.test"
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, networkmanager.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckConnectAttachmentDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccConnectAttachmentConfig_protocolNoEncap(rName),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckConnectAttachmentExists(ctx, resourceName, &v),
+					acctest.MatchResourceAttrGlobalARN(resourceName, "arn", "networkmanager", regexache.MustCompile(`attachment/.+`)),
+					resource.TestCheckResourceAttr(resourceName, "attachment_type", "CONNECT"),
+					resource.TestCheckResourceAttrSet(resourceName, "core_network_id"),
+					resource.TestCheckResourceAttr(resourceName, "edge_location", acctest.Region()),
+					resource.TestCheckResourceAttr(resourceName, "options.0.protocol", "NO_ENCAP"),
+					acctest.CheckResourceAttrAccountID(resourceName, "owner_account_id"),
+					resource.TestCheckResourceAttr(resourceName, "segment_name", "shared"),
+					resource.TestCheckResourceAttrSet(resourceName, "state"),
+					resource.TestCheckResourceAttr(resourceName, "tags.%", "1"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func TestAccNetworkManagerConnectAttachment_tags(t *testing.T) {
 	ctx := acctest.Context(t)
 	var v networkmanager.ConnectAttachment
@@ -370,6 +408,44 @@ resource "aws_networkmanager_attachment_accepter" "test2" {
 `)
 }
 
+func testAccConnectAttachmentConfig_protocolNoEncap(rName string) string {
+	return acctest.ConfigCompose(testAccConnectAttachmentConfig_base(rName), `
+resource "aws_networkmanager_vpc_attachment" "test" {
+  subnet_arns     = aws_subnet.test[*].arn
+  core_network_id = aws_networkmanager_core_network_policy_attachment.test.core_network_id
+  vpc_arn         = aws_vpc.test.arn
+  tags = {
+    segment = "shared"
+  }
+}
+
+resource "aws_networkmanager_attachment_accepter" "test" {
+  attachment_id   = aws_networkmanager_vpc_attachment.test.id
+  attachment_type = aws_networkmanager_vpc_attachment.test.attachment_type
+}
+
+resource "aws_networkmanager_connect_attachment" "test" {
+  core_network_id         = aws_networkmanager_core_network.test.id
+  transport_attachment_id = aws_networkmanager_vpc_attachment.test.id
+  edge_location           = aws_networkmanager_vpc_attachment.test.edge_location
+  options {
+    protocol = "NO_ENCAP"
+  }
+  tags = {
+    segment = "shared"
+  }
+  depends_on = [
+    "aws_networkmanager_attachment_accepter.test"
+  ]
+}
+
+resource "aws_networkmanager_attachment_accepter" "test2" {
+  attachment_id   = aws_networkmanager_connect_attachment.test.id
+  attachment_type = aws_networkmanager_connect_attachment.test.attachment_type
+}
+`)
+}
+
 func testAccConnectAttachmentConfig_tags1(rName, tagKey1, tagValue1 string) string {
 	return acctest.ConfigCompose(testAccConnectAttachmentConfig_base(rName), fmt.Sprintf(`
 resource "aws_networkmanager_vpc_attachment" "test" {

@@ -153,7 +153,7 @@ func ResourceConnectPeer() *schema.Resource {
 			},
 			"inside_cidr_blocks": {
 				Type:     schema.TypeList,
-				Required: true,
+				Optional: true,
 				ForceNew: true,
 				MaxItems: 2,
 				Elem: &schema.Schema{
@@ -170,6 +170,14 @@ func ResourceConnectPeer() *schema.Resource {
 					validation.StringMatch(regexache.MustCompile(`[\s\S]*`), "Anything but whitespace"),
 				),
 			},
+			"subnet_arn": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ValidateFunc: validation.All(
+					validation.StringLenBetween(0, 500),
+					validation.StringMatch(regexache.MustCompile(`^arn:[^:]{1,63}:ec2:[^:]{0,63}:[^:]{0,63}:subnet\/subnet-[0-9a-f]{8,17}$|^$`), "Must be a valid subnet ARN"),
+				),
+			},
 			"state": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -184,13 +192,13 @@ func resourceConnectPeerCreate(ctx context.Context, d *schema.ResourceData, meta
 	conn := meta.(*conns.AWSClient).NetworkManagerConn(ctx)
 
 	connectAttachmentID := d.Get("connect_attachment_id").(string)
-	insideCIDRBlocks := flex.ExpandStringList(d.Get("inside_cidr_blocks").([]interface{}))
+	// insideCIDRBlocks := flex.ExpandStringList(d.Get("inside_cidr_blocks").([]interface{}))
 	peerAddress := d.Get("peer_address").(string)
 	input := &networkmanager.CreateConnectPeerInput{
 		ConnectAttachmentId: aws.String(connectAttachmentID),
-		InsideCidrBlocks:    insideCIDRBlocks,
-		PeerAddress:         aws.String(peerAddress),
-		Tags:                getTagsIn(ctx),
+		// InsideCidrBlocks:    insideCIDRBlocks,
+		PeerAddress: aws.String(peerAddress),
+		Tags:        getTagsIn(ctx),
 	}
 
 	if v, ok := d.GetOk("bgp_options"); ok && len(v.([]interface{})) > 0 {
@@ -201,6 +209,15 @@ func resourceConnectPeerCreate(ctx context.Context, d *schema.ResourceData, meta
 		input.CoreNetworkAddress = aws.String(v.(string))
 	}
 
+	if v, ok := d.GetOk("inside_cidr_blocks"); ok {
+		insideCIDRBlocks := flex.ExpandStringList(v.([]interface{}))
+		input.InsideCidrBlocks = insideCIDRBlocks
+	}
+
+	if v, ok := d.GetOk("subnet_arn"); ok {
+		input.SubnetArn = aws.String(v.(string))
+	}
+
 	outputRaw, err := tfresource.RetryWhen(ctx, d.Timeout(schema.TimeoutCreate),
 		func() (interface{}, error) {
 			return conn.CreateConnectPeerWithContext(ctx, input)
@@ -277,6 +294,7 @@ func resourceConnectPeerRead(ctx context.Context, d *schema.ResourceData, meta i
 	d.Set("connect_attachment_id", connectPeer.ConnectAttachmentId)
 	d.Set("inside_cidr_blocks", connectPeer.Configuration.InsideCidrBlocks)
 	d.Set("peer_address", connectPeer.Configuration.PeerAddress)
+	d.Set("subnet_arn", connectPeer.SubnetArn)
 	d.Set("state", connectPeer.State)
 
 	setTagsOut(ctx, connectPeer.Tags)