hashicorp#11633 port support for client vpn

thiagokiyota · Jul 11, 2020 · e0d1db4 · e0d1db4
1 parent 2a9f7ce
commit e0d1db4
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 0 deletions.
diff --git a/aws/resource_aws_ec2_client_vpn_endpoint.go b/aws/resource_aws_ec2_client_vpn_endpoint.go
@@ -60,6 +60,15 @@ func resourceAwsEc2ClientVpnEndpoint() *schema.Resource {
 					ec2.TransportProtocolUdp,
 				}, false),
 			},
+			"vpn_port": {
+				Type:     schema.TypeInt,
+				Optional: true,
+				Default:  443,
+				ValidateFunc: validation.IntInSlice([]int{
+					443,
+					1194,
+				}),
+			},
 			"authentication_options": {
 				Type:     schema.TypeList,
 				Required: true,
@@ -134,6 +143,7 @@ func resourceAwsEc2ClientVpnEndpointCreate(d *schema.ResourceData, meta interfac
 		ClientCidrBlock:      aws.String(d.Get("client_cidr_block").(string)),
 		ServerCertificateArn: aws.String(d.Get("server_certificate_arn").(string)),
 		TransportProtocol:    aws.String(d.Get("transport_protocol").(string)),
+		VpnPort:              aws.Int64(int64(d.Get("vpn_port").(int))),
 		SplitTunnel:          aws.Bool(d.Get("split_tunnel").(bool)),
 		TagSpecifications:    ec2TagSpecificationsFromMap(d.Get("tags").(map[string]interface{}), ec2.ResourceTypeClientVpnEndpoint),
 	}

diff --git a/aws/resource_aws_ec2_client_vpn_endpoint_test.go b/aws/resource_aws_ec2_client_vpn_endpoint_test.go
@@ -88,6 +88,7 @@ func TestAccAwsEc2ClientVpn(t *testing.T) {
 			"withDNSServers":    testAccAwsEc2ClientVpnEndpoint_withDNSServers,
 			"tags":              testAccAwsEc2ClientVpnEndpoint_tags,
 			"splitTunnel":       testAccAwsEc2ClientVpnEndpoint_splitTunnel,
+			"vpnPort":           testAccAwsEc2ClientVpnEndpoint_vpnPort,
 		},
 		"AuthorizationRule": {
 			"basic":      testAccAwsEc2ClientVpnAuthorizationRule_basic,
@@ -363,6 +364,39 @@ func testAccPreCheckClientVPNSyncronize(t *testing.T) {
 	sync.TestAccPreCheckSyncronize(t, testAccEc2ClientVpnEndpointSemaphore, "Client VPN")
 }
 
+func testAccAwsEc2ClientVpnEndpoint_vpnPort(t *testing.T) {
+	var v1, v2 ec2.ClientVpnEndpoint
+	rName := acctest.RandomWithPrefix("tf-acc-test")
+	resourceName := "aws_ec2_client_vpn_endpoint.test"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t); testAccPreCheckClientVPNSyncronize(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAwsEc2ClientVpnEndpointDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccEc2ClientVpnEndpointConfigVpnPort(rName, 1194),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsEc2ClientVpnEndpointExists(resourceName, &v1),
+					resource.TestCheckResourceAttr(resourceName, "vpn_port", "1194"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccEc2ClientVpnEndpointConfigDefaultVpnPort(rName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAwsEc2ClientVpnEndpointExists(resourceName, &v2),
+					resource.TestCheckResourceAttr(resourceName, "vpn_port", "443"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAwsEc2ClientVpnEndpointDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).ec2conn
 
@@ -646,3 +680,42 @@ resource "aws_ec2_client_vpn_endpoint" "test" {
 }
 `, rName, splitTunnel)
 }
+
+func testAccEc2ClientVpnEndpointConfigVpnPort(rName string, vpnPort int) string {
+	return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(`
+resource "aws_ec2_client_vpn_endpoint" "test" {
+  client_cidr_block      = "10.0.0.0/16"
+  description            = "terraform-testacc-clientvpn-%s"
+  server_certificate_arn = "${aws_acm_certificate.test.arn}"
+  vpn_port               = %d
+
+  authentication_options {
+    type                       = "certificate-authentication"
+    root_certificate_chain_arn = "${aws_acm_certificate.test.arn}"
+  }
+
+  connection_log_options {
+    enabled = false
+  }
+}
+`, rName, vpnPort)
+}
+
+func testAccEc2ClientVpnEndpointConfigDefaultVpnPort(rName string) string {
+	return testAccEc2ClientVpnEndpointConfigAcmCertificateBase() + fmt.Sprintf(`
+resource "aws_ec2_client_vpn_endpoint" "test" {
+  client_cidr_block      = "10.0.0.0/16"
+  description            = "terraform-testacc-clientvpn-%s"
+  server_certificate_arn = "${aws_acm_certificate.test.arn}"
+
+  authentication_options {
+    type                       = "certificate-authentication"
+    root_certificate_chain_arn = "${aws_acm_certificate.test.arn}"
+  }
+
+  connection_log_options {
+    enabled = false
+  }
+}
+`, rName)
+}
diff --git a/website/docs/r/ec2_client_vpn_endpoint.html.markdown b/website/docs/r/ec2_client_vpn_endpoint.html.markdown
@@ -45,6 +45,7 @@ The following arguments are supported:
 * `split_tunnel` - (Optional) Indicates whether split-tunnel is enabled on VPN endpoint. Default value is `false`.
 * `tags` - (Optional) A mapping of tags to assign to the resource.
 * `transport_protocol` - (Optional) The transport protocol to be used by the VPN session. Default value is `udp`.
+* `vpn_port` - (Optional) The port number for the Client VPN endpoint. Valid values are `443` and `1194`. Default value is `443`.
 
 
 ### `authentication_options` Argument Reference