diff --git a/.changelog/41523.txt b/.changelog/41523.txt new file mode 100644 index 000000000000..fe3841271d5e --- /dev/null +++ b/.changelog/41523.txt @@ -0,0 +1,3 @@ +```release-note:bug-fix +resource/aws_route53_resolver_rule: Remove hardcoded defaults for `port` and `protocol` in `target_ip` to allow the AWS API to apply conditional defaults +``` diff --git a/internal/service/route53resolver/rule.go b/internal/service/route53resolver/rule.go index 1368a4e893dc..4702ff34cd66 100644 --- a/internal/service/route53resolver/rule.go +++ b/internal/service/route53resolver/rule.go @@ -103,13 +103,13 @@ func resourceRule() *schema.Resource { names.AttrPort: { Type: schema.TypeInt, Optional: true, - Default: 53, + Computed: true, ValidateFunc: validation.IntBetween(1, 65535), }, names.AttrProtocol: { Type: schema.TypeString, Optional: true, - Default: awstypes.ProtocolDo53, + Computed: true, ValidateDiagFunc: enum.Validate[awstypes.Protocol](), }, }, @@ -381,7 +381,7 @@ func expandRuleTargetIPs(vTargetIps *schema.Set) []awstypes.TargetAddress { if vIpv6, ok := mTargetIp["ipv6"].(string); ok && vIpv6 != "" { targetAddress.Ipv6 = aws.String(vIpv6) } - if vPort, ok := mTargetIp[names.AttrPort].(int); ok { + if vPort, ok := mTargetIp[names.AttrPort].(int); ok && vPort != 0 { targetAddress.Port = aws.Int32(int32(vPort)) } if vProtocol, ok := mTargetIp[names.AttrProtocol].(string); ok && vProtocol != "" { diff --git a/internal/service/route53resolver/rule_test.go b/internal/service/route53resolver/rule_test.go index 540031ae4624..42e0f7362ad8 100644 --- a/internal/service/route53resolver/rule_test.go +++ b/internal/service/route53resolver/rule_test.go @@ -319,7 +319,7 @@ func TestAccRoute53ResolverRule_forwardMultiProtocol(t *testing.T) { CheckDestroy: testAccCheckRuleDestroy(ctx, t), Steps: []resource.TestStep{ { - Config: testAccRuleConfig_forward(rName, domainName), + Config: testAccRuleConfig_forwardMultiProtocol(rName, domainName, "Do53"), Check: resource.ComposeTestCheckFunc( testAccCheckRuleExists(ctx, t, resourceName, &rule), resource.TestCheckResourceAttr(resourceName, names.AttrDomainName, domainName), @@ -375,6 +375,46 @@ func TestAccRoute53ResolverRule_forwardMultiProtocol(t *testing.T) { }) } +func TestAccRoute53ResolverRule_forwardAPIDefaults(t *testing.T) { + ctx := acctest.Context(t) + var rule awstypes.ResolverRule + resourceName := "aws_route53_resolver_rule.test" + epResourceName := "aws_route53_resolver_endpoint.test.0" + domainName := acctest.RandomDomainName() + rName := acctest.RandomWithPrefix(t, acctest.ResourcePrefix) + + acctest.ParallelTest(ctx, t, resource.TestCase{ + PreCheck: func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) }, + ErrorCheck: acctest.ErrorCheck(t, names.Route53ResolverServiceID), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories, + CheckDestroy: testAccCheckRuleDestroy(ctx, t), + Steps: []resource.TestStep{ + { + Config: testAccRuleConfig_forward(rName, domainName), + Check: resource.ComposeTestCheckFunc( + testAccCheckRuleExists(ctx, t, resourceName, &rule), + resource.TestCheckResourceAttr(resourceName, names.AttrDomainName, domainName), + resource.TestCheckResourceAttr(resourceName, names.AttrName, rName), + resource.TestCheckResourceAttr(resourceName, "rule_type", "FORWARD"), + resource.TestCheckResourceAttrPair(resourceName, "resolver_endpoint_id", epResourceName, names.AttrID), + resource.TestCheckResourceAttr(resourceName, "target_ip.#", "1"), + resource.TestCheckTypeSetElemNestedAttrs(resourceName, "target_ip.*", map[string]string{ + "ip": "192.0.2.6", + }), + // Verify that port and protocol are set by the API (computed), not by provider defaults. + resource.TestCheckResourceAttrSet(resourceName, "target_ip.0.port"), + resource.TestCheckResourceAttrSet(resourceName, "target_ip.0.protocol"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func TestAccRoute53ResolverRule_forward_ipv6(t *testing.T) { ctx := acctest.Context(t) var rule1, rule2, rule3 awstypes.ResolverRule