provider/aws: Specify that aws_network_acl_rule requires a cidr block (#13013)

Fixes: #13011 ``` % make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSNetworkAclRule_' 2 ↵ ✚ ==> Checking that code complies with gofmt requirements... go generate $(go list ./... | grep -v /terraform/vendor/) 2017/03/23 17:45:25 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSNetworkAclRule_ -timeout 120m === RUN TestAccAWSNetworkAclRule_basic --- PASS: TestAccAWSNetworkAclRule_basic (41.10s) === RUN TestAccAWSNetworkAclRule_missingParam --- PASS: TestAccAWSNetworkAclRule_missingParam (21.21s) === RUN TestAccAWSNetworkAclRule_ipv6 --- PASS: TestAccAWSNetworkAclRule_ipv6 (53.00s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 115.333s ```
2017-03-23 19:16:56 +02:00 · 2017-03-23 19:16:56 +02:00 · 1a80044397
parent 6a13d70d40
commit 1a80044397
3 changed files with 50 additions and 4 deletions
--- a/builtin/providers/aws/resource_aws_network_acl_rule.go
+++ b/builtin/providers/aws/resource_aws_network_acl_rule.go
@ -109,12 +109,19 @@ func resourceAwsNetworkAclRuleCreate(d *schema.ResourceData, meta interface{}) e
 		},
 	}

-	if v, ok := d.GetOk("cidr_block"); ok {
-		params.CidrBlock = aws.String(v.(string))
+	cidr, hasCidr := d.GetOk("cidr_block")
+	ipv6Cidr, hasIpv6Cidr := d.GetOk("ipv6_cidr_block")
+
+	if hasCidr == false && hasIpv6Cidr == false {
+		return fmt.Errorf("Either `cidr_block` or `ipv6_cidr_block` must be defined")
 	}

-	if v, ok := d.GetOk("ipv6_cidr_block"); ok {
-		params.Ipv6CidrBlock = aws.String(v.(string))
+	if hasCidr {
+		params.CidrBlock = aws.String(cidr.(string))
+	}
+
+	if hasIpv6Cidr {
+		params.Ipv6CidrBlock = aws.String(ipv6Cidr.(string))
 	}

 	// Specify additional required fields for ICMP. For the list
--- a/builtin/providers/aws/resource_aws_network_acl_rule_test.go
+++ b/builtin/providers/aws/resource_aws_network_acl_rule_test.go
@ -2,6 +2,7 @@ package aws

 import (
 	"fmt"
+	"regexp"
 	"strconv"
 	"testing"

@ -32,6 +33,21 @@ func TestAccAWSNetworkAclRule_basic(t *testing.T) {
 	})
 }

+func TestAccAWSNetworkAclRule_missingParam(t *testing.T) {
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSNetworkAclRuleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config:      testAccAWSNetworkAclRuleMissingParam,
+				ExpectError: regexp.MustCompile("Either `cidr_block` or `ipv6_cidr_block` must be defined"),
+			},
+		},
+	})
+}
+
 func TestAccAWSNetworkAclRule_ipv6(t *testing.T) {
 	var networkAcl ec2.NetworkAcl

@ -214,6 +230,27 @@ resource "aws_network_acl_rule" "wibble" {
 }
 `

+const testAccAWSNetworkAclRuleMissingParam = `
+provider "aws" {
+  region = "us-east-1"
+}
+resource "aws_vpc" "foo" {
+	cidr_block = "10.3.0.0/16"
+}
+resource "aws_network_acl" "bar" {
+	vpc_id = "${aws_vpc.foo.id}"
+}
+resource "aws_network_acl_rule" "baz" {
+	network_acl_id = "${aws_network_acl.bar.id}"
+	rule_number = 200
+	egress = false
+	protocol = "tcp"
+	rule_action = "allow"
+	from_port = 22
+	to_port = 22
+}
+`
+
 const testAccAWSNetworkAclRuleIpv6Config = `
 resource "aws_vpc" "foo" {
 	cidr_block = "10.3.0.0/16"
--- a/website/source/docs/providers/aws/r/network_acl_rule.html.markdown
+++ b/website/source/docs/providers/aws/r/network_acl_rule.html.markdown
@ -29,6 +29,8 @@ resource "aws_network_acl_rule" "bar" {
 }
 ```

+~> **Note:** One of either `cidr_block` or `ipv6_cidr_block` is required.
+
 ## Argument Reference

 The following arguments are supported: