feat(instance_server): prevent usage of routed_ip_enabled as false

Author: Codelax

internal/services/instance/server.go

@@ -229,6 +229,7 @@ func ResourceServer() *schema.Resource {
 			"ipv6_prefix_length": {
 				Type:        schema.TypeInt,
 				Computed:    true,
+				Deprecated:  "Please use a scaleway_instance_ip with a `routed_ipv6` type",
 				Description: "The IPv6 prefix length routed to the server.",
 			},
 			"enable_dynamic_ip": {
@@ -338,9 +339,25 @@ func ResourceServer() *schema.Resource {
 			},
 			"routed_ip_enabled": {
 				Type:        schema.TypeBool,
-				Description: "If server supports routed IPs, default to true if public_ips is used",
+				Description: "If server supports routed IPs, default to true",
 				Optional:    true,
 				Computed:    true,
+				ValidateDiagFunc: func(i interface{}, path cty.Path) diag.Diagnostics {
+					if i == nil {
+						return nil
+					}
+					if i.(bool) == false {
+						return diag.Diagnostics{{
+							Severity:      diag.Error,
+							Summary:       "NAT IPs are not supported anymore",
+							Detail:        "Remove explicit disabling, enable it or downgrade terraform.",
+							AttributePath: cty.GetAttrPath("routed_ip_enabled"),
+						}}
+					}
+
+					return nil
+				},
+				Deprecated: "Routed IP is the default configuration, it should always be true",
 			},
 			"zone":            zonal.Schema(),
 			"organization_id": account.OrganizationIDSchema(),

internal/services/instance/server_test.go

@@ -1,25 +1,20 @@
 package instance_test
 
 import (
-	"context"
 	"errors"
 	"fmt"
 	"regexp"
 	"strings"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 	instanceSDK "github.com/scaleway/scaleway-sdk-go/api/instance/v1"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/acctest"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/locality"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/locality/zonal"
-	"github.com/scaleway/terraform-provider-scaleway/v2/internal/meta"
-	"github.com/scaleway/terraform-provider-scaleway/v2/internal/provider"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/instance"
 	instancechecks "github.com/scaleway/terraform-provider-scaleway/v2/internal/services/instance/testfuncs"
-	"github.com/stretchr/testify/require"
 )
 
 func TestAccServer_Minimal1(t *testing.T) {
@@ -731,36 +726,34 @@ func TestAccServer_Ipv6(t *testing.T) {
 		Steps: []resource.TestStep{
 			{
 				Config: `
+					resource "scaleway_instance_ip" "ip" {
+						type = "routed_ipv6"
+					}
+
 					resource "scaleway_instance_server" "server01" {
 						image = "ubuntu_focal"
-		  				type  = "DEV1-S"
-		  				enable_ipv6 = true
-						routed_ip_enabled = false
+		  				type  = "PLAY2-PICO"
+						ip_ids = [scaleway_instance_ip.ip.id]
 					}
 				`,
 				Check: resource.ComposeTestCheckFunc(
 					isServerPresent(tt, "scaleway_instance_server.server01"),
-					// enable_ipv6, ipv6_address and ipv6_gateway are marked as deprecated
-					resource.TestCheckResourceAttr("scaleway_instance_server.server01", "enable_ipv6", "true"),
-					acctest.CheckResourceAttrIPv6("scaleway_instance_server.server01", "ipv6_address"),
-					acctest.CheckResourceAttrIPv6("scaleway_instance_server.server01", "ipv6_gateway"),
-					resource.TestCheckResourceAttr("scaleway_instance_server.server01", "ipv6_prefix_length", "64"),
+					acctest.CheckResourceAttrIPv6("scaleway_instance_server.server01", "public_ips.0.address"),
 				),
 			},
 			{
 				Config: `
 					resource "scaleway_instance_server" "server01" {
 						image = "ubuntu_focal"
-		  				type  = "DEV1-S"
-		  				enable_ipv6 = false
-						routed_ip_enabled = false
+		  				type  = "PLAY2-PICO"
 					}
 				`,
 				Check: resource.ComposeTestCheckFunc(
 					isServerPresent(tt, "scaleway_instance_server.server01"),
 					resource.TestCheckResourceAttr("scaleway_instance_server.server01", "ipv6_address", ""),
 					resource.TestCheckResourceAttr("scaleway_instance_server.server01", "ipv6_gateway", ""),
 					resource.TestCheckResourceAttr("scaleway_instance_server.server01", "ipv6_prefix_length", "0"),
+					resource.TestCheckResourceAttr("scaleway_instance_server.server01", "public_ips.#", "0"),
 				),
 			},
 		},
@@ -1496,94 +1489,6 @@ func serverIDsAreDifferent(nameFirst, nameSecond string) resource.TestCheckFunc
 	}
 }
 
-func TestAccServer_RoutedIPEnable(t *testing.T) {
-	tt := acctest.NewTestTools(t)
-	defer tt.Cleanup()
-	resource.ParallelTest(t, resource.TestCase{
-		PreCheck:          func() { acctest.PreCheck(t) },
-		ProviderFactories: tt.ProviderFactories,
-		CheckDestroy:      instancechecks.IsServerDestroyed(tt),
-		Steps: []resource.TestStep{
-			{
-				Config: `
-					resource "scaleway_instance_server" "main" {
-						name  = "tf-tests-instance-server-routedip"
-						image = "ubuntu_jammy"
-						type  = "PRO2-XXS"
-						state = "stopped"
-						routed_ip_enabled = false
-					}`,
-				Check: resource.ComposeTestCheckFunc(
-					arePrivateNICsPresent(tt, "scaleway_instance_server.main"),
-					resource.TestCheckResourceAttr("scaleway_instance_server.main", "routed_ip_enabled", "false"),
-				),
-			},
-			{
-				Config: `
-					resource "scaleway_instance_server" "main" {
-						name  = "tf-tests-instance-server-routedip"
-						image = "ubuntu_jammy"
-						type  = "PRO2-XXS"
-						routed_ip_enabled = true
-						state = "stopped"
-					}`,
-				Check: resource.ComposeTestCheckFunc(
-					arePrivateNICsPresent(tt, "scaleway_instance_server.main"),
-					resource.TestCheckResourceAttr("scaleway_instance_server.main", "routed_ip_enabled", "true"),
-				),
-			},
-		},
-	})
-}
-
-func TestAccServer_RoutedIPEnableWithIP(t *testing.T) {
-	tt := acctest.NewTestTools(t)
-	defer tt.Cleanup()
-	resource.ParallelTest(t, resource.TestCase{
-		PreCheck:          func() { acctest.PreCheck(t) },
-		ProviderFactories: tt.ProviderFactories,
-		CheckDestroy:      instancechecks.IsServerDestroyed(tt),
-		Steps: []resource.TestStep{
-			{
-				Config: `
-					resource "scaleway_instance_ip" "main" {
-						type = "nat"
-					}
-
-					resource "scaleway_instance_server" "main" {
-						name  = "tf-tests-instance-server-routedip-enable-with-ip"
-						ip_id = scaleway_instance_ip.main.id
-						image = "ubuntu_jammy"
-						type  = "PRO2-XXS"
-						state = "stopped"
-						routed_ip_enabled = false
-					}`,
-				Check: resource.ComposeTestCheckFunc(
-					arePrivateNICsPresent(tt, "scaleway_instance_server.main"),
-					resource.TestCheckResourceAttr("scaleway_instance_server.main", "routed_ip_enabled", "false"),
-				),
-			},
-			{
-				Config: `
-					resource "scaleway_instance_ip" "main" {}
-
-					resource "scaleway_instance_server" "main" {
-						name  = "tf-tests-instance-server-routedip-enable-with-ip"
-						ip_id = scaleway_instance_ip.main.id
-						image = "ubuntu_jammy"
-						type  = "PRO2-XXS"
-						state = "stopped"
-						routed_ip_enabled = true
-					}`,
-				Check: resource.ComposeTestCheckFunc(
-					arePrivateNICsPresent(tt, "scaleway_instance_server.main"),
-					resource.TestCheckResourceAttr("scaleway_instance_server.main", "routed_ip_enabled", "true"),
-				),
-			},
-		},
-	})
-}
-
 func TestAccServer_IPs(t *testing.T) {
 	tt := acctest.NewTestTools(t)
 	defer tt.Cleanup()
@@ -1762,178 +1667,6 @@ func TestAccServer_IPsRemoved(t *testing.T) {
 	})
 }
 
-func TestAccServer_IPMigrate(t *testing.T) {
-	tt := acctest.NewTestTools(t)
-	defer tt.Cleanup()
-
-	ctx := context.Background()
-	// This come from iam_policy tests to use policies in tests
-	project, iamAPIKey, terminateFakeSideProject, err := acctest.CreateFakeIAMManager(tt)
-	require.NoError(t, err)
-
-	// This is the provider factory that will use the temporary project
-	providerFactories := acctest.FakeSideProjectProviders(ctx, tt, project, iamAPIKey)
-
-	// Goal of this test is to check that an IP will not get detached if moved from ip_id to ip_ids
-	// Between the two steps we will create an API key that cannot update the IP,
-	// it should fail if the provider tries to detach
-	temporaryAccessKey := ""
-	temporarySecretKey := ""
-	customProviderFactory := map[string]func() (*schema.Provider, error){
-		"scaleway": func() (*schema.Provider, error) {
-			m, err := meta.NewMeta(context.Background(), &meta.Config{
-				ProviderSchema:   nil,
-				TerraformVersion: "terraform-tests",
-				HTTPClient:       tt.Meta.HTTPClient(),
-				ForceAccessKey:   temporaryAccessKey,
-				ForceSecretKey:   temporarySecretKey,
-			})
-			if err != nil {
-				return nil, err
-			}
-			return provider.Provider(&provider.Config{Meta: m})(), nil
-		},
-	}
-
-	resource.ParallelTest(t, resource.TestCase{
-		PreCheck: func() { acctest.PreCheck(t) },
-		CheckDestroy: resource.ComposeAggregateTestCheckFunc(
-			func(_ *terraform.State) error {
-				return terminateFakeSideProject()
-			},
-			instancechecks.IsServerDestroyed(tt),
-		),
-		Steps: []resource.TestStep{
-			{
-				ProviderFactories: providerFactories,
-				Config: fmt.Sprintf(`
-					resource "scaleway_instance_ip" "ip" {
-						type = "nat"
-					}
-
-					resource "scaleway_instance_server" "main" {
-						ip_id = scaleway_instance_ip.ip.id
-						image = "ubuntu_jammy"
-						type  = "PRO2-XXS"
-						state = "stopped"
-						routed_ip_enabled = false
-					}
-
-					resource "scaleway_iam_application" "app" {
-						name = "tf_tests_instance_server_ipmigrate"
-					}
-
-					resource "scaleway_iam_policy" "policy" {
-						application_id = scaleway_iam_application.app.id
-						rule {
-							permission_set_names = ["InstancesReadOnly"]
-							organization_id = %[1]q
-						}
-						rule {
-							permission_set_names = ["ProjectReadOnly", "IAMReadOnly"]
-							organization_id = %[1]q
-						}
-					}
-
-					resource "scaleway_iam_api_key" "key" {
-						application_id = scaleway_iam_application.app.id
-					}`, project.OrganizationID),
-				Check: resource.ComposeTestCheckFunc(
-					arePrivateNICsPresent(tt, "scaleway_instance_server.main"),
-					resource.TestCheckResourceAttr("scaleway_instance_server.main", "routed_ip_enabled", "false"),
-					resource.TestCheckResourceAttr("scaleway_instance_server.main", "public_ips.#", "1"),
-					func(s *terraform.State) error {
-						rs, ok := s.RootModule().Resources["scaleway_iam_api_key.key"]
-						if !ok {
-							return fmt.Errorf("resource was not found: %s", "scaleway_iam_api_key.key")
-						}
-						temporaryAccessKey = rs.Primary.Attributes["access_key"]
-						temporarySecretKey = rs.Primary.Attributes["secret_key"]
-
-						return nil
-					},
-				),
-			},
-			{
-				ProviderFactories: customProviderFactory,
-				// With migration supported, this should make no changes
-				// This is validated because we cannot add a nat IP to ip_ids
-				// This would fail if not moved from ip_id to ip_ids
-				Config: fmt.Sprintf(`
-					resource "scaleway_instance_ip" "ip" {
-						type = "nat"
-					}
-
-					resource "scaleway_instance_server" "main" {
-						ip_ids = [scaleway_instance_ip.ip.id]
-						image = "ubuntu_jammy"
-						type  = "PRO2-XXS"
-						state = "stopped"
-					}
-
-					resource "scaleway_iam_application" "app" {
-						name = "tf_tests_instance_server_ipmigrate"
-					}
-
-					resource "scaleway_iam_policy" "policy" {
-						application_id = scaleway_iam_application.app.id
-						rule {
-							permission_set_names = ["InstancesReadOnly"]
-							organization_id = %[1]q
-						}
-						rule {
-							permission_set_names = ["ProjectReadOnly", "IAMReadOnly"]
-							organization_id = %[1]q
-						}
-					}
-
-					resource "scaleway_iam_api_key" "key" {
-						application_id = scaleway_iam_application.app.id
-					}`, project.OrganizationID),
-				Check: resource.ComposeTestCheckFunc(
-					arePrivateNICsPresent(tt, "scaleway_instance_server.main"),
-					resource.TestCheckResourceAttr("scaleway_instance_server.main", "public_ips.#", "1"),
-				),
-			},
-			{
-				ProviderFactories: tt.ProviderFactories,
-				// Last step with default api key to remove resources
-				Config: fmt.Sprintf(`
-					resource "scaleway_instance_ip" "ip" {
-						type = "nat"
-					}
-
-					resource "scaleway_instance_server" "main" {
-						ip_ids = [scaleway_instance_ip.ip.id]
-						image = "ubuntu_jammy"
-						type  = "PRO2-XXS"
-						state = "stopped"
-					}
-
-					resource "scaleway_iam_application" "app" {
-						name = "tf_tests_instance_server_ipmigrate"
-					}
-
-					resource "scaleway_iam_policy" "policy" {
-						application_id = scaleway_iam_application.app.id
-						rule {
-							permission_set_names = ["InstancesReadOnly"]
-							organization_id = %[1]q
-						}
-						rule {
-							permission_set_names = ["ProjectReadOnly", "IAMReadOnly"]
-							organization_id = %[1]q
-						}
-					}
-
-					resource "scaleway_iam_api_key" "key" {
-						application_id = scaleway_iam_application.app.id
-					}`, project.OrganizationID),
-			},
-		},
-	})
-}
-
 func TestAccServer_BlockExternal(t *testing.T) {
 	tt := acctest.NewTestTools(t)
 	defer tt.Cleanup()