diff --git a/.changelog/3045.txt b/.changelog/3045.txt new file mode 100644 index 0000000000..2f66471216 --- /dev/null +++ b/.changelog/3045.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +compute: added additional validation to `google_cloud_router`'s `bgp.asn` field. +``` diff --git a/google-beta/resource_compute_router.go b/google-beta/resource_compute_router.go index 6033404950..72a4f9e0c5 100644 --- a/google-beta/resource_compute_router.go +++ b/google-beta/resource_compute_router.go @@ -70,8 +70,9 @@ except the last character, which cannot be a dash.`, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "asn": { - Type: schema.TypeInt, - Required: true, + Type: schema.TypeInt, + Required: true, + ValidateFunc: validateRFC6996Asn, Description: `Local BGP Autonomous System Number (ASN). Must be an RFC6996 private ASN, either 16-bit or 32-bit. The value will be fixed for this router resource. All VPN tunnels that link to this router diff --git a/google-beta/validation.go b/google-beta/validation.go index 7ce1ccd209..2a66e65fef 100644 --- a/google-beta/validation.go +++ b/google-beta/validation.go @@ -61,6 +61,14 @@ var ( ProjectNameInDNSFormRegex = "[-a-z0-9\\.]{1,63}" ProjectNameRegex = "^[A-Za-z0-9-'\"\\s!]{4,30}$" + + // Valid range for Cloud Router ASN values as per RFC6996 + // https://tools.ietf.org/html/rfc6996 + Rfc6996Asn16BitMin = 64512 + Rfc6996Asn16BitMax = 65534 + Rfc6996Asn32BitMin = 4200000000 + Rfc6996Asn32BitMax = 4294967294 + GcpRouterPartnerAsn = 16550 ) var rfc1918Networks = []string{ @@ -74,6 +82,19 @@ func validateGCPName(v interface{}, k string) (ws []string, errors []error) { return validateRegexp(re)(v, k) } +// Ensure that the BGP ASN value of Cloud Router is a valid value as per RFC6996 or a value of 16550 +func validateRFC6996Asn(v interface{}, k string) (ws []string, errors []error) { + value := v.(int) + if !(value >= Rfc6996Asn16BitMin && value <= Rfc6996Asn16BitMax) && + !(value >= Rfc6996Asn32BitMin && value <= Rfc6996Asn32BitMax) && + value != GcpRouterPartnerAsn { + errors = append(errors, fmt.Errorf(`expected %q to be a RFC6996-compliant Local ASN: +must be either in the private ASN ranges: [64512..65534], [4200000000..4294967294]; +or be the value of [%d], got %d`, k, GcpRouterPartnerAsn, value)) + } + return +} + func validateRegexp(re string) schema.SchemaValidateFunc { return func(v interface{}, k string) (ws []string, errors []error) { value := v.(string)