azurerm_vpn_gateway_connection/ike_encryption_algorithm missing value "None"

[ryanuy]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.2.2

AzureRM Provider Version

3.47.0

Affected Resource(s)/Data Source(s)

azurerm_vpn_gateway_connection

Terraform Configuration Files

resource "azurerm_vpn_gateway_connection" "zscaler-sea" {
  provider           = azurerm.connectivity
  name               = "zscaler-sea"
  vpn_gateway_id     = azurerm_vpn_gateway.sea-vpngw01.id
  remote_vpn_site_id = azurerm_vpn_site.sea-vpn-site01.id

  vpn_link {
    name             = "zscaler-singapore"
    vpn_site_link_id = azurerm_vpn_site.sea-vpn-site01.link[0].id
    bandwidth_mbps   = "500"

    ipsec_policy {
      //IKE Phase 1
      encryption_algorithm = "AES256"
      integrity_algorithm  = "SHA256"
      dh_group             = "DHGroup14"

      //IKE Phase 2
      ike_encryption_algorithm = "None"
      ike_integrity_algorithm = "SHA256"
      pfs_group               = "None"
      sa_data_size_kb         = "102400000"
      sa_lifetime_sec         = "27000"
    }
  }

  vpn_link {
    name             = "zscaler-hongkong"
    vpn_site_link_id = azurerm_vpn_site.sea-vpn-site01.link[1].id
    bandwidth_mbps   = "500"

    ipsec_policy {
      //IKE Phase 1
      encryption_algorithm = "AES256"
      integrity_algorithm  = "SHA256"
      dh_group             = "DHGroup14"

      //IKE Phase 2
      ike_encryption_algorithm = "None"
      ike_integrity_algorithm = "SHA256"
      pfs_group               = "None"
      sa_data_size_kb         = "102400000"
      sa_lifetime_sec         = "27000"
    }
  }
}

Debug Output/Panic Output

Error: expected vpn_link.0.ipsec_policy.0.ike_encryption_algorithm to be one of [DES DES3 AES128 AES192 AES256 GCMAES128 GCMAES256], got None
│ 
│   with azurerm_vpn_gateway_connection.zscaler-sea,
│   on test-azurevirtualnetwork.tf line 144, in resource "azurerm_vpn_gateway_connection" "zscaler-sea":
│  144:       ike_encryption_algorithm = "None"
│ 
╵
╷
│ Error: expected vpn_link.1.ipsec_policy.0.ike_encryption_algorithm to be one of [DES DES3 AES128 AES192 AES256 GCMAES128 GCMAES256], got None
│ 
│   with azurerm_vpn_gateway_connection.zscaler-sea,
│   on test-azurevirtualnetwork.tf line 164, in resource "azurerm_vpn_gateway_connection" "zscaler-sea":
│  164:       ike_encryption_algorithm = "None"
│ 
╵

Expected Behaviour

It should have accepted the "None" option as it can be configured in the portal.

Actual Behaviour

Validation is failing due to "None" value is not accepeted

Steps to Reproduce

Changing to supported values removes the error but putting it to "None" give the error

Important Factoids

No response

References

ike_encryption_algorithm - (Required) The IKE encryption algorithm (IKE phase 2). Possible values are DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES256.

"None" should be a valid value.

[neil-yechenwei]

Thanks for raising this issue. Seems service API doesn't support it for now per the api definition. Once it's supported, we can take another look. Thanks.

[ryanuy]

Thank you for looking into this.On 16 Mar 2023, at 4:31 pm, Neil Ye @.***> wrote: Thanks for raising this issue. Seems service API doesn't support it for now per the api definition. Once it's supported, we can take another look. Thanks.

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.***>

[rcskosir]

Thanks for taking the time to open this issue. It looks like the behavior you requested is not supported by the underlying Azure API so I am going to label this issue as such and close it for now. If you create a request on Azure/azure-rest-api-specs, feel free to add the link here. When it gets added, we can reopen this request or you can create a new one.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.