From 3dc23704f2ed49373363d2614caf7780c9a831dc Mon Sep 17 00:00:00 2001
From: aristosvo <8375124+aristosvo@users.noreply.github.com>
Date: Fri, 9 Feb 2024 20:22:47 +0100
Subject: [PATCH] `r/aws_route53_resolver_rule`: add `protocols`

---
 internal/service/route53resolver/rule.go      |  14 ++-
 internal/service/route53resolver/rule_test.go | 111 ++++++++++++++++++
 2 files changed, 123 insertions(+), 2 deletions(-)

diff --git a/internal/service/route53resolver/rule.go b/internal/service/route53resolver/rule.go
index f730a1a194f1..fe3951f1c655 100644
--- a/internal/service/route53resolver/rule.go
+++ b/internal/service/route53resolver/rule.go
@@ -98,6 +98,12 @@ func ResourceRule() *schema.Resource {
 							Default:      53,
 							ValidateFunc: validation.IntBetween(1, 65535),
 						},
+						"protocol": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							Default:      route53resolver.ProtocolDo53,
+							ValidateFunc: validation.StringInSlice(route53resolver.Protocol_Values(), false),
+						},
 					},
 				},
 			},
@@ -368,6 +374,9 @@ func expandRuleTargetIPs(vTargetIps *schema.Set) []*route53resolver.TargetAddres
 		if vPort, ok := mTargetIp["port"].(int); ok {
 			targetAddress.Port = aws.Int64(int64(vPort))
 		}
+		if vProtocol, ok := mTargetIp["protocol"].(string); ok && vProtocol != "" {
+			targetAddress.Protocol = aws.String(vProtocol)
+		}
 
 		targetAddresses = append(targetAddresses, targetAddress)
 	}
@@ -384,8 +393,9 @@ func flattenRuleTargetIPs(targetAddresses []*route53resolver.TargetAddress) []in
 
 	for _, targetAddress := range targetAddresses {
 		mTargetIp := map[string]interface{}{
-			"ip":   aws.StringValue(targetAddress.Ip),
-			"port": int(aws.Int64Value(targetAddress.Port)),
+			"ip":       aws.StringValue(targetAddress.Ip),
+			"port":     int(aws.Int64Value(targetAddress.Port)),
+			"protocol": aws.StringValue(targetAddress.Protocol),
 		}
 
 		vTargetIps = append(vTargetIps, mTargetIp)
diff --git a/internal/service/route53resolver/rule_test.go b/internal/service/route53resolver/rule_test.go
index 2d2fe94c2d3e..33874ff6379e 100644
--- a/internal/service/route53resolver/rule_test.go
+++ b/internal/service/route53resolver/rule_test.go
@@ -304,6 +304,77 @@ func TestAccRoute53ResolverRule_forward(t *testing.T) {
 	})
 }
 
+func TestAccRoute53ResolverRule_forwardMultiProtocol(t *testing.T) {
+	ctx := acctest.Context(t)
+	var rule route53resolver.ResolverRule
+	resourceName := "aws_route53_resolver_rule.test"
+	epResourceName := "aws_route53_resolver_endpoint.test.0"
+	domainName := acctest.RandomDomainName()
+	rName := sdkacctest.RandomWithPrefix(acctest.ResourcePrefix)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(ctx, t); testAccPreCheck(ctx, t) },
+		ErrorCheck:               acctest.ErrorCheck(t, route53resolver.EndpointsID),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories,
+		CheckDestroy:             testAccCheckRuleDestroy(ctx),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccRuleConfig_forward(rName, domainName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckRuleExists(ctx, resourceName, &rule),
+					resource.TestCheckResourceAttr(resourceName, "domain_name", domainName),
+					resource.TestCheckResourceAttr(resourceName, "name", rName),
+					resource.TestCheckResourceAttr(resourceName, "rule_type", "FORWARD"),
+					resource.TestCheckResourceAttrPair(resourceName, "resolver_endpoint_id", epResourceName, "id"),
+					resource.TestCheckResourceAttr(resourceName, "target_ip.#", "1"),
+					resource.TestCheckTypeSetElemNestedAttrs(resourceName, "target_ip.*", map[string]string{
+						"ip":       "192.0.2.6",
+						"port":     "53",
+						"protocol": "Do53",
+					}),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccRuleConfig_forwardMultiProtocol(rName, domainName, "DoH"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckRuleExists(ctx, resourceName, &rule),
+					resource.TestCheckResourceAttr(resourceName, "domain_name", domainName),
+					resource.TestCheckResourceAttr(resourceName, "name", rName),
+					resource.TestCheckResourceAttr(resourceName, "rule_type", "FORWARD"),
+					resource.TestCheckResourceAttrPair(resourceName, "resolver_endpoint_id", epResourceName, "id"),
+					resource.TestCheckResourceAttr(resourceName, "target_ip.#", "1"),
+					resource.TestCheckTypeSetElemNestedAttrs(resourceName, "target_ip.*", map[string]string{
+						"ip":       "192.0.2.6",
+						"port":     "53",
+						"protocol": "DoH",
+					}),
+				),
+			},
+			{
+				Config: testAccRuleConfig_forwardMultiProtocol(rName, domainName, "Do53"),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckRuleExists(ctx, resourceName, &rule),
+					resource.TestCheckResourceAttr(resourceName, "domain_name", domainName),
+					resource.TestCheckResourceAttr(resourceName, "name", rName),
+					resource.TestCheckResourceAttr(resourceName, "rule_type", "FORWARD"),
+					resource.TestCheckResourceAttrPair(resourceName, "resolver_endpoint_id", epResourceName, "id"),
+					resource.TestCheckResourceAttr(resourceName, "target_ip.#", "1"),
+					resource.TestCheckTypeSetElemNestedAttrs(resourceName, "target_ip.*", map[string]string{
+						"ip":       "192.0.2.6",
+						"port":     "53",
+						"protocol": "Do53",
+					}),
+				),
+			},
+		},
+	})
+}
+
 func TestAccRoute53ResolverRule_forwardEndpointRecreate(t *testing.T) {
 	ctx := acctest.Context(t)
 	var rule1, rule2 route53resolver.ResolverRule
@@ -485,6 +556,23 @@ resource "aws_route53_resolver_rule" "test" {
 `, rName, domainName))
 }
 
+func testAccRuleConfig_forwardMultiProtocol(rName, domainName, protocol string) string {
+	return acctest.ConfigCompose(testAccRuleConfig_resolverEndpointMultiProtocolBase(rName), fmt.Sprintf(`
+resource "aws_route53_resolver_rule" "test" {
+  domain_name = %[2]q
+  rule_type   = "FORWARD"
+  name        = %[1]q
+
+  resolver_endpoint_id = aws_route53_resolver_endpoint.test[0].id
+
+  target_ip {
+    ip       = "192.0.2.6"
+    protocol = %[3]q
+  }
+}
+`, rName, domainName, protocol))
+}
+
 func testAccRuleConfig_forwardTargetIPChanged(rName, domainName string) string {
 	return acctest.ConfigCompose(testAccRuleConfig_resolverEndpointBase(rName), fmt.Sprintf(`
 resource "aws_route53_resolver_rule" "test" {
@@ -621,3 +709,26 @@ resource "aws_route53_resolver_endpoint" "test" {
 }
 `, rName))
 }
+
+func testAccRuleConfig_resolverEndpointMultiProtocolBase(rName string) string {
+	return acctest.ConfigCompose(testAccRuleConfig_vpcBase(rName), fmt.Sprintf(`
+resource "aws_route53_resolver_endpoint" "test" {
+  count = 2
+
+  direction = "OUTBOUND"
+  name      = "%[1]s-${count.index}"
+
+  security_group_ids = [aws_security_group.test[0].id]
+
+  ip_address {
+    subnet_id = aws_subnet.test[2].id
+  }
+
+  ip_address {
+    subnet_id = aws_subnet.test[count.index].id
+  }
+
+  protocols = ["Do53", "DoH"]
+}
+`, rName))
+}