From d9d8708c7ff1a788655b6ab0b70aaf1545af0137 Mon Sep 17 00:00:00 2001
From: John Gardiner Myers <jgmyers@proofpoint.com>
Date: Tue, 30 Nov 2021 21:33:40 -0800
Subject: [PATCH] Don't assign CIDRs to shared subnets

---
 upup/pkg/fi/cloudup/awstasks/subnet.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/upup/pkg/fi/cloudup/awstasks/subnet.go b/upup/pkg/fi/cloudup/awstasks/subnet.go
index 80f41f7f0e992..4104db69dfc00 100644
--- a/upup/pkg/fi/cloudup/awstasks/subnet.go
+++ b/upup/pkg/fi/cloudup/awstasks/subnet.go
@@ -192,6 +192,12 @@ func (s *Subnet) CheckChanges(a, e, changes *Subnet) error {
 		if changes.IPv6CIDR != nil && a.IPv6CIDR != nil {
 			errors = append(errors, fi.FieldIsImmutable(e.IPv6CIDR, a.IPv6CIDR, fieldPath.Child("IPv6CIDR")))
 		}
+
+		if fi.BoolValue(e.Shared) {
+			if changes.IPv6CIDR != nil && a.IPv6CIDR == nil {
+				errors = append(errors, field.Forbidden(fieldPath.Child("IPv6CIDR"), "field cannot be set on shared subnet"))
+			}
+		}
 	}
 
 	if len(errors) != 0 {
@@ -206,7 +212,7 @@ func (_ *Subnet) RenderAWS(t *awsup.AWSAPITarget, a, e, changes *Subnet) error {
 	if shared {
 		// Verify the subnet was found
 		if a == nil {
-			return fmt.Errorf("Subnet with id %q not found", fi.StringValue(e.ID))
+			return fmt.Errorf("subnet with id %q not found", fi.StringValue(e.ID))
 		}
 	}