opentelekomcloud · otc-zuul · Dec 1, 2022 · Nov 30, 2022 · Dec 1, 2022 · Dec 1, 2022
diff --git a/docs/resources/vpnaas_site_connection_v2.md b/docs/resources/vpnaas_site_connection_v2.md
@@ -73,7 +73,7 @@ The following arguments are supported:
 
 * `peer_address` - (Required) The peer gateway public IPv4 or IPv6 address or FQDN.
 
-* `psk` - (Required) The pre-shared key. A valid value is any string.
+* `psk` - (Required) The pre-shared key. A PSK can contain 6 to 128 characters. Spaces and the following special characters are not allowed: `<>&?*'"`.
 
 * `initiator` - (Optional) A valid value is `response-only` or `bi-directional`.
 

diff --git a/opentelekomcloud/acceptance/vpn/resource_opentelekomcloud_vpnaas_site_connection_v2_test.go b/opentelekomcloud/acceptance/vpn/resource_opentelekomcloud_vpnaas_site_connection_v2_test.go
@@ -137,7 +137,7 @@ resource "opentelekomcloud_vpnaas_site_connection_v2" "conn_1" {
   ikepolicy_id      = opentelekomcloud_vpnaas_ike_policy_v2.policy_2.id
   ipsecpolicy_id    = opentelekomcloud_vpnaas_ipsec_policy_v2.policy_1.id
   vpnservice_id     = opentelekomcloud_vpnaas_service_v2.service_1.id
-  psk               = "secret"
+  psk               = "secret./"
   peer_address      = "192.168.10.1"
   peer_id           = "192.168.10.1"
   local_ep_group_id = opentelekomcloud_vpnaas_endpoint_group_v2.group_2.id

diff --git a/opentelekomcloud/services/vpn/resource_opentelekomcloud_vpnaas_site_connection_v2.go b/opentelekomcloud/services/vpn/resource_opentelekomcloud_vpnaas_site_connection_v2.go
@@ -4,12 +4,14 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"regexp"
 	"time"
 
 	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
 	"github.com/opentelekomcloud/gophertelekomcloud/openstack/common/tags"
 	"github.com/opentelekomcloud/gophertelekomcloud/openstack/networking/v2/extensions/vpnaas/siteconnections"
@@ -19,6 +21,12 @@ import (
 	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/fmterr"
 )
 
+var (
+	// A PSK can contain 6 to 128 characters.
+	// Spaces and the following special characters are not allowed: <>&?*'"
+	pskRegex = regexp.MustCompile("^[^ <>&?*'\"]{6,128}$")
+)
+
 func ResourceVpnSiteConnectionV2() *schema.Resource {
 	return &schema.Resource{
 		CreateContext: resourceVpnSiteConnectionV2Create,
@@ -93,6 +101,8 @@ func ResourceVpnSiteConnectionV2() *schema.Resource {
 			"psk": {
 				Type:     schema.TypeString,
 				Required: true,
+				ValidateFunc: validation.StringMatch(pskRegex, "Invalid pks value. "+
+					"A PSK can contain 6 to 128 characters. Spaces and the following special characters are not allowed: <>&?*'\"."),
 			},
 			"initiator": {
 				Type:     schema.TypeString,

diff --git a/releasenotes/notes/vpn-psk-validation-84ab02be99ccb6db.yaml b/releasenotes/notes/vpn-psk-validation-84ab02be99ccb6db.yaml
@@ -0,0 +1,4 @@
+---
+other:
+  - |
+    **[VPN]** Add validation and update documentation for ``psk`` in ``resource/opentelekomcloud_vpnaas_site_connection_v2`` (`#2011 <https://github.com/opentelekomcloud/terraform-provider-opentelekomcloud/pull/2011>`_)