[compatibility]

1. compatibility

Author: brickzzhang

tencentcloud/resource_tc_vpn_connection.go

@@ -76,10 +76,21 @@ func resourceTencentCloudVpnConnection() *schema.Resource {
 				Description:  "Name of the VPN connection. The length of character is limited to 1-60.",
 			},
 			"vpc_id": {
-				Type:        schema.TypeString,
-				Optional:    true,
-				ForceNew:    true,
-				Description: "ID of the VPC. Required if vpn gateway is not in `CCN` type, and doesn't make sense for `CCN` vpn gateway.",
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+					if v, ok := d.GetOk("is_ccn_type"); ok && v.(bool) {
+						return true
+					}
+					return old == new
+				},
+				Description: "ID of the VPC. Required if vpn gateway is not in `CCN` type, and not allowed to be used for `CCN` vpn gateway.",
+			},
+			"is_ccn_type": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Indicate whether is ccn type. Modification of this field only impacts force new login of `vpc_id`. If `is_ccn_type` is true, modification of `vpc_id` will be ignored.",
 			},
 			"customer_gateway_id": {
 				Type:        schema.TypeString,
@@ -274,38 +285,21 @@ func resourceTencentCloudVpnConnection() *schema.Resource {
 func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interface{}) error {
 	defer logElapsed("resource.tencentcloud_vpn_connection.create")()
 
-	logId := getLogId(contextNil)
-	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+	var (
+		logId   = getLogId(contextNil)
+		ctx     = context.WithValue(context.TODO(), logIdKey, logId)
+		service = VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
+	)
 
 	// pre check vpn gateway id
-	requestVpngw := vpc.NewDescribeVpnGatewaysRequest()
-	requestVpngw.VpnGatewayIds = []*string{helper.String(d.Get("vpn_gateway_id").(string))}
-	var responseVpngw *vpc.DescribeVpnGatewaysResponse
-	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
-		result, e := meta.(*TencentCloudClient).apiV3Conn.UseVpcClient().DescribeVpnGateways(requestVpngw)
-		if e != nil {
-			ee, ok := e.(*errors.TencentCloudSDKError)
-			if !ok {
-				return retryError(e)
-			}
-			if ee.Code == VPCNotFound {
-				return nil
-			} else {
-				return retryError(e)
-			}
-		}
-		responseVpngw = result
-		return nil
-	})
+	has, gateway, err := service.DescribeVpngwById(ctx, d.Get("vpn_gateway_id").(string))
 	if err != nil {
 		return err
 	}
-	if len(responseVpngw.Response.VpnGatewaySet) < 1 {
+	if !has {
 		return fmt.Errorf("[CRITAL] vpn_gateway_id %s doesn't exist", d.Get("vpn_gateway_id").(string))
 	}
 
-	gateway := responseVpngw.Response.VpnGatewaySet[0]
-
 	// create vpn connection
 	request := vpc.NewCreateVpnConnectionRequest()
 	request.VpnConnectionName = helper.String(d.Get("name").(string))
@@ -519,8 +513,11 @@ func resourceTencentCloudVpnConnectionRead(d *schema.ResourceData, meta interfac
 	defer logElapsed("resource.tencentcloud_vpn_connection.read")()
 	defer inconsistentCheck(d, meta)()
 
-	logId := getLogId(contextNil)
-	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+	var (
+		logId   = getLogId(contextNil)
+		ctx     = context.WithValue(context.TODO(), logIdKey, logId)
+		service = VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
+	)
 
 	connectionId := d.Id()
 	request := vpc.NewDescribeVpnConnectionsRequest()
@@ -550,6 +547,22 @@ func resourceTencentCloudVpnConnectionRead(d *schema.ResourceData, meta interfac
 	_ = d.Set("name", *connection.VpnConnectionName)
 	_ = d.Set("create_time", *connection.CreatedTime)
 	_ = d.Set("vpn_gateway_id", *connection.VpnGatewayId)
+
+	// get vpngw type
+	has, gateway, err := service.DescribeVpngwById(ctx, d.Get("vpn_gateway_id").(string))
+	if err != nil {
+		log.Printf("[CRITAL]%s read vpn_geteway failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+	if !has {
+		return fmt.Errorf("[CRITAL] vpn_gateway_id %s doesn't exist", d.Get("vpn_gateway_id").(string))
+	}
+
+	if *gateway.Type != "CCN" {
+		_ = d.Set("vpc_id", *connection.VpcId)
+	}
+
+	_ = d.Set("is_ccn_type", *gateway.Type == "CCN")
 	_ = d.Set("customer_gateway_id", *connection.CustomerGatewayId)
 	_ = d.Set("pre_share_key", *connection.PreShareKey)
 	//set up SPD

tencentcloud/resource_tc_vpn_gateway.go

@@ -76,10 +76,16 @@ func resourceTencentCloudVpnGateway() *schema.Resource {
 				Description:  "Name of the VPN gateway. The length of character is limited to 1-60.",
 			},
 			"vpc_id": {
-				Type:        schema.TypeString,
-				Optional:    true,
-				ForceNew:    true,
-				Description: "ID of the VPC. Required if vpn gateway is not in `CCN` type, and doesn't make sense if vpn gateway is in `CCN` type.",
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+					if v, ok := d.GetOk("type"); ok && v.(string) == "CCN" {
+						return true
+					}
+					return old == new
+				},
+				Description: "ID of the VPC. Required if vpn gateway is not in `CCN` type, and not allowed to be used if vpn gateway is in `CCN` type.",
 			},
 			"bandwidth": {
 				Type:        schema.TypeInt,
@@ -270,44 +276,23 @@ func resourceTencentCloudVpnGatewayRead(d *schema.ResourceData, meta interface{}
 	defer logElapsed("resource.tencentcloud_vpn_gateway.read")()
 	defer inconsistentCheck(d, meta)()
 
-	logId := getLogId(contextNil)
-	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+	var (
+		logId     = getLogId(contextNil)
+		ctx       = context.WithValue(context.TODO(), logIdKey, logId)
+		service   = VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
+		gatewayId = d.Id()
+	)
 
-	gatewayId := d.Id()
-	request := vpc.NewDescribeVpnGatewaysRequest()
-	request.VpnGatewayIds = []*string{&gatewayId}
-	var response *vpc.DescribeVpnGatewaysResponse
-	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
-		result, e := meta.(*TencentCloudClient).apiV3Conn.UseVpcClient().DescribeVpnGateways(request)
-		if e != nil {
-			ee, ok := e.(*errors.TencentCloudSDKError)
-			if !ok {
-				return retryError(e)
-			}
-			if ee.Code == VPCNotFound {
-				log.Printf("[CRITAL]%s api[%s] success, request body [%s], reason[%s]\n",
-					logId, request.GetAction(), request.ToJsonString(), e.Error())
-				return nil
-			} else {
-				log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
-					logId, request.GetAction(), request.ToJsonString(), e.Error())
-				return retryError(e)
-			}
-		}
-		response = result
-		return nil
-	})
+	has, gateway, err := service.DescribeVpngwById(ctx, gatewayId)
 	if err != nil {
 		log.Printf("[CRITAL]%s read VPN gateway failed, reason:%s\n", logId, err.Error())
 		return err
 	}
-	if len(response.Response.VpnGatewaySet) < 1 {
+	if !has {
 		d.SetId("")
 		return nil
 	}
 
-	gateway := response.Response.VpnGatewaySet[0]
-
 	_ = d.Set("name", gateway.VpnGatewayName)
 	_ = d.Set("public_ip_address", gateway.PublicIpAddress)
 	_ = d.Set("bandwidth", int(*gateway.InternetMaxBandwidthOut))

tencentcloud/service_tencentcloud_vpc.go

@@ -3221,3 +3221,39 @@ func (me *VpcService) DeleteAclAttachment(ctx context.Context, attachmentAcl str
 	}
 	return
 }
+
+func (me *VpcService) DescribeVpngwById(ctx context.Context, vpngwId string) (has bool, gateway *vpc.VpnGateway, err error) {
+	var (
+		logId    = getLogId(ctx)
+		request  = vpc.NewDescribeVpnGatewaysRequest()
+		response *vpc.DescribeVpnGatewaysResponse
+	)
+	request.VpnGatewayIds = []*string{&vpngwId}
+	err = resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		response, err = me.client.UseVpcClient().DescribeVpnGateways(request)
+		if err != nil {
+			ee, ok := err.(*sdkErrors.TencentCloudSDKError)
+			if !ok {
+				return retryError(err)
+			}
+			if ee.Code == VPCNotFound {
+				return nil
+			} else {
+				return retryError(err)
+			}
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%v]", logId, request.GetAction(), request.ToJsonString(), err)
+		return
+	}
+	if len(response.Response.VpnGatewaySet) < 1 {
+		has = false
+		return
+	}
+
+	gateway = response.Response.VpnGatewaySet[0]
+	has = true
+	return
+}

website/docs/r/vpn_connection.html.markdown

@@ -71,7 +71,7 @@ The following arguments are supported:
 * `ipsec_sa_lifetime_seconds` - (Optional) SA lifetime of the IPSEC operation specification, unit is `second`. The value ranges from 180 to 604800. Default value is 3600 seconds.
 * `ipsec_sa_lifetime_traffic` - (Optional) SA lifetime of the IPSEC operation specification, unit is `KB`. The value should not be less then 2560. Default value is 1843200.
 * `tags` - (Optional) A list of tags used to associate different resources.
-* `vpc_id` - (Optional, ForceNew) ID of the VPC. Required if vpn gateway is not in `CCN` type, and doesn't make sense for `CCN` vpn gateway.
+* `vpc_id` - (Optional, ForceNew) ID of the VPC. Required if vpn gateway is not in `CCN` type, and not allowed to be used for `CCN` vpn gateway.
 
 The `security_group_policy` object supports the following:
 
@@ -85,6 +85,7 @@ In addition to all arguments above, the following attributes are exported:
 * `id` - ID of the resource.
 * `create_time` - Create time of the VPN connection.
 * `encrypt_proto` - Encrypt proto of the VPN connection.
+* `is_ccn_type` - Indicate whether is ccn type. Modification of this field only impacts force new login of `vpc_id`. If `is_ccn_type` is true, modification of `vpc_id` will be ignored.
 * `net_status` - Net status of the VPN connection, values are `AVAILABLE`.
 * `route_type` - Route type of the VPN connection.
 * `state` - State of the connection, values are `PENDING`, `AVAILABLE`, `DELETING`.

website/docs/r/vpn_gateway.html.markdown

@@ -58,7 +58,7 @@ The following arguments are supported:
 * `prepaid_renew_flag` - (Optional) Flag indicates whether to renew or not, valid values are `NOTIFY_AND_RENEW`, `NOTIFY_AND_AUTO_RENEW`, `NOT_NOTIFY_AND_NOT_RENEW`. This para can only be set to take effect in create operation.
 * `tags` - (Optional) A list of tags used to associate different resources.
 * `type` - (Optional) Type of gateway instance, valid values are `IPSEC`, `SSL` and `CCN`. Note: CCN type is only for whitelist customer now.
-* `vpc_id` - (Optional, ForceNew) ID of the VPC. Required if vpn gateway is not in `CCN` type, and doesn't make sense if vpn gateway is in `CCN` type.
+* `vpc_id` - (Optional, ForceNew) ID of the VPC. Required if vpn gateway is not in `CCN` type, and not allowed to be used if vpn gateway is in `CCN` type.
 
 ## Attributes Reference