add vpngw ssl server (#896)

Author: hellertang

go.mod

@@ -56,7 +56,7 @@ require (
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tdmq v1.0.268
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.302
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199
-	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.199
+	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.357
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199
 	github.com/tencentyun/cos-go-sdk-v5 v0.7.33
 	github.com/yangwenmai/ratelimit v0.0.0-20180104140304-44221c2292e1

go.sum

@@ -562,6 +562,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199 h1:6Yt74l4
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199/go.mod h1:Yw6OQ33z3s4k0HVYTNSffB12qOzEJ2Zf1Vj4+5S3sRs=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.199 h1:UDZ59pvaqjDy2QIsMsv9hxm0BEJLmPIbHF1ms0MqaRk=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.199/go.mod h1:SKgeSsIfPEM6BeoIFiGHsWG9UsEXzkK0SkWx51H/OS8=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.357 h1:fltPXAHX1pQRXX94LEzJbWaDzNsculh70XA9NN+9DFY=
+github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.357/go.mod h1:vuWreRMZo2kArdDtpXIjTf//ckEMRSot1msuSsmtQ0I=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199 h1:hMBLtiJPnZ9GvA677cTB6ELBR6B68wCR2QY1sNoGQc4=
 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199/go.mod h1:nnY91/H3j/Gu7V/oCA6Zeg8T5D3q36EUdBh4EjmHwqY=
 github.com/tencentyun/cos-go-sdk-v5 v0.7.31-0.20210902132439-360bc9b1be6b h1:rLl5sAeLt382023Kd3X4TaOEaT2hdgXWwTGyKiy16Zo=

tencentcloud/data_source_tc_vpn_gateway_routes_test.go

@@ -34,14 +34,14 @@ data "tencentcloud_vpn_gateways" "foo" {
   name = "Default-VPC"
 }
 
-data "tencentcloud_vpn_gateway_connections" "conns" {
+data "tencentcloud_vpn_connections" "conns" {
 }
 
 resource "tencentcloud_vpn_gateway_route" "route1" {
   vpn_gateway_id = data.tencentcloud_vpn_gateways.foo.gateway_list.0.id
   destination_cidr_block = "10.0.0.0/16"
   instance_type = "VPNCONN"
-  instance_id = data.tencentcloud_vpn_gateway_connections.conns.connection_list.0.id
+  instance_id = data.tencentcloud_vpn_connection.conns.connection_list.0.id
   priority = "100"
   status = "ENABLE"
 }

tencentcloud/extension_vpc.go

@@ -124,6 +124,12 @@ const (
 	VPN_DESCRIBE_LIMIT = 100
 )
 
+const (
+	VPN_TASK_STATUS_SUCCESS = "SUCCESS"
+	VPN_TASK_STATUS_RUNNING = "RUNNING"
+	VPN_TASK_STATUS_FAILED  = "FAILED"
+)
+
 const (
 	VPN_STATE_PENDING   = "PENDING"
 	VPN_STATE_DELETING  = "DELETING"

tencentcloud/provider.go

@@ -575,6 +575,7 @@ VPN
     tencentcloud_vpn_gateway
     tencentcloud_vpn_gateway_route
     tencentcloud_vpn_connection
+	tencentcloud_vpn_ssl_server
 
 EMR
   Data Source
@@ -915,6 +916,7 @@ func Provider() terraform.ResourceProvider {
 			"tencentcloud_vpn_gateway":                             resourceTencentCloudVpnGateway(),
 			"tencentcloud_vpn_gateway_route":                       resourceTencentCloudVpnGatewayRoute(),
 			"tencentcloud_vpn_connection":                          resourceTencentCloudVpnConnection(),
+			"tencentcloud_vpn_ssl_server":                          resourceTencentCloudVpnSslServer(),
 			"tencentcloud_ha_vip":                                  resourceTencentCloudHaVip(),
 			"tencentcloud_ha_vip_eip_attachment":                   resourceTencentCloudHaVipEipAttachment(),
 			"tencentcloud_security_group":                          resourceTencentCloudSecurityGroup(),

tencentcloud/resource_tc_vpn_ssl_server.go

@@ -0,0 +1,273 @@
+/*
+Provide a resource to create a VPN SSL Server.
+
+Example Usage
+
+```hcl
+resource "tencentcloud_vpn_ssl_server" "server" {
+  local_address       = [
+    "10.0.0.0/17",
+  ]
+  remote_address      = "11.0.0.0/16"
+  ssl_vpn_server_name = "helloworld"
+  vpn_gateway_id      = "vpngw-335lwf7d"
+  ssl_vpn_protocol = "UDP"
+  ssl_vpn_port = 1194
+  integrity_algorithm = "MD5"
+  encrypt_algorithm = "AES-128-CBC"
+  compress = true
+}
+```
+
+Import
+
+VPN SSL Server can be imported, e.g.
+
+```
+$ terraform import tencentcloud_vpn_ssl_server.server vpn-server-id
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+	"fmt"
+	vpc "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc/v20170312"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/ratelimit"
+	"log"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/errors"
+)
+
+func resourceTencentCloudVpnSslServer() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudVpnSslServerCreate,
+		Read:   resourceTencentCloudVpnSslServerRead,
+		Delete: resourceTencentCloudVpnSslServerDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"vpn_gateway_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "VPN gateway ID.",
+			},
+			"ssl_vpn_server_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The name of ssl vpn server to be created.",
+			},
+			"local_address": {
+				Type:        schema.TypeList,
+				Required:    true,
+				ForceNew:    true,
+				Description: "List of local CIDR.",
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"remote_address": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Remote CIDR for client.",
+			},
+			"ssl_vpn_protocol": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "The protocol of ssl vpn. Default value: UDP.",
+			},
+			"ssl_vpn_port": {
+				Type:        schema.TypeInt,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "The port of ssl vpn. Default value: 1194.",
+			},
+			"integrity_algorithm": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "The integrity algorithm. Valid values: SHA1, MD5 and NONE. Default value: NONE.",
+			},
+			"encrypt_algorithm": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "The encrypt algorithm. Valid values: AES-128-CBC, AES-192-CBC, AES-256-CBC, NONE." +
+					"Default value: NONE.",
+			},
+			"compress": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				ForceNew:    true,
+				Default:     FALSE,
+				Description: "need compressed. Default value: False.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudVpnSslServerCreate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_vpn_ssl_server.create")()
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	var (
+		vpcService   = VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
+		request      = vpc.NewCreateVpnGatewaySslServerRequest()
+		vpnGatewayId string
+	)
+
+	if v, ok := d.GetOk("vpn_gateway_id"); ok {
+		vpnGatewayId = v.(string)
+		request.VpnGatewayId = helper.String(vpnGatewayId)
+	}
+	if v, ok := d.GetOk("ssl_vpn_server_name"); ok {
+		request.SslVpnServerName = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("local_address"); ok {
+		address := v.([]interface{})
+		request.LocalAddress = helper.InterfacesStringsPoint(address)
+	}
+
+	if v, ok := d.GetOk("remote_address"); ok {
+		request.RemoteAddress = helper.String(v.(string))
+	}
+
+	if v, ok := d.GetOk("ssl_vpn_protocol"); ok {
+		request.SslVpnProtocol = helper.String(v.(string))
+	}
+	if v, ok := d.GetOk("ssl_vpn_port"); ok {
+		request.SslVpnPort = helper.IntInt64(v.(int))
+	}
+	if v, ok := d.GetOk("integrity_algorithm"); ok {
+		request.IntegrityAlgorithm = helper.String(v.(string))
+	}
+	if v, ok := d.GetOk("encrypt_algorithm"); ok {
+		request.EncryptAlgorithm = helper.String(v.(string))
+	}
+	if v, ok := d.GetOk("compress"); ok {
+		request.Compress = helper.Bool(v.(bool))
+	}
+
+	var taskId *int64
+	if err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		ratelimit.Check(request.GetAction())
+		response, err := vpcService.client.UseVpcClient().CreateVpnGatewaySslServer(request)
+		if err != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
+				logId, request.GetAction(), request.ToJsonString(), err.Error())
+			return retryError(err, InternalError)
+		}
+		log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n",
+			logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+		taskId = response.Response.TaskId
+		return nil
+	}); err != nil {
+		return err
+	}
+
+	err := vpcService.DescribeTaskResult(ctx, helper.Int64Uint64(*taskId))
+	if err != nil {
+		return err
+	}
+
+	// add protect
+	time.Sleep(3)
+
+	filter := make(map[string]string)
+	filter["vpn-gateway-id"] = vpnGatewayId
+
+	instances, err := vpcService.DescribeVpnGwSslServerByFilter(ctx, filter)
+
+	if err != nil {
+		return fmt.Errorf("get instance list error: %s", err.Error())
+	}
+
+	sslServer := instances[0]
+	d.SetId(*sslServer.SslVpnServerId)
+
+	return resourceTencentCloudVpnSslServerRead(d, meta)
+}
+
+func resourceTencentCloudVpnSslServerRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_vpn_ssl_server.read")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	sslServerId := d.Id()
+	vpcService := VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
+
+	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		has, info, e := vpcService.DescribeVpnSslServerById(ctx, sslServerId)
+		if e != nil {
+			return retryError(e)
+		}
+		if !has {
+			d.SetId("")
+			return nil
+		}
+
+		_ = d.Set("vpn_gateway_id", info.VpnGatewayId)
+		_ = d.Set("ssl_vpn_server_name", info.SslVpnServerName)
+		_ = d.Set("local_address", helper.StringsInterfaces(info.LocalAddress))
+		_ = d.Set("remote_address", info.RemoteAddress)
+		if _, ok := d.GetOk("ssl_vpn_protocol"); ok {
+			_ = d.Set("ssl_vpn_protocol", info.SslVpnProtocol)
+		}
+		if _, ok := d.GetOk("ssl_vpn_port"); ok {
+			_ = d.Set("ssl_vpn_port", info.SslVpnPort)
+		}
+		if _, ok := d.GetOk("integrity_algorithm"); ok {
+			_ = d.Set("integrity_algorithm", info.IntegrityAlgorithm)
+		}
+		if _, ok := d.GetOk("encrypt_algorithm"); ok {
+			_ = d.Set("encrypt_algorithm", info.EncryptAlgorithm)
+		}
+		if _, ok := d.GetOk("compress"); ok {
+			_ = d.Set("compress", info.Compress)
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func resourceTencentCloudVpnSslServerDelete(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_vpn_ssl_server.delete")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	service := VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
+
+	serverId := d.Id()
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		if err := service.DeleteVpnGatewaySslServer(ctx, serverId); err != nil {
+			if sdkErr, ok := err.(*errors.TencentCloudSDKError); ok {
+				if sdkErr.Code == VPCNotFound {
+					return nil
+				}
+			}
+			return resource.RetryableError(err)
+		}
+		return nil
+	})
+
+	return err
+}