Fix/vpn connection healthcheck (#1110)

* vpn connection support healthcheck

* update vpn connection doc

Co-authored-by: mikatong <mikatong@tencent.com>

Author: tongyiming

tencentcloud/resource_tc_vpn_connection.go

@@ -279,6 +279,24 @@ func resourceTencentCloudVpnConnection() *schema.Resource {
 				Computed:    true,
 				Description: "Net status of the VPN connection. Valid value: `AVAILABLE`.",
 			},
+			"enable_health_check": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Computed:    true,
+				Description: "Whether intra-tunnel health checks are supported.",
+			},
+			"health_check_local_ip": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "Health check the address of this terminal.",
+			},
+			"health_check_remote_ip": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "Health check peer address.",
+			},
 		},
 	}
 }
@@ -394,7 +412,15 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
 	ipsecSaLifetimeTraffic64 := uint64(ipsecSaLifetimeTraffic)
 	ipsecOptionsSpecification.IPSECSaLifetimeTraffic = &ipsecSaLifetimeTraffic64
 	request.IPSECOptionsSpecification = &ipsecOptionsSpecification
-
+	if v, ok := d.GetOk("enable_health_check"); ok {
+		request.EnableHealthCheck = helper.Bool(v.(bool))
+	}
+	if v, ok := d.GetOk("health_check_local_ip"); ok {
+		request.HealthCheckLocalIp = helper.String(v.(string))
+	}
+	if v, ok := d.GetOk("health_check_remote_ip"); ok {
+		request.HealthCheckRemoteIp = helper.String(v.(string))
+	}
 	var response *vpc.CreateVpnConnectionResponse
 	err = resource.Retry(readRetryTimeout, func() *resource.RetryError {
 		result, e := meta.(*TencentCloudClient).apiV3Conn.UseVpcClient().CreateVpnConnection(request)
@@ -609,7 +635,9 @@ func resourceTencentCloudVpnConnectionRead(d *schema.ResourceData, meta interfac
 	_ = d.Set("vpn_proto", *connection.VpnProto)
 	_ = d.Set("encrypt_proto", *connection.EncryptProto)
 	_ = d.Set("route_type", *connection.RouteType)
-
+	_ = d.Set("enable_health_check", *connection.EnableHealthCheck)
+	_ = d.Set("health_check_local_ip", *connection.HealthCheckLocalIp)
+	_ = d.Set("health_check_remote_ip", *connection.HealthCheckRemoteIp)
 	//tags
 	tagService := TagService{client: meta.(*TencentCloudClient).apiV3Conn}
 	region := meta.(*TencentCloudClient).apiV3Conn.Region
@@ -641,6 +669,19 @@ func resourceTencentCloudVpnConnectionUpdate(d *schema.ResourceData, meta interf
 		request.PreShareKey = helper.String(d.Get("pre_share_key").(string))
 		changeFlag = true
 	}
+	//healthcheck
+	if d.HasChange("enable_health_check") {
+		request.EnableHealthCheck = helper.Bool(d.Get("enable_health_check").(bool))
+		changeFlag = true
+	}
+	if d.HasChange("health_check_local_ip") {
+		request.HealthCheckLocalIp = helper.String(d.Get("health_check_local_ip").(string))
+		changeFlag = true
+	}
+	if d.HasChange("health_check_remote_ip") {
+		request.HealthCheckRemoteIp = helper.String(d.Get("health_check_remote_ip").(string))
+		changeFlag = true
+	}
 
 	//set up  SecurityPolicyDatabases
 	if d.HasChange("security_group_policy") {
@@ -780,6 +821,15 @@ func resourceTencentCloudVpnConnectionUpdate(d *schema.ResourceData, meta interf
 	if d.HasChange("security_group_policy") {
 		d.SetPartial("security_group_policy")
 	}
+	if d.HasChange("enable_health_check") {
+		d.SetPartial("enable_health_check")
+	}
+	if d.HasChange("health_check_local_ip") {
+		d.SetPartial("health_check_local_ip")
+	}
+	if d.HasChange("health_check_remote_ip") {
+		d.SetPartial("health_check_remote_ip")
+	}
 
 	for key := range ikeChangeKeySet {
 		if ikeChangeKeySet[key] {

tencentcloud/resource_tc_vpn_connection_test.go

@@ -43,6 +43,9 @@ func TestAccTencentCloudVpnConnection_basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "encrypt_proto"),
 					resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "route_type"),
 					resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "vpn_proto"),
+					resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "enable_health_check", "true"),
+					resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "health_check_local_ip", "192.168.0.2"),
+					resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "health_check_remote_ip", "3.3.3.2"),
 				),
 			},
 			{
@@ -70,6 +73,7 @@ func TestAccTencentCloudVpnConnection_basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "encrypt_proto"),
 					resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "route_type"),
 					resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "vpn_proto"),
+					resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "enable_health_check", "false"),
 				),
 			},
 		},
@@ -213,6 +217,9 @@ resource "tencentcloud_vpn_connection" "connection" {
   tags = {
     test = "test"
   }
+  enable_health_check = true
+  health_check_local_ip = "192.168.0.2"
+  health_check_remote_ip = "3.3.3.2"
 }
 `
 
@@ -265,5 +272,6 @@ resource "tencentcloud_vpn_connection" "connection" {
   tags = {
     test = "testt"
   }
+  enable_health_check = false
 }
 `

website/docs/r/vpn_connection.html.markdown

@@ -54,6 +54,9 @@ The following arguments are supported:
 * `pre_share_key` - (Required) Pre-shared key of the VPN connection.
 * `security_group_policy` - (Required) Security group policy of the VPN connection.
 * `vpn_gateway_id` - (Required, ForceNew) ID of the VPN gateway.
+* `enable_health_check` - (Optional) Whether intra-tunnel health checks are supported.
+* `health_check_local_ip` - (Optional) Health check the address of this terminal.
+* `health_check_remote_ip` - (Optional) Health check peer address.
 * `ike_dh_group_name` - (Optional) DH group name of the IKE operation specification. Valid values: `GROUP1`, `GROUP2`, `GROUP5`, `GROUP14`, `GROUP24`. Default value is `GROUP1`.
 * `ike_exchange_mode` - (Optional) Exchange mode of the IKE operation specification. Valid values: `AGGRESSIVE`, `MAIN`. Default value is `MAIN`.
 * `ike_local_address` - (Optional) Local address of IKE operation specification, valid when ike_local_identity is `ADDRESS`, generally the value is `public_ip_address` of the related VPN gateway.