Merge pull request #491 from brickzzhang/ccn-fix

[vpn connection fix]

Author: likexian

CHANGELOG.md

@@ -1,9 +1,14 @@
-## 1.40.3 (Unreleased) 
+## 1.40.3 (Unreleased)
 
 ENHANCEMENTS:
 
 * Data Source: `tencentcloud_kubernetes_clusters`add new attributes `cluster_as_enabled`,`node_name_type`,`cluster_extra_args`,`network_type`,`is_non_static_ip_mode`,`kube_proxy_mode`,`service_cidr`,`eni_subnet_ids`,`claim_expired_seconds` and `deletion_protection`.
 
+BUG FIXES:
+
+* Resource: `tencentcloud_vpn_gateway` fix creation of instance when `vpc_id` is specified.
+* Resource: `tencentcloud_vpn_connection` fix creation of instance when `vpc_id` is specified.
+
 ## 1.40.2 (August 08, 2020)
 
 BUG FIXES:

examples/tencentcloud-vpn/main.tf

@@ -68,7 +68,6 @@ data "tencentcloud_vpn_connections" "example" {
 # vpn tunnel in the usual way.
 resource tencentcloud_vpn_gateway ccn_vpngw_example {
   name      = "ccn-vpngw-example"
-  vpc_id    = ""
   bandwidth = 5
   zone      = var.availability_zone
   type      = "CCN"

tencentcloud/resource_tc_vpn_connection.go

@@ -77,9 +77,9 @@ func resourceTencentCloudVpnConnection() *schema.Resource {
 			},
 			"vpc_id": {
 				Type:        schema.TypeString,
-				Required:    true,
+				Optional:    true,
 				ForceNew:    true,
-				Description: "ID of the VPC.",
+				Description: "ID of the VPC. Required if vpn gateway is not in `CCN` type, and doesn't make sense for `CCN` vpn gateway.",
 			},
 			"customer_gateway_id": {
 				Type:        schema.TypeString,
@@ -277,9 +277,46 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
 	logId := getLogId(contextNil)
 	ctx := context.WithValue(context.TODO(), logIdKey, logId)
 
+	// pre check vpn gateway id
+	requestVpngw := vpc.NewDescribeVpnGatewaysRequest()
+	requestVpngw.VpnGatewayIds = []*string{helper.String(d.Get("vpn_gateway_id").(string))}
+	var responseVpngw *vpc.DescribeVpnGatewaysResponse
+	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(*TencentCloudClient).apiV3Conn.UseVpcClient().DescribeVpnGateways(requestVpngw)
+		if e != nil {
+			ee, ok := e.(*errors.TencentCloudSDKError)
+			if !ok {
+				return retryError(e)
+			}
+			if ee.Code == VPCNotFound {
+				return nil
+			} else {
+				return retryError(e)
+			}
+		}
+		responseVpngw = result
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+	if len(responseVpngw.Response.VpnGatewaySet) < 1 {
+		return fmt.Errorf("[CRITAL] vpn_gateway_id %s doesn't exist", d.Get("vpn_gateway_id").(string))
+	}
+
+	gateway := responseVpngw.Response.VpnGatewaySet[0]
+
+	// create vpn connection
 	request := vpc.NewCreateVpnConnectionRequest()
 	request.VpnConnectionName = helper.String(d.Get("name").(string))
-	request.VpcId = helper.String(d.Get("vpc_id").(string))
+	if *gateway.Type != "CCN" {
+		if _, ok := d.GetOk("vpc_id"); !ok {
+			return fmt.Errorf("[CRITAL] vpc_id is required for this vpn connection which vpn gateway is in %s type", *gateway.Type)
+		}
+		request.VpcId = helper.String(d.Get("vpc_id").(string))
+	} else {
+		request.VpcId = helper.String("")
+	}
 	request.VpnGatewayId = helper.String(d.Get("vpn_gateway_id").(string))
 	request.CustomerGatewayId = helper.String(d.Get("customer_gateway_id").(string))
 	request.PreShareKey = helper.String(d.Get("pre_share_key").(string))
@@ -361,7 +398,7 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
 	request.IPSECOptionsSpecification = &ipsecOptionsSpecification
 
 	var response *vpc.CreateVpnConnectionResponse
-	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+	err = resource.Retry(readRetryTimeout, func() *resource.RetryError {
 		result, e := meta.(*TencentCloudClient).apiV3Conn.UseVpcClient().CreateVpnConnection(request)
 		if e != nil {
 			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
@@ -389,7 +426,7 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
 		if v, ok := d.GetOk("vpn_gateway_id"); ok {
 			params["vpn-gateway-id"] = v.(string)
 		}
-		if v, ok := d.GetOk("vpc_id"); ok {
+		if v, ok := d.GetOk("vpc_id"); ok && *gateway.Type != "CCN" {
 			params["vpc-id"] = v.(string)
 		}
 		if v, ok := d.GetOk("customer_gateway_id"); ok {

tencentcloud/resource_tc_vpn_gateway.go

@@ -77,9 +77,9 @@ func resourceTencentCloudVpnGateway() *schema.Resource {
 			},
 			"vpc_id": {
 				Type:        schema.TypeString,
-				Required:    true,
+				Optional:    true,
 				ForceNew:    true,
-				Description: "ID of the VPC.",
+				Description: "ID of the VPC. Required if vpn gateway is not in `CCN` type, and doesn't make sense if vpn gateway is in `CCN` type.",
 			},
 			"bandwidth": {
 				Type:        schema.TypeInt,
@@ -174,7 +174,6 @@ func resourceTencentCloudVpnGatewayCreate(d *schema.ResourceData, meta interface
 	bandwidth64 := uint64(bandwidth)
 	request.InternetMaxBandwidthOut = &bandwidth64
 	request.Zone = helper.String(d.Get("zone").(string))
-	request.VpcId = helper.String(d.Get("vpc_id").(string))
 	chargeType := d.Get("charge_type").(string)
 	//only support change renew_flag when charge type is pre-paid
 	if chargeType == VPN_CHARGE_TYPE_PREPAID {
@@ -186,6 +185,19 @@ func resourceTencentCloudVpnGatewayCreate(d *schema.ResourceData, meta interface
 	request.InstanceChargeType = &chargeType
 	if v, ok := d.GetOk("type"); ok {
 		request.Type = helper.String(v.(string))
+		if v.(string) != "CCN" {
+			if _, ok := d.GetOk("vpc_id"); !ok {
+				return fmt.Errorf("[CRITAL] vpc_id is required for vpn gateway in %s type", v.(string))
+			}
+			request.VpcId = helper.String(d.Get("vpc_id").(string))
+		} else {
+			request.VpcId = helper.String("")
+		}
+	} else {
+		if _, ok := d.GetOk("vpc_id"); !ok {
+			return fmt.Errorf("[CRITAL] vpc_id is required for vpn gateway in %s type", v.(string))
+		}
+		request.VpcId = helper.String(d.Get("vpc_id").(string))
 	}
 	var response *vpc.CreateVpnGatewayResponse
 	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {

tencentcloud/resource_tc_vpn_gateway_test.go

@@ -182,7 +182,6 @@ resource "tencentcloud_vpn_gateway" "my_ccn_cgw" {
   name      = "terraform_ccn_vpngw_test"
   bandwidth = 5
   zone      = "ap-guangzhou-3"
-  vpc_id    = ""
   type      = "CCN"
 
   tags = {

website/docs/r/vpn_connection.html.markdown

@@ -52,7 +52,6 @@ The following arguments are supported:
 * `name` - (Required) Name of the VPN connection. The length of character is limited to 1-60.
 * `pre_share_key` - (Required) Pre-shared key of the VPN connection.
 * `security_group_policy` - (Required) Security group policy of the VPN connection.
-* `vpc_id` - (Required, ForceNew) ID of the VPC.
 * `vpn_gateway_id` - (Required, ForceNew) ID of the VPN gateway.
 * `ike_dh_group_name` - (Optional) DH group name of the IKE operation specification, valid values are `GROUP1`, `GROUP2`, `GROUP5`, `GROUP14`, `GROUP24`. Default value is `GROUP1`.
 * `ike_exchange_mode` - (Optional) Exchange mode of the IKE operation specification, valid values are `AGGRESSIVE`, `MAIN`. Default value is `MAIN`.
@@ -72,6 +71,7 @@ The following arguments are supported:
 * `ipsec_sa_lifetime_seconds` - (Optional) SA lifetime of the IPSEC operation specification, unit is `second`. The value ranges from 180 to 604800. Default value is 3600 seconds.
 * `ipsec_sa_lifetime_traffic` - (Optional) SA lifetime of the IPSEC operation specification, unit is `KB`. The value should not be less then 2560. Default value is 1843200.
 * `tags` - (Optional) A list of tags used to associate different resources.
+* `vpc_id` - (Optional, ForceNew) ID of the VPC. Required if vpn gateway is not in `CCN` type, and doesn't make sense for `CCN` vpn gateway.
 
 The `security_group_policy` object supports the following:
 

website/docs/r/vpn_gateway.html.markdown

@@ -51,14 +51,14 @@ resource "tencentcloud_vpn_gateway" "my_cgw" {
 The following arguments are supported:
 
 * `name` - (Required) Name of the VPN gateway. The length of character is limited to 1-60.
-* `vpc_id` - (Required, ForceNew) ID of the VPC.
 * `zone` - (Required, ForceNew) Zone of the VPN gateway.
 * `bandwidth` - (Optional) The maximum public network output bandwidth of VPN gateway (unit: Mbps), the available values include: 5,10,20,50,100,200,500,1000. Default is 5. When charge type is `PREPAID`, bandwidth degradation operation is unsupported.
 * `charge_type` - (Optional) Charge Type of the VPN gateway, valid values are `PREPAID`, `POSTPAID_BY_HOUR` and default is `POSTPAID_BY_HOUR`.
 * `prepaid_period` - (Optional) Period of instance to be prepaid. Valid values are 1, 2, 3, 4, 6, 7, 8, 9, 12, 24, 36 and unit is month. Caution: when this para and renew_flag para are valid, the request means to renew several months more pre-paid period. This para can only be set to take effect in create operation.
 * `prepaid_renew_flag` - (Optional) Flag indicates whether to renew or not, valid values are `NOTIFY_AND_RENEW`, `NOTIFY_AND_AUTO_RENEW`, `NOT_NOTIFY_AND_NOT_RENEW`. This para can only be set to take effect in create operation.
 * `tags` - (Optional) A list of tags used to associate different resources.
 * `type` - (Optional) Type of gateway instance, valid values are `IPSEC`, `SSL` and `CCN`. Note: CCN type is only for whitelist customer now.
+* `vpc_id` - (Optional, ForceNew) ID of the VPC. Required if vpn gateway is not in `CCN` type, and doesn't make sense if vpn gateway is in `CCN` type.
 
 ## Attributes Reference