Added support for vpn gateway connection distribute traffic

Distributing traffic across tunnels of route-based VPN gateway connections. You can now distribute traffic across tunnels with a status of up in a route-based VPN gateway connection. When creating or updating a route-based VPN gateway connection, set the distribute_traffic property to true (default is false). Existing connections will have the distribute_traffic property set to false
IBM-Cloud · Oct 18, 2024 · 2271a9a · 2271a9a
1 parent 75a7487
commit 2271a9a
Show file tree

Hide file tree

Showing 11 changed files with 446 additions and 7 deletions.
diff --git a/go.mod b/go.mod
@@ -40,7 +40,7 @@ require (
 	github.com/IBM/secrets-manager-go-sdk/v2 v2.0.7
 	github.com/IBM/vmware-go-sdk v0.1.2
 	github.com/IBM/vpc-beta-go-sdk v0.8.0
-	github.com/IBM/vpc-go-sdk v0.58.0
+	github.com/IBM/vpc-go-sdk v0.61.0
 	github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v5 v5.0.0

diff --git a/go.sum b/go.sum
@@ -194,8 +194,8 @@ github.com/IBM/vmware-go-sdk v0.1.2 h1:5lKWFyInWz9e2hwGsoFTEoLa1jYkD30SReN0fQ10w
 github.com/IBM/vmware-go-sdk v0.1.2/go.mod h1:2UGPBJju3jiv5VKKBBm9a5L6bzF/aJdKOKAzJ7HaOjA=
 github.com/IBM/vpc-beta-go-sdk v0.8.0 h1:cEPpv4iw3Ba5W2d0AWg3TIbKeJ8y1nPuUuibR5Jt9eE=
 github.com/IBM/vpc-beta-go-sdk v0.8.0/go.mod h1:hORgIyTFRzXrZIK9IohaWmCRBBlYiDRagsufi7M6akE=
-github.com/IBM/vpc-go-sdk v0.58.0 h1:Slk1jkcV7tPnf0iECQV2Oja7W8Bom0z7k9M4fMBY4bI=
-github.com/IBM/vpc-go-sdk v0.58.0/go.mod h1:swmxiYLT+OfBsBYqJWGeRd6NPmBk4u/het2PZdtzIaw=
+github.com/IBM/vpc-go-sdk v0.61.0 h1:VXT8ZwOQtl15/RSInj9+Z4OQC/vhE/Owoauu128BO4M=
+github.com/IBM/vpc-go-sdk v0.61.0/go.mod h1:swmxiYLT+OfBsBYqJWGeRd6NPmBk4u/het2PZdtzIaw=
 github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E=
 github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=
 github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56 h1:vuquMR410psHNax14XKNWa0Ae/kYgWJcXi0IFuX60N0=

diff --git a/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection.go b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection.go
@@ -86,6 +86,11 @@ func DataSourceIBMISVPNGatewayConnection() *schema.Resource {
 					},
 				},
 			},
+			"distribute_traffic": &schema.Schema{
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Indicates whether the traffic is distributed between the `up` tunnels of the VPN gateway connection when the VPC route's next hop is a VPN connection. If `false`, the traffic is only routed through the `up` tunnel with the lower `public_ip` address.",
+			},
 			"href": {
 				Type:        schema.TypeString,
 				Computed:    true,
@@ -574,6 +579,10 @@ func setvpnGatewayConnectionIntfDatasourceData(d *schema.ResourceData, vpn_gatew
 			if err = d.Set("resource_type", vpnGatewayConnection.ResourceType); err != nil {
 				return fmt.Errorf("[ERROR] Error setting resource_type: %s", err)
 			}
+			if err = d.Set("distribute_traffic", vpnGatewayConnection.DistributeTraffic); err != nil {
+				return fmt.Errorf("[ERROR] Error setting distribute_traffic: %s", err)
+			}
+
 			if err = d.Set("status", vpnGatewayConnection.Status); err != nil {
 				return fmt.Errorf("[ERROR] Error setting status: %s", err)
 			}
@@ -678,6 +687,9 @@ func setvpnGatewayConnectionIntfDatasourceData(d *schema.ResourceData, vpn_gatew
 			if err = d.Set("status", vpnGatewayConnection.Status); err != nil {
 				return fmt.Errorf("[ERROR] Error setting status: %s", err)
 			}
+			if err = d.Set("distribute_traffic", vpnGatewayConnection.DistributeTraffic); err != nil {
+				return fmt.Errorf("[ERROR] Error setting distribute_traffic: %s", err)
+			}
 			if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil {
 				return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err)
 			}
@@ -779,6 +791,9 @@ func setvpnGatewayConnectionIntfDatasourceData(d *schema.ResourceData, vpn_gatew
 			if err = d.Set("status", vpnGatewayConnection.Status); err != nil {
 				return fmt.Errorf("[ERROR] Error setting status: %s", err)
 			}
+			if err = d.Set("distribute_traffic", vpnGatewayConnection.DistributeTraffic); err != nil {
+				return fmt.Errorf("[ERROR] Error setting distribute_traffic: %s", err)
+			}
 			if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil {
 				return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err)
 			}

diff --git a/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_test.go b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_test.go
@@ -97,6 +97,94 @@ func TestAccIBMIsVPNGatewayConnectionDataSourceBasic(t *testing.T) {
 		},
 	})
 }
+func TestAccIBMIsVPNGatewayConnectionDataSourceDistrbuteTraffic(t *testing.T) {
+	vpcname := fmt.Sprintf("tfvpnuat-vpc-%d", acctest.RandIntRange(100, 200))
+	subnetname := fmt.Sprintf("tfvpnuat-subnet-%d", acctest.RandIntRange(100, 200))
+	vpngwname := fmt.Sprintf("tfvpnuat-vpngw-%d", acctest.RandIntRange(100, 200))
+	name := fmt.Sprintf("tfvpnuat-createname-%d", acctest.RandIntRange(100, 200))
+	dt := true
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheck(t) },
+		Providers: acc.TestAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMIsVPNGatewayConnectionDataSourceDistributeTrafficConfig(vpcname, subnetname, vpngwname, name, dt),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "admin_state_up"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "authentication_mode"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "created_at"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "dead_peer_detection.0.action"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "dead_peer_detection.0.interval"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "dead_peer_detection.0.timeout"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "href"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "mode"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "name"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "peer_address"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "psk"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "resource_type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "status"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "distribute_traffic"),
+				),
+			},
+			{
+				Config: testAccCheckIBMIsVPNGatewayConnectionDataSourceDistributeTrafficConfig(vpcname, subnetname, vpngwname, name, dt),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example1", "admin_state_up"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example1", "authentication_mode"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example1", "created_at"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "dead_peer_detection.0.action"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "dead_peer_detection.0.interval"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "dead_peer_detection.0.timeout"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example1", "href"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example1", "mode"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example1", "name"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example1", "peer_address"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example1", "psk"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example1", "resource_type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example1", "status"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example1", "distribute_traffic"),
+				),
+			},
+			{
+				Config: testAccCheckIBMIsVPNGatewayConnectionDataSourceDistributeTrafficConfig(vpcname, subnetname, vpngwname, name, dt),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example2", "admin_state_up"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example2", "authentication_mode"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example2", "created_at"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "dead_peer_detection.0.action"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "dead_peer_detection.0.interval"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "dead_peer_detection.0.timeout"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example2", "href"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example2", "mode"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example2", "name"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example2", "peer_address"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example2", "psk"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example2", "resource_type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example2", "status"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example2", "distribute_traffic")),
+			},
+			{
+				Config: testAccCheckIBMIsVPNGatewayConnectionDataSourceDistributeTrafficConfig(vpcname, subnetname, vpngwname, name, dt),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example3", "admin_state_up"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example3", "authentication_mode"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example3", "created_at"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "dead_peer_detection.0.action"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "dead_peer_detection.0.interval"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example", "dead_peer_detection.0.timeout"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example3", "href"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example3", "mode"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example3", "name"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example3", "peer_address"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example3", "psk"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example3", "resource_type"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example3", "status"),
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection.example3", "distribute_traffic"),
+				),
+			},
+		},
+	})
+}
 
 func testAccCheckIBMIsVPNGatewayConnectionDataSourceConfigBasic(vpc, subnet, vpngwname, name string) string {
 	return fmt.Sprintf(`
@@ -143,3 +231,50 @@ func testAccCheckIBMIsVPNGatewayConnectionDataSourceConfigBasic(vpc, subnet, vpn
 	  }
 	`, vpc, subnet, acc.ISZoneName, acc.ISCIDR, vpngwname, name)
 }
+
+func testAccCheckIBMIsVPNGatewayConnectionDataSourceDistributeTrafficConfig(vpc, subnet, vpngwname, name string, distributeTraffic bool) string {
+	return fmt.Sprintf(`
+	resource "ibm_is_vpc" "example" {
+		name = "%s"
+	  
+	  }
+	  resource "ibm_is_subnet" "example" {
+		name            = "%s"
+		vpc             = ibm_is_vpc.example.id
+		zone            = "%s"
+		ipv4_cidr_block = "%s"
+	  
+	  }
+	  resource "ibm_is_vpn_gateway" "example" {
+		name   = "%s"
+		subnet = ibm_is_subnet.example.id
+		mode   = "policy"
+	  
+	  }
+	  resource "ibm_is_vpn_gateway_connection" "example" {
+		name          = "%s"
+		vpn_gateway   = ibm_is_vpn_gateway.example.id
+		peer_address  = "1.2.3.4"
+		peer_cidrs    = [ibm_is_subnet.example.ipv4_cidr_block]
+		local_cidrs   = [ibm_is_subnet.example.ipv4_cidr_block]
+		preshared_key = "VPNDemoPassword"
+		distribute_traffic = %t
+	  }
+	  data "ibm_is_vpn_gateway_connection" "example" {
+		vpn_gateway            = ibm_is_vpn_gateway.example.id
+		vpn_gateway_connection = ibm_is_vpn_gateway_connection.example.gateway_connection
+	  }
+	  data "ibm_is_vpn_gateway_connection" "example1" {
+		vpn_gateway                 = ibm_is_vpn_gateway.example.id
+		vpn_gateway_connection_name = ibm_is_vpn_gateway_connection.example.name
+	  }
+	  data "ibm_is_vpn_gateway_connection" "example2" {
+		vpn_gateway_name       = ibm_is_vpn_gateway.example.name
+		vpn_gateway_connection = ibm_is_vpn_gateway_connection.example.gateway_connection
+	  }
+	  data "ibm_is_vpn_gateway_connection" "example3" {
+		vpn_gateway_name            = ibm_is_vpn_gateway.example.name
+		vpn_gateway_connection_name = ibm_is_vpn_gateway_connection.example.name
+	  }
+	`, vpc, subnet, acc.ISZoneName, acc.ISCIDR, vpngwname, name, distributeTraffic)
+}
diff --git a/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connections.go b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connections.go
@@ -67,6 +67,11 @@ func DataSourceIBMISVPNGatewayConnections() *schema.Resource {
 							Computed:    true,
 							Description: "Interval for dead peer detection interval",
 						},
+						"distribute_traffic": &schema.Schema{
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "Indicates whether the traffic is distributed between the `up` tunnels of the VPN gateway connection when the VPC route's next hop is a VPN connection. If `false`, the traffic is only routed through the `up` tunnel with the lower `public_ip` address.",
+						},
 						isVPNGatewayConnectionDeadPeerDetectionTimeout: {
 							Type:        schema.TypeInt,
 							Computed:    true,
@@ -345,6 +350,7 @@ func getvpnGatewayConnectionIntfData(vpnGatewayConnectionIntf vpcv1.VPNGatewayCo
 			}
 			gatewayconnection["mode"] = vpnGatewayConnection.Mode
 			gatewayconnection["name"] = vpnGatewayConnection.Name
+			gatewayconnection["distribute_traffic"] = vpnGatewayConnection.DistributeTraffic
 
 			// breaking changes
 			gatewayconnection["establish_mode"] = vpnGatewayConnection.EstablishMode
@@ -399,6 +405,7 @@ func getvpnGatewayConnectionIntfData(vpnGatewayConnectionIntf vpcv1.VPNGatewayCo
 			if vpnGatewayConnection.IkePolicy != nil {
 				gatewayconnection["ike_policy"] = vpnGatewayConnection.IkePolicy.ID
 			}
+			gatewayconnection["distribute_traffic"] = vpnGatewayConnection.DistributeTraffic
 
 			if vpnGatewayConnection.IpsecPolicy != nil {
 				gatewayconnection["ipsec_policy"] = vpnGatewayConnection.IpsecPolicy.ID
@@ -455,6 +462,7 @@ func getvpnGatewayConnectionIntfData(vpnGatewayConnectionIntf vpcv1.VPNGatewayCo
 				gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionInterval] = vpnGatewayConnection.DeadPeerDetection.Interval
 				gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionTimeout] = vpnGatewayConnection.DeadPeerDetection.Timeout
 			}
+			gatewayconnection["distribute_traffic"] = vpnGatewayConnection.DistributeTraffic
 			gatewayconnection["href"] = vpnGatewayConnection.Href
 			if vpnGatewayConnection.IkePolicy != nil {
 				gatewayconnection["ike_policy"] = vpnGatewayConnection.IkePolicy.ID

diff --git a/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connections_test.go b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connections_test.go
@@ -35,6 +35,29 @@ func TestAccIBMISVpnGatewayConnectionsDataSource_basic(t *testing.T) {
 		},
 	})
 }
+func TestAccIBMISVpnGatewayConnectionsDataSource_distributeTraffic(t *testing.T) {
+	var vpnGatewayConnection string
+	node := "data.ibm_is_vpn_gateway_connections.test1"
+	vpcname := fmt.Sprintf("tfvpnuat-vpc-%d", acctest.RandIntRange(100, 200))
+	subnetname := fmt.Sprintf("tfvpnuat-subnet-%d", acctest.RandIntRange(100, 200))
+	vpngwname := fmt.Sprintf("tfvpnuat-vpngw-%d", acctest.RandIntRange(100, 200))
+	name := fmt.Sprintf("tfvpnuat-createname-%d", acctest.RandIntRange(100, 200))
+	dt := true
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheck(t) },
+		Providers: acc.TestAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMISVpnGatewayconnectionsDataSourceDistributeTrafficConfig(vpcname, subnetname, vpngwname, name, dt),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIBMISVPNGatewayConnectionExists("ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection", vpnGatewayConnection),
+					resource.TestCheckResourceAttrSet(node, "connections.#"),
+				),
+			},
+		},
+	})
+}
 
 func testAccCheckIBMISVpnGatewayconnectionsDataSourceConfig(vpc, subnet, vpngwname, name string) string {
 	// status filter defaults to empty
@@ -71,3 +94,39 @@ func testAccCheckIBMISVpnGatewayconnectionsDataSourceConfig(vpc, subnet, vpngwna
 	}`, vpc, subnet, acc.ISZoneName, acc.ISCIDR, vpngwname, name)
 
 }
+func testAccCheckIBMISVpnGatewayconnectionsDataSourceDistributeTrafficConfig(vpc, subnet, vpngwname, name string, distributeTraffic bool) string {
+	// status filter defaults to empty
+	return fmt.Sprintf(`
+	
+	data "ibm_resource_group" "rg" {
+		is_default = true
+	}
+	resource "ibm_is_vpc" "testacc_vpc" {
+		name = "%s"
+		resource_group = data.ibm_resource_group.rg.id
+	}
+	resource "ibm_is_subnet" "testacc_subnet" {
+		name = "%s"
+		vpc = "${ibm_is_vpc.testacc_vpc.id}"
+		zone = "%s"
+		ipv4_cidr_block = "%s"
+		resource_group = data.ibm_resource_group.rg.id
+	}
+	resource "ibm_is_vpn_gateway" "testacc_vpnGateway" {
+	name = "%s"
+	subnet = "${ibm_is_subnet.testacc_subnet.id}"
+	resource_group = data.ibm_resource_group.rg.id
+	
+	}
+	resource "ibm_is_vpn_gateway_connection" "testacc_VPNGatewayConnection" {
+		name = "%s"
+		vpn_gateway = "${ibm_is_vpn_gateway.testacc_vpnGateway.id}"
+		peer_address = "1.2.3.4"
+		preshared_key = "VPNDemoPassword"
+		distribute_traffic = %t
+	}
+	data "ibm_is_vpn_gateway_connections" "test1" {
+		vpn_gateway = ibm_is_vpn_gateway.testacc_vpnGateway.id
+	}`, vpc, subnet, acc.ISZoneName, acc.ISCIDR, vpngwname, name, distributeTraffic)
+
+}