From 8bf6bfbb16739b3bd3c34f0866cdbca4b4b783e3 Mon Sep 17 00:00:00 2001 From: Ujjwal Kumar Date: Wed, 12 Jun 2024 11:52:13 +0530 Subject: [PATCH] added support for vpn advance config deprecation of local_cidrs, peer_cidrs, peer_address which are moved to local and peer block. --- examples/ibm-is-ng/main.tf | 22 +- examples/ibm-is-ng/provider.tf | 4 +- go.mod | 2 +- go.sum | 4 +- ibm/provider/provider.go | 36 +- ...ta_source_ibm_is_vpn_gateway_connection.go | 1001 +++++++++---- ...m_is_vpn_gateway_connection_local_cidrs.go | 71 + ...vpn_gateway_connection_local_cidrs_test.go | 40 + ...bm_is_vpn_gateway_connection_peer_cidrs.go | 70 + ..._vpn_gateway_connection_peer_cidrs_test.go | 40 + ...a_source_ibm_is_vpn_gateway_connections.go | 630 ++++++-- ...urce_ibm_is_vpn_gateway_connection_test.go | 392 ++++- ...resource_ibm_is_vpn_gateway_connections.go | 1275 +++++++++++++---- .../d/is_vpn_gateway_connection.html.markdown | 19 + ...teway_connection_local_cidrs.html.markdown | 35 + ...ateway_connection_peer_cidrs.html.markdown | 35 + .../is_vpn_gateway_connections.html.markdown | 17 + .../r/is_vpn_gateway_connection.html.markdown | 23 +- 18 files changed, 2965 insertions(+), 751 deletions(-) create mode 100644 ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_local_cidrs.go create mode 100644 ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_local_cidrs_test.go create mode 100644 ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_peer_cidrs.go create mode 100644 ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_peer_cidrs_test.go create mode 100644 website/docs/d/is_vpn_gateway_connection_local_cidrs.html.markdown create mode 100644 website/docs/d/is_vpn_gateway_connection_peer_cidrs.html.markdown diff --git a/examples/ibm-is-ng/main.tf b/examples/ibm-is-ng/main.tf index 4f76a8a39b..5882720865 100644 --- a/examples/ibm-is-ng/main.tf +++ b/examples/ibm-is-ng/main.tf @@ -199,8 +199,9 @@ resource "ibm_is_vpn_gateway" "VPNGateway1" { subnet = ibm_is_subnet.subnet1.id } -resource "ibm_is_vpn_gateway_connection" "VPNGatewayConnection1" { - name = "vpnconn1" +// Deprecated: peer_address, local_cidrs, peer_cidrs +resource "ibm_is_vpn_gateway_connection" "VPNGatewayConnection1_deprecated" { + name = "vpnconn1-deprecated" vpn_gateway = ibm_is_vpn_gateway.VPNGateway1.id peer_address = ibm_is_vpn_gateway.VPNGateway1.public_ip_address preshared_key = "VPNDemoPassword" @@ -209,6 +210,21 @@ resource "ibm_is_vpn_gateway_connection" "VPNGatewayConnection1" { ipsec_policy = ibm_is_ipsec_policy.example.id } +resource "ibm_is_vpn_gateway_connection" "VPNGatewayConnection1" { + name = "vpnconn1" + vpn_gateway = ibm_is_vpn_gateway.VPNGateway1.id + peer_address = ibm_is_vpn_gateway.VPNGateway1.public_ip_address + preshared_key = "VPNDemoPassword" + peer { + address = ibm_is_vpn_gateway.testacc_VPNGateway1.public_ip_address != "0.0.0.0" ? ibm_is_vpn_gateway.testacc_VPNGateway1.public_ip_address : ibm_is_vpn_gateway.testacc_VPNGateway1.public_ip_address2 + peer_cidrs = [ibm_is_subnet.subnet2.ipv4_cidr_block] + } + local { + cidrs = [ibm_is_subnet.subnet1.ipv4_cidr_block] + } + ipsec_policy = ibm_is_ipsec_policy.example.id +} + resource "ibm_is_ssh_key" "sshkey" { name = "ssh1" public_key = file(var.ssh_public_key) @@ -1592,7 +1608,7 @@ resource "ibm_is_reservation" "example" { term = "one_year" } profile { - name = "ba2-2x8" + name = "ba2-2x8" resource_type = "instance_profile" } zone = "us-east-3" diff --git a/examples/ibm-is-ng/provider.tf b/examples/ibm-is-ng/provider.tf index 42d39ae11d..95cd367ef9 100644 --- a/examples/ibm-is-ng/provider.tf +++ b/examples/ibm-is-ng/provider.tf @@ -3,7 +3,7 @@ variable "ibmcloud_api_key" { } provider "ibm" { - ibmcloud_api_key = var.ibmcloud_api_key - region = "us-south" + ibmcloud_api_key = var.ibmcloud_api_key + region = "us-south" } diff --git a/go.mod b/go.mod index b624c414ea..4ced128eaf 100644 --- a/go.mod +++ b/go.mod @@ -33,7 +33,7 @@ require ( github.com/IBM/schematics-go-sdk v0.2.3 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 github.com/IBM/vpc-beta-go-sdk v0.6.0 - github.com/IBM/vpc-go-sdk v0.50.0 + github.com/IBM/vpc-go-sdk v0.51.0 github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 github.com/akamai/AkamaiOPEN-edgegrid-golang/v5 v5.0.0 diff --git a/go.sum b/go.sum index 843eed19cb..21191a538b 100644 --- a/go.sum +++ b/go.sum @@ -190,8 +190,8 @@ github.com/IBM/vmware-go-sdk v0.1.2 h1:5lKWFyInWz9e2hwGsoFTEoLa1jYkD30SReN0fQ10w github.com/IBM/vmware-go-sdk v0.1.2/go.mod h1:2UGPBJju3jiv5VKKBBm9a5L6bzF/aJdKOKAzJ7HaOjA= github.com/IBM/vpc-beta-go-sdk v0.6.0 h1:wfM3AcW3zOM3xsRtZ+EA6+sESlGUjQ6Yf4n5QQyz4uc= github.com/IBM/vpc-beta-go-sdk v0.6.0/go.mod h1:fzHDAQIqH/5yJmYsKodKHLcqxMDT+yfH6vZjdiw8CQA= -github.com/IBM/vpc-go-sdk v0.50.0 h1:+vnXYK0FXFXYqaS/5/X1XEqH0bbRotkzkerRk21ZEjE= -github.com/IBM/vpc-go-sdk v0.50.0/go.mod h1:iBg9UJY1y/XpkweyP6YH7G6guzKPV8BYDoBMTdPupH4= +github.com/IBM/vpc-go-sdk v0.51.0 h1:JfeE/TnPm/NFU59UctiPzjxEhHtmBqXxG6zHH5eTI8I= +github.com/IBM/vpc-go-sdk v0.51.0/go.mod h1:3+zQ0dqiv46ALjRXXVrser+dCdAVXOHVwlYkCCX4bNU= github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E= github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc= github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56 h1:vuquMR410psHNax14XKNWa0Ae/kYgWJcXi0IFuX60N0= diff --git a/ibm/provider/provider.go b/ibm/provider/provider.go index 1c1f717a42..9d83777ac6 100644 --- a/ibm/provider/provider.go +++ b/ibm/provider/provider.go @@ -522,22 +522,26 @@ func Provider() *schema.Provider { "ibm_is_virtual_network_interface_ip": vpc.DataSourceIBMIsVirtualNetworkInterfaceIP(), "ibm_is_virtual_network_interface_ips": vpc.DataSourceIBMIsVirtualNetworkInterfaceIPs(), - "ibm_is_share_mount_target": vpc.DataSourceIBMIsShareTarget(), - "ibm_is_share_mount_targets": vpc.DataSourceIBMIsShareTargets(), - "ibm_is_volume": vpc.DataSourceIBMISVolume(), - "ibm_is_volumes": vpc.DataSourceIBMIsVolumes(), - "ibm_is_volume_profile": vpc.DataSourceIBMISVolumeProfile(), - "ibm_is_volume_profiles": vpc.DataSourceIBMISVolumeProfiles(), - "ibm_is_vpc": vpc.DataSourceIBMISVPC(), - "ibm_is_vpc_dns_resolution_binding": vpc.DataSourceIBMIsVPCDnsResolutionBinding(), - "ibm_is_vpc_dns_resolution_bindings": vpc.DataSourceIBMIsVPCDnsResolutionBindings(), - "ibm_is_vpcs": vpc.DataSourceIBMISVPCs(), - "ibm_is_vpn_gateway": vpc.DataSourceIBMISVPNGateway(), - "ibm_is_vpn_gateways": vpc.DataSourceIBMISVPNGateways(), - "ibm_is_vpc_address_prefixes": vpc.DataSourceIbmIsVpcAddressPrefixes(), - "ibm_is_vpc_address_prefix": vpc.DataSourceIBMIsVPCAddressPrefix(), - "ibm_is_vpn_gateway_connection": vpc.DataSourceIBMISVPNGatewayConnection(), - "ibm_is_vpn_gateway_connections": vpc.DataSourceIBMISVPNGatewayConnections(), + "ibm_is_share_mount_target": vpc.DataSourceIBMIsShareTarget(), + "ibm_is_share_mount_targets": vpc.DataSourceIBMIsShareTargets(), + "ibm_is_volume": vpc.DataSourceIBMISVolume(), + "ibm_is_volumes": vpc.DataSourceIBMIsVolumes(), + "ibm_is_volume_profile": vpc.DataSourceIBMISVolumeProfile(), + "ibm_is_volume_profiles": vpc.DataSourceIBMISVolumeProfiles(), + "ibm_is_vpc": vpc.DataSourceIBMISVPC(), + "ibm_is_vpc_dns_resolution_binding": vpc.DataSourceIBMIsVPCDnsResolutionBinding(), + "ibm_is_vpc_dns_resolution_bindings": vpc.DataSourceIBMIsVPCDnsResolutionBindings(), + "ibm_is_vpcs": vpc.DataSourceIBMISVPCs(), + "ibm_is_vpn_gateway": vpc.DataSourceIBMISVPNGateway(), + "ibm_is_vpn_gateways": vpc.DataSourceIBMISVPNGateways(), + "ibm_is_vpc_address_prefixes": vpc.DataSourceIbmIsVpcAddressPrefixes(), + "ibm_is_vpc_address_prefix": vpc.DataSourceIBMIsVPCAddressPrefix(), + "ibm_is_vpn_gateway_connection": vpc.DataSourceIBMISVPNGatewayConnection(), + "ibm_is_vpn_gateway_connections": vpc.DataSourceIBMISVPNGatewayConnections(), + + "ibm_is_vpn_gateway_connection_local_cidrs": vpc.DataSourceIBMIsVPNGatewayConnectionLocalCidrs(), + "ibm_is_vpn_gateway_connection_peer_cidrs": vpc.DataSourceIBMIsVPNGatewayConnectionPeerCidrs(), + "ibm_is_vpc_default_routing_table": vpc.DataSourceIBMISVPCDefaultRoutingTable(), "ibm_is_vpc_routing_table": vpc.DataSourceIBMIBMIsVPCRoutingTable(), "ibm_is_vpc_routing_tables": vpc.DataSourceIBMISVPCRoutingTables(), diff --git a/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection.go b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection.go index f629c8d7d9..bfdbd90d82 100644 --- a/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection.go +++ b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection.go @@ -5,8 +5,10 @@ package vpc import ( "context" + "encoding/json" "fmt" "log" + "reflect" "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" @@ -185,10 +187,103 @@ func DataSourceIBMISVPNGatewayConnection() *schema.Resource { Computed: true, Description: "The user-defined name for this VPN gateway connection.", }, + + // new breaking changes + "establish_mode": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The establish mode of the VPN gateway connection:- `bidirectional`: Either side of the VPN gateway can initiate IKE protocol negotiations or rekeying processes.- `peer_only`: Only the peer can initiate IKE protocol negotiations for this VPN gateway connection. Additionally, the peer is responsible for initiating the rekeying process after the connection is established. If rekeying does not occur, the VPN gateway connection will be brought down after its lifetime expires.", + }, + "local": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ike_identities": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The local IKE identities.A VPN gateway in static route mode consists of two members in active-active mode. The first identity applies to the first member, and the second identity applies to the second member.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IKE identity type.The enumerated values for this property will expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the backup policy on which the unexpected property value was encountered.", + }, + "value": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IKE identity FQDN value.", + }, + }, + }, + }, + "cidrs": { + Type: schema.TypeList, + Computed: true, + Description: "The local CIDRs for this resource.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "peer": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ike_identity": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The peer IKE identity.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IKE identity type.The enumerated values for this property will expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the backup policy on which the unexpected property value was encountered.", + }, + "value": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IKE identity FQDN value.", + }, + }, + }, + }, + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "Indicates whether `peer.address` or `peer.fqdn` is used.", + }, + "address": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IP address of the peer VPN gateway for this connection.", + }, + "fqdn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The FQDN of the peer VPN gateway for this connection.", + }, + "cidrs": { + Type: schema.TypeList, + Computed: true, + Description: "The peer CIDRs for this resource.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, "peer_address": { Type: schema.TypeString, Computed: true, Description: "The IP address of the peer VPN gateway.", + Deprecated: "peer_address is deprecated, use peer instead", }, "psk": { Type: schema.TypeString, @@ -260,6 +355,7 @@ func DataSourceIBMISVPNGatewayConnection() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, }, + Deprecated: "local_cidrs is deprecated, use local instead", }, "peer_cidrs": { Type: schema.TypeList, @@ -268,6 +364,7 @@ func DataSourceIBMISVPNGatewayConnection() *schema.Resource { Elem: &schema.Schema{ Type: schema.TypeString, }, + Deprecated: "peer_cidrs is deprecated, use peer instead", }, }, } @@ -283,7 +380,7 @@ func dataSourceIBMIsVPNGatewayConnectionRead(context context.Context, d *schema. vpn_gateway_connection := d.Get("vpn_gateway_connection").(string) vpn_gateway_connection_name := d.Get("vpn_gateway_connection_name").(string) - var vpnGatewayConnectionInterface *vpcv1.VPNGatewayConnectionIntf + var vpnGatewayConnection vpcv1.VPNGatewayConnectionIntf if vpn_gateway_name != "" { listvpnGWOptions := vpcClient.NewListVPNGatewaysOptions() @@ -296,7 +393,7 @@ func dataSourceIBMIsVPNGatewayConnectionRead(context context.Context, d *schema. } availableVPNGateways, detail, err := vpcClient.ListVPNGatewaysWithContext(context, listvpnGWOptions) if err != nil || availableVPNGateways == nil { - return diag.FromErr(fmt.Errorf("Error reading list of VPN Gateways:%s\n%s", err, detail)) + return diag.FromErr(fmt.Errorf("[ERROR] Error reading list of VPN Gateways:%s\n%s", err, detail)) } start = flex.GetNext(availableVPNGateways.Next) allrecs = append(allrecs, availableVPNGateways.VPNGateways...) @@ -324,42 +421,50 @@ func dataSourceIBMIsVPNGatewayConnectionRead(context context.Context, d *schema. availableVPNGatewayConnections, detail, err := vpcClient.ListVPNGatewayConnections(listvpnGWConnectionOptions) if err != nil || availableVPNGatewayConnections == nil { - return diag.FromErr(fmt.Errorf("Error reading list of VPN Gateway Connections:%s\n%s", err, detail)) + return diag.FromErr(fmt.Errorf("[ERROR] Error reading list of VPN Gateway Connections:%s\n%s", err, detail)) } vpn_gateway_conn_found := false - for _, vpnGatewayConnectionIntf := range availableVPNGatewayConnections.Connections { - if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode); ok { - vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode) - if *vpnGatewayConnection.Name == vpn_gateway_connection_name { - vpnGatewayConnectionInterface = &vpnGatewayConnectionIntf - vpn_gateway_conn_found = true - break - } - } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode); ok { - vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode) - if *vpnGatewayConnection.Name == vpn_gateway_connection_name { - vpnGatewayConnectionInterface = &vpnGatewayConnectionIntf - vpn_gateway_conn_found = true - break - } - } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode); ok { - vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode) - if *vpnGatewayConnection.Name == vpn_gateway_connection_name { - vpnGatewayConnectionInterface = &vpnGatewayConnectionIntf - vpn_gateway_conn_found = true - break - } - } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection); ok { - vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection) - if *vpnGatewayConnection.Name == vpn_gateway_connection_name { - vpnGatewayConnectionInterface = &vpnGatewayConnectionIntf - vpn_gateway_conn_found = true - break - } - } else { - return diag.FromErr(fmt.Errorf("[ERROR] Unrecognized vpcv1.vpnGatewayConnectionIntf subtype encountered")) + for _, connectionItem := range availableVPNGatewayConnections.Connections { + switch reflect.TypeOf(connectionItem).String() { + case "*vpcv1.VPNGatewayConnection": + { + connection := connectionItem.(*vpcv1.VPNGatewayConnection) + if *connection.Name == vpn_gateway_connection_name { + vpnGatewayConnection = connectionItem + vpn_gateway_conn_found = true + break + } + } + case "*vpcv1.VPNGatewayConnectionRouteMode": + { + connection := connectionItem.(*vpcv1.VPNGatewayConnectionRouteMode) + if *connection.Name == vpn_gateway_connection_name { + vpnGatewayConnection = connectionItem + vpn_gateway_conn_found = true + break + } + } + case "*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode": + { + connection := connectionItem.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode) + if *connection.Name == vpn_gateway_connection_name { + vpnGatewayConnection = connectionItem + vpn_gateway_conn_found = true + break + } + } + case "*vpcv1.VPNGatewayConnectionPolicyMode": + { + connection := connectionItem.(*vpcv1.VPNGatewayConnectionPolicyMode) + if *connection.Name == vpn_gateway_connection_name { + vpnGatewayConnection = connectionItem + vpn_gateway_conn_found = true + break + } + } } + } if !vpn_gateway_conn_found { return diag.FromErr(fmt.Errorf("VPN gateway connection %s not found", vpn_gateway_connection_name)) @@ -371,306 +476,432 @@ func dataSourceIBMIsVPNGatewayConnectionRead(context context.Context, d *schema. getVPNGatewayConnectionOptions.SetID(vpn_gateway_connection) vpnGatewayConnectionIntf, response, err := vpcClient.GetVPNGatewayConnectionWithContext(context, getVPNGatewayConnectionOptions) - vpnGatewayConnectionInterface = &vpnGatewayConnectionIntf - if err != nil { + if err != nil || vpnGatewayConnectionIntf == nil { log.Printf("[DEBUG] GetVPNGatewayConnectionWithContext failed %s\n%s", err, response) return diag.FromErr(fmt.Errorf("GetVPNGatewayConnectionWithContext failed %s\n%s", err, response)) } + vpnGatewayConnection = vpnGatewayConnectionIntf } - if _, ok := (*vpnGatewayConnectionInterface).(*vpcv1.VPNGatewayConnectionPolicyMode); ok { - vpnGatewayConnection := (*vpnGatewayConnectionInterface).(*vpcv1.VPNGatewayConnectionPolicyMode) - d.SetId(fmt.Sprintf("%s/%s", vpn_gateway_id, *vpnGatewayConnection.ID)) + setvpnGatewayConnectionIntfDatasourceData(d, vpn_gateway_id, vpnGatewayConnection) + return nil +} - if err = d.Set("admin_state_up", vpnGatewayConnection.AdminStateUp); err != nil { - return diag.FromErr(fmt.Errorf("Error setting admin_state_up: %s", err)) - } - if err = d.Set("authentication_mode", vpnGatewayConnection.AuthenticationMode); err != nil { - return diag.FromErr(fmt.Errorf("Error setting authentication_mode: %s", err)) - } - if err = d.Set("created_at", flex.DateTimeToString(vpnGatewayConnection.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) - } +func setvpnGatewayConnectionIntfDatasourceData(d *schema.ResourceData, vpn_gateway_id string, vpnGatewayConnectionIntf vpcv1.VPNGatewayConnectionIntf) error { + var err error + switch reflect.TypeOf(vpnGatewayConnectionIntf).String() { + case "*vpcv1.VPNGatewayConnection": + { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection) + d.SetId(fmt.Sprintf("%s/%s", vpn_gateway_id, *vpnGatewayConnection.ID)) + if err = d.Set("admin_state_up", vpnGatewayConnection.AdminStateUp); err != nil { + return fmt.Errorf("[ERROR] Error setting admin_state_up: %s", err) + } + if err = d.Set("authentication_mode", vpnGatewayConnection.AuthenticationMode); err != nil { + return fmt.Errorf("[ERROR] Error setting authentication_mode: %s", err) + } + if err = d.Set("created_at", flex.DateTimeToString(vpnGatewayConnection.CreatedAt)); err != nil { + return fmt.Errorf("[ERROR] Error setting created_at: %s", err) + } - if vpnGatewayConnection.DeadPeerDetection != nil { - err = d.Set("dead_peer_detection", dataSourceVPNGatewayConnectionFlattenDeadPeerDetection(*vpnGatewayConnection.DeadPeerDetection)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting dead_peer_detection %s", err)) + if vpnGatewayConnection.DeadPeerDetection != nil { + err = d.Set("dead_peer_detection", dataSourceVPNGatewayConnectionFlattenDeadPeerDetection(*vpnGatewayConnection.DeadPeerDetection)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting dead_peer_detection %s", err) + } + } + if err = d.Set("href", vpnGatewayConnection.Href); err != nil { + return fmt.Errorf("[ERROR] Error setting href: %s", err) } - } - if err = d.Set("href", vpnGatewayConnection.Href); err != nil { - return diag.FromErr(fmt.Errorf("Error setting href: %s", err)) - } - if vpnGatewayConnection.IkePolicy != nil { - err = d.Set("ike_policy", dataSourceVPNGatewayConnectionFlattenIkePolicy(*vpnGatewayConnection.IkePolicy)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting ike_policy %s", err)) + if vpnGatewayConnection.IkePolicy != nil { + err = d.Set("ike_policy", dataSourceVPNGatewayConnectionFlattenIkePolicy(*vpnGatewayConnection.IkePolicy)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting ike_policy %s", err) + } } - } - if vpnGatewayConnection.IpsecPolicy != nil { - err = d.Set("ipsec_policy", dataSourceVPNGatewayConnectionFlattenIpsecPolicy(*vpnGatewayConnection.IpsecPolicy)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting ipsec_policy %s", err)) + if vpnGatewayConnection.IpsecPolicy != nil { + err = d.Set("ipsec_policy", dataSourceVPNGatewayConnectionFlattenIpsecPolicy(*vpnGatewayConnection.IpsecPolicy)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting ipsec_policy %s", err) + } } - } - if err = d.Set("mode", vpnGatewayConnection.Mode); err != nil { - return diag.FromErr(fmt.Errorf("Error setting mode: %s", err)) - } - if err = d.Set("name", vpnGatewayConnection.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) - } - if err = d.Set("peer_address", vpnGatewayConnection.PeerAddress); err != nil { - return diag.FromErr(fmt.Errorf("Error setting peer_address: %s", err)) - } - if err = d.Set("psk", vpnGatewayConnection.Psk); err != nil { - return diag.FromErr(fmt.Errorf("Error setting psk: %s", err)) - } - if err = d.Set("resource_type", vpnGatewayConnection.ResourceType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting resource_type: %s", err)) - } - if err = d.Set("status", vpnGatewayConnection.Status); err != nil { - return diag.FromErr(fmt.Errorf("Error setting status: %s", err)) - } - if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting status_reasons: %s", err)) - } - if len(vpnGatewayConnection.LocalCIDRs) > 0 { - err = d.Set("local_cidrs", vpnGatewayConnection.LocalCIDRs) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting local CIDRs %s", err)) + if err = d.Set("mode", vpnGatewayConnection.Mode); err != nil { + return fmt.Errorf("[ERROR] Error setting mode: %s", err) + } + if err = d.Set("name", vpnGatewayConnection.Name); err != nil { + return fmt.Errorf("[ERROR] Error setting name: %s", err) } - } - if len(vpnGatewayConnection.PeerCIDRs) > 0 { - err = d.Set("peer_cidrs", vpnGatewayConnection.PeerCIDRs) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting Peer CIDRs %s", err)) + // breaking changes + if err = d.Set("establish_mode", vpnGatewayConnection.EstablishMode); err != nil { + return fmt.Errorf("[ERROR] Error setting establish_mode: %s", err) + } + local := []map[string]interface{}{} + if vpnGatewayConnection.Local != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModeLocalToMap(vpnGatewayConnection.Local) + if err != nil { + return err + } + local = append(local, modelMap) + } + if err = d.Set("local", local); err != nil { + return fmt.Errorf("[ERROR] Error setting local %s", err) } - } - } else if _, ok := (*vpnGatewayConnectionInterface).(*vpcv1.VPNGatewayConnectionRouteMode); ok { - vpnGatewayConnection := (*vpnGatewayConnectionInterface).(*vpcv1.VPNGatewayConnectionRouteMode) - d.SetId(fmt.Sprintf("%s/%s", vpn_gateway_id, *vpnGatewayConnection.ID)) - if err = d.Set("admin_state_up", vpnGatewayConnection.AdminStateUp); err != nil { - return diag.FromErr(fmt.Errorf("Error setting admin_state_up: %s", err)) - } - if err = d.Set("authentication_mode", vpnGatewayConnection.AuthenticationMode); err != nil { - return diag.FromErr(fmt.Errorf("Error setting authentication_mode: %s", err)) - } - if err = d.Set("created_at", flex.DateTimeToString(vpnGatewayConnection.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) - } + peer := []map[string]interface{}{} + if vpnGatewayConnection.Peer != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerToMap(vpnGatewayConnection.Peer) + if err != nil { + return err + } + peer = append(peer, modelMap) + } + if err = d.Set("peer", peer); err != nil { + return fmt.Errorf("[ERROR] Error setting peer %s", err) + } + // Deprecated + if vpnGatewayConnection.Peer != nil { + peer := vpnGatewayConnection.Peer.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer) + if err = d.Set("peer_address", peer.Address); err != nil { + return fmt.Errorf("[ERROR] Error setting peer_address: %s", err) + } + } + if err = d.Set("psk", vpnGatewayConnection.Psk); err != nil { + return fmt.Errorf("[ERROR] Error setting psk: %s", err) + } + if err = d.Set("resource_type", vpnGatewayConnection.ResourceType); err != nil { + return fmt.Errorf("[ERROR] Error setting resource_type: %s", err) + } + if err = d.Set("status", vpnGatewayConnection.Status); err != nil { + return fmt.Errorf("[ERROR] Error setting status: %s", err) + } + if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { + return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err) + } + if err = d.Set("routing_protocol", vpnGatewayConnection.RoutingProtocol); err != nil { + return fmt.Errorf("[ERROR] Error setting routing_protocol: %s", err) + } - if vpnGatewayConnection.DeadPeerDetection != nil { - err = d.Set("dead_peer_detection", dataSourceVPNGatewayConnectionFlattenDeadPeerDetection(*vpnGatewayConnection.DeadPeerDetection)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting dead_peer_detection %s", err)) + if vpnGatewayConnection.Tunnels != nil { + err = d.Set("tunnels", dataSourceVPNGatewayConnectionFlattenTunnels(vpnGatewayConnection.Tunnels)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting tunnels %s", err) + } } } - if err = d.Set("href", vpnGatewayConnection.Href); err != nil { - return diag.FromErr(fmt.Errorf("Error setting href: %s", err)) - } + case "*vpcv1.VPNGatewayConnectionRouteMode": + { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode) + d.SetId(fmt.Sprintf("%s/%s", vpn_gateway_id, *vpnGatewayConnection.ID)) + if err = d.Set("admin_state_up", vpnGatewayConnection.AdminStateUp); err != nil { + return fmt.Errorf("[ERROR] Error setting admin_state_up: %s", err) + } + if err = d.Set("authentication_mode", vpnGatewayConnection.AuthenticationMode); err != nil { + return fmt.Errorf("[ERROR] Error setting authentication_mode: %s", err) + } + if err = d.Set("created_at", flex.DateTimeToString(vpnGatewayConnection.CreatedAt)); err != nil { + return fmt.Errorf("[ERROR] Error setting created_at: %s", err) + } - if vpnGatewayConnection.IkePolicy != nil { - err = d.Set("ike_policy", dataSourceVPNGatewayConnectionFlattenIkePolicy(*vpnGatewayConnection.IkePolicy)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting ike_policy %s", err)) + if vpnGatewayConnection.DeadPeerDetection != nil { + err = d.Set("dead_peer_detection", dataSourceVPNGatewayConnectionFlattenDeadPeerDetection(*vpnGatewayConnection.DeadPeerDetection)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting dead_peer_detection %s", err) + } + } + if err = d.Set("href", vpnGatewayConnection.Href); err != nil { + return fmt.Errorf("[ERROR] Error setting href: %s", err) } - } - if vpnGatewayConnection.IpsecPolicy != nil { - err = d.Set("ipsec_policy", dataSourceVPNGatewayConnectionFlattenIpsecPolicy(*vpnGatewayConnection.IpsecPolicy)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting ipsec_policy %s", err)) + if vpnGatewayConnection.IkePolicy != nil { + err = d.Set("ike_policy", dataSourceVPNGatewayConnectionFlattenIkePolicy(*vpnGatewayConnection.IkePolicy)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting ike_policy %s", err) + } } - } - if err = d.Set("mode", vpnGatewayConnection.Mode); err != nil { - return diag.FromErr(fmt.Errorf("Error setting mode: %s", err)) - } - if err = d.Set("name", vpnGatewayConnection.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) - } - if err = d.Set("peer_address", vpnGatewayConnection.PeerAddress); err != nil { - return diag.FromErr(fmt.Errorf("Error setting peer_address: %s", err)) - } - if err = d.Set("psk", vpnGatewayConnection.Psk); err != nil { - return diag.FromErr(fmt.Errorf("Error setting psk: %s", err)) - } - if err = d.Set("resource_type", vpnGatewayConnection.ResourceType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting resource_type: %s", err)) - } - if err = d.Set("status", vpnGatewayConnection.Status); err != nil { - return diag.FromErr(fmt.Errorf("Error setting status: %s", err)) - } - if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting status_reasons: %s", err)) - } - if err = d.Set("routing_protocol", vpnGatewayConnection.RoutingProtocol); err != nil { - return diag.FromErr(fmt.Errorf("Error setting routing_protocol: %s", err)) - } - if vpnGatewayConnection.Tunnels != nil { - err = d.Set("tunnels", dataSourceVPNGatewayConnectionFlattenTunnels(vpnGatewayConnection.Tunnels)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting tunnels %s", err)) + if vpnGatewayConnection.IpsecPolicy != nil { + err = d.Set("ipsec_policy", dataSourceVPNGatewayConnectionFlattenIpsecPolicy(*vpnGatewayConnection.IpsecPolicy)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting ipsec_policy %s", err) + } + } + if err = d.Set("mode", vpnGatewayConnection.Mode); err != nil { + return fmt.Errorf("[ERROR] Error setting mode: %s", err) + } + if err = d.Set("name", vpnGatewayConnection.Name); err != nil { + return fmt.Errorf("[ERROR] Error setting name: %s", err) } - } - } else if _, ok := (*vpnGatewayConnectionInterface).(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode); ok { - vpnGatewayConnection := (*vpnGatewayConnectionInterface).(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode) - d.SetId(fmt.Sprintf("%s/%s", vpn_gateway_id, *vpnGatewayConnection.ID)) - if err = d.Set("admin_state_up", vpnGatewayConnection.AdminStateUp); err != nil { - return diag.FromErr(fmt.Errorf("Error setting admin_state_up: %s", err)) - } - if err = d.Set("authentication_mode", vpnGatewayConnection.AuthenticationMode); err != nil { - return diag.FromErr(fmt.Errorf("Error setting authentication_mode: %s", err)) - } - if err = d.Set("created_at", flex.DateTimeToString(vpnGatewayConnection.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) - } + // breaking changes + if err = d.Set("establish_mode", vpnGatewayConnection.EstablishMode); err != nil { + return fmt.Errorf("[ERROR] Error setting establish_mode: %s", err) + } + local := []map[string]interface{}{} + if vpnGatewayConnection.Local != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModeLocalToMap(vpnGatewayConnection.Local) + if err != nil { + return err + } + local = append(local, modelMap) + } + if err = d.Set("local", local); err != nil { + return fmt.Errorf("[ERROR] Error setting local %s", err) + } - if vpnGatewayConnection.DeadPeerDetection != nil { - err = d.Set("dead_peer_detection", dataSourceVPNGatewayConnectionFlattenDeadPeerDetection(*vpnGatewayConnection.DeadPeerDetection)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting dead_peer_detection %s", err)) + peer := []map[string]interface{}{} + if vpnGatewayConnection.Peer != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerToMap(vpnGatewayConnection.Peer) + if err != nil { + return err + } + peer = append(peer, modelMap) + } + if err = d.Set("peer", peer); err != nil { + return fmt.Errorf("[ERROR] Error setting peer %s", err) + } + // Deprecated + if vpnGatewayConnection.Peer != nil { + peer := vpnGatewayConnection.Peer.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer) + if err = d.Set("peer_address", peer.Address); err != nil { + return fmt.Errorf("[ERROR] Error setting peer_address: %s", err) + } + } + if err = d.Set("psk", vpnGatewayConnection.Psk); err != nil { + return fmt.Errorf("[ERROR] Error setting psk: %s", err) + } + if err = d.Set("resource_type", vpnGatewayConnection.ResourceType); err != nil { + return fmt.Errorf("[ERROR] Error setting resource_type: %s", err) + } + if err = d.Set("status", vpnGatewayConnection.Status); err != nil { + return fmt.Errorf("[ERROR] Error setting status: %s", err) + } + if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { + return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err) + } + if err = d.Set("routing_protocol", vpnGatewayConnection.RoutingProtocol); err != nil { + return fmt.Errorf("[ERROR] Error setting routing_protocol: %s", err) } - } - if err = d.Set("href", vpnGatewayConnection.Href); err != nil { - return diag.FromErr(fmt.Errorf("Error setting href: %s", err)) - } - if vpnGatewayConnection.IkePolicy != nil { - err = d.Set("ike_policy", dataSourceVPNGatewayConnectionFlattenIkePolicy(*vpnGatewayConnection.IkePolicy)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting ike_policy %s", err)) + if vpnGatewayConnection.Tunnels != nil { + err = d.Set("tunnels", dataSourceVPNGatewayConnectionFlattenTunnels(vpnGatewayConnection.Tunnels)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting tunnels %s", err) + } } } + case "*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode": + { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode) + d.SetId(fmt.Sprintf("%s/%s", vpn_gateway_id, *vpnGatewayConnection.ID)) + if err = d.Set("admin_state_up", vpnGatewayConnection.AdminStateUp); err != nil { + return fmt.Errorf("[ERROR] Error setting admin_state_up: %s", err) + } + if err = d.Set("authentication_mode", vpnGatewayConnection.AuthenticationMode); err != nil { + return fmt.Errorf("[ERROR] Error setting authentication_mode: %s", err) + } + if err = d.Set("created_at", flex.DateTimeToString(vpnGatewayConnection.CreatedAt)); err != nil { + return fmt.Errorf("[ERROR] Error setting created_at: %s", err) + } - if vpnGatewayConnection.IpsecPolicy != nil { - err = d.Set("ipsec_policy", dataSourceVPNGatewayConnectionFlattenIpsecPolicy(*vpnGatewayConnection.IpsecPolicy)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting ipsec_policy %s", err)) + if vpnGatewayConnection.DeadPeerDetection != nil { + err = d.Set("dead_peer_detection", dataSourceVPNGatewayConnectionFlattenDeadPeerDetection(*vpnGatewayConnection.DeadPeerDetection)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting dead_peer_detection %s", err) + } + } + if err = d.Set("href", vpnGatewayConnection.Href); err != nil { + return fmt.Errorf("[ERROR] Error setting href: %s", err) } - } - if err = d.Set("mode", vpnGatewayConnection.Mode); err != nil { - return diag.FromErr(fmt.Errorf("Error setting mode: %s", err)) - } - if err = d.Set("name", vpnGatewayConnection.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) - } - if err = d.Set("peer_address", vpnGatewayConnection.PeerAddress); err != nil { - return diag.FromErr(fmt.Errorf("Error setting peer_address: %s", err)) - } - if err = d.Set("psk", vpnGatewayConnection.Psk); err != nil { - return diag.FromErr(fmt.Errorf("Error setting psk: %s", err)) - } - if err = d.Set("resource_type", vpnGatewayConnection.ResourceType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting resource_type: %s", err)) - } - if err = d.Set("status", vpnGatewayConnection.Status); err != nil { - return diag.FromErr(fmt.Errorf("Error setting status: %s", err)) - } - if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting status_reasons: %s", err)) - } - if err = d.Set("routing_protocol", vpnGatewayConnection.RoutingProtocol); err != nil { - return diag.FromErr(fmt.Errorf("Error setting routing_protocol: %s", err)) - } - if vpnGatewayConnection.Tunnels != nil { - err = d.Set("tunnels", dataSourceVPNGatewayConnectionFlattenTunnels(vpnGatewayConnection.Tunnels)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting tunnels %s", err)) + if vpnGatewayConnection.IkePolicy != nil { + err = d.Set("ike_policy", dataSourceVPNGatewayConnectionFlattenIkePolicy(*vpnGatewayConnection.IkePolicy)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting ike_policy %s", err) + } } - } - } else if _, ok := (*vpnGatewayConnectionInterface).(*vpcv1.VPNGatewayConnection); ok { - vpnGatewayConnection := (*vpnGatewayConnectionInterface).(*vpcv1.VPNGatewayConnection) - d.SetId(fmt.Sprintf("%s/%s", vpn_gateway_id, *vpnGatewayConnection.ID)) - if err = d.Set("admin_state_up", vpnGatewayConnection.AdminStateUp); err != nil { - return diag.FromErr(fmt.Errorf("Error setting admin_state_up: %s", err)) - } - if err = d.Set("authentication_mode", vpnGatewayConnection.AuthenticationMode); err != nil { - return diag.FromErr(fmt.Errorf("Error setting authentication_mode: %s", err)) - } - if err = d.Set("created_at", flex.DateTimeToString(vpnGatewayConnection.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) - } + if vpnGatewayConnection.IpsecPolicy != nil { + err = d.Set("ipsec_policy", dataSourceVPNGatewayConnectionFlattenIpsecPolicy(*vpnGatewayConnection.IpsecPolicy)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting ipsec_policy %s", err) + } + } + if err = d.Set("mode", vpnGatewayConnection.Mode); err != nil { + return fmt.Errorf("[ERROR] Error setting mode: %s", err) + } + if err = d.Set("name", vpnGatewayConnection.Name); err != nil { + return fmt.Errorf("[ERROR] Error setting name: %s", err) + } - if vpnGatewayConnection.DeadPeerDetection != nil { - err = d.Set("dead_peer_detection", dataSourceVPNGatewayConnectionFlattenDeadPeerDetection(*vpnGatewayConnection.DeadPeerDetection)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting dead_peer_detection %s", err)) + // breaking changes + if err = d.Set("establish_mode", vpnGatewayConnection.EstablishMode); err != nil { + return fmt.Errorf("[ERROR] Error setting establish_mode: %s", err) + } + local := []map[string]interface{}{} + if vpnGatewayConnection.Local != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModeLocalToMap(vpnGatewayConnection.Local) + if err != nil { + return err + } + local = append(local, modelMap) + } + if err = d.Set("local", local); err != nil { + return fmt.Errorf("[ERROR] Error setting local %s", err) + } + + peer := []map[string]interface{}{} + if vpnGatewayConnection.Peer != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerToMap(vpnGatewayConnection.Peer) + if err != nil { + return err + } + peer = append(peer, modelMap) + } + if err = d.Set("peer", peer); err != nil { + return fmt.Errorf("[ERROR] Error setting peer %s", err) + } + // Deprecated + if vpnGatewayConnection.Peer != nil { + peer := vpnGatewayConnection.Peer.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer) + if err = d.Set("peer_address", peer.Address); err != nil { + return fmt.Errorf("[ERROR] Error setting peer_address: %s", err) + } + } + if err = d.Set("psk", vpnGatewayConnection.Psk); err != nil { + return fmt.Errorf("[ERROR] Error setting psk: %s", err) + } + if err = d.Set("resource_type", vpnGatewayConnection.ResourceType); err != nil { + return fmt.Errorf("[ERROR] Error setting resource_type: %s", err) + } + if err = d.Set("status", vpnGatewayConnection.Status); err != nil { + return fmt.Errorf("[ERROR] Error setting status: %s", err) + } + if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { + return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err) + } + if err = d.Set("routing_protocol", vpnGatewayConnection.RoutingProtocol); err != nil { + return fmt.Errorf("[ERROR] Error setting routing_protocol: %s", err) } - } - if err = d.Set("href", vpnGatewayConnection.Href); err != nil { - return diag.FromErr(fmt.Errorf("Error setting href: %s", err)) - } - if vpnGatewayConnection.IkePolicy != nil { - err = d.Set("ike_policy", dataSourceVPNGatewayConnectionFlattenIkePolicy(*vpnGatewayConnection.IkePolicy)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting ike_policy %s", err)) + if vpnGatewayConnection.Tunnels != nil { + err = d.Set("tunnels", dataSourceVPNGatewayConnectionFlattenTunnels(vpnGatewayConnection.Tunnels)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting tunnels %s", err) + } } } + case "*vpcv1.VPNGatewayConnectionPolicyMode": + { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode) + d.SetId(fmt.Sprintf("%s/%s", vpn_gateway_id, *vpnGatewayConnection.ID)) + if err = d.Set("admin_state_up", vpnGatewayConnection.AdminStateUp); err != nil { + return fmt.Errorf("[ERROR] Error setting admin_state_up: %s", err) + } + if err = d.Set("authentication_mode", vpnGatewayConnection.AuthenticationMode); err != nil { + return fmt.Errorf("[ERROR] Error setting authentication_mode: %s", err) + } + if err = d.Set("created_at", flex.DateTimeToString(vpnGatewayConnection.CreatedAt)); err != nil { + return fmt.Errorf("[ERROR] Error setting created_at: %s", err) + } - if vpnGatewayConnection.IpsecPolicy != nil { - err = d.Set("ipsec_policy", dataSourceVPNGatewayConnectionFlattenIpsecPolicy(*vpnGatewayConnection.IpsecPolicy)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting ipsec_policy %s", err)) + if vpnGatewayConnection.DeadPeerDetection != nil { + err = d.Set("dead_peer_detection", dataSourceVPNGatewayConnectionFlattenDeadPeerDetection(*vpnGatewayConnection.DeadPeerDetection)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting dead_peer_detection %s", err) + } + } + if err = d.Set("href", vpnGatewayConnection.Href); err != nil { + return fmt.Errorf("[ERROR] Error setting href: %s", err) } - } - if err = d.Set("mode", vpnGatewayConnection.Mode); err != nil { - return diag.FromErr(fmt.Errorf("Error setting mode: %s", err)) - } - if err = d.Set("name", vpnGatewayConnection.Name); err != nil { - return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) - } - if err = d.Set("peer_address", vpnGatewayConnection.PeerAddress); err != nil { - return diag.FromErr(fmt.Errorf("Error setting peer_address: %s", err)) - } - if err = d.Set("psk", vpnGatewayConnection.Psk); err != nil { - return diag.FromErr(fmt.Errorf("Error setting psk: %s", err)) - } - if err = d.Set("resource_type", vpnGatewayConnection.ResourceType); err != nil { - return diag.FromErr(fmt.Errorf("Error setting resource_type: %s", err)) - } - if err = d.Set("status", vpnGatewayConnection.Status); err != nil { - return diag.FromErr(fmt.Errorf("Error setting status: %s", err)) - } - if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting status_reasons: %s", err)) - } - if err = d.Set("routing_protocol", vpnGatewayConnection.RoutingProtocol); err != nil { - return diag.FromErr(fmt.Errorf("Error setting routing_protocol: %s", err)) - } - if vpnGatewayConnection.Tunnels != nil { - err = d.Set("tunnels", dataSourceVPNGatewayConnectionFlattenTunnels(vpnGatewayConnection.Tunnels)) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting tunnels %s", err)) + if vpnGatewayConnection.IkePolicy != nil { + err = d.Set("ike_policy", dataSourceVPNGatewayConnectionFlattenIkePolicy(*vpnGatewayConnection.IkePolicy)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting ike_policy %s", err) + } } - } - if len(vpnGatewayConnection.LocalCIDRs) > 0 { - err = d.Set("local_cidrs", vpnGatewayConnection.LocalCIDRs) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting local CIDRs %s", err)) + if vpnGatewayConnection.IpsecPolicy != nil { + err = d.Set("ipsec_policy", dataSourceVPNGatewayConnectionFlattenIpsecPolicy(*vpnGatewayConnection.IpsecPolicy)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting ipsec_policy %s", err) + } + } + if err = d.Set("mode", vpnGatewayConnection.Mode); err != nil { + return fmt.Errorf("[ERROR] Error setting mode: %s", err) + } + if err = d.Set("name", vpnGatewayConnection.Name); err != nil { + return fmt.Errorf("[ERROR] Error setting name: %s", err) } - } - if len(vpnGatewayConnection.PeerCIDRs) > 0 { - err = d.Set("peer_cidrs", vpnGatewayConnection.PeerCIDRs) - if err != nil { - return diag.FromErr(fmt.Errorf("Error setting Peer CIDRs %s", err)) + // breaking changes + if err = d.Set("establish_mode", vpnGatewayConnection.EstablishMode); err != nil { + return fmt.Errorf("[ERROR] Error setting establish_mode: %s", err) } + local := []map[string]interface{}{} + if vpnGatewayConnection.Local != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionPolicyModeLocalToMap(vpnGatewayConnection.Local) + if err != nil { + return err + } + local = append(local, modelMap) + } + if err = d.Set("local", local); err != nil { + return fmt.Errorf("[ERROR] Error setting local %s", err) + } + + peer := []map[string]interface{}{} + if vpnGatewayConnection.Peer != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionPolicyModePeerToMap(vpnGatewayConnection.Peer) + if err != nil { + return err + } + peer = append(peer, modelMap) + } + if err = d.Set("peer", peer); err != nil { + return fmt.Errorf("[ERROR] Error setting peer %s", err) + } + // Deprecated + if vpnGatewayConnection.Peer != nil { + peer := vpnGatewayConnection.Peer.(*vpcv1.VPNGatewayConnectionPolicyModePeer) + if err = d.Set("peer_address", peer.Address); err != nil { + return fmt.Errorf("[ERROR] Error setting peer_address: %s", err) + } + if len(peer.CIDRs) > 0 { + err = d.Set("peer_cidrs", peer.CIDRs) + if err != nil { + return fmt.Errorf("[ERROR] Error setting Peer CIDRs %s", err) + } + } + } + if err = d.Set("psk", vpnGatewayConnection.Psk); err != nil { + return fmt.Errorf("[ERROR] Error setting psk: %s", err) + } + if err = d.Set("resource_type", vpnGatewayConnection.ResourceType); err != nil { + return fmt.Errorf("[ERROR] Error setting resource_type: %s", err) + } + if err = d.Set("status", vpnGatewayConnection.Status); err != nil { + return fmt.Errorf("[ERROR] Error setting status: %s", err) + } + if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { + return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err) + } + // Deprecated + if vpnGatewayConnection.Local != nil { + local := vpnGatewayConnection.Local + if len(local.CIDRs) > 0 { + err = d.Set("local_cidrs", local.CIDRs) + if err != nil { + return fmt.Errorf("[ERROR] Error setting local CIDRs %s", err) + } + } + } + } - } else { - return diag.FromErr(fmt.Errorf("[ERROR] Unrecognized vpcv1.vpnGatewayConnectionIntf subtype encountered")) } - return nil } @@ -805,12 +1036,206 @@ func dataSourceVPNGatewayConnectionTunnelsToMap(tunnelsItem vpcv1.VPNGatewayConn return tunnelsMap } -func dataSourceVPNGatewayConnectionTunnelsPublicIPToMap(publicIPItem vpcv1.IP) (publicIPMap map[string]interface{}) { - publicIPMap = map[string]interface{}{} +// helper methods - if publicIPItem.Address != nil { - publicIPMap["address"] = publicIPItem.Address +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStatusReasonToMap(model *vpcv1.VPNGatewayConnectionStatusReason) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["code"] = model.Code + modelMap["message"] = model.Message + if model.MoreInfo != nil { + modelMap["more_info"] = model.MoreInfo } + return modelMap, nil +} - return publicIPMap +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModeLocalToMap(model *vpcv1.VPNGatewayConnectionStaticRouteModeLocal) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + ikeIdentities := []map[string]interface{}{} + for _, ikeIdentitiesItem := range model.IkeIdentities { + ikeIdentitiesItemMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(ikeIdentitiesItem) + if err != nil { + return modelMap, err + } + ikeIdentities = append(ikeIdentities, ikeIdentitiesItemMap) + } + modelMap["ike_identities"] = ikeIdentities + return modelMap, nil +} +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionPolicyModeLocalToMap(model *vpcv1.VPNGatewayConnectionPolicyModeLocal) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + ikeIdentities := []map[string]interface{}{} + for _, ikeIdentitiesItem := range model.IkeIdentities { + ikeIdentitiesItemMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(ikeIdentitiesItem) + if err != nil { + return modelMap, err + } + ikeIdentities = append(ikeIdentities, ikeIdentitiesItemMap) + } + modelMap["ike_identities"] = ikeIdentities + modelMap["cidrs"] = model.CIDRs + return modelMap, nil +} + +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(model vpcv1.VPNGatewayConnectionIkeIdentityIntf) (map[string]interface{}, error) { + if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdn); ok { + return dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdnToMap(model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdn)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostname); ok { + return dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostnameToMap(model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostname)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4); ok { + return dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4ToMap(model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyID); ok { + return dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyIDToMap(model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyID)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentity); ok { + modelMap := make(map[string]interface{}) + model := model.(*vpcv1.VPNGatewayConnectionIkeIdentity) + modelMap["type"] = model.Type + if model.Value != nil { + modelMap["value"] = model.Value + } + return modelMap, nil + } else { + return nil, fmt.Errorf("Unrecognized vpcv1.VPNGatewayConnectionIkeIdentityIntf subtype encountered") + } +} + +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdnToMap(model *vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdn) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = model.Value + return modelMap, nil +} + +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostnameToMap(model *vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostname) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = model.Value + return modelMap, nil +} + +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4ToMap(model *vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = model.Value + return modelMap, nil +} +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyIDToMap(model *vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyID) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = string(*model.Value) + return modelMap, nil +} + +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerToMap(model vpcv1.VPNGatewayConnectionStaticRouteModePeerIntf) (map[string]interface{}, error) { + if _, ok := model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddress); ok { + return dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddressToMap(model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddress)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdn); ok { + return dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdnToMap(model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdn)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer); ok { + modelMap := make(map[string]interface{}) + model := model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer) + ikeIdentityMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(model.IkeIdentity) + if err != nil { + return modelMap, err + } + modelMap["ike_identity"] = []map[string]interface{}{ikeIdentityMap} + modelMap["type"] = model.Type + if model.Address != nil { + modelMap["address"] = model.Address + } + if model.Fqdn != nil { + modelMap["fqdn"] = model.Fqdn + } + return modelMap, nil + } else { + return nil, fmt.Errorf("Unrecognized vpcv1.VPNGatewayConnectionStaticRouteModePeerIntf subtype encountered") + } +} +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionPolicyModePeerToMap(model vpcv1.VPNGatewayConnectionPolicyModePeerIntf) (map[string]interface{}, error) { + if _, ok := model.(*vpcv1.VPNGatewayConnectionPolicyModePeerVPNGatewayConnectionPeerByAddress); ok { + return dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionPolicyModePeerVPNGatewayConnectionPeerByAddressToMap(model.(*vpcv1.VPNGatewayConnectionPolicyModePeerVPNGatewayConnectionPeerByAddress)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionPolicyModePeerVPNGatewayConnectionPeerByFqdn); ok { + return dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionPolicyModePeerVPNGatewayConnectionPeerByFqdnToMap(model.(*vpcv1.VPNGatewayConnectionPolicyModePeerVPNGatewayConnectionPeerByFqdn)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionPolicyModePeer); ok { + modelMap := make(map[string]interface{}) + model := model.(*vpcv1.VPNGatewayConnectionPolicyModePeer) + ikeIdentityMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(model.IkeIdentity) + if err != nil { + return modelMap, err + } + modelMap["ike_identity"] = []map[string]interface{}{ikeIdentityMap} + modelMap["type"] = model.Type + if model.Address != nil { + modelMap["address"] = model.Address + } + if model.Fqdn != nil { + modelMap["fqdn"] = model.Fqdn + } + if model.CIDRs != nil { + modelMap["cidrs"] = model.CIDRs + } + return modelMap, nil + } else { + return nil, fmt.Errorf("Unrecognized vpcv1.VPNGatewayConnectionPolicyModePeerIntf subtype encountered") + } +} + +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddressToMap(model *vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddress) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + ikeIdentityMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(model.IkeIdentity) + if err != nil { + return modelMap, err + } + modelMap["ike_identity"] = []map[string]interface{}{ikeIdentityMap} + modelMap["type"] = model.Type + modelMap["address"] = model.Address + return modelMap, nil +} +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionPolicyModePeerVPNGatewayConnectionPeerByAddressToMap(model *vpcv1.VPNGatewayConnectionPolicyModePeerVPNGatewayConnectionPeerByAddress) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + ikeIdentityMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(model.IkeIdentity) + if err != nil { + return modelMap, err + } + modelMap["ike_identity"] = []map[string]interface{}{ikeIdentityMap} + modelMap["type"] = model.Type + modelMap["address"] = model.Address + if model.CIDRs != nil { + modelMap["cidrs"] = model.CIDRs + } + return modelMap, nil +} +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdnToMap(model *vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdn) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + ikeIdentityMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(model.IkeIdentity) + if err != nil { + return modelMap, err + } + modelMap["ike_identity"] = []map[string]interface{}{ikeIdentityMap} + modelMap["type"] = model.Type + modelMap["fqdn"] = model.Fqdn + return modelMap, nil +} +func dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionPolicyModePeerVPNGatewayConnectionPeerByFqdnToMap(model *vpcv1.VPNGatewayConnectionPolicyModePeerVPNGatewayConnectionPeerByFqdn) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + ikeIdentityMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(model.IkeIdentity) + if err != nil { + return modelMap, err + } + modelMap["ike_identity"] = []map[string]interface{}{ikeIdentityMap} + modelMap["type"] = model.Type + modelMap["fqdn"] = model.Fqdn + if model.CIDRs != nil { + modelMap["cidrs"] = model.CIDRs + } + return modelMap, nil +} + +// PrettyPrint print pretty. +func PrettifyPrint(result interface{}) string { + output, err := json.MarshalIndent(result, "", " ") + + if err == nil { + return fmt.Sprintf("%v", string(output)) + } + return string(output) } diff --git a/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_local_cidrs.go b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_local_cidrs.go new file mode 100644 index 0000000000..e2112c93b0 --- /dev/null +++ b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_local_cidrs.go @@ -0,0 +1,71 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package vpc + +import ( + "context" + "fmt" + "log" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/IBM/vpc-go-sdk/vpcv1" +) + +func DataSourceIBMIsVPNGatewayConnectionLocalCidrs() *schema.Resource { + return &schema.Resource{ + ReadContext: dataSourceIBMIsVPNGatewayConnectionLocalCidrsRead, + + Schema: map[string]*schema.Schema{ + "vpn_gateway": &schema.Schema{ + Type: schema.TypeString, + Required: true, + Description: "The VPN gateway identifier.", + }, + "vpn_gateway_connection": &schema.Schema{ + Type: schema.TypeString, + Required: true, + Description: "The VPN gateway connection identifier.", + }, + "cidrs": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The CIDRs for this resource.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceIBMIsVPNGatewayConnectionLocalCidrsRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + vpcClient, err := meta.(conns.ClientSession).VpcV1API() + if err != nil { + return diag.FromErr(err) + } + + listVPNGatewayConnectionsLocalCidrsOptions := &vpcv1.ListVPNGatewayConnectionsLocalCIDRsOptions{} + + listVPNGatewayConnectionsLocalCidrsOptions.SetVPNGatewayID(d.Get("vpn_gateway").(string)) + listVPNGatewayConnectionsLocalCidrsOptions.SetID(d.Get("vpn_gateway_connection").(string)) + + vpnGatewayConnectionCidRs, response, err := vpcClient.ListVPNGatewayConnectionsLocalCIDRsWithContext(context, listVPNGatewayConnectionsLocalCidrsOptions) + if err != nil { + log.Printf("[DEBUG] ListVPNGatewayConnectionsLocalCidrsWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("ListVPNGatewayConnectionsLocalCidrsWithContext failed %s\n%s", err, response)) + } + d.SetId(dataSourceIBMIsVPNGatewayConnectionLocalCidrsID(d)) + d.Set("cidrs", vpnGatewayConnectionCidRs.CIDRs) + + return nil +} + +// dataSourceIBMIsVPNGatewayConnectionLocalCidrsID returns a reasonable ID for the list. +func dataSourceIBMIsVPNGatewayConnectionLocalCidrsID(d *schema.ResourceData) string { + return time.Now().UTC().String() +} diff --git a/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_local_cidrs_test.go b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_local_cidrs_test.go new file mode 100644 index 0000000000..6d211336f5 --- /dev/null +++ b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_local_cidrs_test.go @@ -0,0 +1,40 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package vpc_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" +) + +func TestAccIBMIsVPNGatewayConnectionLocalCidrsDataSourceBasic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckIBMIsVPNGatewayConnectionLocalCidrsDataSourceConfigBasic(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection_local_cidrs.is_vpn_gateway_connection_cidrs_instance", "id"), + resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection_local_cidrs.is_vpn_gateway_connection_cidrs_instance", "vpn_gateway"), + resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection_local_cidrs.is_vpn_gateway_connection_cidrs_instance", "vpn_gateway_connection"), + resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection_local_cidrs.is_vpn_gateway_connection_cidrs_instance", "cidrs.#"), + ), + }, + }, + }) +} + +func testAccCheckIBMIsVPNGatewayConnectionLocalCidrsDataSourceConfigBasic() string { + return fmt.Sprintf(` + data "ibm_is_vpn_gateway_connection_local_cidrs" "is_vpn_gateway_connection_cidrs_instance" { + vpn_gateway = "vpn_gateway" + id = "id" + } + `) +} diff --git a/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_peer_cidrs.go b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_peer_cidrs.go new file mode 100644 index 0000000000..31bf056ab7 --- /dev/null +++ b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_peer_cidrs.go @@ -0,0 +1,70 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package vpc + +import ( + "context" + "fmt" + "log" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/IBM/vpc-go-sdk/vpcv1" +) + +func DataSourceIBMIsVPNGatewayConnectionPeerCidrs() *schema.Resource { + return &schema.Resource{ + ReadContext: dataSourceIBMIsVPNGatewayConnectionPeerCidrsRead, + + Schema: map[string]*schema.Schema{ + "vpn_gateway": &schema.Schema{ + Type: schema.TypeString, + Required: true, + Description: "The VPN gateway identifier.", + }, + "vpn_gateway_connection": &schema.Schema{ + Type: schema.TypeString, + Required: true, + Description: "The VPN gateway connection identifier.", + }, + "cidrs": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The CIDRs for this resource.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceIBMIsVPNGatewayConnectionPeerCidrsRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + vpcClient, err := meta.(conns.ClientSession).VpcV1API() + if err != nil { + return diag.FromErr(err) + } + listVPNGatewayConnectionsPeerCidrsOptions := &vpcv1.ListVPNGatewayConnectionsPeerCIDRsOptions{} + + listVPNGatewayConnectionsPeerCidrsOptions.SetVPNGatewayID(d.Get("vpn_gateway").(string)) + listVPNGatewayConnectionsPeerCidrsOptions.SetID(d.Get("vpn_gateway_connection").(string)) + + vpnGatewayConnectionCidRs, response, err := vpcClient.ListVPNGatewayConnectionsPeerCIDRsWithContext(context, listVPNGatewayConnectionsPeerCidrsOptions) + if err != nil { + log.Printf("[DEBUG] ListVPNGatewayConnectionsPeerCidrsWithContext failed %s\n%s", err, response) + return diag.FromErr(fmt.Errorf("ListVPNGatewayConnectionsPeerCidrsWithContext failed %s\n%s", err, response)) + } + d.SetId(dataSourceIBMIsVPNGatewayConnectionPeerCidrsID(d)) + d.Set("cidrs", vpnGatewayConnectionCidRs.CIDRs) + + return nil +} + +// dataSourceIBMIsVPNGatewayConnectionPeerCidrsID returns a reasonable ID for the list. +func dataSourceIBMIsVPNGatewayConnectionPeerCidrsID(d *schema.ResourceData) string { + return time.Now().UTC().String() +} diff --git a/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_peer_cidrs_test.go b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_peer_cidrs_test.go new file mode 100644 index 0000000000..867c31fe73 --- /dev/null +++ b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connection_peer_cidrs_test.go @@ -0,0 +1,40 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package vpc_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" +) + +func TestAccIBMIsVPNGatewayConnectionPeerCidrsDataSourceBasic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccCheckIBMIsVPNGatewayConnectionPeerCidrsDataSourceConfigBasic(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection_peer_cidrs.is_vpn_gateway_connection_cidrs_instance", "id"), + resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection_peer_cidrs.is_vpn_gateway_connection_cidrs_instance", "vpn_gateway"), + resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection_peer_cidrs.is_vpn_gateway_connection_cidrs_instance", "vpn_gateway_connection"), + resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_connection_peer_cidrs.is_vpn_gateway_connection_cidrs_instance", "cidrs.#"), + ), + }, + }, + }) +} + +func testAccCheckIBMIsVPNGatewayConnectionPeerCidrsDataSourceConfigBasic() string { + return fmt.Sprintf(` + data "ibm_is_vpn_gateway_connection_peer_cidrs" "is_vpn_gateway_connection_cidrs_instance" { + vpn_gateway = "vpn_gateway" + id = "id" + } + `) +} diff --git a/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connections.go b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connections.go index 1e9b01ef03..ca77dc9826 100644 --- a/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connections.go +++ b/ibm/service/vpc/data_source_ibm_is_vpn_gateway_connections.go @@ -5,6 +5,7 @@ package vpc import ( "fmt" + "reflect" "time" "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" @@ -101,6 +102,111 @@ func DataSourceIBMISVPNGatewayConnections() *schema.Resource { Type: schema.TypeString, Computed: true, Description: "VPN gateway connection peer address", + Deprecated: "peer_address is deprecated, use peer instead", + }, + // new breaking change + "establish_mode": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The establish mode of the VPN gateway connection:- `bidirectional`: Either side of the VPN gateway can initiate IKE protocol negotiations or rekeying processes.- `peer_only`: Only the peer can initiate IKE protocol negotiations for this VPN gateway connection. Additionally, the peer is responsible for initiating the rekeying process after the connection is established. If rekeying does not occur, the VPN gateway connection will be brought down after its lifetime expires.", + }, + "routing_protocol": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "Routing protocols for this VPN gateway connection.", + }, + "local": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ike_identities": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The local IKE identities.A VPN gateway in static route mode consists of two members in active-active mode. The first identity applies to the first member, and the second identity applies to the second member.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IKE identity type.The enumerated values for this property will expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the backup policy on which the unexpected property value was encountered.", + }, + "value": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IKE identity FQDN value.", + }, + }, + }, + }, + "cidrs": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: "VPN gateway connection local CIDRs", + }, + }, + }, + }, + "peer": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ike_identity": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The peer IKE identity.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IKE identity type.The enumerated values for this property will expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the backup policy on which the unexpected property value was encountered.", + }, + "value": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IKE identity FQDN value.", + }, + }, + }, + }, + "cidrs": { + Type: schema.TypeList, + Computed: true, + Description: "The peer CIDRs for this resource.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "Indicates whether `peer.address` or `peer.fqdn` is used.", + }, + "address": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IP address of the peer VPN gateway for this connection.", + }, + "fqdn": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The FQDN of the peer VPN gateway for this connection.", + }, + }, + }, + }, + "psk": { + Type: schema.TypeString, + Computed: true, + Description: "The preshared key.", + }, + "href": { + Type: schema.TypeString, + Computed: true, + Description: "The href of the vpn gateway connection.", }, isVPNGatewayConnectionResourcetype: { Type: schema.TypeString, @@ -164,6 +270,7 @@ func DataSourceIBMISVPNGatewayConnections() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, Set: schema.HashString, Description: "VPN gateway connection local CIDRs", + Deprecated: "local_cidrs is deprecated, use local instead", }, isVPNGatewayConnectionPeerCIDRS: { @@ -172,6 +279,7 @@ func DataSourceIBMISVPNGatewayConnections() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, Set: schema.HashString, Description: "VPN gateway connection peer CIDRs", + Deprecated: "peer_cidrs is deprecated, use peer instead", }, }, }, @@ -197,172 +305,408 @@ func dataSourceIBMVPNGatewayConnectionsRead(d *schema.ResourceData, meta interfa return fmt.Errorf("[ERROR] Error reading list of VPN Gateway Connections:%s\n%s", err, detail) } vpngatewayconnections := make([]map[string]interface{}, 0) - for _, vpnGatewayConnectionIntf := range availableVPNGatewayConnections.Connections { - gatewayconnection := map[string]interface{}{} - if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode); ok { - data := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode) - gatewayconnection[isVPNGatewayConnectionAdminAuthenticationmode] = *data.AuthenticationMode - gatewayconnection[isVPNGatewayConnectionCreatedat] = data.CreatedAt.String() - gatewayconnection[isVPNGatewayConnectionAdminStateup] = *data.AdminStateUp - gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionAction] = *data.DeadPeerDetection.Action - gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionInterval] = *data.DeadPeerDetection.Interval - gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionTimeout] = *data.DeadPeerDetection.Timeout - gatewayconnection[isVPNGatewayConnectionID] = *data.ID - - if data.IkePolicy != nil { - gatewayconnection[isVPNGatewayConnectionIKEPolicy] = *data.IkePolicy.ID + for _, instance := range availableVPNGatewayConnections.Connections { + gatewayconnection, err := getvpnGatewayConnectionIntfData(instance) + if err != nil { + return err + } + vpngatewayconnections = append(vpngatewayconnections, gatewayconnection) + } + + d.SetId(dataSourceIBMVPNGatewayConnectionsID(d)) + d.Set(isvpnGatewayConnections, vpngatewayconnections) + return nil +} + +func getvpnGatewayConnectionIntfData(vpnGatewayConnectionIntf vpcv1.VPNGatewayConnectionIntf) (map[string]interface{}, error) { + gatewayconnection := map[string]interface{}{} + switch reflect.TypeOf(vpnGatewayConnectionIntf).String() { + case "*vpcv1.VPNGatewayConnection": + { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection) + gatewayconnection["id"] = vpnGatewayConnection.ID + gatewayconnection["admin_state_up"] = vpnGatewayConnection.AdminStateUp + gatewayconnection["authentication_mode"] = vpnGatewayConnection.AuthenticationMode + gatewayconnection["created_at"] = flex.DateTimeToString(vpnGatewayConnection.CreatedAt) + + if vpnGatewayConnection.DeadPeerDetection != nil { + gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionAction] = vpnGatewayConnection.DeadPeerDetection.Action + gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionInterval] = vpnGatewayConnection.DeadPeerDetection.Interval + gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionTimeout] = vpnGatewayConnection.DeadPeerDetection.Timeout + } + gatewayconnection["href"] = vpnGatewayConnection.Href + + if vpnGatewayConnection.IkePolicy != nil { + gatewayconnection["ike_policy"] = vpnGatewayConnection.IkePolicy.ID + } + + if vpnGatewayConnection.IpsecPolicy != nil { + gatewayconnection["ipsec_policy"] = vpnGatewayConnection.IpsecPolicy.ID } - if data.IpsecPolicy != nil { - gatewayconnection[isVPNGatewayConnectionIPSECPolicy] = *data.IpsecPolicy.ID + gatewayconnection["mode"] = vpnGatewayConnection.Mode + gatewayconnection["name"] = vpnGatewayConnection.Name + + // breaking changes + gatewayconnection["establish_mode"] = vpnGatewayConnection.EstablishMode + local := []map[string]interface{}{} + if vpnGatewayConnection.Local != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModeLocalToMap(vpnGatewayConnection.Local) + if err != nil { + return gatewayconnection, err + } + local = append(local, modelMap) } - if data.LocalCIDRs != nil { - gatewayconnection[isVPNGatewayConnectionLocalCIDRS] = flex.FlattenStringList(data.LocalCIDRs) + gatewayconnection["local"] = local + + peer := []map[string]interface{}{} + if vpnGatewayConnection.Peer != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerToMap(vpnGatewayConnection.Peer) + if err != nil { + return gatewayconnection, err + } + peer = append(peer, modelMap) } - if data.PeerCIDRs != nil { - gatewayconnection[isVPNGatewayConnectionPeerCIDRS] = flex.FlattenStringList(data.PeerCIDRs) + gatewayconnection["peer"] = peer + // Deprecated + if vpnGatewayConnection.Peer != nil { + peer := vpnGatewayConnection.Peer.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer) + gatewayconnection["peer_address"] = peer.Address } - gatewayconnection[isVPNGatewayConnectionMode] = *data.Mode - gatewayconnection[isVPNGatewayConnectionName] = *data.Name - gatewayconnection[isVPNGatewayConnectionPeerAddress] = *data.PeerAddress - gatewayconnection[isVPNGatewayConnectionResourcetype] = *data.ResourceType - gatewayconnection[isVPNGatewayConnectionStatus] = *data.Status - gatewayconnection[isVPNGatewayConnectionStatusreasons] = resourceVPNGatewayConnectionFlattenLifecycleReasons(data.StatusReasons) - } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode); ok { - data := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode) - gatewayconnection[isVPNGatewayConnectionAdminAuthenticationmode] = *data.AuthenticationMode - gatewayconnection[isVPNGatewayConnectionCreatedat] = data.CreatedAt.String() - gatewayconnection[isVPNGatewayConnectionAdminStateup] = *data.AdminStateUp - gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionAction] = *data.DeadPeerDetection.Action - gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionInterval] = *data.DeadPeerDetection.Interval - gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionTimeout] = *data.DeadPeerDetection.Timeout - gatewayconnection[isVPNGatewayConnectionID] = *data.ID - - if data.IkePolicy != nil { - gatewayconnection[isVPNGatewayConnectionIKEPolicy] = *data.IkePolicy.ID + gatewayconnection["psk"] = vpnGatewayConnection.Psk + gatewayconnection["resource_type"] = vpnGatewayConnection.ResourceType + gatewayconnection["status"] = vpnGatewayConnection.Status + gatewayconnection["status_reasons"] = resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons) + gatewayconnection["routing_protocol"] = vpnGatewayConnection.RoutingProtocol + + if vpnGatewayConnection.Tunnels != nil { + gatewayconnection["tunnels"] = dataSourceVPNGatewayConnectionsFlattenTunnels(vpnGatewayConnection.Tunnels) } - if data.IpsecPolicy != nil { - gatewayconnection[isVPNGatewayConnectionIPSECPolicy] = *data.IpsecPolicy.ID + } + case "*vpcv1.VPNGatewayConnectionRouteMode": + { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode) + gatewayconnection["id"] = vpnGatewayConnection.ID + gatewayconnection["admin_state_up"] = vpnGatewayConnection.AdminStateUp + gatewayconnection["authentication_mode"] = vpnGatewayConnection.AuthenticationMode + gatewayconnection["created_at"] = flex.DateTimeToString(vpnGatewayConnection.CreatedAt) + + if vpnGatewayConnection.DeadPeerDetection != nil { + gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionAction] = vpnGatewayConnection.DeadPeerDetection.Action + gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionInterval] = vpnGatewayConnection.DeadPeerDetection.Interval + gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionTimeout] = vpnGatewayConnection.DeadPeerDetection.Timeout } - gatewayconnection[isVPNGatewayConnectionMode] = *data.Mode - gatewayconnection[isVPNGatewayConnectionName] = *data.Name - gatewayconnection[isVPNGatewayConnectionPeerAddress] = *data.PeerAddress - gatewayconnection[isVPNGatewayConnectionResourcetype] = *data.ResourceType - gatewayconnection[isVPNGatewayConnectionStatus] = *data.Status - gatewayconnection[isVPNGatewayConnectionStatusreasons] = resourceVPNGatewayConnectionFlattenLifecycleReasons(data.StatusReasons) - //if data.Tunnels != nil { - if len(data.Tunnels) > 0 { - vpcTunnelsList := make([]map[string]interface{}, 0) - for _, vpcTunnel := range data.Tunnels { - currentTunnel := map[string]interface{}{} - if vpcTunnel.PublicIP != nil { - if vpcTunnel.PublicIP != nil { - currentTunnel["address"] = *vpcTunnel.PublicIP.Address - } - if vpcTunnel.Status != nil { - currentTunnel["status"] = *vpcTunnel.Status - } - vpcTunnelsList = append(vpcTunnelsList, currentTunnel) - } - } - gatewayconnection[isVPNGatewayConnectionTunnels] = vpcTunnelsList + gatewayconnection["href"] = vpnGatewayConnection.Href + if vpnGatewayConnection.IkePolicy != nil { + gatewayconnection["ike_policy"] = vpnGatewayConnection.IkePolicy.ID } - } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode); ok { - data := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode) - gatewayconnection[isVPNGatewayConnectionAdminAuthenticationmode] = *data.AuthenticationMode - gatewayconnection[isVPNGatewayConnectionCreatedat] = data.CreatedAt.String() - gatewayconnection[isVPNGatewayConnectionAdminStateup] = *data.AdminStateUp - gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionAction] = *data.DeadPeerDetection.Action - gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionInterval] = *data.DeadPeerDetection.Interval - gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionTimeout] = *data.DeadPeerDetection.Timeout - gatewayconnection[isVPNGatewayConnectionID] = *data.ID - - if data.IkePolicy != nil { - gatewayconnection[isVPNGatewayConnectionIKEPolicy] = *data.IkePolicy.ID + + if vpnGatewayConnection.IpsecPolicy != nil { + gatewayconnection["ipsec_policy"] = vpnGatewayConnection.IpsecPolicy.ID } - if data.IpsecPolicy != nil { - gatewayconnection[isVPNGatewayConnectionIPSECPolicy] = *data.IpsecPolicy.ID + gatewayconnection["mode"] = vpnGatewayConnection.Mode + gatewayconnection["name"] = vpnGatewayConnection.Name + + // breaking changes + gatewayconnection["establish_mode"] = vpnGatewayConnection.EstablishMode + local := []map[string]interface{}{} + if vpnGatewayConnection.Local != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModeLocalToMap(vpnGatewayConnection.Local) + if err != nil { + return gatewayconnection, err + } + local = append(local, modelMap) } - gatewayconnection[isVPNGatewayConnectionMode] = *data.Mode - gatewayconnection[isVPNGatewayConnectionName] = *data.Name - gatewayconnection[isVPNGatewayConnectionPeerAddress] = *data.PeerAddress - gatewayconnection[isVPNGatewayConnectionResourcetype] = *data.ResourceType - gatewayconnection[isVPNGatewayConnectionStatus] = *data.Status - gatewayconnection[isVPNGatewayConnectionStatusreasons] = resourceVPNGatewayConnectionFlattenLifecycleReasons(data.StatusReasons) - //if data.Tunnels != nil { - if len(data.Tunnels) > 0 { - vpcTunnelsList := make([]map[string]interface{}, 0) - for _, vpcTunnel := range data.Tunnels { - currentTunnel := map[string]interface{}{} - if vpcTunnel.PublicIP != nil { - if vpcTunnel.PublicIP != nil { - currentTunnel["address"] = *vpcTunnel.PublicIP.Address - } - if vpcTunnel.Status != nil { - currentTunnel["status"] = *vpcTunnel.Status - } - vpcTunnelsList = append(vpcTunnelsList, currentTunnel) - } + gatewayconnection["local"] = local + + peer := []map[string]interface{}{} + if vpnGatewayConnection.Peer != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerToMap(vpnGatewayConnection.Peer) + if err != nil { + return gatewayconnection, err } - gatewayconnection[isVPNGatewayConnectionTunnels] = vpcTunnelsList + peer = append(peer, modelMap) } - } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection); ok { - data := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection) - gatewayconnection[isVPNGatewayConnectionAdminAuthenticationmode] = *data.AuthenticationMode - gatewayconnection[isVPNGatewayConnectionCreatedat] = data.CreatedAt.String() - gatewayconnection[isVPNGatewayConnectionAdminStateup] = *data.AdminStateUp - gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionAction] = *data.DeadPeerDetection.Action - gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionInterval] = *data.DeadPeerDetection.Interval - gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionTimeout] = *data.DeadPeerDetection.Timeout - gatewayconnection[isVPNGatewayConnectionID] = *data.ID - - if data.IkePolicy != nil { - gatewayconnection[isVPNGatewayConnectionIKEPolicy] = *data.IkePolicy.ID + gatewayconnection["peer"] = peer + // Deprecated + if vpnGatewayConnection.Peer != nil { + peer := vpnGatewayConnection.Peer.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer) + gatewayconnection["peer_address"] = peer.Address } - if data.IpsecPolicy != nil { - gatewayconnection[isVPNGatewayConnectionIPSECPolicy] = *data.IpsecPolicy.ID + gatewayconnection["psk"] = vpnGatewayConnection.Psk + gatewayconnection["resource_type"] = vpnGatewayConnection.ResourceType + gatewayconnection["status"] = vpnGatewayConnection.Status + gatewayconnection["status_reasons"] = resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons) + gatewayconnection["routing_protocol"] = vpnGatewayConnection.RoutingProtocol + + if vpnGatewayConnection.Tunnels != nil { + gatewayconnection["tunnels"] = dataSourceVPNGatewayConnectionsFlattenTunnels(vpnGatewayConnection.Tunnels) } - if data.LocalCIDRs != nil { - gatewayconnection[isVPNGatewayConnectionLocalCIDRS] = flex.FlattenStringList(data.LocalCIDRs) + } + case "*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode": + { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode) + gatewayconnection["id"] = vpnGatewayConnection.ID + gatewayconnection["admin_state_up"] = vpnGatewayConnection.AdminStateUp + gatewayconnection["authentication_mode"] = vpnGatewayConnection.AuthenticationMode + gatewayconnection["created_at"] = flex.DateTimeToString(vpnGatewayConnection.CreatedAt) + + if vpnGatewayConnection.DeadPeerDetection != nil { + gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionAction] = vpnGatewayConnection.DeadPeerDetection.Action + gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionInterval] = vpnGatewayConnection.DeadPeerDetection.Interval + gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionTimeout] = vpnGatewayConnection.DeadPeerDetection.Timeout } - if data.PeerCIDRs != nil { - gatewayconnection[isVPNGatewayConnectionPeerCIDRS] = flex.FlattenStringList(data.PeerCIDRs) + gatewayconnection["href"] = vpnGatewayConnection.Href + if vpnGatewayConnection.IkePolicy != nil { + gatewayconnection["ike_policy"] = vpnGatewayConnection.IkePolicy.ID } - gatewayconnection[isVPNGatewayConnectionMode] = *data.Mode - gatewayconnection[isVPNGatewayConnectionName] = *data.Name - gatewayconnection[isVPNGatewayConnectionPeerAddress] = *data.PeerAddress - gatewayconnection[isVPNGatewayConnectionResourcetype] = *data.ResourceType - gatewayconnection[isVPNGatewayConnectionStatus] = *data.Status - gatewayconnection[isVPNGatewayConnectionStatusreasons] = resourceVPNGatewayConnectionFlattenLifecycleReasons(data.StatusReasons) - //if data.Tunnels != nil { - if len(data.Tunnels) > 0 { - vpcTunnelsList := make([]map[string]interface{}, 0) - for _, vpcTunnel := range data.Tunnels { - currentTunnel := map[string]interface{}{} - if vpcTunnel.PublicIP != nil { - if vpcTunnel.PublicIP != nil { - currentTunnel["address"] = *vpcTunnel.PublicIP.Address - } - if vpcTunnel.Status != nil { - currentTunnel["status"] = *vpcTunnel.Status - } - vpcTunnelsList = append(vpcTunnelsList, currentTunnel) - } + + if vpnGatewayConnection.IpsecPolicy != nil { + gatewayconnection["ipsec_policy"] = vpnGatewayConnection.IpsecPolicy.ID + } + gatewayconnection["mode"] = vpnGatewayConnection.Mode + gatewayconnection["name"] = vpnGatewayConnection.Name + + // breaking changes + gatewayconnection["establish_mode"] = vpnGatewayConnection.EstablishMode + local := []map[string]interface{}{} + if vpnGatewayConnection.Local != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModeLocalToMap(vpnGatewayConnection.Local) + if err != nil { + return gatewayconnection, err + } + local = append(local, modelMap) + } + gatewayconnection["local"] = local + + peer := []map[string]interface{}{} + if vpnGatewayConnection.Peer != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerToMap(vpnGatewayConnection.Peer) + if err != nil { + return gatewayconnection, err } - gatewayconnection[isVPNGatewayConnectionTunnels] = vpcTunnelsList + peer = append(peer, modelMap) + } + gatewayconnection["peer"] = peer + // Deprecated + if vpnGatewayConnection.Peer != nil { + peer := vpnGatewayConnection.Peer.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer) + gatewayconnection["peer_address"] = peer.Address + } + gatewayconnection["psk"] = vpnGatewayConnection.Psk + gatewayconnection["resource_type"] = vpnGatewayConnection.ResourceType + gatewayconnection["status"] = vpnGatewayConnection.Status + gatewayconnection["status_reasons"] = resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons) + gatewayconnection["routing_protocol"] = vpnGatewayConnection.RoutingProtocol + + if vpnGatewayConnection.Tunnels != nil { + gatewayconnection["tunnels"] = dataSourceVPNGatewayConnectionsFlattenTunnels(vpnGatewayConnection.Tunnels) } - } else { - return fmt.Errorf("[ERROR] Unrecognized vpcv1.vpnGatewayConnectionIntf subtype encountered") } + case "*vpcv1.VPNGatewayConnectionPolicyMode": + { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode) + gatewayconnection["id"] = vpnGatewayConnection.ID + gatewayconnection["admin_state_up"] = vpnGatewayConnection.AdminStateUp + gatewayconnection["authentication_mode"] = vpnGatewayConnection.AuthenticationMode + gatewayconnection["created_at"] = flex.DateTimeToString(vpnGatewayConnection.CreatedAt) - vpngatewayconnections = append(vpngatewayconnections, gatewayconnection) - } + if vpnGatewayConnection.DeadPeerDetection != nil { + gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionAction] = vpnGatewayConnection.DeadPeerDetection.Action + gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionInterval] = vpnGatewayConnection.DeadPeerDetection.Interval + gatewayconnection[isVPNGatewayConnectionDeadPeerDetectionTimeout] = vpnGatewayConnection.DeadPeerDetection.Timeout + } + gatewayconnection["href"] = vpnGatewayConnection.Href + if vpnGatewayConnection.IkePolicy != nil { + gatewayconnection["ike_policy"] = vpnGatewayConnection.IkePolicy.ID + } - d.SetId(dataSourceIBMVPNGatewayConnectionsID(d)) - d.Set(isvpnGatewayConnections, vpngatewayconnections) - return nil + if vpnGatewayConnection.IpsecPolicy != nil { + gatewayconnection["ipsec_policy"] = vpnGatewayConnection.IpsecPolicy.ID + } + gatewayconnection["mode"] = vpnGatewayConnection.Mode + gatewayconnection["name"] = vpnGatewayConnection.Name + + // breaking changes + gatewayconnection["establish_mode"] = vpnGatewayConnection.EstablishMode + local := []map[string]interface{}{} + if vpnGatewayConnection.Local != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionPolicyModeLocalToMap(vpnGatewayConnection.Local) + if err != nil { + return gatewayconnection, err + } + local = append(local, modelMap) + } + gatewayconnection["local"] = local + + peer := []map[string]interface{}{} + if vpnGatewayConnection.Peer != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionPolicyModePeerToMap(vpnGatewayConnection.Peer) + if err != nil { + return gatewayconnection, err + } + peer = append(peer, modelMap) + } + gatewayconnection["peer"] = peer + // Deprecated + if vpnGatewayConnection.Peer != nil { + peer := vpnGatewayConnection.Peer.(*vpcv1.VPNGatewayConnectionPolicyModePeer) + gatewayconnection["peer_address"] = peer.Address + if len(peer.CIDRs) > 0 { + gatewayconnection["peer_cidrs"] = peer.CIDRs + } + } + gatewayconnection["psk"] = vpnGatewayConnection.Psk + gatewayconnection["resource_type"] = vpnGatewayConnection.ResourceType + gatewayconnection["status"] = vpnGatewayConnection.Status + gatewayconnection["status_reasons"] = resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons) + // Deprecated + if vpnGatewayConnection.Local != nil { + local := vpnGatewayConnection.Local + if len(local.CIDRs) > 0 { + gatewayconnection["local_cidrs"] = local.CIDRs + } + } + + } + } + return gatewayconnection, nil } // dataSourceIBMVPNGatewaysID returns a reasonable ID list. func dataSourceIBMVPNGatewayConnectionsID(d *schema.ResourceData) string { return time.Now().UTC().String() } + +func dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionStaticRouteModeLocalToMap(model *vpcv1.VPNGatewayConnectionStaticRouteModeLocal) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + ikeIdentities := []map[string]interface{}{} + for _, ikeIdentitiesItem := range model.IkeIdentities { + ikeIdentitiesItemMap, err := dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionIkeIdentityToMap(ikeIdentitiesItem) + if err != nil { + return modelMap, err + } + ikeIdentities = append(ikeIdentities, ikeIdentitiesItemMap) + } + modelMap["ike_identities"] = ikeIdentities + return modelMap, nil +} + +func dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionIkeIdentityToMap(model vpcv1.VPNGatewayConnectionIkeIdentityIntf) (map[string]interface{}, error) { + if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdn); ok { + return dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdnToMap(model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdn)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostname); ok { + return dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostnameToMap(model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostname)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4); ok { + return dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4ToMap(model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyID); ok { + return dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyIDToMap(model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyID)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentity); ok { + modelMap := make(map[string]interface{}) + model := model.(*vpcv1.VPNGatewayConnectionIkeIdentity) + modelMap["type"] = model.Type + if model.Value != nil { + modelMap["value"] = model.Value + } + return modelMap, nil + } else { + return nil, fmt.Errorf("Unrecognized vpcv1.VPNGatewayConnectionIkeIdentityIntf subtype encountered") + } +} + +func dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdnToMap(model *vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdn) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = model.Value + return modelMap, nil +} + +func dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostnameToMap(model *vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostname) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = model.Value + return modelMap, nil +} + +func dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4ToMap(model *vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = model.Value + return modelMap, nil +} + +func dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyIDToMap(model *vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyID) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = string(*model.Value) + return modelMap, nil +} + +func dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionStaticRouteModePeerToMap(model vpcv1.VPNGatewayConnectionStaticRouteModePeerIntf) (map[string]interface{}, error) { + if _, ok := model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddress); ok { + return dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddressToMap(model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddress)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdn); ok { + return dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdnToMap(model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdn)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer); ok { + modelMap := make(map[string]interface{}) + model := model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer) + ikeIdentityMap, err := dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionIkeIdentityToMap(model.IkeIdentity) + if err != nil { + return modelMap, err + } + modelMap["ike_identity"] = []map[string]interface{}{ikeIdentityMap} + modelMap["type"] = model.Type + if model.Address != nil { + modelMap["address"] = model.Address + } + if model.Fqdn != nil { + modelMap["fqdn"] = model.Fqdn + } + return modelMap, nil + } else { + return nil, fmt.Errorf("Unrecognized vpcv1.VPNGatewayConnectionStaticRouteModePeerIntf subtype encountered") + } +} + +func dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddressToMap(model *vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddress) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + ikeIdentityMap, err := dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionIkeIdentityToMap(model.IkeIdentity) + if err != nil { + return modelMap, err + } + modelMap["ike_identity"] = []map[string]interface{}{ikeIdentityMap} + modelMap["type"] = model.Type + modelMap["address"] = model.Address + return modelMap, nil +} + +func dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdnToMap(model *vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdn) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + ikeIdentityMap, err := dataSourceIBMIsVPNGatewayConnectionsVPNGatewayConnectionIkeIdentityToMap(model.IkeIdentity) + if err != nil { + return modelMap, err + } + modelMap["ike_identity"] = []map[string]interface{}{ikeIdentityMap} + modelMap["type"] = model.Type + modelMap["fqdn"] = model.Fqdn + return modelMap, nil +} +func dataSourceVPNGatewayConnectionsFlattenTunnels(result []vpcv1.VPNGatewayConnectionStaticRouteModeTunnel) (tunnels []map[string]interface{}) { + for _, tunnelsItem := range result { + tunnels = append(tunnels, dataSourceVPNGatewayConnectionsTunnelsToMap(tunnelsItem)) + } + + return tunnels +} + +func dataSourceVPNGatewayConnectionsTunnelsToMap(tunnelsItem vpcv1.VPNGatewayConnectionStaticRouteModeTunnel) (tunnelsMap map[string]interface{}) { + tunnelsMap = map[string]interface{}{} + + if tunnelsItem.PublicIP != nil { + tunnelsMap["address"] = tunnelsItem.PublicIP.Address + } + if tunnelsItem.Status != nil { + tunnelsMap["status"] = tunnelsItem.Status + } + + return tunnelsMap +} diff --git a/ibm/service/vpc/resource_ibm_is_vpn_gateway_connection_test.go b/ibm/service/vpc/resource_ibm_is_vpn_gateway_connection_test.go index 0b47210c79..217704e129 100644 --- a/ibm/service/vpc/resource_ibm_is_vpn_gateway_connection_test.go +++ b/ibm/service/vpc/resource_ibm_is_vpn_gateway_connection_test.go @@ -43,9 +43,29 @@ func TestAccIBMISVPNGatewayConnection_basic(t *testing.T) { resource.TestCheckResourceAttr( "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "name", name1), resource.TestCheckResourceAttrSet( - "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "gateway_connection"), - resource.TestCheckResourceAttrSet("ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "lifecycle_state"), - resource.TestCheckResourceAttrSet("ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "health_state"), + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "action"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "admin_state_up"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "authentication_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "created_at"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "establish_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "href"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "id"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "interval"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "mode", "route"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "preshared_key"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "resource_type", "vpn_gateway_connection"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "status"), ), }, { @@ -54,6 +74,30 @@ func TestAccIBMISVPNGatewayConnection_basic(t *testing.T) { testAccCheckIBMISVPNGatewayConnectionExists("ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", VPNGatewayConnection), resource.TestCheckResourceAttr( "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "name", updname2), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "action"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "admin_state_up"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "authentication_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "created_at"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "establish_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "href"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "id"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "interval"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "mode", "policy"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "preshared_key"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "resource_type", "vpn_gateway_connection"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "status"), ), }, }, @@ -86,6 +130,28 @@ func TestAccIBMISVPNGatewayConnection_route(t *testing.T) { "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "name", name1), resource.TestCheckResourceAttr( "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "mode", "route"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "action"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "admin_state_up"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "authentication_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "created_at"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "establish_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "href"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "id"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "interval"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "preshared_key"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "resource_type", "vpn_gateway_connection"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "status"), ), }, { @@ -96,6 +162,28 @@ func TestAccIBMISVPNGatewayConnection_route(t *testing.T) { "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "name", updname2), resource.TestCheckResourceAttr( "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "mode", "route"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "action"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "admin_state_up"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "authentication_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "created_at"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "establish_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "href"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "id"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "interval"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "preshared_key"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "resource_type", "vpn_gateway_connection"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "status"), ), }, }, @@ -128,10 +216,214 @@ func TestAccIBMISVPNGatewayConnection_multiple(t *testing.T) { "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "name", name1), resource.TestCheckResourceAttr( "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "mode", "policy"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "action"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "admin_state_up"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "authentication_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "created_at"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "establish_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "href"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "id"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "interval"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "preshared_key"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "resource_type", "vpn_gateway_connection"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "status"), resource.TestCheckResourceAttr( "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "name", name2), resource.TestCheckResourceAttr( "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "mode", "route"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "action"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "admin_state_up"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "authentication_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "created_at"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "establish_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "href"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "id"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "interval"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "preshared_key"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "resource_type", "vpn_gateway_connection"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "status"), + ), + }, + }, + }) +} +func TestAccIBMISVPNGatewayConnection_advanced(t *testing.T) { + var VPNGatewayConnection string + var VPNGatewayConnection2 string + vpcname1 := fmt.Sprintf("tfvpngc-vpc-%d", acctest.RandIntRange(100, 200)) + subnetname1 := fmt.Sprintf("tfvpngc-subnet-%d", acctest.RandIntRange(100, 200)) + vpnname1 := fmt.Sprintf("tfvpngc-vpn-%d", acctest.RandIntRange(100, 200)) + name1 := fmt.Sprintf("tfvpngc-createname-%d", acctest.RandIntRange(100, 200)) + + vpcname2 := fmt.Sprintf("tfvpngc-vpc-%d", acctest.RandIntRange(100, 200)) + subnetname2 := fmt.Sprintf("tfvpngc-subnet-%d", acctest.RandIntRange(100, 200)) + vpnname2 := fmt.Sprintf("tfvpngc-vpn-%d", acctest.RandIntRange(100, 200)) + name2 := fmt.Sprintf("tfvpngc-createname-%d", acctest.RandIntRange(100, 200)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMISVPNGatewayConnectionDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMISVPNGatewayConnectionAdvanceConfig(vpcname1, subnetname1, vpnname1, name1, vpcname2, subnetname2, vpnname2, name2), + Check: resource.ComposeTestCheckFunc( + testAccCheckIBMISVPNGatewayConnectionExists("ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", VPNGatewayConnection), + testAccCheckIBMISVPNGatewayConnectionExists("ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", VPNGatewayConnection2), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "name", name1), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "mode", "policy"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "action"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "admin_state_up"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "authentication_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "created_at"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "establish_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "href"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "id"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "interval"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "preshared_key"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "resource_type", "vpn_gateway_connection"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "status"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "name", name2), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "mode", "route"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "action"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "admin_state_up"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "authentication_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "created_at"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "establish_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "href"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "id"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "interval"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "preshared_key"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "resource_type", "vpn_gateway_connection"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "status"), + ), + }, + }, + }) +} +func TestAccIBMISVPNGatewayConnection_breakingchange(t *testing.T) { + var VPNGatewayConnection string + var VPNGatewayConnection2 string + vpcname1 := fmt.Sprintf("tfvpngc-vpc-%d", acctest.RandIntRange(100, 200)) + subnetname1 := fmt.Sprintf("tfvpngc-subnet-%d", acctest.RandIntRange(100, 200)) + vpnname1 := fmt.Sprintf("tfvpngc-vpn-%d", acctest.RandIntRange(100, 200)) + name1 := fmt.Sprintf("tfvpngc-createname-%d", acctest.RandIntRange(100, 200)) + + vpcname2 := fmt.Sprintf("tfvpngc-vpc-%d", acctest.RandIntRange(100, 200)) + subnetname2 := fmt.Sprintf("tfvpngc-subnet-%d", acctest.RandIntRange(100, 200)) + vpnname2 := fmt.Sprintf("tfvpngc-vpn-%d", acctest.RandIntRange(100, 200)) + name2 := fmt.Sprintf("tfvpngc-createname-%d", acctest.RandIntRange(100, 200)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMISVPNGatewayConnectionDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMISVPNGatewayConnectionBreakingChangeConfig(vpcname1, subnetname1, vpnname1, name1, vpcname2, subnetname2, vpnname2, name2), + Check: resource.ComposeTestCheckFunc( + testAccCheckIBMISVPNGatewayConnectionExists("ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", VPNGatewayConnection), + testAccCheckIBMISVPNGatewayConnectionExists("ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", VPNGatewayConnection2), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "name", name1), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "mode", "policy"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "action"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "admin_state_up"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "authentication_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "created_at"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "establish_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "href"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "id"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "interval"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "preshared_key"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "resource_type", "vpn_gateway_connection"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection1", "status"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "name", name2), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "mode", "route"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "action"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "admin_state_up"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "authentication_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "created_at"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "establish_mode"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "href"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "id"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "interval"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "preshared_key"), + resource.TestCheckResourceAttr( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "resource_type", "vpn_gateway_connection"), + resource.TestCheckResourceAttrSet( + "ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection2", "status"), ), }, }, @@ -420,6 +712,100 @@ func testAccCheckIBMISVPNGatewayConnectionMultipleConfig(vpc1, subnet1, vpnname1 } `, vpc1, subnet1, acc.ISZoneName, vpnname1, name1, vpc2, subnet2, acc.ISZoneName, vpnname2, name2) +} +func testAccCheckIBMISVPNGatewayConnectionBreakingChangeConfig(vpc1, subnet1, vpnname1, name1, vpc2, subnet2, vpnname2, name2 string) string { + return fmt.Sprintf(` + resource "ibm_is_vpc" "testacc_vpc1" { + name = "%s" + } + resource "ibm_is_subnet" "testacc_subnet1" { + name = "%s" + vpc = ibm_is_vpc.testacc_vpc1.id + zone = "%s" + total_ipv4_address_count = 64 + } + resource "ibm_is_vpn_gateway" "testacc_VPNGateway1" { + name = "%s" + subnet = ibm_is_subnet.testacc_subnet1.id + mode = "policy" + } + resource "ibm_is_vpn_gateway_connection" "testacc_VPNGatewayConnection1" { + name = "%s" + vpn_gateway = ibm_is_vpn_gateway.testacc_VPNGateway1.id + peer_cidrs = [ibm_is_subnet.testacc_subnet1.ipv4_cidr_block] + peer_address = cidrhost(ibm_is_subnet.testacc_subnet1.ipv4_cidr_block, 14) + local_cidrs = [ibm_is_subnet.testacc_subnet1.ipv4_cidr_block] + preshared_key = "VPNDemoPassword" + } + resource "ibm_is_vpc" "testacc_vpc2" { + name = "%s" + } + resource "ibm_is_subnet" "testacc_subnet2" { + name = "%s" + vpc = ibm_is_vpc.testacc_vpc2.id + zone = "%s" + total_ipv4_address_count = 64 + } + resource "ibm_is_vpn_gateway" "testacc_VPNGateway2" { + name = "%s" + subnet = ibm_is_subnet.testacc_subnet2.id + mode = "route" + } + resource "ibm_is_vpn_gateway_connection" "testacc_VPNGatewayConnection2" { + name = "%s" + vpn_gateway = ibm_is_vpn_gateway.testacc_VPNGateway2.id + peer_address = cidrhost(ibm_is_subnet.testacc_subnet2.ipv4_cidr_block, 15) + preshared_key = "VPNDemoPassword" + } + `, vpc1, subnet1, acc.ISZoneName, vpnname1, name1, vpc2, subnet2, acc.ISZoneName, vpnname2, name2) + +} +func testAccCheckIBMISVPNGatewayConnectionAdvanceConfig(vpc1, subnet1, vpnname1, name1, vpc2, subnet2, vpnname2, name2 string) string { + return fmt.Sprintf(` + resource "ibm_is_vpc" "testacc_vpc1" { + name = "%s" + } + resource "ibm_is_subnet" "testacc_subnet1" { + name = "%s" + vpc = ibm_is_vpc.testacc_vpc1.id + zone = "%s" + total_ipv4_address_count = 64 + } + resource "ibm_is_vpn_gateway" "testacc_VPNGateway1" { + name = "%s" + subnet = ibm_is_subnet.testacc_subnet1.id + mode = "policy" + } + resource "ibm_is_vpn_gateway_connection" "testacc_VPNGatewayConnection1" { + name = "%s" + vpn_gateway = ibm_is_vpn_gateway.testacc_VPNGateway1.id + peer_cidrs = [ibm_is_subnet.testacc_subnet1.ipv4_cidr_block] + peer_address = cidrhost(ibm_is_subnet.testacc_subnet1.ipv4_cidr_block, 14) + local_cidrs = [ibm_is_subnet.testacc_subnet1.ipv4_cidr_block] + preshared_key = "VPNDemoPassword" + } + resource "ibm_is_vpc" "testacc_vpc2" { + name = "%s" + } + resource "ibm_is_subnet" "testacc_subnet2" { + name = "%s" + vpc = ibm_is_vpc.testacc_vpc2.id + zone = "%s" + total_ipv4_address_count = 64 + } + resource "ibm_is_vpn_gateway" "testacc_VPNGateway2" { + name = "%s" + subnet = ibm_is_subnet.testacc_subnet2.id + mode = "route" + } + resource "ibm_is_vpn_gateway_connection" "testacc_VPNGatewayConnection2" { + name = "%s" + vpn_gateway = ibm_is_vpn_gateway.testacc_VPNGateway2.id + peer_address = cidrhost(ibm_is_subnet.testacc_subnet2.ipv4_cidr_block, 15) + preshared_key = "VPNDemoPassword" + } + `, vpc1, subnet1, acc.ISZoneName, vpnname1, name1, vpc2, subnet2, acc.ISZoneName, vpnname2, name2) + } func testAccCheckIBMISVPNGatewayConnectionRouteUpdate(vpc1, subnet1, vpnname1, name1, vpc2, subnet2, vpnname2, name2 string) string { diff --git a/ibm/service/vpc/resource_ibm_is_vpn_gateway_connections.go b/ibm/service/vpc/resource_ibm_is_vpn_gateway_connections.go index 28f1b3e638..7d976ad95c 100644 --- a/ibm/service/vpc/resource_ibm_is_vpn_gateway_connections.go +++ b/ibm/service/vpc/resource_ibm_is_vpn_gateway_connections.go @@ -6,10 +6,12 @@ package vpc import ( "fmt" "log" + "reflect" "time" "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" "github.com/IBM-Cloud/terraform-provider-ibm/ibm/validate" + "github.com/IBM/go-sdk-core/v5/core" "github.com/IBM/vpc-go-sdk/vpcv1" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -70,13 +72,124 @@ func ResourceIBMISVPNGatewayConnection() *schema.Resource { ForceNew: true, Description: "VPN Gateway info", }, - + "href": { + Type: schema.TypeString, + Computed: true, + Description: "Href of the VPN Gateway connection", + }, + // Deprecated isVPNGatewayConnectionPeerAddress: { Type: schema.TypeString, - Required: true, + Optional: true, + Computed: true, Description: "VPN gateway connection peer address", + Deprecated: "peer_address is deprecated, use peer instead", }, + // new breaking changes + "establish_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "bidirectional", + ValidateFunc: validate.InvokeValidator("ibm_is_vpn_gateway_connection", "establish_mode"), + Description: "The establish mode of the VPN gateway connection:- `bidirectional`: Either side of the VPN gateway can initiate IKE protocol negotiations or rekeying processes.- `peer_only`: Only the peer can initiate IKE protocol negotiations for this VPN gateway connection. Additionally, the peer is responsible for initiating the rekeying process after the connection is established. If rekeying does not occur, the VPN gateway connection will be brought down after its lifetime expires.", + }, + "local": &schema.Schema{ + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ike_identities": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Computed: true, + Description: "The local IKE identities.A VPN gateway in static route mode consists of two members in active-active mode. The first identity applies to the first member, and the second identity applies to the second member.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Required: true, + Description: "The IKE identity type.The enumerated values for this property will expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the backup policy on which the unexpected property value was encountered.", + }, + "value": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The IKE identity FQDN value.", + }, + }, + }, + }, + "cidrs": { + Type: schema.TypeSet, + Optional: true, + ForceNew: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: schema.HashString, + Description: "VPN gateway connection local CIDRs", + }, + }, + }, + }, + "peer": &schema.Schema{ + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ike_identity": &schema.Schema{ + Type: schema.TypeList, + MinItems: 1, + MaxItems: 1, + Optional: true, + Computed: true, + Description: "The peer IKE identity.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "type": &schema.Schema{ + Type: schema.TypeString, + Required: true, + Description: "The IKE identity type.The enumerated values for this property will expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the backup policy on which the unexpected property value was encountered.", + }, + "value": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Description: "The IKE identity FQDN value.", + }, + }, + }, + }, + "type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "Indicates whether `peer.address` or `peer.fqdn` is used.", + }, + "address": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The IP address of the peer VPN gateway for this connection.", + }, + "fqdn": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The FQDN of the peer VPN gateway for this connection.", + }, + "cidrs": { + Type: schema.TypeSet, + Optional: true, + ForceNew: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: schema.HashString, + Description: "VPN gateway connection peer CIDRs", + }, + }, + }, + }, isVPNGatewayConnectionPreSharedKey: { Type: schema.TypeString, Required: true, @@ -89,23 +202,27 @@ func ResourceIBMISVPNGatewayConnection() *schema.Resource { Default: false, Description: "VPN gateway connection admin state", }, - + // deprecated isVPNGatewayConnectionLocalCIDRS: { - Type: schema.TypeSet, - Optional: true, - ForceNew: true, - Elem: &schema.Schema{Type: schema.TypeString}, - Set: schema.HashString, - Description: "VPN gateway connection local CIDRs", + Type: schema.TypeSet, + Optional: true, + Computed: true, + ConflictsWith: []string{"local"}, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: schema.HashString, + Description: "VPN gateway connection local CIDRs", + Deprecated: "local_cidrs is deprecated, use local instead", }, - + // deprecated isVPNGatewayConnectionPeerCIDRS: { - Type: schema.TypeSet, - Optional: true, - ForceNew: true, - Elem: &schema.Schema{Type: schema.TypeString}, - Set: schema.HashString, - Description: "VPN gateway connection peer CIDRs", + Type: schema.TypeSet, + Optional: true, + Computed: true, + ConflictsWith: []string{"peer"}, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: schema.HashString, + Description: "VPN gateway connection peer CIDRs", + Deprecated: "peer_cidrs is deprecated, use peer instead", }, isVPNGatewayConnectionDeadPeerDetectionAction: { @@ -194,6 +311,11 @@ func ResourceIBMISVPNGatewayConnection() *schema.Resource { Computed: true, Description: "The resource type", }, + "routing_protocol": { + Type: schema.TypeString, + Computed: true, + Description: "Routing protocols for this VPN gateway connection.", + }, isVPNGatewayConnectionCreatedat: { Type: schema.TypeString, @@ -243,7 +365,19 @@ func ResourceIBMISVPNGatewayConnectionValidator() *validate.ResourceValidator { Required: true, Regexp: `^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$`, MinValueLength: 1, - MaxValueLength: 63}) + MaxValueLength: 63, + }, + validate.ValidateSchema{ + Identifier: "establish_mode", + ValidateFunctionIdentifier: validate.ValidateAllowedStringValue, + Type: validate.TypeString, + Optional: true, + AllowedValues: "bidirectional, peer_only", + Regexp: `^[a-z][a-z0-9]*(_[a-z0-9]+)*$`, + MinValueLength: 1, + MaxValueLength: 128, + }, + ) validateSchema = append(validateSchema, validate.ValidateSchema{ @@ -314,75 +448,198 @@ func vpngwconCreate(d *schema.ResourceData, meta interface{}, name, gatewayID, p if err != nil { return err } - - vpnGatewayConnectionPrototypeModel := &vpcv1.VPNGatewayConnectionPrototype{ - PeerAddress: &peerAddress, - Psk: &prephasedKey, - AdminStateUp: &stateUp, - DeadPeerDetection: &vpcv1.VPNGatewayConnectionDpdPrototype{ - Action: &action, - Interval: &interval, - Timeout: &timeout, - }, - Name: &name, - } - options := &vpcv1.CreateVPNGatewayConnectionOptions{ - VPNGatewayID: &gatewayID, - VPNGatewayConnectionPrototype: vpnGatewayConnectionPrototypeModel, + vpngateway, response, err := sess.GetVPNGateway(&vpcv1.GetVPNGatewayOptions{ + ID: &gatewayID, + }) + if err != nil { + if response != nil && response.StatusCode == 404 { + d.SetId("") + return nil + } + return fmt.Errorf("[ERROR] Error Getting Vpn Gateway (%s): %s\n%s", gatewayID, err, response) } + if *vpngateway.(*vpcv1.VPNGateway).Mode == "policy" { + + vpnGatewayConnectionPrototypeModel := &vpcv1.VPNGatewayConnectionPrototypeVPNGatewayConnectionPolicyModePrototype{ + Psk: &prephasedKey, + AdminStateUp: &stateUp, + DeadPeerDetection: &vpcv1.VPNGatewayConnectionDpdPrototype{ + Action: &action, + Interval: &interval, + Timeout: &timeout, + }, + Name: &name, + } + options := &vpcv1.CreateVPNGatewayConnectionOptions{ + VPNGatewayID: &gatewayID, + VPNGatewayConnectionPrototype: vpnGatewayConnectionPrototypeModel, + } - if _, ok := d.GetOk(isVPNGatewayConnectionLocalCIDRS); ok { - localCidrs := flex.ExpandStringList((d.Get(isVPNGatewayConnectionLocalCIDRS).(*schema.Set)).List()) - vpnGatewayConnectionPrototypeModel.LocalCIDRs = localCidrs - } - if _, ok := d.GetOk(isVPNGatewayConnectionPeerCIDRS); ok { - peerCidrs := flex.ExpandStringList((d.Get(isVPNGatewayConnectionPeerCIDRS).(*schema.Set)).List()) - vpnGatewayConnectionPrototypeModel.PeerCIDRs = peerCidrs - } + var ikePolicyIdentity, ipsecPolicyIdentity string + // new breaking changes + if establishModeOk, ok := d.GetOk("establish_mode"); ok { + vpnGatewayConnectionPrototypeModel.EstablishMode = core.StringPtr(establishModeOk.(string)) + } - var ikePolicyIdentity, ipsecPolicyIdentity string + if localOk, ok := d.GetOk("local"); ok && len(localOk.([]interface{})) > 0 { + log.Println("[INFO] inside local block") + LocalModel, err := resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionPolicyModeLocalPrototype(localOk.([]interface{})[0].(map[string]interface{})) + if err != nil { + return err + } + vpnGatewayConnectionPrototypeModel.Local = LocalModel + } else if _, ok := d.GetOk(isVPNGatewayConnectionLocalCIDRS); ok { + log.Println("[INFO] inside local cidrs block") + localCidrs := flex.ExpandStringList((d.Get(isVPNGatewayConnectionLocalCIDRS).(*schema.Set)).List()) + model := &vpcv1.VPNGatewayConnectionPolicyModeLocalPrototype{} + model.CIDRs = localCidrs + vpnGatewayConnectionPrototypeModel.Local = model + } + if peerOk, ok := d.GetOk("peer"); ok && len(peerOk.([]interface{})) > 0 { + PeerModel, err := resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionPolicyModePeerPrototype(peerOk.([]interface{})[0].(map[string]interface{})) + if err != nil { + return err + } + vpnGatewayConnectionPrototypeModel.Peer = PeerModel + } else if _, ok := d.GetOk(isVPNGatewayConnectionPeerCIDRS); ok || peerAddress != "" { + model := &vpcv1.VPNGatewayConnectionPolicyModePeerPrototype{} + if ok { + peerCidrs := flex.ExpandStringList((d.Get(isVPNGatewayConnectionPeerCIDRS).(*schema.Set)).List()) + model.CIDRs = peerCidrs + } + if peerAddress != "" { + model.Address = &peerAddress + } + vpnGatewayConnectionPrototypeModel.Peer = model + } - if ikePolicy, ok := d.GetOk(isVPNGatewayConnectionIKEPolicy); ok { - ikePolicyIdentity = ikePolicy.(string) - vpnGatewayConnectionPrototypeModel.IkePolicy = &vpcv1.VPNGatewayConnectionIkePolicyPrototype{ - ID: &ikePolicyIdentity, + if ikePolicy, ok := d.GetOk(isVPNGatewayConnectionIKEPolicy); ok { + ikePolicyIdentity = ikePolicy.(string) + vpnGatewayConnectionPrototypeModel.IkePolicy = &vpcv1.VPNGatewayConnectionIkePolicyPrototype{ + ID: &ikePolicyIdentity, + } + } else { + vpnGatewayConnectionPrototypeModel.IkePolicy = nil } - } else { - vpnGatewayConnectionPrototypeModel.IkePolicy = nil - } - if ipsecPolicy, ok := d.GetOk(isVPNGatewayConnectionIPSECPolicy); ok { - ipsecPolicyIdentity = ipsecPolicy.(string) - vpnGatewayConnectionPrototypeModel.IpsecPolicy = &vpcv1.VPNGatewayConnectionIPsecPolicyPrototype{ - ID: &ipsecPolicyIdentity, + if ipsecPolicy, ok := d.GetOk(isVPNGatewayConnectionIPSECPolicy); ok { + ipsecPolicyIdentity = ipsecPolicy.(string) + vpnGatewayConnectionPrototypeModel.IpsecPolicy = &vpcv1.VPNGatewayConnectionIPsecPolicyPrototype{ + ID: &ipsecPolicyIdentity, + } + } else { + vpnGatewayConnectionPrototypeModel.IpsecPolicy = nil } - } else { - vpnGatewayConnectionPrototypeModel.IpsecPolicy = nil - } - vpnGatewayConnectionIntf, response, err := sess.CreateVPNGatewayConnection(options) - if err != nil { - return fmt.Errorf("[DEBUG] Create VPN Gateway Connection err %s\n%s", err, response) - } - - if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode); ok { - vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode) - log.Printf("[INFO] VPNGatewayConnection : %s/%s", gatewayID, *vpnGatewayConnection.ID) - d.SetId(fmt.Sprintf("%s/%s", gatewayID, *vpnGatewayConnection.ID)) - } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode); ok { - vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode) - log.Printf("[INFO] VPNGatewayConnection : %s/%s", gatewayID, *vpnGatewayConnection.ID) - d.SetId(fmt.Sprintf("%s/%s", gatewayID, *vpnGatewayConnection.ID)) - } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode); ok { - vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode) - log.Printf("[INFO] VPNGatewayConnection : %s/%s", gatewayID, *vpnGatewayConnection.ID) - d.SetId(fmt.Sprintf("%s/%s", gatewayID, *vpnGatewayConnection.ID)) - } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection); ok { - vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection) - log.Printf("[INFO] VPNGatewayConnection : %s/%s", gatewayID, *vpnGatewayConnection.ID) - d.SetId(fmt.Sprintf("%s/%s", gatewayID, *vpnGatewayConnection.ID)) - } else { - return fmt.Errorf("[ERROR] Unrecognized vpcv1.vpnGatewayConnectionIntf subtype encountered") + vpnGatewayConnectionIntf, response, err := sess.CreateVPNGatewayConnection(options) + if err != nil { + return fmt.Errorf("[DEBUG] Create VPN Gateway Connection err %s\n%s", err, response) + } + if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection); ok { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection) + d.SetId(fmt.Sprintf("%s/%s", gatewayID, *vpnGatewayConnection.ID)) + log.Printf("[INFO] VPNGatewayConnection : %s/%s", gatewayID, *vpnGatewayConnection.ID) + } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode); ok { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode) + d.SetId(fmt.Sprintf("%s/%s", gatewayID, *vpnGatewayConnection.ID)) + log.Printf("[INFO] VPNGatewayConnection : %s/%s", gatewayID, *vpnGatewayConnection.ID) + } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode); ok { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode) + d.SetId(fmt.Sprintf("%s/%s", gatewayID, *vpnGatewayConnection.ID)) + log.Printf("[INFO] VPNGatewayConnection : %s/%s", gatewayID, *vpnGatewayConnection.ID) + } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode); ok { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode) + d.SetId(fmt.Sprintf("%s/%s", gatewayID, *vpnGatewayConnection.ID)) + log.Printf("[INFO] VPNGatewayConnection : %s/%s", gatewayID, *vpnGatewayConnection.ID) + } else { + return (fmt.Errorf("Unrecognized vpcv1.vpnGatewayConnectionIntf subtype encountered")) + } + } else if *vpngateway.(*vpcv1.VPNGateway).Mode == "route" { + + vpnGatewayConnectionPrototypeModel := &vpcv1.VPNGatewayConnectionPrototypeVPNGatewayConnectionStaticRouteModePrototype{ + Psk: &prephasedKey, + AdminStateUp: &stateUp, + DeadPeerDetection: &vpcv1.VPNGatewayConnectionDpdPrototype{ + Action: &action, + Interval: &interval, + Timeout: &timeout, + }, + Name: &name, + } + options := &vpcv1.CreateVPNGatewayConnectionOptions{ + VPNGatewayID: &gatewayID, + VPNGatewayConnectionPrototype: vpnGatewayConnectionPrototypeModel, + } + + var ikePolicyIdentity, ipsecPolicyIdentity string + // new breaking changes + if establishModeOk, ok := d.GetOk("establish_mode"); ok { + vpnGatewayConnectionPrototypeModel.EstablishMode = core.StringPtr(establishModeOk.(string)) + } + + if localOk, ok := d.GetOk("local"); ok && len(localOk.([]interface{})) > 0 { + log.Println("[INFO] inside local block") + LocalModel, err := resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionStaticRouteModeLocalPrototype(localOk.([]interface{})[0].(map[string]interface{})) + if err != nil { + return err + } + vpnGatewayConnectionPrototypeModel.Local = LocalModel + } + if peerOk, ok := d.GetOk("peer"); ok && len(peerOk.([]interface{})) > 0 { + PeerModel, err := resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionStaticRouteModePeerPrototype(peerOk.([]interface{})[0].(map[string]interface{})) + if err != nil { + return err + } + vpnGatewayConnectionPrototypeModel.Peer = PeerModel + } else if peerAddress != "" { + model := &vpcv1.VPNGatewayConnectionStaticRouteModePeerPrototype{} + if peerAddress != "" { + model.Address = &peerAddress + } + vpnGatewayConnectionPrototypeModel.Peer = model + } + + if ikePolicy, ok := d.GetOk(isVPNGatewayConnectionIKEPolicy); ok { + ikePolicyIdentity = ikePolicy.(string) + vpnGatewayConnectionPrototypeModel.IkePolicy = &vpcv1.VPNGatewayConnectionIkePolicyPrototype{ + ID: &ikePolicyIdentity, + } + } else { + vpnGatewayConnectionPrototypeModel.IkePolicy = nil + } + if ipsecPolicy, ok := d.GetOk(isVPNGatewayConnectionIPSECPolicy); ok { + ipsecPolicyIdentity = ipsecPolicy.(string) + vpnGatewayConnectionPrototypeModel.IpsecPolicy = &vpcv1.VPNGatewayConnectionIPsecPolicyPrototype{ + ID: &ipsecPolicyIdentity, + } + } else { + vpnGatewayConnectionPrototypeModel.IpsecPolicy = nil + } + + vpnGatewayConnectionIntf, response, err := sess.CreateVPNGatewayConnection(options) + if err != nil { + return fmt.Errorf("[DEBUG] Create VPN Gateway Connection err %s\n%s", err, response) + } + if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection); ok { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection) + d.SetId(fmt.Sprintf("%s/%s", gatewayID, *vpnGatewayConnection.ID)) + log.Printf("[INFO] VPNGatewayConnection : %s/%s", gatewayID, *vpnGatewayConnection.ID) + } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode); ok { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode) + d.SetId(fmt.Sprintf("%s/%s", gatewayID, *vpnGatewayConnection.ID)) + log.Printf("[INFO] VPNGatewayConnection : %s/%s", gatewayID, *vpnGatewayConnection.ID) + } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode); ok { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode) + d.SetId(fmt.Sprintf("%s/%s", gatewayID, *vpnGatewayConnection.ID)) + log.Printf("[INFO] VPNGatewayConnection : %s/%s", gatewayID, *vpnGatewayConnection.ID) + } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode); ok { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode) + d.SetId(fmt.Sprintf("%s/%s", gatewayID, *vpnGatewayConnection.ID)) + log.Printf("[INFO] VPNGatewayConnection : %s/%s", gatewayID, *vpnGatewayConnection.ID) + } else { + return (fmt.Errorf("Unrecognized vpcv1.vpnGatewayConnectionIntf subtype encountered")) + } } + return nil } @@ -421,216 +678,7 @@ func vpngwconGet(d *schema.ResourceData, meta interface{}, gID, gConnID string) return fmt.Errorf("[ERROR] Error Getting Vpn Gateway Connection (%s): %s\n%s", gConnID, err, response) } d.Set(isVPNGatewayConnection, gConnID) - d.Set(isVPNGatewayConnectionVPNGateway, gID) - - if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode); ok { - vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode) - - d.Set(isVPNGatewayConnectionName, *vpnGatewayConnection.Name) - d.Set(isVPNGatewayConnectionAdminStateup, *vpnGatewayConnection.AdminStateUp) - d.Set(isVPNGatewayConnectionPeerAddress, *vpnGatewayConnection.PeerAddress) - d.Set(isVPNGatewayConnectionPreSharedKey, *vpnGatewayConnection.Psk) - if vpnGatewayConnection.LocalCIDRs != nil { - d.Set(isVPNGatewayConnectionLocalCIDRS, flex.FlattenStringList(vpnGatewayConnection.LocalCIDRs)) - } - if vpnGatewayConnection.PeerCIDRs != nil { - d.Set(isVPNGatewayConnectionPeerCIDRS, flex.FlattenStringList(vpnGatewayConnection.PeerCIDRs)) - } - if vpnGatewayConnection.IkePolicy != nil { - d.Set(isVPNGatewayConnectionIKEPolicy, *vpnGatewayConnection.IkePolicy.ID) - } - if vpnGatewayConnection.IpsecPolicy != nil { - d.Set(isVPNGatewayConnectionIPSECPolicy, *vpnGatewayConnection.IpsecPolicy.ID) - } - if vpnGatewayConnection.AuthenticationMode != nil { - d.Set(isVPNGatewayConnectionAdminAuthenticationmode, *vpnGatewayConnection.AuthenticationMode) - } - if vpnGatewayConnection.Status != nil { - d.Set(isVPNGatewayConnectionStatus, *vpnGatewayConnection.Status) - } - if err := d.Set(isVPNGatewayConnectionStatusreasons, resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { - return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err) - } - - if vpnGatewayConnection.ResourceType != nil { - d.Set(isVPNGatewayConnectionResourcetype, *vpnGatewayConnection.ResourceType) - } - if vpnGatewayConnection.CreatedAt != nil { - d.Set(isVPNGatewayConnectionCreatedat, vpnGatewayConnection.CreatedAt.String()) - } - - if vpnGatewayConnection.Mode != nil { - d.Set(isVPNGatewayConnectionMode, *vpnGatewayConnection.Mode) - } - vpcTunnelsList := make([]map[string]interface{}, 0) - d.Set(isVPNGatewayConnectionTunnels, vpcTunnelsList) - d.Set(isVPNGatewayConnectionDeadPeerDetectionAction, *vpnGatewayConnection.DeadPeerDetection.Action) - d.Set(isVPNGatewayConnectionDeadPeerDetectionInterval, *vpnGatewayConnection.DeadPeerDetection.Interval) - d.Set(isVPNGatewayConnectionDeadPeerDetectionTimeout, *vpnGatewayConnection.DeadPeerDetection.Timeout) - - } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode); ok { - vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode) - d.Set(isVPNGatewayConnectionName, *vpnGatewayConnection.Name) - d.Set(isVPNGatewayConnectionAdminStateup, *vpnGatewayConnection.AdminStateUp) - d.Set(isVPNGatewayConnectionPeerAddress, *vpnGatewayConnection.PeerAddress) - d.Set(isVPNGatewayConnectionPreSharedKey, *vpnGatewayConnection.Psk) - if vpnGatewayConnection.IkePolicy != nil { - d.Set(isVPNGatewayConnectionIKEPolicy, *vpnGatewayConnection.IkePolicy.ID) - } - if vpnGatewayConnection.IpsecPolicy != nil { - d.Set(isVPNGatewayConnectionIPSECPolicy, *vpnGatewayConnection.IpsecPolicy.ID) - } - if vpnGatewayConnection.AuthenticationMode != nil { - d.Set(isVPNGatewayConnectionAdminAuthenticationmode, *vpnGatewayConnection.AuthenticationMode) - } - if vpnGatewayConnection.Status != nil { - d.Set(isVPNGatewayConnectionStatus, *vpnGatewayConnection.Status) - } - if err := d.Set(isVPNGatewayConnectionStatusreasons, resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { - return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err) - } - - if vpnGatewayConnection.ResourceType != nil { - d.Set(isVPNGatewayConnectionResourcetype, *vpnGatewayConnection.ResourceType) - } - if vpnGatewayConnection.CreatedAt != nil { - d.Set(isVPNGatewayConnectionCreatedat, vpnGatewayConnection.CreatedAt.String()) - } - - if vpnGatewayConnection.Mode != nil { - d.Set(isVPNGatewayConnectionMode, *vpnGatewayConnection.Mode) - } - vpcTunnelsList := make([]map[string]interface{}, 0) - if vpnGatewayConnection.Tunnels != nil { - for _, vpcTunnel := range vpnGatewayConnection.Tunnels { - currentTunnel := map[string]interface{}{} - if vpcTunnel.PublicIP != nil { - publicIP := *vpcTunnel.PublicIP - currentTunnel["address"] = *publicIP.Address - } - if vpcTunnel.Status != nil { - currentTunnel["status"] = *vpcTunnel.Status - } - vpcTunnelsList = append(vpcTunnelsList, currentTunnel) - } - } - d.Set(isVPNGatewayConnectionTunnels, vpcTunnelsList) - d.Set(isVPNGatewayConnectionDeadPeerDetectionAction, *vpnGatewayConnection.DeadPeerDetection.Action) - d.Set(isVPNGatewayConnectionDeadPeerDetectionInterval, *vpnGatewayConnection.DeadPeerDetection.Interval) - d.Set(isVPNGatewayConnectionDeadPeerDetectionTimeout, *vpnGatewayConnection.DeadPeerDetection.Timeout) - - } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode); ok { - vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode) - d.Set(isVPNGatewayConnectionName, *vpnGatewayConnection.Name) - d.Set(isVPNGatewayConnectionAdminStateup, *vpnGatewayConnection.AdminStateUp) - d.Set(isVPNGatewayConnectionPeerAddress, *vpnGatewayConnection.PeerAddress) - d.Set(isVPNGatewayConnectionPreSharedKey, *vpnGatewayConnection.Psk) - if vpnGatewayConnection.IkePolicy != nil { - d.Set(isVPNGatewayConnectionIKEPolicy, *vpnGatewayConnection.IkePolicy.ID) - } - if vpnGatewayConnection.IpsecPolicy != nil { - d.Set(isVPNGatewayConnectionIPSECPolicy, *vpnGatewayConnection.IpsecPolicy.ID) - } - if vpnGatewayConnection.AuthenticationMode != nil { - d.Set(isVPNGatewayConnectionAdminAuthenticationmode, *vpnGatewayConnection.AuthenticationMode) - } - if vpnGatewayConnection.Status != nil { - d.Set(isVPNGatewayConnectionStatus, *vpnGatewayConnection.Status) - } - if err := d.Set(isVPNGatewayConnectionStatusreasons, resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { - return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err) - } - - if vpnGatewayConnection.ResourceType != nil { - d.Set(isVPNGatewayConnectionResourcetype, *vpnGatewayConnection.ResourceType) - } - if vpnGatewayConnection.CreatedAt != nil { - d.Set(isVPNGatewayConnectionCreatedat, vpnGatewayConnection.CreatedAt.String()) - } - - if vpnGatewayConnection.Mode != nil { - d.Set(isVPNGatewayConnectionMode, *vpnGatewayConnection.Mode) - } - vpcTunnelsList := make([]map[string]interface{}, 0) - if vpnGatewayConnection.Tunnels != nil { - for _, vpcTunnel := range vpnGatewayConnection.Tunnels { - currentTunnel := map[string]interface{}{} - if vpcTunnel.PublicIP != nil { - publicIP := *vpcTunnel.PublicIP - currentTunnel["address"] = *publicIP.Address - } - if vpcTunnel.Status != nil { - currentTunnel["status"] = *vpcTunnel.Status - } - vpcTunnelsList = append(vpcTunnelsList, currentTunnel) - } - } - d.Set(isVPNGatewayConnectionTunnels, vpcTunnelsList) - d.Set(isVPNGatewayConnectionDeadPeerDetectionAction, *vpnGatewayConnection.DeadPeerDetection.Action) - d.Set(isVPNGatewayConnectionDeadPeerDetectionInterval, *vpnGatewayConnection.DeadPeerDetection.Interval) - d.Set(isVPNGatewayConnectionDeadPeerDetectionTimeout, *vpnGatewayConnection.DeadPeerDetection.Timeout) - - } else if _, ok := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection); ok { - vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection) - d.Set(isVPNGatewayConnectionName, *vpnGatewayConnection.Name) - d.Set(isVPNGatewayConnectionAdminStateup, *vpnGatewayConnection.AdminStateUp) - d.Set(isVPNGatewayConnectionPeerAddress, *vpnGatewayConnection.PeerAddress) - d.Set(isVPNGatewayConnectionPreSharedKey, *vpnGatewayConnection.Psk) - if vpnGatewayConnection.LocalCIDRs != nil { - d.Set(isVPNGatewayConnectionLocalCIDRS, flex.FlattenStringList(vpnGatewayConnection.LocalCIDRs)) - } - if vpnGatewayConnection.PeerCIDRs != nil { - d.Set(isVPNGatewayConnectionPeerCIDRS, flex.FlattenStringList(vpnGatewayConnection.PeerCIDRs)) - } - if vpnGatewayConnection.IkePolicy != nil { - d.Set(isVPNGatewayConnectionIKEPolicy, *vpnGatewayConnection.IkePolicy.ID) - } - if vpnGatewayConnection.IpsecPolicy != nil { - d.Set(isVPNGatewayConnectionIPSECPolicy, *vpnGatewayConnection.IpsecPolicy.ID) - } - if vpnGatewayConnection.AuthenticationMode != nil { - d.Set(isVPNGatewayConnectionAdminAuthenticationmode, *vpnGatewayConnection.AuthenticationMode) - } - if vpnGatewayConnection.Status != nil { - d.Set(isVPNGatewayConnectionStatus, *vpnGatewayConnection.Status) - } - if err := d.Set(isVPNGatewayConnectionStatusreasons, resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { - return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err) - } - - if vpnGatewayConnection.ResourceType != nil { - d.Set(isVPNGatewayConnectionResourcetype, *vpnGatewayConnection.ResourceType) - } - if vpnGatewayConnection.CreatedAt != nil { - d.Set(isVPNGatewayConnectionCreatedat, vpnGatewayConnection.CreatedAt.String()) - } - - if vpnGatewayConnection.Mode != nil { - d.Set(isVPNGatewayConnectionMode, *vpnGatewayConnection.Mode) - } - vpcTunnelsList := make([]map[string]interface{}, 0) - if vpnGatewayConnection.Tunnels != nil { - for _, vpcTunnel := range vpnGatewayConnection.Tunnels { - currentTunnel := map[string]interface{}{} - if vpcTunnel.PublicIP != nil { - publicIP := *vpcTunnel.PublicIP - currentTunnel["address"] = *publicIP.Address - } - if vpcTunnel.Status != nil { - currentTunnel["status"] = *vpcTunnel.Status - } - vpcTunnelsList = append(vpcTunnelsList, currentTunnel) - } - } - d.Set(isVPNGatewayConnectionTunnels, vpcTunnelsList) - d.Set(isVPNGatewayConnectionDeadPeerDetectionAction, *vpnGatewayConnection.DeadPeerDetection.Action) - d.Set(isVPNGatewayConnectionDeadPeerDetectionInterval, *vpnGatewayConnection.DeadPeerDetection.Interval) - d.Set(isVPNGatewayConnectionDeadPeerDetectionTimeout, *vpnGatewayConnection.DeadPeerDetection.Timeout) - - } else { - return fmt.Errorf("[ERROR] Unrecognized vpcv1.vpnGatewayConnectionIntf subtype encountered") - } - + setvpnGatewayConnectionIntfResource(d, gID, vpnGatewayConnectionIntf) getVPNGatewayOptions := &vpcv1.GetVPNGatewayOptions{ ID: &gID, } @@ -676,10 +724,24 @@ func vpngwconUpdate(d *schema.ResourceData, meta interface{}, gID, gConnID strin vpnGatewayConnectionPatchModel.Name = &name hasChanged = true } - + if d.HasChange("establish_mode") { + newEstablishMode := d.Get("establish_mode").(string) + vpnGatewayConnectionPatchModel.EstablishMode = &newEstablishMode + hasChanged = true + } + if d.HasChange("peer") { + peer, err := resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionPeerPatch(d.Get("peer.0").(map[string]interface{})) + if err != nil { + return err + } + vpnGatewayConnectionPatchModel.Peer = peer + hasChanged = true + } + // Deprecated if d.HasChange(isVPNGatewayConnectionPeerAddress) { peerAddress := d.Get(isVPNGatewayConnectionPeerAddress).(string) - vpnGatewayConnectionPatchModel.PeerAddress = &peerAddress + model := &vpcv1.VPNGatewayConnectionPeerPatch{} + model.Address = &peerAddress hasChanged = true } @@ -890,3 +952,636 @@ func resourceVPNGatewayConnectionFlattenLifecycleReasons(statusReasons []vpcv1.V } return statusReasonsList } + +// helper functions + +func resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionPolicyModeLocalPrototype(modelMap map[string]interface{}) (*vpcv1.VPNGatewayConnectionPolicyModeLocalPrototype, error) { + model := &vpcv1.VPNGatewayConnectionPolicyModeLocalPrototype{} + if modelMap["ike_identities"] != nil { + ikeIdentities := []vpcv1.VPNGatewayConnectionIkeIdentityPrototypeIntf{} + for _, ikeIdentitiesItem := range modelMap["ike_identities"].([]interface{}) { + ikeIdentitiesItemModel, err := resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionIkeIdentityPrototype(ikeIdentitiesItem.(map[string]interface{})) + if err != nil { + return model, err + } + ikeIdentities = append(ikeIdentities, ikeIdentitiesItemModel) + } + model.IkeIdentities = ikeIdentities + } + if modelMap["cidrs"] != nil && modelMap["cidrs"].(*schema.Set).Len() > 0 { + localCidrs := flex.ExpandStringList((modelMap["cidrs"].(*schema.Set)).List()) + model.CIDRs = localCidrs + } + return model, nil +} +func resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionStaticRouteModeLocalPrototype(modelMap map[string]interface{}) (*vpcv1.VPNGatewayConnectionStaticRouteModeLocalPrototype, error) { + model := &vpcv1.VPNGatewayConnectionStaticRouteModeLocalPrototype{} + if modelMap["ike_identities"] != nil { + ikeIdentities := []vpcv1.VPNGatewayConnectionIkeIdentityPrototypeIntf{} + for _, ikeIdentitiesItem := range modelMap["ike_identities"].([]interface{}) { + ikeIdentitiesItemModel, err := resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionIkeIdentityPrototype(ikeIdentitiesItem.(map[string]interface{})) + if err != nil { + return model, err + } + ikeIdentities = append(ikeIdentities, ikeIdentitiesItemModel) + } + model.IkeIdentities = ikeIdentities + } + return model, nil +} + +func resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionIkeIdentityPrototype(modelMap map[string]interface{}) (vpcv1.VPNGatewayConnectionIkeIdentityPrototypeIntf, error) { + model := &vpcv1.VPNGatewayConnectionIkeIdentityPrototype{} + model.Type = core.StringPtr(modelMap["type"].(string)) + if modelMap["value"] != nil && modelMap["value"].(string) != "" { + model.Value = core.StringPtr(modelMap["value"].(string)) + } + return model, nil +} + +func resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionPolicyModePeerPrototype(modelMap map[string]interface{}) (vpcv1.VPNGatewayConnectionPolicyModePeerPrototypeIntf, error) { + model := &vpcv1.VPNGatewayConnectionPolicyModePeerPrototype{} + if modelMap["ike_identity"] != nil && len(modelMap["ike_identity"].([]interface{})) > 0 { + IkeIdentityModel, err := resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionIkeIdentityPrototype(modelMap["ike_identity"].([]interface{})[0].(map[string]interface{})) + if err != nil { + return model, err + } + model.IkeIdentity = IkeIdentityModel + } + if modelMap["address"] != nil && modelMap["address"].(string) != "" { + model.Address = core.StringPtr(modelMap["address"].(string)) + } + if modelMap["fqdn"] != nil && modelMap["fqdn"].(string) != "" { + model.Fqdn = core.StringPtr(modelMap["fqdn"].(string)) + } + if modelMap["cidrs"] != nil && modelMap["cidrs"].(*schema.Set).Len() > 0 { + peerCidrs := flex.ExpandStringList((modelMap["cidrs"].(*schema.Set)).List()) + model.CIDRs = peerCidrs + } + return model, nil +} +func resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionStaticRouteModePeerPrototype(modelMap map[string]interface{}) (vpcv1.VPNGatewayConnectionStaticRouteModePeerPrototypeIntf, error) { + model := &vpcv1.VPNGatewayConnectionStaticRouteModePeerPrototype{} + if modelMap["ike_identity"] != nil && len(modelMap["ike_identity"].([]interface{})) > 0 { + IkeIdentityModel, err := resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionIkeIdentityPrototype(modelMap["ike_identity"].([]interface{})[0].(map[string]interface{})) + if err != nil { + return model, err + } + model.IkeIdentity = IkeIdentityModel + } + if modelMap["address"] != nil && modelMap["address"].(string) != "" { + model.Address = core.StringPtr(modelMap["address"].(string)) + } + if modelMap["fqdn"] != nil && modelMap["fqdn"].(string) != "" { + model.Fqdn = core.StringPtr(modelMap["fqdn"].(string)) + } + return model, nil +} + +func resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionPeerPatch(modelMap map[string]interface{}) (vpcv1.VPNGatewayConnectionPeerPatchIntf, error) { + model := &vpcv1.VPNGatewayConnectionPeerPatch{} + if modelMap["address"] != nil && modelMap["address"].(string) != "" { + model.Address = core.StringPtr(modelMap["address"].(string)) + } + if modelMap["fqdn"] != nil && modelMap["fqdn"].(string) != "" { + model.Fqdn = core.StringPtr(modelMap["fqdn"].(string)) + } + return model, nil +} +func resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModeLocalToMap(model *vpcv1.VPNGatewayConnectionStaticRouteModeLocal) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + ikeIdentities := []map[string]interface{}{} + for _, ikeIdentitiesItem := range model.IkeIdentities { + ikeIdentitiesItemMap, err := resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(ikeIdentitiesItem) + if err != nil { + return modelMap, err + } + ikeIdentities = append(ikeIdentities, ikeIdentitiesItemMap) + } + modelMap["ike_identities"] = ikeIdentities + return modelMap, nil +} + +func resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(model vpcv1.VPNGatewayConnectionIkeIdentityIntf) (map[string]interface{}, error) { + if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdn); ok { + return resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdnToMap(model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdn)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostname); ok { + return resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostnameToMap(model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostname)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4); ok { + return resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4ToMap(model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyID); ok { + return resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyIDToMap(model.(*vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyID)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionIkeIdentity); ok { + modelMap := make(map[string]interface{}) + model := model.(*vpcv1.VPNGatewayConnectionIkeIdentity) + modelMap["type"] = model.Type + if model.Value != nil { + modelMap["value"] = model.Value + } + return modelMap, nil + } else { + return nil, fmt.Errorf("Unrecognized vpcv1.VPNGatewayConnectionIkeIdentityIntf subtype encountered") + } +} + +func resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdnToMap(model *vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityFqdn) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = model.Value + return modelMap, nil +} + +func resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostnameToMap(model *vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityHostname) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = model.Value + return modelMap, nil +} + +func resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4ToMap(model *vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityIPv4) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = model.Value + return modelMap, nil +} + +func resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyIDToMap(model *vpcv1.VPNGatewayConnectionIkeIdentityVPNGatewayConnectionIkeIdentityKeyID) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = string(*model.Value) + return modelMap, nil +} + +func resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerToMap(model vpcv1.VPNGatewayConnectionStaticRouteModePeerIntf) (map[string]interface{}, error) { + if _, ok := model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddress); ok { + return resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddressToMap(model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddress)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdn); ok { + return resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdnToMap(model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdn)) + } else if _, ok := model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer); ok { + modelMap := make(map[string]interface{}) + model := model.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer) + ikeIdentityMap, err := resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(model.IkeIdentity) + if err != nil { + return modelMap, err + } + modelMap["ike_identity"] = []map[string]interface{}{ikeIdentityMap} + modelMap["type"] = model.Type + if model.Address != nil { + modelMap["address"] = model.Address + } + if model.Fqdn != nil { + modelMap["fqdn"] = model.Fqdn + } + return modelMap, nil + } else { + return nil, fmt.Errorf("Unrecognized vpcv1.VPNGatewayConnectionStaticRouteModePeerIntf subtype encountered") + } +} + +func resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddressToMap(model *vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByAddress) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + ikeIdentityMap, err := resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(model.IkeIdentity) + if err != nil { + return modelMap, err + } + modelMap["ike_identity"] = []map[string]interface{}{ikeIdentityMap} + modelMap["type"] = model.Type + modelMap["address"] = model.Address + return modelMap, nil +} + +func resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdnToMap(model *vpcv1.VPNGatewayConnectionStaticRouteModePeerVPNGatewayConnectionPeerByFqdn) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + ikeIdentityMap, err := resourceIBMIsVPNGatewayConnectionVPNGatewayConnectionIkeIdentityToMap(model.IkeIdentity) + if err != nil { + return modelMap, err + } + modelMap["ike_identity"] = []map[string]interface{}{ikeIdentityMap} + modelMap["type"] = model.Type + modelMap["fqdn"] = model.Fqdn + return modelMap, nil +} + +func setvpnGatewayConnectionIntfResource(d *schema.ResourceData, vpn_gateway_id string, vpnGatewayConnectionIntf vpcv1.VPNGatewayConnectionIntf) error { + var err error + + switch reflect.TypeOf(vpnGatewayConnectionIntf).String() { + case "*vpcv1.VPNGatewayConnection": + { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnection) + d.SetId(fmt.Sprintf("%s/%s", vpn_gateway_id, *vpnGatewayConnection.ID)) + if err = d.Set("admin_state_up", vpnGatewayConnection.AdminStateUp); err != nil { + return fmt.Errorf("[ERROR] Error setting admin_state_up: %s", err) + } + if err = d.Set("authentication_mode", vpnGatewayConnection.AuthenticationMode); err != nil { + return fmt.Errorf("[ERROR] Error setting authentication_mode: %s", err) + } + if err = d.Set("created_at", flex.DateTimeToString(vpnGatewayConnection.CreatedAt)); err != nil { + return fmt.Errorf("[ERROR] Error setting created_at: %s", err) + } + + if vpnGatewayConnection.DeadPeerDetection != nil { + d.Set(isVPNGatewayConnectionDeadPeerDetectionAction, vpnGatewayConnection.DeadPeerDetection.Action) + d.Set(isVPNGatewayConnectionDeadPeerDetectionInterval, vpnGatewayConnection.DeadPeerDetection.Interval) + d.Set(isVPNGatewayConnectionDeadPeerDetectionTimeout, vpnGatewayConnection.DeadPeerDetection.Timeout) + } + if err = d.Set("href", vpnGatewayConnection.Href); err != nil { + return fmt.Errorf("[ERROR] Error setting href: %s", err) + } + + if vpnGatewayConnection.IkePolicy != nil { + d.Set("ike_policy", vpnGatewayConnection.IkePolicy.ID) + } + + if vpnGatewayConnection.IpsecPolicy != nil { + d.Set("ipsec_policy", vpnGatewayConnection.IpsecPolicy.ID) + } + if err = d.Set("mode", vpnGatewayConnection.Mode); err != nil { + return fmt.Errorf("[ERROR] Error setting mode: %s", err) + } + if err = d.Set("name", vpnGatewayConnection.Name); err != nil { + return fmt.Errorf("[ERROR] Error setting name: %s", err) + } + + // breaking changes + if err = d.Set("establish_mode", vpnGatewayConnection.EstablishMode); err != nil { + return fmt.Errorf("[ERROR] Error setting establish_mode: %s", err) + } + local := []map[string]interface{}{} + if vpnGatewayConnection.Local != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModeLocalToMap(vpnGatewayConnection.Local) + if err != nil { + return err + } + local = append(local, modelMap) + } + if err = d.Set("local", local); err != nil { + return fmt.Errorf("[ERROR] Error setting local %s", err) + } + + peer := []map[string]interface{}{} + if vpnGatewayConnection.Peer != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerToMap(vpnGatewayConnection.Peer) + if err != nil { + return err + } + peer = append(peer, modelMap) + } + if err = d.Set("peer", peer); err != nil { + return fmt.Errorf("[ERROR] Error setting peer %s", err) + } + // Deprecated + if vpnGatewayConnection.Peer != nil { + peer := vpnGatewayConnection.Peer.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer) + if err = d.Set("peer_address", peer.Address); err != nil { + return fmt.Errorf("[ERROR] Error setting peer_address: %s", err) + } + } + if err = d.Set("preshared_key", vpnGatewayConnection.Psk); err != nil { + return fmt.Errorf("[ERROR] Error setting psk: %s", err) + } + if err = d.Set("resource_type", vpnGatewayConnection.ResourceType); err != nil { + return fmt.Errorf("[ERROR] Error setting resource_type: %s", err) + } + if err = d.Set("status", vpnGatewayConnection.Status); err != nil { + return fmt.Errorf("[ERROR] Error setting status: %s", err) + } + if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { + return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err) + } + if err = d.Set("routing_protocol", vpnGatewayConnection.RoutingProtocol); err != nil { + return fmt.Errorf("[ERROR] Error setting routing_protocol: %s", err) + } + + if vpnGatewayConnection.Tunnels != nil { + err = d.Set("tunnels", resourceVPNGatewayConnectionFlattenTunnels(vpnGatewayConnection.Tunnels)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting tunnels %s", err) + } + } else { + d.Set("tunnels", []map[string]interface{}{}) + } + } + case "*vpcv1.VPNGatewayConnectionRouteMode": + { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteMode) + d.SetId(fmt.Sprintf("%s/%s", vpn_gateway_id, *vpnGatewayConnection.ID)) + if err = d.Set("admin_state_up", vpnGatewayConnection.AdminStateUp); err != nil { + return fmt.Errorf("[ERROR] Error setting admin_state_up: %s", err) + } + if err = d.Set("authentication_mode", vpnGatewayConnection.AuthenticationMode); err != nil { + return fmt.Errorf("[ERROR] Error setting authentication_mode: %s", err) + } + if err = d.Set("created_at", flex.DateTimeToString(vpnGatewayConnection.CreatedAt)); err != nil { + return fmt.Errorf("[ERROR] Error setting created_at: %s", err) + } + + if vpnGatewayConnection.DeadPeerDetection != nil { + d.Set(isVPNGatewayConnectionDeadPeerDetectionAction, vpnGatewayConnection.DeadPeerDetection.Action) + d.Set(isVPNGatewayConnectionDeadPeerDetectionInterval, vpnGatewayConnection.DeadPeerDetection.Interval) + d.Set(isVPNGatewayConnectionDeadPeerDetectionTimeout, vpnGatewayConnection.DeadPeerDetection.Timeout) + } + if err = d.Set("href", vpnGatewayConnection.Href); err != nil { + return fmt.Errorf("[ERROR] Error setting href: %s", err) + } + + if vpnGatewayConnection.IkePolicy != nil { + d.Set("ike_policy", vpnGatewayConnection.IkePolicy.ID) + } + + if vpnGatewayConnection.IpsecPolicy != nil { + d.Set("ipsec_policy", vpnGatewayConnection.IpsecPolicy.ID) + } + if err = d.Set("mode", vpnGatewayConnection.Mode); err != nil { + return fmt.Errorf("[ERROR] Error setting mode: %s", err) + } + if err = d.Set("name", vpnGatewayConnection.Name); err != nil { + return fmt.Errorf("[ERROR] Error setting name: %s", err) + } + + // breaking changes + if err = d.Set("establish_mode", vpnGatewayConnection.EstablishMode); err != nil { + return fmt.Errorf("[ERROR] Error setting establish_mode: %s", err) + } + local := []map[string]interface{}{} + if vpnGatewayConnection.Local != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModeLocalToMap(vpnGatewayConnection.Local) + if err != nil { + return err + } + local = append(local, modelMap) + } + if err = d.Set("local", local); err != nil { + return fmt.Errorf("[ERROR] Error setting local %s", err) + } + + peer := []map[string]interface{}{} + if vpnGatewayConnection.Peer != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerToMap(vpnGatewayConnection.Peer) + if err != nil { + return err + } + peer = append(peer, modelMap) + } + if err = d.Set("peer", peer); err != nil { + return fmt.Errorf("[ERROR] Error setting peer %s", err) + } + // Deprecated + if vpnGatewayConnection.Peer != nil { + peer := vpnGatewayConnection.Peer.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer) + if err = d.Set("peer_address", peer.Address); err != nil { + return fmt.Errorf("[ERROR] Error setting peer_address: %s", err) + } + } + if err = d.Set("preshared_key", vpnGatewayConnection.Psk); err != nil { + return fmt.Errorf("[ERROR] Error setting psk: %s", err) + } + if err = d.Set("resource_type", vpnGatewayConnection.ResourceType); err != nil { + return fmt.Errorf("[ERROR] Error setting resource_type: %s", err) + } + if err = d.Set("status", vpnGatewayConnection.Status); err != nil { + return fmt.Errorf("[ERROR] Error setting status: %s", err) + } + if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { + return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err) + } + if err = d.Set("routing_protocol", vpnGatewayConnection.RoutingProtocol); err != nil { + return fmt.Errorf("[ERROR] Error setting routing_protocol: %s", err) + } + + if vpnGatewayConnection.Tunnels != nil { + err = d.Set("tunnels", resourceVPNGatewayConnectionFlattenTunnels(vpnGatewayConnection.Tunnels)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting tunnels %s", err) + } + } else { + d.Set("tunnels", []map[string]interface{}{}) + } + } + case "*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode": + { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionRouteModeVPNGatewayConnectionStaticRouteMode) + d.SetId(fmt.Sprintf("%s/%s", vpn_gateway_id, *vpnGatewayConnection.ID)) + if err = d.Set("admin_state_up", vpnGatewayConnection.AdminStateUp); err != nil { + return fmt.Errorf("[ERROR] Error setting admin_state_up: %s", err) + } + if err = d.Set("authentication_mode", vpnGatewayConnection.AuthenticationMode); err != nil { + return fmt.Errorf("[ERROR] Error setting authentication_mode: %s", err) + } + if err = d.Set("created_at", flex.DateTimeToString(vpnGatewayConnection.CreatedAt)); err != nil { + return fmt.Errorf("[ERROR] Error setting created_at: %s", err) + } + + if vpnGatewayConnection.DeadPeerDetection != nil { + d.Set(isVPNGatewayConnectionDeadPeerDetectionAction, vpnGatewayConnection.DeadPeerDetection.Action) + d.Set(isVPNGatewayConnectionDeadPeerDetectionInterval, vpnGatewayConnection.DeadPeerDetection.Interval) + d.Set(isVPNGatewayConnectionDeadPeerDetectionTimeout, vpnGatewayConnection.DeadPeerDetection.Timeout) + } + if err = d.Set("href", vpnGatewayConnection.Href); err != nil { + return fmt.Errorf("[ERROR] Error setting href: %s", err) + } + + if vpnGatewayConnection.IkePolicy != nil { + d.Set("ike_policy", vpnGatewayConnection.IkePolicy.ID) + } + + if vpnGatewayConnection.IpsecPolicy != nil { + d.Set("ipsec_policy", vpnGatewayConnection.IpsecPolicy.ID) + } + if err = d.Set("mode", vpnGatewayConnection.Mode); err != nil { + return fmt.Errorf("[ERROR] Error setting mode: %s", err) + } + if err = d.Set("name", vpnGatewayConnection.Name); err != nil { + return fmt.Errorf("[ERROR] Error setting name: %s", err) + } + + // breaking changes + if err = d.Set("establish_mode", vpnGatewayConnection.EstablishMode); err != nil { + return fmt.Errorf("[ERROR] Error setting establish_mode: %s", err) + } + local := []map[string]interface{}{} + if vpnGatewayConnection.Local != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModeLocalToMap(vpnGatewayConnection.Local) + if err != nil { + return err + } + local = append(local, modelMap) + } + if err = d.Set("local", local); err != nil { + return fmt.Errorf("[ERROR] Error setting local %s", err) + } + + peer := []map[string]interface{}{} + if vpnGatewayConnection.Peer != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionStaticRouteModePeerToMap(vpnGatewayConnection.Peer) + if err != nil { + return err + } + peer = append(peer, modelMap) + } + if err = d.Set("peer", peer); err != nil { + return fmt.Errorf("[ERROR] Error setting peer %s", err) + } + // Deprecated + if vpnGatewayConnection.Peer != nil { + peer := vpnGatewayConnection.Peer.(*vpcv1.VPNGatewayConnectionStaticRouteModePeer) + if err = d.Set("peer_address", peer.Address); err != nil { + return fmt.Errorf("[ERROR] Error setting peer_address: %s", err) + } + } + if err = d.Set("preshared_key", vpnGatewayConnection.Psk); err != nil { + return fmt.Errorf("[ERROR] Error setting psk: %s", err) + } + if err = d.Set("resource_type", vpnGatewayConnection.ResourceType); err != nil { + return fmt.Errorf("[ERROR] Error setting resource_type: %s", err) + } + if err = d.Set("status", vpnGatewayConnection.Status); err != nil { + return fmt.Errorf("[ERROR] Error setting status: %s", err) + } + if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { + return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err) + } + if err = d.Set("routing_protocol", vpnGatewayConnection.RoutingProtocol); err != nil { + return fmt.Errorf("[ERROR] Error setting routing_protocol: %s", err) + } + + if vpnGatewayConnection.Tunnels != nil { + err = d.Set("tunnels", resourceVPNGatewayConnectionFlattenTunnels(vpnGatewayConnection.Tunnels)) + if err != nil { + return fmt.Errorf("[ERROR] Error setting tunnels %s", err) + } + } else { + d.Set("tunnels", []map[string]interface{}{}) + } + } + case "*vpcv1.VPNGatewayConnectionPolicyMode": + { + vpnGatewayConnection := vpnGatewayConnectionIntf.(*vpcv1.VPNGatewayConnectionPolicyMode) + d.SetId(fmt.Sprintf("%s/%s", vpn_gateway_id, *vpnGatewayConnection.ID)) + if err = d.Set("admin_state_up", vpnGatewayConnection.AdminStateUp); err != nil { + return fmt.Errorf("[ERROR] Error setting admin_state_up: %s", err) + } + if err = d.Set("authentication_mode", vpnGatewayConnection.AuthenticationMode); err != nil { + return fmt.Errorf("[ERROR] Error setting authentication_mode: %s", err) + } + if err = d.Set("created_at", flex.DateTimeToString(vpnGatewayConnection.CreatedAt)); err != nil { + return fmt.Errorf("[ERROR] Error setting created_at: %s", err) + } + + if vpnGatewayConnection.DeadPeerDetection != nil { + d.Set(isVPNGatewayConnectionDeadPeerDetectionAction, vpnGatewayConnection.DeadPeerDetection.Action) + d.Set(isVPNGatewayConnectionDeadPeerDetectionInterval, vpnGatewayConnection.DeadPeerDetection.Interval) + d.Set(isVPNGatewayConnectionDeadPeerDetectionTimeout, vpnGatewayConnection.DeadPeerDetection.Timeout) + } + if err = d.Set("href", vpnGatewayConnection.Href); err != nil { + return fmt.Errorf("[ERROR] Error setting href: %s", err) + } + + if vpnGatewayConnection.IkePolicy != nil { + d.Set("ike_policy", vpnGatewayConnection.IkePolicy.ID) + + } + + if vpnGatewayConnection.IpsecPolicy != nil { + d.Set("ipsec_policy", vpnGatewayConnection.IpsecPolicy.ID) + + } + if err = d.Set("mode", vpnGatewayConnection.Mode); err != nil { + return fmt.Errorf("[ERROR] Error setting mode: %s", err) + } + if err = d.Set("name", vpnGatewayConnection.Name); err != nil { + return fmt.Errorf("[ERROR] Error setting name: %s", err) + } + + // breaking changes + if err = d.Set("establish_mode", vpnGatewayConnection.EstablishMode); err != nil { + return fmt.Errorf("[ERROR] Error setting establish_mode: %s", err) + } + local := []map[string]interface{}{} + if vpnGatewayConnection.Local != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionPolicyModeLocalToMap(vpnGatewayConnection.Local) + if err != nil { + return err + } + local = append(local, modelMap) + } + if err = d.Set("local", local); err != nil { + return fmt.Errorf("[ERROR] Error setting local %s", err) + } + + peer := []map[string]interface{}{} + if vpnGatewayConnection.Peer != nil { + modelMap, err := dataSourceIBMIsVPNGatewayConnectionVPNGatewayConnectionPolicyModePeerToMap(vpnGatewayConnection.Peer) + if err != nil { + return err + } + peer = append(peer, modelMap) + } + if err = d.Set("peer", peer); err != nil { + return fmt.Errorf("[ERROR] Error setting peer %s", err) + } + tunnels := []map[string]interface{}{} + d.Set("tunnels", tunnels) + + // Deprecated + if vpnGatewayConnection.Peer != nil { + peer := vpnGatewayConnection.Peer.(*vpcv1.VPNGatewayConnectionPolicyModePeer) + if err = d.Set("peer_address", peer.Address); err != nil { + return fmt.Errorf("[ERROR] Error setting peer_address: %s", err) + } + if len(peer.CIDRs) > 0 { + err = d.Set("peer_cidrs", peer.CIDRs) + if err != nil { + return fmt.Errorf("[ERROR] Error setting Peer CIDRs %s", err) + } + } + } + if err = d.Set("preshared_key", vpnGatewayConnection.Psk); err != nil { + return fmt.Errorf("[ERROR] Error setting psk: %s", err) + } + if err = d.Set("resource_type", vpnGatewayConnection.ResourceType); err != nil { + return fmt.Errorf("[ERROR] Error setting resource_type: %s", err) + } + if err = d.Set("status", vpnGatewayConnection.Status); err != nil { + return fmt.Errorf("[ERROR] Error setting status: %s", err) + } + if err := d.Set("status_reasons", resourceVPNGatewayConnectionFlattenLifecycleReasons(vpnGatewayConnection.StatusReasons)); err != nil { + return fmt.Errorf("[ERROR] Error setting status_reasons: %s", err) + } + // Deprecated + if vpnGatewayConnection.Local != nil { + local := vpnGatewayConnection.Local + if len(local.CIDRs) > 0 { + err = d.Set("local_cidrs", local.CIDRs) + if err != nil { + return fmt.Errorf("[ERROR] Error setting local CIDRs %s", err) + } + } + } + + } + } + + return nil +} + +func resourceVPNGatewayConnectionFlattenTunnels(result []vpcv1.VPNGatewayConnectionStaticRouteModeTunnel) (tunnels []map[string]interface{}) { + for _, tunnelsItem := range result { + tunnels = append(tunnels, resourceVPNGatewayConnectionTunnelsToMap(tunnelsItem)) + } + + return tunnels +} + +func resourceVPNGatewayConnectionTunnelsToMap(tunnelsItem vpcv1.VPNGatewayConnectionStaticRouteModeTunnel) (tunnelsMap map[string]interface{}) { + tunnelsMap = map[string]interface{}{} + + if tunnelsItem.PublicIP != nil { + tunnelsMap["address"] = tunnelsItem.PublicIP.Address + } + if tunnelsItem.Status != nil { + tunnelsMap["status"] = tunnelsItem.Status + } + + return tunnelsMap +} diff --git a/website/docs/d/is_vpn_gateway_connection.html.markdown b/website/docs/d/is_vpn_gateway_connection.html.markdown index afcd61392d..6efcd12834 100644 --- a/website/docs/d/is_vpn_gateway_connection.html.markdown +++ b/website/docs/d/is_vpn_gateway_connection.html.markdown @@ -59,6 +59,8 @@ In addition to all argument references listed, you can access the following attr - `interval` - (Integer) Dead Peer Detection interval in seconds. - `timeout` - (Integer) Dead Peer Detection timeout in seconds. Must be at least the interval. +- `establish_mode` - (String) The establish mode of the VPN gateway connection:- `bidirectional`: Either side of the VPN gateway can initiate IKE protocol negotiations or rekeying processes.- `peer_only`: Only the peer can initiate IKE protocol negotiations for this VPN gateway connection. Additionally, the peer is responsible for initiating the rekeying process after the connection is established. If rekeying does not occur, the VPN gateway connection will be brought down after its lifetime expires. + - `href` - (String) The VPN connection's canonical URL. - `ike_policy` - (List) The IKE policy. If absent, [auto-negotiation isused](https://cloud.ibm.com/docs/vpc?topic=vpc-using-vpn&interface=ui#ike-auto-negotiation-phase-1). @@ -83,10 +85,27 @@ In addition to all argument references listed, you can access the following attr - `local_cidrs` - (List) The local CIDRs for this resource. +- `local` - (List) + Nested schema for **local**: + - `ike_identities` - (List) The local IKE identities.A VPN gateway in static route mode consists of two members in active-active mode. The first identity applies to the first member, and the second identity applies to the second member. + Nested schema for **ike_identities**: + - `type` - (String) The IKE identity type.The enumerated values for this property will expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the backup policy on which the unexpected property value was encountered. + - `value` - (String) The IKE identity FQDN value. + - `mode` - (String) The mode of the VPN gateway. - `name` - (String) The user-defined name for this VPN gateway connection. +- `peer` - (List) + Nested schema for **peer**: + - `address` - (String) The IP address of the peer VPN gateway for this connection. + - `fqdn` - (String) The FQDN of the peer VPN gateway for this connection. + - `ike_identity` - (List) The peer IKE identity. + Nested schema for **ike_identity**: + - `type` - (String) The IKE identity type.The enumerated values for this property will expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the backup policy on which the unexpected property value was encountered. + - `value` - (String) The IKE identity FQDN value. + - `type` - (String) Indicates whether `peer.address` or `peer.fqdn` is used. + - `peer_address` - (String) The IP address of the peer VPN gateway. - `peer_cidrs` - (List) The peer CIDRs for this resource. diff --git a/website/docs/d/is_vpn_gateway_connection_local_cidrs.html.markdown b/website/docs/d/is_vpn_gateway_connection_local_cidrs.html.markdown new file mode 100644 index 0000000000..bde4ea890e --- /dev/null +++ b/website/docs/d/is_vpn_gateway_connection_local_cidrs.html.markdown @@ -0,0 +1,35 @@ +--- +layout: "ibm" +page_title: "IBM : ibm_is_vpn_gateway_connection_local_cidrs" +description: |- + Get information about VPNGatewayConnectionCIDRs +subcategory: "VPC infrastructure" +--- + +# ibm_is_vpn_gateway_connection_local_cidrs + +Provides a read-only data source to retrieve information about VPNGatewayConnectionCIDRs. You can then reference the fields of the data source in other resources within the same configuration by using interpolation syntax. + +## Example Usage + +```terraform +data "ibm_is_vpn_gateway_connection_local_cidrs" "is_vpn_gateway_connection_cidrs" { + vpn_gateway_connection = "vpn_gateway_connection" + vpn_gateway = "vpn_gateway" +} +``` + +## Argument Reference + +You can specify the following arguments for this data source. + +- `vpn_gateway_connection` - (Required, Forces new resource, String) The VPN gateway connection identifier. +- `vpn_gateway` - (Required, Forces new resource, String) The VPN gateway identifier. + +## Attribute Reference + +After your data source is created, you can read values from the following attributes. + +- `id` - The unique identifier of the VPNGatewayConnectionCIDRs. +- `cidrs` - (List) The CIDRs for this resource. + diff --git a/website/docs/d/is_vpn_gateway_connection_peer_cidrs.html.markdown b/website/docs/d/is_vpn_gateway_connection_peer_cidrs.html.markdown new file mode 100644 index 0000000000..43227e36e9 --- /dev/null +++ b/website/docs/d/is_vpn_gateway_connection_peer_cidrs.html.markdown @@ -0,0 +1,35 @@ +--- +layout: "ibm" +page_title: "IBM : ibm_is_vpn_gateway_connection_peer_cidrs" +description: |- + Get information about VPNGatewayConnectionCIDRs +subcategory: "VPC infrastructure" +--- + +# ibm_is_vpn_gateway_connection_peer_cidrs + +Provides a read-only data source to retrieve information about VPNGatewayConnectionCIDRs. You can then reference the fields of the data source in other resources within the same configuration by using interpolation syntax. + +## Example Usage + +```terraform +data "ibm_is_vpn_gateway_connection_peer_cidrs" "is_vpn_gateway_connection_cidrs" { + vpn_gateway_connection = "vpn_gateway_connection" + vpn_gateway = "vpn_gateway" +} +``` + +## Argument Reference + +You can specify the following arguments for this data source. + +- `vpn_gateway_connection` - (Required, Forces new resource, String) The VPN gateway connection identifier. +- `vpn_gateway` - (Required, Forces new resource, String) The VPN gateway identifier. + +## Attribute Reference + +After your data source is created, you can read values from the following attributes. + +- `id` - The unique identifier of the VPNGatewayConnectionCIDRs. +- `cidrs` - (List) The CIDRs for this resource. + diff --git a/website/docs/d/is_vpn_gateway_connections.html.markdown b/website/docs/d/is_vpn_gateway_connections.html.markdown index 28e1187ca3..4c91768a47 100644 --- a/website/docs/d/is_vpn_gateway_connections.html.markdown +++ b/website/docs/d/is_vpn_gateway_connections.html.markdown @@ -43,13 +43,30 @@ In addition to all argument reference list, you can access the following attribu - `admin_state_up` - (String) The VPN gateway connection admin state. Default value is **true**. - `authentication_mode` - (String) The authentication mode. - `created_at`- (Timestamp) The date and time the VPN gateway connection was created. +- `establish_mode` - (String) The establish mode of the VPN gateway connection:- `bidirectional`: Either side of the VPN gateway can initiate IKE protocol negotiations or rekeying processes.- `peer_only`: Only the peer can initiate IKE protocol negotiations for this VPN gateway connection. Additionally, the peer is responsible for initiating the rekeying process after the connection is established. If rekeying does not occur, the VPN gateway connection will be brought down after its lifetime expires. - `id` - (String) The ID of the VPN gateway connection. - `ike_policy` - (String) The VPN gateway connection IKE Policy. - `interval`- (String) Interval for dead peer detection. - `ipsec_policy` - (String) The IP security policy VPN gateway connection. +- `local` - (List) + Nested schema for **local**: + - `ike_identities` - (List) The local IKE identities.A VPN gateway in static route mode consists of two members in active-active mode. The first identity applies to the first member, and the second identity applies to the second member. + Nested schema for **ike_identities**: + - `type` - (String) The IKE identity type.The enumerated values for this property will expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the backup policy on which the unexpected property value was encountered. + - `value` - (String) The IKE identity FQDN value. - `local_cidrs` - (String) The VPN gateway connection local CIDRs. - `mode` - (String) The mode of the VPN gateway. - `name`- (String) The VPN gateway connection name. +- `peer` - (List) + Nested schema for **peer**: + - `address` - (String) The IP address of the peer VPN gateway for this connection. + - `fqdn` - (String) The FQDN of the peer VPN gateway for this connection. + - `ike_identity` - (List) The peer IKE identity. + Nested schema for **ike_identity**: + - `type` - (String) The IKE identity type.The enumerated values for this property will expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the backup policy on which the unexpected property value was encountered. + - `value` - (String) The IKE identity FQDN value. + - `type` - (String) Indicates whether `peer.address` or `peer.fqdn` is used. + - `peer_address` - (String) The VPN gateway connection peer address. - `peer_cidrs` - (String) The VPN gateway connection peer CIDRs. - `resource_type` - (String) The resource type. diff --git a/website/docs/r/is_vpn_gateway_connection.html.markdown b/website/docs/r/is_vpn_gateway_connection.html.markdown index dc50846d40..4c4eaf68e1 100644 --- a/website/docs/r/is_vpn_gateway_connection.html.markdown +++ b/website/docs/r/is_vpn_gateway_connection.html.markdown @@ -92,13 +92,30 @@ Review the argument references that you can specify for your resource. - `action` - (Optional, String) Dead peer detection actions. Supported values are **restart**, **clear**, **hold**, or **none**. Default value is `restart`. - `admin_state_up` - (Optional, Bool) The VPN gateway connection status. Default value is **false**. If set to false, the VPN gateway connection is shut down. +- `establish_mode` - (Optional, String) The establish mode of the VPN gateway connection:- `bidirectional`: Either side of the VPN gateway can initiate IKE protocol negotiations or rekeying processes.- `peer_only`: Only the peer can initiate IKE protocol negotiations for this VPN gateway connection. Additionally, the peer is responsible for initiating the rekeying process after the connection is established. If rekeying does not occur, the VPN gateway connection will be brought down after its lifetime expires. - `ike_policy` - (Optional, String) The ID of the IKE policy. Updating value from ID to `""` or making it `null` or removing it will remove the existing policy. - `interval` - (Optional, Integer) Dead peer detection interval in seconds. Default value is 2. - `ipsec_policy` - (Optional, String) The ID of the IPSec policy. Updating value from ID to `""` or making it `null` or removing it will remove the existing policy. -- `local_cidrs` - (Optional, Forces new resource, List) List of local CIDRs for this resource. +- `local` - (Optional, List) + Nested schema for **local**: + - `ike_identities` - (Required, List) The local IKE identities.A VPN gateway in static route mode consists of two members in active-active mode. The first identity applies to the first member, and the second identity applies to the second member. + Nested schema for **ike_identities**: + - `type` - (Required, String) The IKE identity type.The enumerated values for this property will expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the backup policy on which the unexpected property value was encountered. + - `value` - (Optional, String) The IKE identity FQDN value. +- `local_cidrs` - (Optional, DEPRECATED, Forces new resource, List) List of local CIDRs for this resource. - `name` - (Required, String) The name of the VPN gateway connection. -- `peer_cidrs` - (Optional, Forces new resource, List) List of peer CIDRs for this resource. -- `peer_address` - (Required, String) The IP address of the peer VPN gateway. +- `peer` - (Optional, List) + Nested schema for **peer**: + - `address` - (Optional, String) The IP address of the peer VPN gateway for this connection. + - `fqdn` - (Optional, String) The FQDN of the peer VPN gateway for this connection. + - `ike_identity` - (Required, List) The peer IKE identity. + Nested schema for **ike_identity**: + - `type` - (Required, String) The IKE identity type.The enumerated values for this property will expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the backup policy on which the unexpected property value was encountered. + - `value` - (Optional, String) The IKE identity FQDN value. + - `type` - (Computed, String) Indicates whether `peer.address` or `peer.fqdn` is used. + +- `peer_cidrs` - (Optional, DEPRECATED, Forces new resource, List) List of peer CIDRs for this resource. +- `peer_address` - (Optional, DEPRECATED, String) The IP address of the peer VPN gateway. - `preshared_key` - (Required, Forces new resource, String) The preshared key. - `timeout` - (Optional, Integer) Dead peer detection timeout in seconds. Default value is 10. - `vpn_gateway` - (Required, Forces new resource, String) The unique identifier of the VPN gateway.