ibm_is_vpc_routing_table_route does not accept a VPN connection ID as next_hop

[hbog]

Terraform Version

Terraform v0.14.6

• provider registry.terraform.io/ibm-cloud/ibm v1.21.0

Affected Resource(s)

• ibm_is_vpc_routing_table_route

Terraform Configuration Files

Debug Output

https://gist.github.com/hbog/6a54e8a3a8688c23f3f37d41c6a8e8d1

Expected Behavior

A route should be created with the vpn gateway connection as next-hop, as per the API documentation:
--next-hop value: If the action is 'deliver', the IP address or VPN connection ID of the next hop to which to route packets

Actual Behavior

The next-hop only accepts an IP address. A valid VPN connection ID is not accepted and throws an error: Error: Invalid json payload provided

Steps to Reproduce

resource "ibm_is_vpc" "vpc1" {
  name = "vpc1"
}
resource "ibm_is_subnet" "subnet1" {
  name            = "subnet1"
  vpc             = ibm_is_vpc.vpc1.id
  zone            = var.zone
  ipv4_cidr_block = "10.240.0.0/28"
}
resource "ibm_is_ipsec_policy" "example" {
  name                     = "test-ipsec"
  authentication_algorithm = "md5"
  encryption_algorithm     = "triple_des"
  pfs                      = "disabled"
}
resource "ibm_is_vpn_gateway" "VPNGateway1" {
  name   = "vpn1"
  subnet = ibm_is_subnet.subnet1.id
  mode   = "route"
}
resource "ibm_is_vpn_gateway_connection" "VPNGatewayConnection1" {
  name          = "vpnconn1"
  vpn_gateway   = ibm_is_vpn_gateway.VPNGateway1.id
  peer_address  = ibm_is_vpn_gateway.VPNGateway1.public_ip_address
  preshared_key = "VPNDemoPassword"
  local_cidrs   = [ibm_is_subnet.subnet1.ipv4_cidr_block]
  peer_cidrs    = "10.10.0.0/16"
  ipsec_policy  = ibm_is_ipsec_policy.example.id
}
resource "ibm_is_vpc_routing_table_route" "route-example-dc" {
  routing_table = ibm_is_subnet.subnet1.routing_table
  name        = "route-example-dc"                         
  vpc         = ibm_is_vpc.vpc1.id                   
  zone        = var.zone                        
  destination = "10.10.0.0/16"
  next_hop    = ibm_is_vpn_gateway_connection.VPNGatewayConnection1.id
}                                  

apply

Important Factoids

N/A

References

N/A

[hkantare]

The ibm_is_vpn_gateway_connection.VPNGatewayConnection1.id is combination of both VPN gateway/connection ..Can you please spilit the id using element to split the string

element(split("/", ibm_is_vpn_gateway_connection.VPNGatewayConnection1.id), 1)

We will introduce an additional attribute connection_id to set only the gateway connection ID

[hbog]

Splitting the string does not help. It still throws the error: 'RouteTemplate.NextHop.RouteNextHopIP.Address' Error:Field validation for 'Address' failed on the 'validAddr' tag".

[hkantare]

@hbog We are working with respective service team ..We found the support is not enabled from SDK .
Once SDK is supported we will update the provider to add the support to take an ID

[powellquiring]

Sorry for the ibm internal comment. See the SDK answer on this slack https://ibm-cloudplatform.slack.com/archives/CHY2EP4JJ/p1615338217001300?thread_ts=1614692283.003100&cid=CHY2EP4JJ

https://github.ibm.com/cloud-api-docs/vpc/pull/107#pullrequestreview-7228195 includes this fix — will be included in today’s API refresh.

[powellquiring]

@astha-jain is the SDK up to date? Can this be resolved, the work around is painful.

[lionelmace]

I need a fix for this as well.

[hkantare]

This is supported in lates release
https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_vpc_routing_table_route

[powellquiring]

It took me a couple of tries to get this to work. @hkantare is the value for next_hop what you expect?

resource "ibm_is_vpc_routing_table_route" "test_ibm_is_vpc_routing_table_route" {
  for_each = local.vpn_route_based_modules
  vpc              = each.value.vpc.id
  routing_table    = each.value.routing_table.routing_table
  zone             = local.transits[each.key].zones[0].zone
  name             = each.value.vpc.name
  destination      = local.transits[local.other[each.key]].cidr
  action           = "deliver"
  next_hop         = split("/", ibm_is_vpn_gateway_connection.route_transits[each.key].id)[1]
}

Either way an example should provided. The docs https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_vpc_routing_table_route have a typo:

next_hop = vpnConnectinID

[hkantare]

The value of next_hop should be the vpn connection id only (ibm_is_vpn_gateway_connection.route_transits.id is combination of both gateway/connectionid)
Update the documentation example
Add a new attribute connection to ibm_is_vpn_gateway_connection so where it will have only connection ID...(no need to split function)

[kavya498]

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_vpn_gateway_connection#attribute-reference
please find gateway_connectionattribute.

[kavya498]

Closing this issue
Thanks