VpnGateway: Improves the invoking api method and supports refreshing …

…credential automatically
aliyun · Feb 1, 2025 · 7acddab · 7acddab
1 parent c8488dc
commit 7acddab
Show file tree

Hide file tree

Showing 24 changed files with 694 additions and 3,012 deletions.
diff --git a/alicloud/data_source_alicloud_vpn_gateway_vco_routes.go b/alicloud/data_source_alicloud_vpn_gateway_vco_routes.go
@@ -5,7 +5,6 @@ import (
 	"time"
 
 	"github.com/PaesslerAG/jsonpath"
-	util "github.com/alibabacloud-go/tea-utils/service"
 	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -125,16 +124,11 @@ func dataSourceAlicloudVpnGatewayVcoRoutesRead(d *schema.ResourceData, meta inte
 	}
 	status, statusOk := d.GetOk("status")
 	var response map[string]interface{}
-	conn, err := client.NewVpcClient()
-	if err != nil {
-		return WrapError(err)
-	}
+	var err error
 	for {
-		runtime := util.RuntimeOptions{}
-		runtime.SetAutoretry(true)
 		wait := incrementalWait(3*time.Second, 3*time.Second)
 		err = resource.Retry(5*time.Minute, func() *resource.RetryError {
-			response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2016-04-28"), StringPointer("AK"), nil, request, &runtime)
+			response, err = client.RpcPost("Vpc", "2016-04-28", action, nil, request, true)
 			if err != nil {
 				if NeedRetry(err) {
 					wait()

diff --git a/alicloud/data_source_alicloud_vpn_gateway_vco_routes_test.go b/alicloud/data_source_alicloud_vpn_gateway_vco_routes_test.go
@@ -96,20 +96,32 @@ variable "name" {
 }
 
 resource "alicloud_cen_instance" "default" {
-	cen_instance_name = var.name
+  cen_instance_name = var.name
 }
+
 resource "alicloud_cen_transit_router" "default" {
-	cen_id = alicloud_cen_instance.default.id
-	transit_router_description = "desd"
-	transit_router_name = var.name
+  cen_id                     = alicloud_cen_instance.default.id
+  transit_router_description = var.name
+  transit_router_name        = var.name
+}
+
+resource "alicloud_cen_transit_router_cidr" "default" {
+  transit_router_id        = alicloud_cen_transit_router.default.transit_router_id
+  cidr                     = "192.168.0.0/16"
+  transit_router_cidr_name = var.name
+  description              = var.name
+  publish_cidr_route       = true
 }
+
 data "alicloud_cen_transit_router_available_resources" "default" {}
+
 resource "alicloud_vpn_customer_gateway" "default" {
-  name        = "${var.name}"
-  ip_address  = "42.104.22.210"
-  asn         = "45014"
-  description = "testAccVpnConnectionDesc"
+  customer_gateway_name = var.name
+  ip_address            = "42.104.22.210"
+  asn                   = "45014"
+  description           = var.name
 }
+
 resource "alicloud_vpn_gateway_vpn_attachment" "default" {
   customer_gateway_id = alicloud_vpn_customer_gateway.default.id
   network_type        = "public"
@@ -122,7 +134,7 @@ resource "alicloud_vpn_gateway_vpn_attachment" "default" {
     ike_version  = "ikev2"
     ike_mode     = "main"
     ike_lifetime = 86400
-    psk          = "tf-testvpn2"
+    psk          = "tf-examplevpn2"
     ike_pfs      = "group1"
     remote_id    = "testbob2"
     local_id     = "testalice2"
@@ -152,22 +164,23 @@ resource "alicloud_vpn_gateway_vpn_attachment" "default" {
   vpn_attachment_name  = var.name
 }
 resource "alicloud_cen_transit_router_vpn_attachment" "default" {
-	auto_publish_route_enabled = false
-	transit_router_attachment_description = var.name
-	transit_router_attachment_name = var.name
-	cen_id = alicloud_cen_transit_router.default.cen_id
-	transit_router_id = alicloud_cen_transit_router.default.transit_router_id
-	vpn_id = alicloud_vpn_gateway_vpn_attachment.default.id
-	zone {
-		zone_id = data.alicloud_cen_transit_router_available_resources.default.resources.0.master_zones.0
-	}
+  auto_publish_route_enabled            = false
+  transit_router_attachment_description = var.name
+  transit_router_attachment_name        = var.name
+  cen_id                                = alicloud_cen_transit_router.default.cen_id
+  transit_router_id                     = alicloud_cen_transit_router_cidr.default.transit_router_id
+  vpn_id                                = alicloud_vpn_gateway_vpn_attachment.default.id
+  zone {
+    zone_id = data.alicloud_cen_transit_router_available_resources.default.resources.0.master_zones.0
+  }
 }
 
+
 resource "alicloud_vpn_gateway_vco_route" "default" {
-	route_dest =      "192.168.12.0/24"
-	next_hop =          alicloud_cen_transit_router_vpn_attachment.default.vpn_id
-	vpn_connection_id =  alicloud_cen_transit_router_vpn_attachment.default.vpn_id
-	weight =         100
+  next_hop          = alicloud_cen_transit_router_vpn_attachment.default.vpn_id
+  vpn_connection_id = alicloud_cen_transit_router_vpn_attachment.default.vpn_id
+  weight            = "100"
+  route_dest        = "192.168.10.0/24"
 }
 
 data "alicloud_vpn_gateway_vco_routes" "default" {	

diff --git a/alicloud/data_source_alicloud_vpn_gateway_vpn_attachments.go b/alicloud/data_source_alicloud_vpn_gateway_vpn_attachments.go
@@ -6,7 +6,6 @@ import (
 	"time"
 
 	"github.com/PaesslerAG/jsonpath"
-	util "github.com/alibabacloud-go/tea-utils/service"
 	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -279,16 +278,11 @@ func dataSourceAlicloudVpnGatewayVpnAttachmentsRead(d *schema.ResourceData, meta
 	}
 	status, statusOk := d.GetOk("status")
 	var response map[string]interface{}
-	conn, err := client.NewVpcClient()
-	if err != nil {
-		return WrapError(err)
-	}
+	var err error
 	for {
-		runtime := util.RuntimeOptions{}
-		runtime.SetAutoretry(true)
 		wait := incrementalWait(3*time.Second, 3*time.Second)
 		err = resource.Retry(5*time.Minute, func() *resource.RetryError {
-			response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2016-04-28"), StringPointer("AK"), nil, request, &runtime)
+			response, err = client.RpcPost("Vpc", "2016-04-28", action, nil, request, true)
 			if err != nil {
 				if NeedRetry(err) {
 					wait()

diff --git a/alicloud/data_source_alicloud_vpn_gateways.go b/alicloud/data_source_alicloud_vpn_gateways.go
@@ -10,7 +10,6 @@ import (
 	"time"
 
 	"github.com/PaesslerAG/jsonpath"
-	util "github.com/alibabacloud-go/tea-utils/service"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 
 	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
@@ -20,7 +19,7 @@ import (
 
 func dataSourceAlicloudVpnGateways() *schema.Resource {
 	return &schema.Resource{
-		Read: dataSourceAlicloudVpnsRead,
+		Read: dataSourceAlicloudVpnGatewaysRead,
 
 		Schema: map[string]*schema.Schema{
 			"ids": {
@@ -70,6 +69,12 @@ func dataSourceAlicloudVpnGateways() *schema.Resource {
 				ForceNew:   true,
 				Deprecated: "Field 'enable_ipsec' has been deprecated from provider version 1.193.0 and it will be removed in the future version.",
 			},
+			"ssl_vpn": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				ValidateFunc: validation.StringInSlice([]string{"enable", "disable"}, false),
+			},
 			"include_reservation_data": {
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -138,6 +143,10 @@ func dataSourceAlicloudVpnGateways() *schema.Resource {
 							Type:     schema.TypeString,
 							Computed: true,
 						},
+						"ssl_vpn": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
 						"ssl_connections": {
 							Type:     schema.TypeInt,
 							Computed: true,
@@ -185,7 +194,7 @@ func dataSourceAlicloudVpnGateways() *schema.Resource {
 	}
 }
 
-func dataSourceAlicloudVpnsRead(d *schema.ResourceData, meta interface{}) error {
+func dataSourceAlicloudVpnGatewaysRead(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*connectivity.AliyunClient)
 
 	action := "DescribeVpnGateways"
@@ -228,20 +237,14 @@ func dataSourceAlicloudVpnsRead(d *schema.ResourceData, meta interface{}) error
 	}
 
 	var response map[string]interface{}
-	conn, err := client.NewVpcClient()
-	if err != nil {
-		return WrapError(err)
-	}
-
-	runtime := util.RuntimeOptions{}
-	runtime.SetAutoretry(true)
+	var err error
 	wait := incrementalWait(3*time.Second, 3*time.Second)
 	request["PageNumber"] = 1
 	request["PageSize"] = PageSizeLarge
 
 	for {
 		err = resource.Retry(5*time.Minute, func() *resource.RetryError {
-			response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2016-04-28"), StringPointer("AK"), nil, request, &runtime)
+			response, err = client.RpcPost("Vpc", "2016-04-28", action, nil, request, true)
 			if err != nil {
 				if NeedRetry(err) {
 					wait()
@@ -281,10 +284,14 @@ func dataSourceAlicloudVpnsRead(d *schema.ResourceData, meta interface{}) error
 		request["PageNumber"] = request["PageNumber"].(int) + 1
 	}
 
+	sslVpn := d.Get("ssl_vpn").(string)
 	ids := make([]string, 0)
 	names := make([]interface{}, 0)
 	s := make([]map[string]interface{}, 0)
 	for _, object := range objects {
+		if sslVpn != "" && sslVpn != fmt.Sprint(object["SslVpn"]) {
+			continue
+		}
 		mapping := map[string]interface{}{
 			"id":                            object["VpnGatewayId"],
 			"vpc_id":                        object["VpcId"],
@@ -297,6 +304,7 @@ func dataSourceAlicloudVpnsRead(d *schema.ResourceData, meta interface{}) error
 			"instance_charge_type":          convertChargeType(object["ChargeType"].(string)),
 			"enable_ipsec":                  object["IpsecVpn"],
 			"enable_ssl":                    object["SslVpn"],
+			"ssl_vpn":                       object["SslVpn"],
 			"ssl_connections":               object["SslMaxConnections"],
 			"network_type":                  object["NetworkType"],
 			"disaster_recovery_vswitch_id":  object["DisasterRecoveryVSwitchId"],

diff --git a/alicloud/data_source_alicloud_vpn_ipsec_servers.go b/alicloud/data_source_alicloud_vpn_ipsec_servers.go
@@ -6,7 +6,6 @@ import (
 	"time"
 
 	"github.com/PaesslerAG/jsonpath"
-	util "github.com/alibabacloud-go/tea-utils/service"
 	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -212,16 +211,11 @@ func dataSourceAlicloudVpnIpsecServersRead(d *schema.ResourceData, meta interfac
 		request["IpsecServerId"] = v
 	}
 	var response map[string]interface{}
-	conn, err := client.NewVpcClient()
-	if err != nil {
-		return WrapError(err)
-	}
+	var err error
 	for {
-		runtime := util.RuntimeOptions{}
-		runtime.SetAutoretry(true)
 		wait := incrementalWait(3*time.Second, 3*time.Second)
 		err = resource.Retry(5*time.Minute, func() *resource.RetryError {
-			response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2016-04-28"), StringPointer("AK"), nil, request, &runtime)
+			response, err = client.RpcPost("Vpc", "2016-04-28", action, nil, request, true)
 			if err != nil {
 				if NeedRetry(err) {
 					wait()

diff --git a/alicloud/data_source_alicloud_vpn_ipsec_servers_test.go b/alicloud/data_source_alicloud_vpn_ipsec_servers_test.go
@@ -131,7 +131,7 @@ locals {
 
 data "alicloud_vpn_gateways" "default" {
   vpc_id       = data.alicloud_vpcs.default.ids.0
-  enable_ipsec = true
+  ssl_vpn = "enable"
 }
 
 locals {

diff --git a/alicloud/data_source_alicloud_vpn_pbr_route_entries.go b/alicloud/data_source_alicloud_vpn_pbr_route_entries.go
@@ -5,7 +5,6 @@ import (
 	"time"
 
 	"github.com/PaesslerAG/jsonpath"
-	util "github.com/alibabacloud-go/tea-utils/service"
 	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -96,16 +95,11 @@ func dataSourceAlicloudVpnPbrRouteEntriesRead(d *schema.ResourceData, meta inter
 		}
 	}
 	var response map[string]interface{}
-	conn, err := client.NewVpcClient()
-	if err != nil {
-		return WrapError(err)
-	}
+	var err error
 	for {
-		runtime := util.RuntimeOptions{}
-		runtime.SetAutoretry(true)
 		wait := incrementalWait(3*time.Second, 3*time.Second)
 		err = resource.Retry(5*time.Minute, func() *resource.RetryError {
-			response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2016-04-28"), StringPointer("AK"), nil, request, &runtime)
+			response, err = client.RpcPost("Vpc", "2016-04-28", action, nil, request, true)
 			if err != nil {
 				if NeedRetry(err) {
 					wait()

diff --git a/alicloud/data_source_alicloud_vpn_pbr_route_entries_test.go b/alicloud/data_source_alicloud_vpn_pbr_route_entries_test.go
@@ -64,20 +64,88 @@ variable "name" {
 data "alicloud_vpn_gateways" "default" {
 }
 
-resource "alicloud_vpn_customer_gateway" "default" {
-  name       = var.name
-  ip_address = "192.168.1.1"
+resource "alicloud_vpn_customer_gateway" "defaultCustomerGateway" {
+  description           = "defaultCustomerGateway"
+  ip_address            = "2.2.2.15"
+  asn                   = "2224"
+  customer_gateway_name = var.name
 }
 
 resource "alicloud_vpn_connection" "default" {
-  name                = var.name
-  customer_gateway_id = alicloud_vpn_customer_gateway.default.id
   vpn_gateway_id      = data.alicloud_vpn_gateways.default.ids.0
-  local_subnet        = ["192.168.2.0/24"]
-  remote_subnet       = ["192.168.3.0/24"]
+  vpn_connection_name = var.name
+  local_subnet = [
+    "3.0.0.0/24"
+  ]
+  remote_subnet = [
+    "10.0.0.0/24",
+    "10.0.1.0/24"
+  ]
+  tags = {
+    Created = "TF"
+    For     = "example"
+  }
+  enable_tunnels_bgp = "true"
+  tunnel_options_specification {
+    tunnel_ipsec_config {
+      ipsec_auth_alg = "md5"
+      ipsec_enc_alg  = "aes256"
+      ipsec_lifetime = "16400"
+      ipsec_pfs      = "group5"
+    }
+
+    customer_gateway_id = alicloud_vpn_customer_gateway.defaultCustomerGateway.id
+    role                = "master"
+    tunnel_bgp_config {
+      local_asn    = "1219002"
+      tunnel_cidr  = "169.254.30.0/30"
+      local_bgp_ip = "169.254.30.1"
+    }
+
+    tunnel_ike_config {
+      ike_mode     = "aggressive"
+      ike_version  = "ikev2"
+      local_id     = "localid_tunnel2"
+      psk          = "12345678"
+      remote_id    = "remote2"
+      ike_auth_alg = "md5"
+      ike_enc_alg  = "aes256"
+      ike_lifetime = "3600"
+      ike_pfs      = "group14"
+    }
+
+  }
+  tunnel_options_specification {
+    tunnel_ike_config {
+      remote_id    = "remote24"
+      ike_enc_alg  = "aes256"
+      ike_lifetime = "27000"
+      ike_mode     = "aggressive"
+      ike_pfs      = "group5"
+      ike_auth_alg = "md5"
+      ike_version  = "ikev2"
+      local_id     = "localid_tunnel2"
+      psk          = "12345678"
+    }
+
+    tunnel_ipsec_config {
+      ipsec_lifetime = "2700"
+      ipsec_pfs      = "group14"
+      ipsec_auth_alg = "md5"
+      ipsec_enc_alg  = "aes256"
+    }
+
+    customer_gateway_id = alicloud_vpn_customer_gateway.defaultCustomerGateway.id
+    role                = "slave"
+    tunnel_bgp_config {
+      local_asn    = "1219002"
+      local_bgp_ip = "169.254.40.1"
+      tunnel_cidr  = "169.254.40.0/30"
+    }
+  }
 }
 
-resource alicloud_vpn_pbr_route_entry default {
+resource "alicloud_vpn_pbr_route_entry" "default" {
   vpn_gateway_id = data.alicloud_vpn_gateways.default.ids.0
   route_source   = "192.168.1.0/24"
   route_dest     = "10.0.0.0/24"