VpnGateway: Improves the invoking api method and supports refreshing …

…credential automatically
aliyun · Feb 1, 2025 · f7f87f2 · f7f87f2
1 parent c8488dc
commit f7f87f2
Show file tree

Hide file tree

Showing 21 changed files with 427 additions and 691 deletions.
diff --git a/alicloud/data_source_alicloud_vpn_gateway_vco_routes.go b/alicloud/data_source_alicloud_vpn_gateway_vco_routes.go
@@ -5,7 +5,6 @@ import (
 	"time"
 
 	"github.com/PaesslerAG/jsonpath"
-	util "github.com/alibabacloud-go/tea-utils/service"
 	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -125,16 +124,11 @@ func dataSourceAlicloudVpnGatewayVcoRoutesRead(d *schema.ResourceData, meta inte
 	}
 	status, statusOk := d.GetOk("status")
 	var response map[string]interface{}
-	conn, err := client.NewVpcClient()
-	if err != nil {
-		return WrapError(err)
-	}
+	var err error
 	for {
-		runtime := util.RuntimeOptions{}
-		runtime.SetAutoretry(true)
 		wait := incrementalWait(3*time.Second, 3*time.Second)
 		err = resource.Retry(5*time.Minute, func() *resource.RetryError {
-			response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2016-04-28"), StringPointer("AK"), nil, request, &runtime)
+			response, err = client.RpcPost("Vpc", "2016-04-28", action, nil, request, true)
 			if err != nil {
 				if NeedRetry(err) {
 					wait()

diff --git a/alicloud/data_source_alicloud_vpn_gateway_vpn_attachments.go b/alicloud/data_source_alicloud_vpn_gateway_vpn_attachments.go
@@ -6,7 +6,6 @@ import (
 	"time"
 
 	"github.com/PaesslerAG/jsonpath"
-	util "github.com/alibabacloud-go/tea-utils/service"
 	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -279,16 +278,11 @@ func dataSourceAlicloudVpnGatewayVpnAttachmentsRead(d *schema.ResourceData, meta
 	}
 	status, statusOk := d.GetOk("status")
 	var response map[string]interface{}
-	conn, err := client.NewVpcClient()
-	if err != nil {
-		return WrapError(err)
-	}
+	var err error
 	for {
-		runtime := util.RuntimeOptions{}
-		runtime.SetAutoretry(true)
 		wait := incrementalWait(3*time.Second, 3*time.Second)
 		err = resource.Retry(5*time.Minute, func() *resource.RetryError {
-			response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2016-04-28"), StringPointer("AK"), nil, request, &runtime)
+			response, err = client.RpcPost("Vpc", "2016-04-28", action, nil, request, true)
 			if err != nil {
 				if NeedRetry(err) {
 					wait()

diff --git a/alicloud/data_source_alicloud_vpn_gateways.go b/alicloud/data_source_alicloud_vpn_gateways.go
@@ -10,7 +10,6 @@ import (
 	"time"
 
 	"github.com/PaesslerAG/jsonpath"
-	util "github.com/alibabacloud-go/tea-utils/service"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 
 	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
@@ -20,7 +19,7 @@ import (
 
 func dataSourceAlicloudVpnGateways() *schema.Resource {
 	return &schema.Resource{
-		Read: dataSourceAlicloudVpnsRead,
+		Read: dataSourceAlicloudVpnGatewaysRead,
 
 		Schema: map[string]*schema.Schema{
 			"ids": {
@@ -70,6 +69,12 @@ func dataSourceAlicloudVpnGateways() *schema.Resource {
 				ForceNew:   true,
 				Deprecated: "Field 'enable_ipsec' has been deprecated from provider version 1.193.0 and it will be removed in the future version.",
 			},
+			"ssl_vpn": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				ValidateFunc: validation.StringInSlice([]string{"enable", "disable"}, false),
+			},
 			"include_reservation_data": {
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -138,6 +143,10 @@ func dataSourceAlicloudVpnGateways() *schema.Resource {
 							Type:     schema.TypeString,
 							Computed: true,
 						},
+						"ssl_vpn": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
 						"ssl_connections": {
 							Type:     schema.TypeInt,
 							Computed: true,
@@ -185,7 +194,7 @@ func dataSourceAlicloudVpnGateways() *schema.Resource {
 	}
 }
 
-func dataSourceAlicloudVpnsRead(d *schema.ResourceData, meta interface{}) error {
+func dataSourceAlicloudVpnGatewaysRead(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*connectivity.AliyunClient)
 
 	action := "DescribeVpnGateways"
@@ -228,20 +237,14 @@ func dataSourceAlicloudVpnsRead(d *schema.ResourceData, meta interface{}) error
 	}
 
 	var response map[string]interface{}
-	conn, err := client.NewVpcClient()
-	if err != nil {
-		return WrapError(err)
-	}
-
-	runtime := util.RuntimeOptions{}
-	runtime.SetAutoretry(true)
+	var err error
 	wait := incrementalWait(3*time.Second, 3*time.Second)
 	request["PageNumber"] = 1
 	request["PageSize"] = PageSizeLarge
 
 	for {
 		err = resource.Retry(5*time.Minute, func() *resource.RetryError {
-			response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2016-04-28"), StringPointer("AK"), nil, request, &runtime)
+			response, err = client.RpcPost("Vpc", "2016-04-28", action, nil, request, true)
 			if err != nil {
 				if NeedRetry(err) {
 					wait()
@@ -281,10 +284,14 @@ func dataSourceAlicloudVpnsRead(d *schema.ResourceData, meta interface{}) error
 		request["PageNumber"] = request["PageNumber"].(int) + 1
 	}
 
+	sslVpn := d.Get("ssl_vpn").(string)
 	ids := make([]string, 0)
 	names := make([]interface{}, 0)
 	s := make([]map[string]interface{}, 0)
 	for _, object := range objects {
+		if sslVpn != "" && sslVpn != fmt.Sprint(object["SslVpn"]) {
+			continue
+		}
 		mapping := map[string]interface{}{
 			"id":                            object["VpnGatewayId"],
 			"vpc_id":                        object["VpcId"],
@@ -297,6 +304,7 @@ func dataSourceAlicloudVpnsRead(d *schema.ResourceData, meta interface{}) error
 			"instance_charge_type":          convertChargeType(object["ChargeType"].(string)),
 			"enable_ipsec":                  object["IpsecVpn"],
 			"enable_ssl":                    object["SslVpn"],
+			"ssl_vpn":                       object["SslVpn"],
 			"ssl_connections":               object["SslMaxConnections"],
 			"network_type":                  object["NetworkType"],
 			"disaster_recovery_vswitch_id":  object["DisasterRecoveryVSwitchId"],

diff --git a/alicloud/data_source_alicloud_vpn_ipsec_servers.go b/alicloud/data_source_alicloud_vpn_ipsec_servers.go
@@ -6,7 +6,6 @@ import (
 	"time"
 
 	"github.com/PaesslerAG/jsonpath"
-	util "github.com/alibabacloud-go/tea-utils/service"
 	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -212,16 +211,11 @@ func dataSourceAlicloudVpnIpsecServersRead(d *schema.ResourceData, meta interfac
 		request["IpsecServerId"] = v
 	}
 	var response map[string]interface{}
-	conn, err := client.NewVpcClient()
-	if err != nil {
-		return WrapError(err)
-	}
+	var err error
 	for {
-		runtime := util.RuntimeOptions{}
-		runtime.SetAutoretry(true)
 		wait := incrementalWait(3*time.Second, 3*time.Second)
 		err = resource.Retry(5*time.Minute, func() *resource.RetryError {
-			response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2016-04-28"), StringPointer("AK"), nil, request, &runtime)
+			response, err = client.RpcPost("Vpc", "2016-04-28", action, nil, request, true)
 			if err != nil {
 				if NeedRetry(err) {
 					wait()

diff --git a/alicloud/data_source_alicloud_vpn_ipsec_servers_test.go b/alicloud/data_source_alicloud_vpn_ipsec_servers_test.go
@@ -131,7 +131,7 @@ locals {
 
 data "alicloud_vpn_gateways" "default" {
   vpc_id       = data.alicloud_vpcs.default.ids.0
-  enable_ipsec = true
+  ssl_vpn = "enable"
 }
 
 locals {

diff --git a/alicloud/data_source_alicloud_vpn_pbr_route_entries.go b/alicloud/data_source_alicloud_vpn_pbr_route_entries.go
@@ -5,7 +5,6 @@ import (
 	"time"
 
 	"github.com/PaesslerAG/jsonpath"
-	util "github.com/alibabacloud-go/tea-utils/service"
 	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -96,16 +95,11 @@ func dataSourceAlicloudVpnPbrRouteEntriesRead(d *schema.ResourceData, meta inter
 		}
 	}
 	var response map[string]interface{}
-	conn, err := client.NewVpcClient()
-	if err != nil {
-		return WrapError(err)
-	}
+	var err error
 	for {
-		runtime := util.RuntimeOptions{}
-		runtime.SetAutoretry(true)
 		wait := incrementalWait(3*time.Second, 3*time.Second)
 		err = resource.Retry(5*time.Minute, func() *resource.RetryError {
-			response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2016-04-28"), StringPointer("AK"), nil, request, &runtime)
+			response, err = client.RpcPost("Vpc", "2016-04-28", action, nil, request, true)
 			if err != nil {
 				if NeedRetry(err) {
 					wait()

diff --git a/alicloud/data_source_alicloud_vpn_pbr_route_entries_test.go b/alicloud/data_source_alicloud_vpn_pbr_route_entries_test.go
@@ -64,20 +64,88 @@ variable "name" {
 data "alicloud_vpn_gateways" "default" {
 }
 
-resource "alicloud_vpn_customer_gateway" "default" {
-  name       = var.name
-  ip_address = "192.168.1.1"
+resource "alicloud_vpn_customer_gateway" "defaultCustomerGateway" {
+  description           = "defaultCustomerGateway"
+  ip_address            = "2.2.2.15"
+  asn                   = "2224"
+  customer_gateway_name = var.name
 }
 
 resource "alicloud_vpn_connection" "default" {
-  name                = var.name
-  customer_gateway_id = alicloud_vpn_customer_gateway.default.id
   vpn_gateway_id      = data.alicloud_vpn_gateways.default.ids.0
-  local_subnet        = ["192.168.2.0/24"]
-  remote_subnet       = ["192.168.3.0/24"]
+  vpn_connection_name = var.name
+  local_subnet = [
+    "3.0.0.0/24"
+  ]
+  remote_subnet = [
+    "10.0.0.0/24",
+    "10.0.1.0/24"
+  ]
+  tags = {
+    Created = "TF"
+    For     = "example"
+  }
+  enable_tunnels_bgp = "true"
+  tunnel_options_specification {
+    tunnel_ipsec_config {
+      ipsec_auth_alg = "md5"
+      ipsec_enc_alg  = "aes256"
+      ipsec_lifetime = "16400"
+      ipsec_pfs      = "group5"
+    }
+
+    customer_gateway_id = alicloud_vpn_customer_gateway.defaultCustomerGateway.id
+    role                = "master"
+    tunnel_bgp_config {
+      local_asn    = "1219002"
+      tunnel_cidr  = "169.254.30.0/30"
+      local_bgp_ip = "169.254.30.1"
+    }
+
+    tunnel_ike_config {
+      ike_mode     = "aggressive"
+      ike_version  = "ikev2"
+      local_id     = "localid_tunnel2"
+      psk          = "12345678"
+      remote_id    = "remote2"
+      ike_auth_alg = "md5"
+      ike_enc_alg  = "aes256"
+      ike_lifetime = "3600"
+      ike_pfs      = "group14"
+    }
+
+  }
+  tunnel_options_specification {
+    tunnel_ike_config {
+      remote_id    = "remote24"
+      ike_enc_alg  = "aes256"
+      ike_lifetime = "27000"
+      ike_mode     = "aggressive"
+      ike_pfs      = "group5"
+      ike_auth_alg = "md5"
+      ike_version  = "ikev2"
+      local_id     = "localid_tunnel2"
+      psk          = "12345678"
+    }
+
+    tunnel_ipsec_config {
+      ipsec_lifetime = "2700"
+      ipsec_pfs      = "group14"
+      ipsec_auth_alg = "md5"
+      ipsec_enc_alg  = "aes256"
+    }
+
+    customer_gateway_id = alicloud_vpn_customer_gateway.defaultCustomerGateway.id
+    role                = "slave"
+    tunnel_bgp_config {
+      local_asn    = "1219002"
+      local_bgp_ip = "169.254.40.1"
+      tunnel_cidr  = "169.254.40.0/30"
+    }
+  }
 }
 
-resource alicloud_vpn_pbr_route_entry default {
+resource "alicloud_vpn_pbr_route_entry" "default" {
   vpn_gateway_id = data.alicloud_vpn_gateways.default.ids.0
   route_source   = "192.168.1.0/24"
   route_dest     = "10.0.0.0/24"

diff --git a/alicloud/resource_alicloud_vpn_gateway_vco_route.go b/alicloud/resource_alicloud_vpn_gateway_vco_route.go
@@ -7,7 +7,6 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
 
-	util "github.com/alibabacloud-go/tea-utils/service"
 	"github.com/aliyun/terraform-provider-alicloud/alicloud/connectivity"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -65,10 +64,7 @@ func resourceAlicloudVpnGatewayVcoRouteCreate(d *schema.ResourceData, meta inter
 	var response map[string]interface{}
 	action := "CreateVcoRouteEntry"
 	request := make(map[string]interface{})
-	conn, err := client.NewVpcClient()
-	if err != nil {
-		return WrapError(err)
-	}
+	var err error
 	request["RegionId"] = client.RegionId
 	request["Weight"] = d.Get("weight")
 	request["NextHop"] = d.Get("next_hop")
@@ -78,11 +74,9 @@ func resourceAlicloudVpnGatewayVcoRouteCreate(d *schema.ResourceData, meta inter
 		request["OverlayMode"] = v
 	}
 	request["ClientToken"] = buildClientToken("CreateVcoRouteEntry")
-	runtime := util.RuntimeOptions{}
-	runtime.SetAutoretry(true)
 	wait := incrementalWait(3*time.Second, 3*time.Second)
 	err = resource.Retry(client.GetRetryTimeout(d.Timeout(schema.TimeoutCreate)), func() *resource.RetryError {
-		response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2016-04-28"), StringPointer("AK"), nil, request, &runtime)
+		response, err = client.RpcPost("Vpc", "2016-04-28", action, nil, request, true)
 		if err != nil {
 			if IsExpectedErrors(err, []string{"VpnGateway.Configuring", "TaskConflict", "Appliance.Configuring", "VpnTask.CONFLICT", "VpnConnection.Configuring"}) || NeedRetry(err) {
 				wait()
@@ -122,10 +116,7 @@ func resourceAlicloudVpnGatewayVcoRouteRead(d *schema.ResourceData, meta interfa
 }
 func resourceAlicloudVpnGatewayVcoRouteDelete(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*connectivity.AliyunClient)
-	conn, err := client.NewVpcClient()
-	if err != nil {
-		return WrapError(err)
-	}
+	var err error
 	parts, err := ParseResourceId(d.Id(), 4)
 	if err != nil {
 		return WrapError(err)
@@ -141,11 +132,9 @@ func resourceAlicloudVpnGatewayVcoRouteDelete(d *schema.ResourceData, meta inter
 	request["Weight"] = parts[3]
 
 	request["ClientToken"] = buildClientToken("DeleteVcoRouteEntry")
-	runtime := util.RuntimeOptions{}
-	runtime.SetAutoretry(true)
 	wait := incrementalWait(3*time.Second, 3*time.Second)
 	err = resource.Retry(client.GetRetryTimeout(d.Timeout(schema.TimeoutDelete)), func() *resource.RetryError {
-		response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2016-04-28"), StringPointer("AK"), nil, request, &runtime)
+		response, err = client.RpcPost("Vpc", "2016-04-28", action, nil, request, true)
 		if err != nil {
 			if IsExpectedErrors(err, []string{"VpnGateway.Configuring", "TaskConflict", "Appliance.Configuring", "VpnTask.CONFLICT", "VpnConnection.Configuring"}) || NeedRetry(err) {
 				wait()