feat(vpn): enhance customer gateway resource with id_type, id_value, …

…ca_certificate.id attributes and deprecate route_mode, ip attributes (#5127)
huaweicloud · Jul 5, 2024 · 5cce541 · 5cce541
1 parent 23c8967
commit 5cce541
Show file tree

Hide file tree

Showing 3 changed files with 260 additions and 43 deletions.
diff --git a/docs/resources/vpn_customer_gateway.md b/docs/resources/vpn_customer_gateway.md
@@ -15,24 +15,24 @@ Manages a VPN customer gateway resource within HuaweiCloud.
 
 ```hcl
 variable "name" {}
-variable "ip" {}
+variable "id_value" {}
 
 resource "huaweicloud_vpn_customer_gateway" "test" {
-  name = var.name
-  ip   = var.ip
+  name     = var.name
+  id_value = var.id_value
 }
 ```
 
 ### Manages a VPN customer gateway with CA certificate
 
 ```hcl
 variable "name" {}
-variable "ip" {}
+variable "id_value" {}
 variable "certificate_content" {}
 
 resource "huaweicloud_vpn_customer_gateway" "test" {
   name                = var.name
-  ip                  = var.ip
+  id_value            = var.id_value
   certificate_content = var.certificate_content
 }
 ```
@@ -46,17 +46,19 @@ The following arguments are supported:
 
 * `name` - (Required, String) The customer gateway name.
 
-* `ip` - (Required, String, ForceNew) The IP address of the customer gateway.
+* `id_value` - (Required, String, ForceNew) Specifies the identifier of a customer gateway.
+  When `id_type` is set to **ip**, the value is an IPv4 address in dotted decimal notation, for example, 192.168.45.7.
+  When `id_type` is set to **fqdn**, the value is a string of characters that can contain uppercase letters, lowercase letters,
+  digits, and special characters. Spaces and the following special characters are not supported: & < > [ ] \ ?.
 
   Changing this parameter will create a new resource.
 
-* `route_mode` - (Optional, String, ForceNew) The route mode of the customer gateway. The value can be **static** and **bgp**.
-  Defaults to **bgp**.
+* `id_type` - (Optional, String, ForceNew) Specifies the identifier type of a customer gateway.
+  The value can be **ip** or **fqdn**. The default value is **ip**.
 
-  Changing this parameter will create a new resource.
-
-* `asn` - (Optional, Int, ForceNew) The BGP ASN number of the customer gateway, only works when the route_mode is
-  **bgp**. The value ranges from **1** to **4294967295**, the default value is **65000**.
+* `asn` - (Optional, Int, ForceNew) The BGP ASN number of the customer gateway.
+  The value ranges from **1** to **4294967295**, the default value is **65000**.
+  Set this parameter to **0** when `id_type` is set to **fqdn**.
 
   Changing this parameter will create a new resource.
 
@@ -70,6 +72,8 @@ In addition to all arguments above, the following attributes are exported:
 
 * `id` - The resource ID.
 
+* `certificate_id` - Indicates the ID of the customer gateway certificate.
+
 * `serial_number` - Indicates the serial number of the customer gateway certificate.
 
 * `signature_algorithm` - Indicates the signature algorithm of the customer gateway certificate.
@@ -93,3 +97,19 @@ The customer gateway can be imported using the `id`, e.g.
 ```bash
 $ terraform import huaweicloud_vpn_customer_gateway.test <id>
 ```
+
+Note that the imported state may not be identical to your resource definition, due to some attributes missing from the
+API response, security or some other reason. The missing attribute is `certificate_content`. It is generally recommended
+running `terraform plan` after importing the resource. You can then decide if changes should be applied to the instance,
+or the resource definition should be updated to align with the instance. Also you can ignore changes as below.
+
+```hcl
+resource "huaweicloud_vpn_customer_gateway" "test" {
+    ...
+  lifecycle {
+    ignore_changes = [
+      certificate_content,
+    ]
+  }
+}
+```
diff --git a/huaweicloud/services/acceptance/vpn/resource_huaweicloud_vpn_customer_gateway_test.go b/huaweicloud/services/acceptance/vpn/resource_huaweicloud_vpn_customer_gateway_test.go
@@ -44,13 +44,127 @@ func getCustomerGatewayResourceFunc(conf *config.Config, state *terraform.Resour
 	return utils.FlattenResponse(getCustomerGatewayResp)
 }
 
+func TestAccCustomerGateway_basic_withDeprecatedFields(t *testing.T) {
+	var obj interface{}
+
+	name := acceptance.RandomAccResourceName()
+	nameUpdate := name + "-update"
+	rName := "huaweicloud_vpn_customer_gateway.test"
+	ipAddress := "172.16.1.2"
+
+	rc := acceptance.InitResourceCheck(
+		rName,
+		&obj,
+		getCustomerGatewayResourceFunc,
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { acceptance.TestAccPreCheck(t) },
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		CheckDestroy:      rc.CheckResourceDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testCustomerGateway_basic_withDeprecatedFields(name, ipAddress),
+				Check: resource.ComposeTestCheckFunc(
+					rc.CheckResourceExists(),
+					resource.TestCheckResourceAttr(rName, "name", name),
+					resource.TestCheckResourceAttr(rName, "ip", ipAddress),
+					resource.TestCheckResourceAttr(rName, "tags.key", "val"),
+					resource.TestCheckResourceAttr(rName, "tags.foo", "bar"),
+				),
+			},
+			{
+				Config: testCustomerGateway_update_withDeprecatedFields(nameUpdate, ipAddress),
+				Check: resource.ComposeTestCheckFunc(
+					rc.CheckResourceExists(),
+					resource.TestCheckResourceAttr(rName, "name", nameUpdate),
+					resource.TestCheckResourceAttr(rName, "ip", ipAddress),
+					resource.TestCheckResourceAttr(rName, "tags.key", "val"),
+					resource.TestCheckResourceAttr(rName, "tags.foo", "bar-update"),
+				),
+			},
+			{
+				ResourceName:      rName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					"ip", "route_mode",
+				},
+			},
+		},
+	})
+}
+
+func TestAccCustomerGateway_certificate_withDeprecatedFields(t *testing.T) {
+	var obj interface{}
+
+	name := acceptance.RandomAccResourceName()
+	rName := "huaweicloud_vpn_customer_gateway.test"
+	ipAddress := "172.16.2.3"
+	certificateContent := acceptance.HW_CERTIFICATE_CONTENT
+	certificateContentUpdate := acceptance.HW_CERTIFICATE_CONTENT_UPDATE
+
+	rc := acceptance.InitResourceCheck(
+		rName,
+		&obj,
+		getCustomerGatewayResourceFunc,
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+			acceptance.TestAccPreCheckUpdateCertificateContent(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		CheckDestroy:      rc.CheckResourceDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testCustomerGateway_certificate_withDeprecatedFields(name, ipAddress, certificateContent),
+				Check: resource.ComposeTestCheckFunc(
+					rc.CheckResourceExists(),
+					resource.TestCheckResourceAttr(rName, "name", name),
+					resource.TestCheckResourceAttr(rName, "ip", ipAddress),
+					resource.TestCheckResourceAttrSet(rName, "serial_number"),
+					resource.TestCheckResourceAttrSet(rName, "signature_algorithm"),
+					resource.TestCheckResourceAttrSet(rName, "issuer"),
+					resource.TestCheckResourceAttrSet(rName, "subject"),
+					resource.TestCheckResourceAttrSet(rName, "expire_time"),
+					resource.TestCheckResourceAttrSet(rName, "is_updatable"),
+				),
+			},
+			{
+				Config: testCustomerGateway_certificate_withDeprecatedFields(name, ipAddress, certificateContentUpdate),
+				Check: resource.ComposeTestCheckFunc(
+					rc.CheckResourceExists(),
+					resource.TestCheckResourceAttr(rName, "name", name),
+					resource.TestCheckResourceAttr(rName, "ip", ipAddress),
+					resource.TestCheckResourceAttrSet(rName, "serial_number"),
+					resource.TestCheckResourceAttrSet(rName, "signature_algorithm"),
+					resource.TestCheckResourceAttrSet(rName, "issuer"),
+					resource.TestCheckResourceAttrSet(rName, "subject"),
+					resource.TestCheckResourceAttrSet(rName, "expire_time"),
+					resource.TestCheckResourceAttrSet(rName, "is_updatable"),
+				),
+			},
+			{
+				ResourceName:      rName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					"certificate_content", "ip", "route_mode",
+				},
+			},
+		},
+	})
+}
+
 func TestAccCustomerGateway_basic(t *testing.T) {
 	var obj interface{}
 
 	name := acceptance.RandomAccResourceName()
 	nameUpdate := name + "-update"
 	rName := "huaweicloud_vpn_customer_gateway.test"
-	ipAddress := "172.16.1.1"
+	ipAddress := "172.16.1.4"
 
 	rc := acceptance.InitResourceCheck(
 		rName,
@@ -68,7 +182,7 @@ func TestAccCustomerGateway_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					rc.CheckResourceExists(),
 					resource.TestCheckResourceAttr(rName, "name", name),
-					resource.TestCheckResourceAttr(rName, "ip", ipAddress),
+					resource.TestCheckResourceAttr(rName, "id_value", ipAddress),
 					resource.TestCheckResourceAttr(rName, "tags.key", "val"),
 					resource.TestCheckResourceAttr(rName, "tags.foo", "bar"),
 				),
@@ -78,7 +192,7 @@ func TestAccCustomerGateway_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					rc.CheckResourceExists(),
 					resource.TestCheckResourceAttr(rName, "name", nameUpdate),
-					resource.TestCheckResourceAttr(rName, "ip", ipAddress),
+					resource.TestCheckResourceAttr(rName, "id_value", ipAddress),
 					resource.TestCheckResourceAttr(rName, "tags.key", "val"),
 					resource.TestCheckResourceAttr(rName, "tags.foo", "bar-update"),
 				),
@@ -87,6 +201,9 @@ func TestAccCustomerGateway_basic(t *testing.T) {
 				ResourceName:      rName,
 				ImportState:       true,
 				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{
+					"route_mode",
+				},
 			},
 		},
 	})
@@ -97,7 +214,7 @@ func TestAccCustomerGateway_certificate(t *testing.T) {
 
 	name := acceptance.RandomAccResourceName()
 	rName := "huaweicloud_vpn_customer_gateway.test"
-	ipAddress := "172.16.2.1"
+	ipAddress := "172.16.2.5"
 	certificateContent := acceptance.HW_CERTIFICATE_CONTENT
 	certificateContentUpdate := acceptance.HW_CERTIFICATE_CONTENT_UPDATE
 
@@ -120,7 +237,7 @@ func TestAccCustomerGateway_certificate(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					rc.CheckResourceExists(),
 					resource.TestCheckResourceAttr(rName, "name", name),
-					resource.TestCheckResourceAttr(rName, "ip", ipAddress),
+					resource.TestCheckResourceAttr(rName, "id_value", ipAddress),
 					resource.TestCheckResourceAttrSet(rName, "serial_number"),
 					resource.TestCheckResourceAttrSet(rName, "signature_algorithm"),
 					resource.TestCheckResourceAttrSet(rName, "issuer"),
@@ -134,7 +251,7 @@ func TestAccCustomerGateway_certificate(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					rc.CheckResourceExists(),
 					resource.TestCheckResourceAttr(rName, "name", name),
-					resource.TestCheckResourceAttr(rName, "ip", ipAddress),
+					resource.TestCheckResourceAttr(rName, "id_value", ipAddress),
 					resource.TestCheckResourceAttrSet(rName, "serial_number"),
 					resource.TestCheckResourceAttrSet(rName, "signature_algorithm"),
 					resource.TestCheckResourceAttrSet(rName, "issuer"),
@@ -144,17 +261,18 @@ func TestAccCustomerGateway_certificate(t *testing.T) {
 				),
 			},
 			{
-				ResourceName: rName,
-				ImportState:  true,
+				ResourceName:      rName,
+				ImportState:       true,
+				ImportStateVerify: true,
 				ImportStateVerifyIgnore: []string{
-					"content",
+					"certificate_content", "ip", "route_mode",
 				},
 			},
 		},
 	})
 }
 
-func testCustomerGateway_basic(name, ipAddress string) string {
+func testCustomerGateway_basic_withDeprecatedFields(name, ipAddress string) string {
 	return fmt.Sprintf(`
 resource "huaweicloud_vpn_customer_gateway" "test" {
   name = "%s"
@@ -167,23 +285,59 @@ resource "huaweicloud_vpn_customer_gateway" "test" {
 }`, name, ipAddress)
 }
 
-func testCustomerGateway_update(name, ipAddress string) string {
+func testCustomerGateway_update_withDeprecatedFields(name, ipAddress string) string {
 	return fmt.Sprintf(`
 resource "huaweicloud_vpn_customer_gateway" "test" {
   name = "%s"
   ip   = "%s"
+
   tags = {
     key = "val"
     foo = "bar-update"
   }
 }`, name, ipAddress)
 }
 
-func testCustomerGateway_certificate(name, ipAddress string, certificateContent string) string {
+func testCustomerGateway_certificate_withDeprecatedFields(name, ipAddress, certificateContent string) string {
 	return fmt.Sprintf(`
 resource "huaweicloud_vpn_customer_gateway" "test" {
   name                = "%s"
   ip                  = "%s"
   certificate_content = "%s"
 }`, name, ipAddress, certificateContent)
 }
+
+func testCustomerGateway_basic(name, ipAddress string) string {
+	return fmt.Sprintf(`
+resource "huaweicloud_vpn_customer_gateway" "test" {
+  name     = "%s"
+  id_value = "%s"
+
+  tags = {
+    key = "val"
+    foo = "bar"
+  }
+}`, name, ipAddress)
+}
+
+func testCustomerGateway_update(name, ipAddress string) string {
+	return fmt.Sprintf(`
+resource "huaweicloud_vpn_customer_gateway" "test" {
+  name     = "%s"
+  id_value = "%s"
+
+  tags = {
+    key = "val"
+    foo = "bar-update"
+  }
+}`, name, ipAddress)
+}
+
+func testCustomerGateway_certificate(name, ipAddress, certificateContent string) string {
+	return fmt.Sprintf(`
+resource "huaweicloud_vpn_customer_gateway" "test" {
+  name                = "%s"
+  id_value            = "%s"
+  certificate_content = "%s"
+}`, name, ipAddress, certificateContent)
+}