Skip to content

Commit 394bcc3

Browse files
gitmknSevenEarth
authored andcommitted
feat(tse): [115375235] support tse network access_control (#2581)
* feat(tse): [115375235] support tse network access_control * feat: add change log * fix: modify test * fix: modify test
1 parent e8e58b3 commit 394bcc3

8 files changed

+372
-0
lines changed

.changelog/2581.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
```release-note:new-resource
2+
tencentcloud_tse_cngw_network_access_control
3+
```

tencentcloud/provider.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1850,6 +1850,7 @@ func Provider() *schema.Provider {
18501850
"tencentcloud_tse_waf_protection": tse.ResourceTencentCloudTseWafProtection(),
18511851
"tencentcloud_tse_waf_domains": tse.ResourceTencentCloudTseWafDomains(),
18521852
"tencentcloud_tse_cngw_network": tse.ResourceTencentCloudTseCngwNetwork(),
1853+
"tencentcloud_tse_cngw_network_access_control": tse.ResourceTencentCloudTseCngwNetworkAccessControl(),
18531854
"tencentcloud_tse_cngw_strategy": tse.ResourceTencentCloudTseCngwStrategy(),
18541855
"tencentcloud_tse_cngw_strategy_bind_group": tse.ResourceTencentCloudTseCngwStrategyBindGroup(),
18551856
"tencentcloud_clickhouse_instance": cdwch.ResourceTencentCloudClickhouseInstance(),

tencentcloud/provider.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1929,6 +1929,7 @@ Tencent Cloud Service Engine(TSE)
19291929
tencentcloud_tse_cngw_network
19301930
tencentcloud_tse_cngw_strategy
19311931
tencentcloud_tse_cngw_strategy_bind_group
1932+
tencentcloud_tse_cngw_network_access_control
19321933

19331934
ClickHouse(CDWCH)
19341935
Data Source
Lines changed: 235 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,235 @@
1+
package tse
2+
3+
import (
4+
"context"
5+
"fmt"
6+
"log"
7+
"strings"
8+
"time"
9+
10+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
11+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
12+
tse "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tse/v20201207"
13+
tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
14+
"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
15+
)
16+
17+
func ResourceTencentCloudTseCngwNetworkAccessControl() *schema.Resource {
18+
return &schema.Resource{
19+
Create: resourceTencentCloudTseCngwNetworkAccessControlCreate,
20+
Read: resourceTencentCloudTseCngwNetworkAccessControlRead,
21+
Update: resourceTencentCloudTseCngwNetworkAccessControlUpdate,
22+
Delete: resourceTencentCloudTseCngwNetworkAccessControlDelete,
23+
Importer: &schema.ResourceImporter{
24+
State: schema.ImportStatePassthrough,
25+
},
26+
Schema: map[string]*schema.Schema{
27+
"gateway_id": {
28+
Required: true,
29+
ForceNew: true,
30+
Type: schema.TypeString,
31+
Description: "gateway ID.",
32+
},
33+
34+
"group_id": {
35+
Required: true,
36+
ForceNew: true,
37+
Type: schema.TypeString,
38+
Description: "gateway group ID.",
39+
},
40+
41+
"network_id": {
42+
Required: true,
43+
ForceNew: true,
44+
Type: schema.TypeString,
45+
Description: "network id.",
46+
},
47+
48+
"access_control": {
49+
Type: schema.TypeList,
50+
MaxItems: 1,
51+
Optional: true,
52+
Description: "access control policy.",
53+
Elem: &schema.Resource{
54+
Schema: map[string]*schema.Schema{
55+
"mode": {
56+
Type: schema.TypeString,
57+
Optional: true,
58+
Computed: true,
59+
Description: "Access mode: `Whitelist`, `Blacklist`.",
60+
},
61+
"cidr_white_list": {
62+
Type: schema.TypeList,
63+
Optional: true,
64+
Elem: &schema.Schema{Type: schema.TypeString},
65+
Description: "White list.",
66+
},
67+
"cidr_black_list": {
68+
Type: schema.TypeList,
69+
Optional: true,
70+
Elem: &schema.Schema{Type: schema.TypeString},
71+
Description: "Black list.",
72+
},
73+
},
74+
},
75+
},
76+
},
77+
}
78+
}
79+
80+
func resourceTencentCloudTseCngwNetworkAccessControlCreate(d *schema.ResourceData, meta interface{}) error {
81+
defer tccommon.LogElapsed("resource.tencentcloud_tse_cngw_network_access_control.create")()
82+
defer tccommon.InconsistentCheck(d, meta)()
83+
84+
var (
85+
gatewayId string
86+
groupId string
87+
networkId string
88+
)
89+
if v, ok := d.GetOk("gateway_id"); ok {
90+
gatewayId = v.(string)
91+
}
92+
if v, ok := d.GetOk("group_id"); ok {
93+
groupId = v.(string)
94+
}
95+
if v, ok := d.GetOk("network_id"); ok {
96+
networkId = v.(string)
97+
}
98+
d.SetId(gatewayId + tccommon.FILED_SP + groupId + tccommon.FILED_SP + networkId)
99+
100+
return resourceTencentCloudTseCngwNetworkAccessControlUpdate(d, meta)
101+
}
102+
103+
func resourceTencentCloudTseCngwNetworkAccessControlRead(d *schema.ResourceData, meta interface{}) error {
104+
defer tccommon.LogElapsed("resource.tencentcloud_tse_cngw_network_access_control.read")()
105+
defer tccommon.InconsistentCheck(d, meta)()
106+
107+
logId := tccommon.GetLogId(tccommon.ContextNil)
108+
ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
109+
110+
service := TseService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
111+
112+
idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
113+
if len(idSplit) != 3 {
114+
return fmt.Errorf("id is broken,%s", d.Id())
115+
}
116+
gatewayId := idSplit[0]
117+
groupId := idSplit[1]
118+
networkId := idSplit[2]
119+
120+
cngwNetwork, err := service.DescribeTseCngwNetworkById(ctx, gatewayId, groupId, networkId)
121+
if err != nil {
122+
return err
123+
}
124+
125+
if cngwNetwork == nil {
126+
d.SetId("")
127+
log.Printf("[WARN]%s resource `TseCngwNetworkAccessControl` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
128+
return nil
129+
}
130+
131+
_ = d.Set("gateway_id", gatewayId)
132+
_ = d.Set("group_id", groupId)
133+
_ = d.Set("network_id", networkId)
134+
135+
if cngwNetwork.PublicNetwork != nil {
136+
internetConfig := cngwNetwork.PublicNetwork
137+
if internetConfig.AccessControl != nil {
138+
accessControlMap := map[string]interface{}{}
139+
140+
accessControl := internetConfig.AccessControl
141+
if accessControl.Mode != nil {
142+
accessControlMap["mode"] = accessControl.Mode
143+
}
144+
if accessControl.Mode != nil {
145+
accessControlMap["cidr_white_list"] = accessControl.CidrWhiteList
146+
}
147+
if accessControl.Mode != nil {
148+
accessControlMap["cidr_black_list"] = accessControl.CidrBlackList
149+
}
150+
_ = d.Set("access_control", []interface{}{accessControlMap})
151+
}
152+
}
153+
154+
return nil
155+
}
156+
157+
func resourceTencentCloudTseCngwNetworkAccessControlUpdate(d *schema.ResourceData, meta interface{}) error {
158+
defer tccommon.LogElapsed("resource.tencentcloud_tse_cngw_network_access_control.update")()
159+
defer tccommon.InconsistentCheck(d, meta)()
160+
161+
logId := tccommon.GetLogId(tccommon.ContextNil)
162+
ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
163+
164+
request := tse.NewModifyNetworkAccessStrategyRequest()
165+
166+
idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
167+
if len(idSplit) != 3 {
168+
return fmt.Errorf("id is broken,%s", d.Id())
169+
}
170+
gatewayId := idSplit[0]
171+
groupId := idSplit[1]
172+
networkId := idSplit[2]
173+
174+
service := TseService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
175+
cngwNetwork, err := service.DescribeTseCngwNetworkById(ctx, gatewayId, groupId, networkId)
176+
if err != nil {
177+
return err
178+
}
179+
if cngwNetwork == nil {
180+
return fmt.Errorf("[WARN]%s resource `TseCngwNetworkAccessControl` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
181+
}
182+
183+
request.GatewayId = helper.String(gatewayId)
184+
request.GroupId = helper.String(groupId)
185+
// The interface only supports public network
186+
request.NetworkType = helper.String("Open")
187+
request.Vip = cngwNetwork.PublicNetwork.Vip
188+
189+
if d.HasChange("access_control") {
190+
if dMap, ok := helper.InterfacesHeadMap(d, "access_control"); ok {
191+
accessControl := tse.NetworkAccessControl{}
192+
if v, ok := dMap["mode"]; ok {
193+
accessControl.Mode = helper.String(v.(string))
194+
}
195+
if v, ok := dMap["cidr_white_list"]; ok {
196+
whitelist := v.([]interface{})
197+
accessControl.CidrWhiteList = helper.InterfacesStringsPoint(whitelist)
198+
}
199+
if v, ok := dMap["cidr_black_list"]; ok {
200+
blacklist := v.([]interface{})
201+
accessControl.CidrBlackList = helper.InterfacesStringsPoint(blacklist)
202+
}
203+
request.AccessControl = &accessControl
204+
}
205+
}
206+
207+
err = resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
208+
result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseTseClient().ModifyNetworkAccessStrategy(request)
209+
if e != nil {
210+
return tccommon.RetryError(e)
211+
} else {
212+
log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
213+
}
214+
return nil
215+
})
216+
if err != nil {
217+
log.Printf("[CRITAL]%s update tse cngwNetworkAccessStrategy failed, reason:%+v", logId, err)
218+
return err
219+
}
220+
221+
conf := tccommon.BuildStateChangeConf([]string{}, []string{"Open"}, 5*tccommon.ReadRetryTimeout, time.Second, service.TseCngwNetworkStateRefreshFunc(gatewayId, groupId, networkId, []string{}))
222+
223+
if _, e := conf.WaitForState(); e != nil {
224+
return e
225+
}
226+
227+
return resourceTencentCloudTseCngwNetworkAccessControlRead(d, meta)
228+
}
229+
230+
func resourceTencentCloudTseCngwNetworkAccessControlDelete(d *schema.ResourceData, meta interface{}) error {
231+
defer tccommon.LogElapsed("resource.tencentcloud_tse_cngw_network_access_control.delete")()
232+
defer tccommon.InconsistentCheck(d, meta)()
233+
234+
return nil
235+
}
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
Provides a resource to create a tse cngw_network_access_control
2+
3+
Example Usage
4+
5+
```hcl
6+
resource "tencentcloud_tse_cngw_network_access_control" "cngw_network_access_control" {
7+
gateway_id = "gateway-cf8c99c3"
8+
group_id = "group-a160d123"
9+
network_id = "network-372b1e84"
10+
access_control {
11+
mode = "Whitelist"
12+
cidr_white_list = ["1.1.1.0"]
13+
}
14+
}
15+
```
16+
17+
Import
18+
19+
tse cngw_route_rate_limit can be imported using the id, e.g.
20+
21+
```
22+
terraform import tencentcloud_tse_cngw_network_access_control.cngw_network_access_control gatewayId#groupId#networkId
23+
```
Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
package tse_test
2+
3+
import (
4+
"testing"
5+
6+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
7+
tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest"
8+
)
9+
10+
func TestAccTencentCloudNeedFixTseCngwNetworkAccessControlResource_basic(t *testing.T) {
11+
t.Parallel()
12+
resource.Test(t, resource.TestCase{
13+
PreCheck: func() {
14+
tcacctest.AccPreCheck(t)
15+
},
16+
Providers: tcacctest.AccProviders,
17+
Steps: []resource.TestStep{
18+
{
19+
Config: testAccTseCngwNetworkAccessControl,
20+
Check: resource.ComposeTestCheckFunc(
21+
resource.TestCheckResourceAttrSet("tencentcloud_tse_cngw_network_access_control.cngw_network_access_control", "id"),
22+
resource.TestCheckResourceAttr("tencentcloud_tse_cngw_network_access_control.cngw_network_access_control", "access_control.#", "1"),
23+
resource.TestCheckResourceAttr("tencentcloud_tse_cngw_network_access_control.cngw_network_access_control", "access_control.0.mode", "Whitelist"),
24+
resource.TestCheckResourceAttr("tencentcloud_tse_cngw_network_access_control.cngw_network_access_control", "access_control.0.cidr_white_list.#", "1"),
25+
),
26+
},
27+
{
28+
ResourceName: "tencentcloud_tse_cngw_network_access_control.cngw_network_access_control",
29+
ImportState: true,
30+
ImportStateVerify: true,
31+
},
32+
},
33+
})
34+
}
35+
36+
const testAccTseCngwNetworkAccessControl = `
37+
38+
resource "tencentcloud_tse_cngw_network_access_control" "cngw_network_access_control" {
39+
gateway_id = "gateway-cf1790c7"
40+
group_id = "group-d8d99615"
41+
network_id = "network-9cd9821f"
42+
access_control {
43+
mode = "Whitelist"
44+
cidr_white_list = ["1.1.1.0"]
45+
}
46+
}
47+
48+
`
Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
---
2+
subcategory: "Tencent Cloud Service Engine(TSE)"
3+
layout: "tencentcloud"
4+
page_title: "TencentCloud: tencentcloud_tse_cngw_network_access_control"
5+
sidebar_current: "docs-tencentcloud-resource-tse_cngw_network_access_control"
6+
description: |-
7+
Provides a resource to create a tse cngw_network_access_control
8+
---
9+
10+
# tencentcloud_tse_cngw_network_access_control
11+
12+
Provides a resource to create a tse cngw_network_access_control
13+
14+
## Example Usage
15+
16+
```hcl
17+
resource "tencentcloud_tse_cngw_network_access_control" "cngw_network_access_control" {
18+
gateway_id = "gateway-cf8c99c3"
19+
group_id = "group-a160d123"
20+
network_id = "network-372b1e84"
21+
access_control {
22+
mode = "Whitelist"
23+
cidr_white_list = ["1.1.1.0"]
24+
}
25+
}
26+
```
27+
28+
## Argument Reference
29+
30+
The following arguments are supported:
31+
32+
* `gateway_id` - (Required, String, ForceNew) gateway ID.
33+
* `group_id` - (Required, String, ForceNew) gateway group ID.
34+
* `network_id` - (Required, String, ForceNew) network id.
35+
* `access_control` - (Optional, List) access control policy.
36+
37+
The `access_control` object supports the following:
38+
39+
* `cidr_black_list` - (Optional, List) Black list.
40+
* `cidr_white_list` - (Optional, List) White list.
41+
* `mode` - (Optional, String) Access mode: `Whitelist`, `Blacklist`.
42+
43+
## Attributes Reference
44+
45+
In addition to all arguments above, the following attributes are exported:
46+
47+
* `id` - ID of the resource.
48+
49+
50+
51+
## Import
52+
53+
tse cngw_route_rate_limit can be imported using the id, e.g.
54+
55+
```
56+
terraform import tencentcloud_tse_cngw_network_access_control.cngw_network_access_control gatewayId#groupId#networkId
57+
```
58+

website/tencentcloud.erb

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4397,6 +4397,9 @@
43974397
<li>
43984398
<a href="/docs/providers/tencentcloud/r/tse_cngw_network.html">tencentcloud_tse_cngw_network</a>
43994399
</li>
4400+
<li>
4401+
<a href="/docs/providers/tencentcloud/r/tse_cngw_network_access_control.html">tencentcloud_tse_cngw_network_access_control</a>
4402+
</li>
44004403
<li>
44014404
<a href="/docs/providers/tencentcloud/r/tse_cngw_route.html">tencentcloud_tse_cngw_route</a>
44024405
</li>

0 commit comments

Comments
 (0)