feat(tse): [115375235] support tse network access_control (#2581)

* feat(tse): [115375235] support tse network access_control

* feat: add change log

* fix: modify test

* fix: modify test

Author: gitmkn

.changelog/2581.txt

@@ -0,0 +1,3 @@
+```release-note:new-resource
+tencentcloud_tse_cngw_network_access_control
+```

tencentcloud/provider.go

@@ -1850,6 +1850,7 @@ func Provider() *schema.Provider {
 			"tencentcloud_tse_waf_protection":                                  tse.ResourceTencentCloudTseWafProtection(),
 			"tencentcloud_tse_waf_domains":                                     tse.ResourceTencentCloudTseWafDomains(),
 			"tencentcloud_tse_cngw_network":                                    tse.ResourceTencentCloudTseCngwNetwork(),
+			"tencentcloud_tse_cngw_network_access_control":                     tse.ResourceTencentCloudTseCngwNetworkAccessControl(),
 			"tencentcloud_tse_cngw_strategy":                                   tse.ResourceTencentCloudTseCngwStrategy(),
 			"tencentcloud_tse_cngw_strategy_bind_group":                        tse.ResourceTencentCloudTseCngwStrategyBindGroup(),
 			"tencentcloud_clickhouse_instance":                                 cdwch.ResourceTencentCloudClickhouseInstance(),

tencentcloud/provider.md

@@ -1929,6 +1929,7 @@ Tencent Cloud Service Engine(TSE)
     tencentcloud_tse_cngw_network
     tencentcloud_tse_cngw_strategy
     tencentcloud_tse_cngw_strategy_bind_group
+    tencentcloud_tse_cngw_network_access_control
 
 ClickHouse(CDWCH)
   Data Source

tencentcloud/services/tse/resource_tc_tse_cngw_network_access_control.go

@@ -0,0 +1,235 @@
+package tse
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	tse "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tse/v20201207"
+	tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+)
+
+func ResourceTencentCloudTseCngwNetworkAccessControl() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudTseCngwNetworkAccessControlCreate,
+		Read:   resourceTencentCloudTseCngwNetworkAccessControlRead,
+		Update: resourceTencentCloudTseCngwNetworkAccessControlUpdate,
+		Delete: resourceTencentCloudTseCngwNetworkAccessControlDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"gateway_id": {
+				Required:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "gateway ID.",
+			},
+
+			"group_id": {
+				Required:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "gateway group ID.",
+			},
+
+			"network_id": {
+				Required:    true,
+				ForceNew:    true,
+				Type:        schema.TypeString,
+				Description: "network id.",
+			},
+
+			"access_control": {
+				Type:        schema.TypeList,
+				MaxItems:    1,
+				Optional:    true,
+				Description: "access control policy.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"mode": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Computed:    true,
+							Description: "Access mode: `Whitelist`, `Blacklist`.",
+						},
+						"cidr_white_list": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Elem:        &schema.Schema{Type: schema.TypeString},
+							Description: "White list.",
+						},
+						"cidr_black_list": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Elem:        &schema.Schema{Type: schema.TypeString},
+							Description: "Black list.",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func resourceTencentCloudTseCngwNetworkAccessControlCreate(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_tse_cngw_network_access_control.create")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	var (
+		gatewayId string
+		groupId   string
+		networkId string
+	)
+	if v, ok := d.GetOk("gateway_id"); ok {
+		gatewayId = v.(string)
+	}
+	if v, ok := d.GetOk("group_id"); ok {
+		groupId = v.(string)
+	}
+	if v, ok := d.GetOk("network_id"); ok {
+		networkId = v.(string)
+	}
+	d.SetId(gatewayId + tccommon.FILED_SP + groupId + tccommon.FILED_SP + networkId)
+
+	return resourceTencentCloudTseCngwNetworkAccessControlUpdate(d, meta)
+}
+
+func resourceTencentCloudTseCngwNetworkAccessControlRead(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_tse_cngw_network_access_control.read")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+	ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
+
+	service := TseService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+
+	idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
+	if len(idSplit) != 3 {
+		return fmt.Errorf("id is broken,%s", d.Id())
+	}
+	gatewayId := idSplit[0]
+	groupId := idSplit[1]
+	networkId := idSplit[2]
+
+	cngwNetwork, err := service.DescribeTseCngwNetworkById(ctx, gatewayId, groupId, networkId)
+	if err != nil {
+		return err
+	}
+
+	if cngwNetwork == nil {
+		d.SetId("")
+		log.Printf("[WARN]%s resource `TseCngwNetworkAccessControl` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+		return nil
+	}
+
+	_ = d.Set("gateway_id", gatewayId)
+	_ = d.Set("group_id", groupId)
+	_ = d.Set("network_id", networkId)
+
+	if cngwNetwork.PublicNetwork != nil {
+		internetConfig := cngwNetwork.PublicNetwork
+		if internetConfig.AccessControl != nil {
+			accessControlMap := map[string]interface{}{}
+
+			accessControl := internetConfig.AccessControl
+			if accessControl.Mode != nil {
+				accessControlMap["mode"] = accessControl.Mode
+			}
+			if accessControl.Mode != nil {
+				accessControlMap["cidr_white_list"] = accessControl.CidrWhiteList
+			}
+			if accessControl.Mode != nil {
+				accessControlMap["cidr_black_list"] = accessControl.CidrBlackList
+			}
+			_ = d.Set("access_control", []interface{}{accessControlMap})
+		}
+	}
+
+	return nil
+}
+
+func resourceTencentCloudTseCngwNetworkAccessControlUpdate(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_tse_cngw_network_access_control.update")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	logId := tccommon.GetLogId(tccommon.ContextNil)
+	ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId)
+
+	request := tse.NewModifyNetworkAccessStrategyRequest()
+
+	idSplit := strings.Split(d.Id(), tccommon.FILED_SP)
+	if len(idSplit) != 3 {
+		return fmt.Errorf("id is broken,%s", d.Id())
+	}
+	gatewayId := idSplit[0]
+	groupId := idSplit[1]
+	networkId := idSplit[2]
+
+	service := TseService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()}
+	cngwNetwork, err := service.DescribeTseCngwNetworkById(ctx, gatewayId, groupId, networkId)
+	if err != nil {
+		return err
+	}
+	if cngwNetwork == nil {
+		return fmt.Errorf("[WARN]%s resource `TseCngwNetworkAccessControl` [%s] not found, please check if it has been deleted.\n", logId, d.Id())
+	}
+
+	request.GatewayId = helper.String(gatewayId)
+	request.GroupId = helper.String(groupId)
+	// The interface only supports public network
+	request.NetworkType = helper.String("Open")
+	request.Vip = cngwNetwork.PublicNetwork.Vip
+
+	if d.HasChange("access_control") {
+		if dMap, ok := helper.InterfacesHeadMap(d, "access_control"); ok {
+			accessControl := tse.NetworkAccessControl{}
+			if v, ok := dMap["mode"]; ok {
+				accessControl.Mode = helper.String(v.(string))
+			}
+			if v, ok := dMap["cidr_white_list"]; ok {
+				whitelist := v.([]interface{})
+				accessControl.CidrWhiteList = helper.InterfacesStringsPoint(whitelist)
+			}
+			if v, ok := dMap["cidr_black_list"]; ok {
+				blacklist := v.([]interface{})
+				accessControl.CidrBlackList = helper.InterfacesStringsPoint(blacklist)
+			}
+			request.AccessControl = &accessControl
+		}
+	}
+
+	err = resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseTseClient().ModifyNetworkAccessStrategy(request)
+		if e != nil {
+			return tccommon.RetryError(e)
+		} else {
+			log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s update tse cngwNetworkAccessStrategy failed, reason:%+v", logId, err)
+		return err
+	}
+
+	conf := tccommon.BuildStateChangeConf([]string{}, []string{"Open"}, 5*tccommon.ReadRetryTimeout, time.Second, service.TseCngwNetworkStateRefreshFunc(gatewayId, groupId, networkId, []string{}))
+
+	if _, e := conf.WaitForState(); e != nil {
+		return e
+	}
+
+	return resourceTencentCloudTseCngwNetworkAccessControlRead(d, meta)
+}
+
+func resourceTencentCloudTseCngwNetworkAccessControlDelete(d *schema.ResourceData, meta interface{}) error {
+	defer tccommon.LogElapsed("resource.tencentcloud_tse_cngw_network_access_control.delete")()
+	defer tccommon.InconsistentCheck(d, meta)()
+
+	return nil
+}

tencentcloud/services/tse/resource_tc_tse_cngw_network_access_control.md

@@ -0,0 +1,23 @@
+Provides a resource to create a tse cngw_network_access_control
+
+Example Usage
+
+```hcl
+resource "tencentcloud_tse_cngw_network_access_control" "cngw_network_access_control" {
+  gateway_id                 = "gateway-cf8c99c3"
+  group_id                   = "group-a160d123"
+  network_id                 = "network-372b1e84"
+  access_control {
+    mode            = "Whitelist"
+    cidr_white_list = ["1.1.1.0"]
+  }
+}
+```
+
+Import
+
+tse cngw_route_rate_limit can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_tse_cngw_network_access_control.cngw_network_access_control gatewayId#groupId#networkId
+```

tencentcloud/services/tse/resource_tc_tse_cngw_network_access_control_test.go

@@ -0,0 +1,48 @@
+package tse_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest"
+)
+
+func TestAccTencentCloudNeedFixTseCngwNetworkAccessControlResource_basic(t *testing.T) {
+	t.Parallel()
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			tcacctest.AccPreCheck(t)
+		},
+		Providers: tcacctest.AccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTseCngwNetworkAccessControl,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("tencentcloud_tse_cngw_network_access_control.cngw_network_access_control", "id"),
+					resource.TestCheckResourceAttr("tencentcloud_tse_cngw_network_access_control.cngw_network_access_control", "access_control.#", "1"),
+					resource.TestCheckResourceAttr("tencentcloud_tse_cngw_network_access_control.cngw_network_access_control", "access_control.0.mode", "Whitelist"),
+					resource.TestCheckResourceAttr("tencentcloud_tse_cngw_network_access_control.cngw_network_access_control", "access_control.0.cidr_white_list.#", "1"),
+				),
+			},
+			{
+				ResourceName:      "tencentcloud_tse_cngw_network_access_control.cngw_network_access_control",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+const testAccTseCngwNetworkAccessControl = `
+
+resource "tencentcloud_tse_cngw_network_access_control" "cngw_network_access_control" {
+	gateway_id                 = "gateway-cf1790c7"
+	group_id                   = "group-d8d99615"
+	network_id                 = "network-9cd9821f"
+	access_control {
+	  mode            = "Whitelist"
+	  cidr_white_list = ["1.1.1.0"]
+	}
+  }
+
+`

website/docs/r/tse_cngw_network_access_control.html.markdown

@@ -0,0 +1,58 @@
+---
+subcategory: "Tencent Cloud Service Engine(TSE)"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_tse_cngw_network_access_control"
+sidebar_current: "docs-tencentcloud-resource-tse_cngw_network_access_control"
+description: |-
+  Provides a resource to create a tse cngw_network_access_control
+---
+
+# tencentcloud_tse_cngw_network_access_control
+
+Provides a resource to create a tse cngw_network_access_control
+
+## Example Usage
+
+```hcl
+resource "tencentcloud_tse_cngw_network_access_control" "cngw_network_access_control" {
+  gateway_id = "gateway-cf8c99c3"
+  group_id   = "group-a160d123"
+  network_id = "network-372b1e84"
+  access_control {
+    mode            = "Whitelist"
+    cidr_white_list = ["1.1.1.0"]
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `gateway_id` - (Required, String, ForceNew) gateway ID.
+* `group_id` - (Required, String, ForceNew) gateway group ID.
+* `network_id` - (Required, String, ForceNew) network id.
+* `access_control` - (Optional, List) access control policy.
+
+The `access_control` object supports the following:
+
+* `cidr_black_list` - (Optional, List) Black list.
+* `cidr_white_list` - (Optional, List) White list.
+* `mode` - (Optional, String) Access mode: `Whitelist`, `Blacklist`.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - ID of the resource.
+
+
+
+## Import
+
+tse cngw_route_rate_limit can be imported using the id, e.g.
+
+```
+terraform import tencentcloud_tse_cngw_network_access_control.cngw_network_access_control gatewayId#groupId#networkId
+```
+

website/tencentcloud.erb

@@ -4397,6 +4397,9 @@
                                 <li>
                                     <a href="/docs/providers/tencentcloud/r/tse_cngw_network.html">tencentcloud_tse_cngw_network</a>
                                 </li>
+                                <li>
+                                    <a href="/docs/providers/tencentcloud/r/tse_cngw_network_access_control.html">tencentcloud_tse_cngw_network_access_control</a>
+                                </li>
                                 <li>
                                     <a href="/docs/providers/tencentcloud/r/tse_cngw_route.html">tencentcloud_tse_cngw_route</a>
                                 </li>