[support vpngw bound to ccn instance]

1. add ccn type when creating vpngw
2. support vpngw bound to ccn instance
3. bugfix for new Set function, remove * symbol

[commiter: brickzzhang]

Author: brickzzhang

CHANGELOG.md

@@ -2,8 +2,12 @@
 
 ENHANCEMENTS: 
 Resource: `tencentcloud_redis_instance` add new argument `type_id`,`redis_shard_num`,`redis_replicas_num`
+Resource: `tencentcloud_ccn_attachment` add new type `CNN_INSTANCE_TYPE_VPNGW` for field `instance_type`
+Resource: `tencentcloud_vpn_gateway` add new type `CCN` for field `type`
 Data Source: `tencentcloud_redis_instances` add new argument  `type_id`,`redis_shard_num`,`redis_replicas_num`
 Data Source: `tencentcloud_redis_zone_config` add output argument `type_id` and new output argument  `type_id`,`redis_shard_nums`,`redis_replicas_nums`
+Data Source: `tencentcloud_ccn_instances` add new type `VPNGW` for field `instance_type`
+Data Source: `tencentcloud_vpn_gateways` add new type `CCN` for field `type`
 
 DEPRECATED:
 * Resource: `tencentcloud_redis_instance`: optional argument `type` is no longer supported, replace by `type_id`.

examples/tencentcloud-ccn/main.tf

@@ -37,3 +37,28 @@ resource tencentcloud_ccn_bandwidth_limit limit1 {
   region          = var.other_region
   bandwidth_limit = 500
 }
+
+resource tencentcloud_vpn_gateway ccn_vpngw {
+  name      = "ci-temp-ccn-vpngw"
+  vpc_id    = ""
+  bandwidth = 5
+  zone      = var.availability_zone
+  type      = "CCN"
+
+  tags = {
+    test = "ccn-vpngw-test"
+  }
+}
+
+resource tencentcloud_ccn vpngw_ccn_main {
+  name        = "ci-temp-test-vpngw-ccn"
+  description = "ci-temp-test-vpngw-ccn-des"
+  qos         = "AG"
+}
+
+resource tencentcloud_ccn_attachment vpngw_ccn_attachment {
+  ccn_id          = tencentcloud_ccn.vpngw_ccn_main.id
+  instance_type   = "VPNGW"
+  instance_id     = tencentcloud_vpn_gateway.ccn_vpngw.id
+  instance_region = var.region
+}

examples/tencentcloud-ccn/variables.tf

@@ -5,3 +5,7 @@ variable "region" {
 variable "other_region" {
   default = "ap-shanghai"
 }
+
+variable "availability_zone" {
+  default = "ap-guangzhou-3"
+}

examples/tencentcloud-vpn/main.tf

@@ -63,3 +63,17 @@ data "tencentcloud_vpn_gateways" "example" {
 data "tencentcloud_vpn_connections" "example" {
   id = tencentcloud_vpn_connection.example.id
 }
+
+# The example below shows how to create a vpng gateway in ccn type if it is needed. Then could be used when creating
+# vpn tunnel in the usual way.
+resource tencentcloud_vpn_gateway ccn_vpngw_example {
+  name      = "ccn-vpngw-example"
+  vpc_id    = ""
+  bandwidth = 5
+  zone      = var.availability_zone
+  type      = "CCN"
+
+  tags = {
+    test = "ccn-vpngw-example"
+  }
+}

tencentcloud/data_source_tc_ccn_instances.go

@@ -93,7 +93,7 @@ func dataSourceTencentCloudCcnInstances() *schema.Resource {
 									"instance_type": {
 										Type:        schema.TypeString,
 										Computed:    true,
-										Description: "Type of attached instance network, and available values include VPC, DIRECTCONNECT and BMVPC.",
+										Description: "Type of attached instance network, and available values include VPC, DIRECTCONNECT, BMVPC and VPNGW.",
 									},
 									"instance_region": {
 										Type:        schema.TypeString,

tencentcloud/data_source_tc_vpn_gateways.go

@@ -107,7 +107,7 @@ func dataSourceTencentCloudVpnGateways() *schema.Resource {
 						"type": {
 							Type:        schema.TypeString,
 							Computed:    true,
-							Description: "Type of gateway instance, valid values are `IPSEC`, `SSL`.",
+							Description: "Type of gateway instance, valid values are `IPSEC`, `SSL` and `CCN`.",
 						},
 						"state": {
 							Type:        schema.TypeString,

tencentcloud/extension_cnn.go

@@ -7,3 +7,4 @@ const CNN_QOS_AG = "AG"
 const CNN_INSTANCE_TYPE_VPC = "VPC"
 const CNN_INSTANCE_TYPE_DIRECTCONNECT = "DIRECTCONNECT"
 const CNN_INSTANCE_TYPE_BMVPC = "BMVPC"
+const CNN_INSTANCE_TYPE_VPNGW = "VPNGW"

tencentcloud/resource_tc_ccn_attachment.go

@@ -73,9 +73,9 @@ func resourceTencentCloudCcnAttachment() *schema.Resource {
 			"instance_type": {
 				Type:         schema.TypeString,
 				Required:     true,
-				ValidateFunc: validateAllowedStringValue([]string{CNN_INSTANCE_TYPE_VPC, CNN_INSTANCE_TYPE_DIRECTCONNECT, CNN_INSTANCE_TYPE_BMVPC}),
+				ValidateFunc: validateAllowedStringValue([]string{CNN_INSTANCE_TYPE_VPC, CNN_INSTANCE_TYPE_DIRECTCONNECT, CNN_INSTANCE_TYPE_BMVPC, CNN_INSTANCE_TYPE_VPNGW}),
 				ForceNew:     true,
-				Description:  "Type of attached instance network, and available values include VPC, DIRECTCONNECT and BMVPC.",
+				Description:  "Type of attached instance network, and available values include VPC, DIRECTCONNECT, BMVPC and VPNGW. Note: VPNGW type is only for whitelist customer now.",
 			},
 			"instance_region": {
 				Type:        schema.TypeString,

tencentcloud/resource_tc_ccn_attachment_test.go

@@ -12,6 +12,7 @@ import (
 
 func TestAccTencentCloudCcnV3AttachmentBasic(t *testing.T) {
 	keyName := "tencentcloud_ccn_attachment.attachment"
+	keyNameVpngw := "tencentcloud_ccn_attachment.vpngw_ccn_attachment"
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
@@ -30,6 +31,19 @@ func TestAccTencentCloudCcnV3AttachmentBasic(t *testing.T) {
 					resource.TestCheckResourceAttrSet(keyName, "cidr_block.#"),
 				),
 			},
+			{
+				Config: testAccCcnAttachmentVpngwConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCcnAttachmentExists(keyNameVpngw),
+					resource.TestCheckResourceAttrSet(keyNameVpngw, "ccn_id"),
+					resource.TestCheckResourceAttrSet(keyNameVpngw, "instance_type"),
+					resource.TestCheckResourceAttrSet(keyNameVpngw, "instance_region"),
+					resource.TestCheckResourceAttrSet(keyNameVpngw, "instance_id"),
+					resource.TestCheckResourceAttrSet(keyNameVpngw, "state"),
+					resource.TestCheckResourceAttrSet(keyNameVpngw, "attached_time"),
+					resource.TestCheckResourceAttrSet(keyNameVpngw, "cidr_block.#"),
+				),
+			},
 		},
 	})
 }
@@ -113,3 +127,34 @@ resource tencentcloud_ccn_attachment attachment {
   instance_region = var.region
 }
 `
+
+const testAccCcnAttachmentVpngwConfig = `
+variable "region" {
+  default = "ap-guangzhou"
+}
+
+resource tencentcloud_vpn_gateway ccn_vpngw {
+  name      = "ci-temp-ccn-vpngw"
+  vpc_id    = ""
+  bandwidth = 5
+  zone      = "ap-guangzhou-3"
+  type      = "CCN"
+
+  tags = {
+    test = "ccn-vpngw-test"
+  }
+}
+
+resource tencentcloud_ccn vpngw_ccn_main {
+  name        = "ci-temp-test-vpngw-ccn"
+  description = "ci-temp-test-vpngw-ccn-des"
+  qos         = "AG"
+}
+
+resource tencentcloud_ccn_attachment vpngw_ccn_attachment {
+  ccn_id          = tencentcloud_ccn.vpngw_ccn_main.id
+  instance_type   = "VPNGW"
+  instance_id     = tencentcloud_vpn_gateway.ccn_vpngw.id
+  instance_region = var.region
+}
+`

tencentcloud/resource_tc_vpn_gateway.go

@@ -96,7 +96,8 @@ func resourceTencentCloudVpnGateway() *schema.Resource {
 			"type": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: "Type of gateway instance, valid values are `IPSEC`, `SSL`.",
+				Optional:    true,
+				Description: "Type of gateway instance, valid values are `IPSEC`, `SSL` and `CCN`.",
 			},
 			"state": {
 				Type:        schema.TypeString,
@@ -184,6 +185,9 @@ func resourceTencentCloudVpnGatewayCreate(d *schema.ResourceData, meta interface
 		request.InstanceChargePrepaid = &preChargePara
 	}
 	request.InstanceChargeType = &chargeType
+	if v, ok := d.GetOk("type"); ok {
+		request.Type = helper.String(v.(string))
+	}
 	var response *vpc.CreateVpnGatewayResponse
 	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
 		result, e := meta.(*TencentCloudClient).apiV3Conn.UseVpcClient().CreateVpnGateway(request)
@@ -290,19 +294,19 @@ func resourceTencentCloudVpnGatewayRead(d *schema.ResourceData, meta interface{}
 
 	gateway := response.Response.VpnGatewaySet[0]
 
-	_ = d.Set("name", *gateway.VpnGatewayName)
-	_ = d.Set("public_ip_address", *gateway.PublicIpAddress)
+	_ = d.Set("name", gateway.VpnGatewayName)
+	_ = d.Set("public_ip_address", gateway.PublicIpAddress)
 	_ = d.Set("bandwidth", int(*gateway.InternetMaxBandwidthOut))
-	_ = d.Set("type", *gateway.Type)
-	_ = d.Set("create_time", *gateway.CreatedTime)
-	_ = d.Set("state", *gateway.State)
-	_ = d.Set("prepaid_renew_flag", *gateway.RenewFlag)
-	_ = d.Set("charge_type", *gateway.InstanceChargeType)
-	_ = d.Set("expired_time", *gateway.ExpiredTime)
-	_ = d.Set("is_address_blocked", *gateway.IsAddressBlocked)
-	_ = d.Set("new_purchase_plan", *gateway.NewPurchasePlan)
-	_ = d.Set("restrict_state", *gateway.RestrictState)
-	_ = d.Set("zone", *gateway.Zone)
+	_ = d.Set("type", gateway.Type)
+	_ = d.Set("create_time", gateway.CreatedTime)
+	_ = d.Set("state", gateway.State)
+	_ = d.Set("prepaid_renew_flag", gateway.RenewFlag)
+	_ = d.Set("charge_type", gateway.InstanceChargeType)
+	_ = d.Set("expired_time", gateway.ExpiredTime)
+	_ = d.Set("is_address_blocked", gateway.IsAddressBlocked)
+	_ = d.Set("new_purchase_plan", gateway.NewPurchasePlan)
+	_ = d.Set("restrict_state", gateway.RestrictState)
+	_ = d.Set("zone", gateway.Zone)
 
 	//tags
 	tagService := TagService{client: meta.(*TencentCloudClient).apiV3Conn}
@@ -325,9 +329,15 @@ func resourceTencentCloudVpnGatewayUpdate(d *schema.ResourceData, meta interface
 	d.Partial(true)
 	gatewayId := d.Id()
 
-	//renew
-	if d.HasChange("prepaid_period") || d.HasChange("prepaid_renew_flag") {
-		return fmt.Errorf("Do not support renew operation in update operation. Please renew the instance on controller web page.")
+	unsupportedUpdateFields := []string{
+		"prepaid_period",
+		"prepaid_renew_flag",
+		"type",
+	}
+	for _, field := range unsupportedUpdateFields {
+		if d.HasChange(field) {
+			return fmt.Errorf("Template resource_tc_vpn_gateway update on %s is not supportted yet. Please renew it on controller web page.", field)
+		}
 	}
 
 	if d.HasChange("name") || d.HasChange("charge_type") {
@@ -416,13 +426,14 @@ func resourceTencentCloudVpnGatewayDelete(d *schema.ResourceData, meta interface
 
 	gatewayId := d.Id()
 
-	//prepaid instances can not be deleted
+	//prepaid instances or instances which attached to ccn can not be deleted
 	//to get expire_time of the VPN gateway
 	//to get the status of gateway
-	chargeRequest := vpc.NewDescribeVpnGatewaysRequest()
-	chargeRequest.VpnGatewayIds = []*string{&gatewayId}
-	chargeErr := resource.Retry(readRetryTimeout, func() *resource.RetryError {
-		result, e := meta.(*TencentCloudClient).apiV3Conn.UseVpcClient().DescribeVpnGateways(chargeRequest)
+	//to get the type and networkinstanceid of gateway
+	vpngwRequest := vpc.NewDescribeVpnGatewaysRequest()
+	vpngwRequest.VpnGatewayIds = []*string{&gatewayId}
+	vpngwErr := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		result, e := meta.(*TencentCloudClient).apiV3Conn.UseVpcClient().DescribeVpnGateways(vpngwRequest)
 		if e != nil {
 			return retryError(e)
 		} else {
@@ -440,16 +451,17 @@ func resourceTencentCloudVpnGatewayDelete(d *schema.ResourceData, meta interface
 					if time.Until(t) > 0 {
 						return resource.NonRetryableError(fmt.Errorf("Delete operation is unsupport when VPN gateway is not expired."))
 					}
-					return nil
 				}
-				return nil
+			}
+			if *result.Response.VpnGatewaySet[0].Type == GATE_WAY_TYPE_CCN && *result.Response.VpnGatewaySet[0].NetworkInstanceId != "" {
+				return resource.NonRetryableError(fmt.Errorf("Delete operation is unsupported when VPN gateway is attached to CCN instance."))
 			}
 			return nil
 		}
 	})
-	if chargeErr != nil {
-		log.Printf("[CRITAL]%s describe VPN gateway failed, reason:%s\n", logId, chargeErr.Error())
-		return chargeErr
+	if vpngwErr != nil {
+		log.Printf("[CRITAL]%s describe VPN gateway failed, reason:%s\n", logId, vpngwErr.Error())
+		return vpngwErr
 	}
 
 	//check the vpn gateway is not related with any tunnel

tencentcloud/resource_tc_vpn_gateway_test.go

@@ -39,6 +39,17 @@ func TestAccTencentCloudVpnGateway_basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet("tencentcloud_vpn_gateway.my_cgw", "state"),
 				),
 			},
+			{
+				Config: testAccCcnVpnGatewayConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckVpnGatewayExists("tencentcloud_vpn_gateway.my_ccn_cgw"),
+					resource.TestCheckResourceAttr("tencentcloud_vpn_gateway.my_ccn_cgw", "name", "terraform_ccn_vpngw_test"),
+					resource.TestCheckResourceAttr("tencentcloud_vpn_gateway.my_ccn_cgw", "bandwidth", "5"),
+					resource.TestCheckResourceAttr("tencentcloud_vpn_gateway.my_ccn_cgw", "charge_type", "POSTPAID_BY_HOUR"),
+					resource.TestCheckResourceAttr("tencentcloud_vpn_gateway.my_ccn_cgw", "tags.test", "tf-ccn-vpngw"),
+					resource.TestCheckResourceAttrSet("tencentcloud_vpn_gateway.my_ccn_cgw", "state"),
+				),
+			},
 		},
 	})
 }
@@ -163,5 +174,19 @@ resource "tencentcloud_vpn_gateway" "my_cgw" {
     test = "test"
   }
 }
+`
 
+const testAccCcnVpnGatewayConfig = `
+# Create VPNGW of CCN type
+resource "tencentcloud_vpn_gateway" "my_ccn_cgw" {
+  name      = "terraform_ccn_vpngw_test"
+  bandwidth = 5
+  zone      = "ap-guangzhou-3"
+  vpc_id    = ""
+  type      = "CCN"
+
+  tags = {
+    test = "tf-ccn-vpngw"
+  }
+}
 `

website/docs/d/ccn_instances.html.markdown

@@ -46,7 +46,7 @@ In addition to all arguments above, the following attributes are exported:
     * `cidr_block` - A network address block of the instance that is attached.
     * `instance_id` - ID of instance is attached.
     * `instance_region` - The region that the instance locates at.
-    * `instance_type` - Type of attached instance network, and available values include VPC, DIRECTCONNECT and BMVPC.
+    * `instance_type` - Type of attached instance network, and available values include VPC, DIRECTCONNECT, BMVPC and VPNGW.
     * `state` - States of instance is attached, and available values include PENDING, ACTIVE, EXPIRED, REJECTED, DELETED, FAILED(asynchronous forced disassociation after 2 hours), ATTACHING, DETACHING and DETACHFAILED(asynchronous forced disassociation after 2 hours).
   * `ccn_id` - ID of the CCN.
   * `create_time` - Creation time of resource.

website/docs/d/vpn_gateways.html.markdown

@@ -55,7 +55,7 @@ In addition to all arguments above, the following attributes are exported:
   * `restrict_state` - Restrict state of VPN gateway, valid values are `PRETECIVELY_ISOLATED`, `NORMAL`.
   * `state` - State of the VPN gateway, valid values are `PENDING`, `DELETING`, `AVAILABLE`.
   * `tags` - A list of tags used to associate different resources.
-  * `type` - Type of gateway instance, valid values are `IPSEC`, `SSL`.
+  * `type` - Type of gateway instance, valid values are `IPSEC`, `SSL` and `CCN`.
   * `vpc_id` - ID of the VPC.
   * `zone` - Zone of the VPN gateway.
 

website/docs/r/ccn_attachment.html.markdown

@@ -61,7 +61,7 @@ The following arguments are supported:
 * `ccn_id` - (Required, ForceNew) ID of the CCN.
 * `instance_id` - (Required, ForceNew) ID of instance is attached.
 * `instance_region` - (Required, ForceNew) The region that the instance locates at.
-* `instance_type` - (Required, ForceNew) Type of attached instance network, and available values include VPC, DIRECTCONNECT and BMVPC.
+* `instance_type` - (Required, ForceNew) Type of attached instance network, and available values include VPC, DIRECTCONNECT, BMVPC and VPNGW. Note: VPNGW type is only for whitelist customer now.
 * `ccn_uin` - (Optional, ForceNew) Uin of the ccn attached. Default is ``, which means the uin of this account. This parameter is used with case when attaching ccn of other account to the instance of this account. For now only support instance type `VPC`.
 
 ## Attributes Reference

website/docs/r/vpn_gateway.html.markdown

@@ -58,6 +58,7 @@ The following arguments are supported:
 * `prepaid_period` - (Optional) Period of instance to be prepaid. Valid values are 1, 2, 3, 4, 6, 7, 8, 9, 12, 24, 36 and unit is month. Caution: when this para and renew_flag para are valid, the request means to renew several months more pre-paid period. This para can only be set to take effect in create operation.
 * `prepaid_renew_flag` - (Optional) Flag indicates whether to renew or not, valid values are `NOTIFY_AND_RENEW`, `NOTIFY_AND_AUTO_RENEW`, `NOT_NOTIFY_AND_NOT_RENEW`. This para can only be set to take effect in create operation.
 * `tags` - (Optional) A list of tags used to associate different resources.
+* `type` - (Optional) Type of gateway instance, valid values are `IPSEC`, `SSL` and `CCN`.
 
 ## Attributes Reference
 
@@ -71,7 +72,6 @@ In addition to all arguments above, the following attributes are exported:
 * `public_ip_address` - Public ip of the VPN gateway.
 * `restrict_state` - Restrict state of gateway, valid values are `PRETECIVELY_ISOLATED`, `NORMAL`.
 * `state` - State of the VPN gateway, valid values are `PENDING`, `DELETING`, `AVAILABLE`.
-* `type` - Type of gateway instance, valid values are `IPSEC`, `SSL`.
 
 
 ## Import