diff --git a/.changelog/2581.txt b/.changelog/2581.txt new file mode 100644 index 0000000000..5ba9a67bdf --- /dev/null +++ b/.changelog/2581.txt @@ -0,0 +1,3 @@ +```release-note:new-resource +tencentcloud_tse_cngw_network_access_control +``` \ No newline at end of file diff --git a/tencentcloud/provider.go b/tencentcloud/provider.go index 337b38e604..4eb7e3c2b4 100644 --- a/tencentcloud/provider.go +++ b/tencentcloud/provider.go @@ -1845,6 +1845,7 @@ func Provider() *schema.Provider { "tencentcloud_tse_waf_protection": tse.ResourceTencentCloudTseWafProtection(), "tencentcloud_tse_waf_domains": tse.ResourceTencentCloudTseWafDomains(), "tencentcloud_tse_cngw_network": tse.ResourceTencentCloudTseCngwNetwork(), + "tencentcloud_tse_cngw_network_access_control": tse.ResourceTencentCloudTseCngwNetworkAccessControl(), "tencentcloud_tse_cngw_strategy": tse.ResourceTencentCloudTseCngwStrategy(), "tencentcloud_tse_cngw_strategy_bind_group": tse.ResourceTencentCloudTseCngwStrategyBindGroup(), "tencentcloud_clickhouse_instance": cdwch.ResourceTencentCloudClickhouseInstance(), diff --git a/tencentcloud/provider.md b/tencentcloud/provider.md index 3da5667232..8c3a168325 100644 --- a/tencentcloud/provider.md +++ b/tencentcloud/provider.md @@ -1930,6 +1930,7 @@ Tencent Cloud Service Engine(TSE) tencentcloud_tse_cngw_network tencentcloud_tse_cngw_strategy tencentcloud_tse_cngw_strategy_bind_group + tencentcloud_tse_cngw_network_access_control ClickHouse(CDWCH) Data Source diff --git a/tencentcloud/services/tse/resource_tc_tse_cngw_network_access_control.go b/tencentcloud/services/tse/resource_tc_tse_cngw_network_access_control.go new file mode 100644 index 0000000000..4624830126 --- /dev/null +++ b/tencentcloud/services/tse/resource_tc_tse_cngw_network_access_control.go @@ -0,0 +1,235 @@ +package tse + +import ( + "context" + "fmt" + "log" + "strings" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + tse "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tse/v20201207" + tccommon "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/common" + "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper" +) + +func ResourceTencentCloudTseCngwNetworkAccessControl() *schema.Resource { + return &schema.Resource{ + Create: resourceTencentCloudTseCngwNetworkAccessControlCreate, + Read: resourceTencentCloudTseCngwNetworkAccessControlRead, + Update: resourceTencentCloudTseCngwNetworkAccessControlUpdate, + Delete: resourceTencentCloudTseCngwNetworkAccessControlDelete, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "gateway_id": { + Required: true, + ForceNew: true, + Type: schema.TypeString, + Description: "gateway ID.", + }, + + "group_id": { + Required: true, + ForceNew: true, + Type: schema.TypeString, + Description: "gateway group ID.", + }, + + "network_id": { + Required: true, + ForceNew: true, + Type: schema.TypeString, + Description: "network id.", + }, + + "access_control": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Description: "access control policy.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "mode": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Access mode: `Whitelist`, `Blacklist`.", + }, + "cidr_white_list": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: "White list.", + }, + "cidr_black_list": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: "Black list.", + }, + }, + }, + }, + }, + } +} + +func resourceTencentCloudTseCngwNetworkAccessControlCreate(d *schema.ResourceData, meta interface{}) error { + defer tccommon.LogElapsed("resource.tencentcloud_tse_cngw_network_access_control.create")() + defer tccommon.InconsistentCheck(d, meta)() + + var ( + gatewayId string + groupId string + networkId string + ) + if v, ok := d.GetOk("gateway_id"); ok { + gatewayId = v.(string) + } + if v, ok := d.GetOk("group_id"); ok { + groupId = v.(string) + } + if v, ok := d.GetOk("network_id"); ok { + networkId = v.(string) + } + d.SetId(gatewayId + tccommon.FILED_SP + groupId + tccommon.FILED_SP + networkId) + + return resourceTencentCloudTseCngwNetworkAccessControlUpdate(d, meta) +} + +func resourceTencentCloudTseCngwNetworkAccessControlRead(d *schema.ResourceData, meta interface{}) error { + defer tccommon.LogElapsed("resource.tencentcloud_tse_cngw_network_access_control.read")() + defer tccommon.InconsistentCheck(d, meta)() + + logId := tccommon.GetLogId(tccommon.ContextNil) + ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId) + + service := TseService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()} + + idSplit := strings.Split(d.Id(), tccommon.FILED_SP) + if len(idSplit) != 3 { + return fmt.Errorf("id is broken,%s", d.Id()) + } + gatewayId := idSplit[0] + groupId := idSplit[1] + networkId := idSplit[2] + + cngwNetwork, err := service.DescribeTseCngwNetworkById(ctx, gatewayId, groupId, networkId) + if err != nil { + return err + } + + if cngwNetwork == nil { + d.SetId("") + log.Printf("[WARN]%s resource `TseCngwNetworkAccessControl` [%s] not found, please check if it has been deleted.\n", logId, d.Id()) + return nil + } + + _ = d.Set("gateway_id", gatewayId) + _ = d.Set("group_id", groupId) + _ = d.Set("network_id", networkId) + + if cngwNetwork.PublicNetwork != nil { + internetConfig := cngwNetwork.PublicNetwork + if internetConfig.AccessControl != nil { + accessControlMap := map[string]interface{}{} + + accessControl := internetConfig.AccessControl + if accessControl.Mode != nil { + accessControlMap["mode"] = accessControl.Mode + } + if accessControl.Mode != nil { + accessControlMap["cidr_white_list"] = accessControl.CidrWhiteList + } + if accessControl.Mode != nil { + accessControlMap["cidr_black_list"] = accessControl.CidrBlackList + } + _ = d.Set("access_control", []interface{}{accessControlMap}) + } + } + + return nil +} + +func resourceTencentCloudTseCngwNetworkAccessControlUpdate(d *schema.ResourceData, meta interface{}) error { + defer tccommon.LogElapsed("resource.tencentcloud_tse_cngw_network_access_control.update")() + defer tccommon.InconsistentCheck(d, meta)() + + logId := tccommon.GetLogId(tccommon.ContextNil) + ctx := context.WithValue(context.TODO(), tccommon.LogIdKey, logId) + + request := tse.NewModifyNetworkAccessStrategyRequest() + + idSplit := strings.Split(d.Id(), tccommon.FILED_SP) + if len(idSplit) != 3 { + return fmt.Errorf("id is broken,%s", d.Id()) + } + gatewayId := idSplit[0] + groupId := idSplit[1] + networkId := idSplit[2] + + service := TseService{client: meta.(tccommon.ProviderMeta).GetAPIV3Conn()} + cngwNetwork, err := service.DescribeTseCngwNetworkById(ctx, gatewayId, groupId, networkId) + if err != nil { + return err + } + if cngwNetwork == nil { + return fmt.Errorf("[WARN]%s resource `TseCngwNetworkAccessControl` [%s] not found, please check if it has been deleted.\n", logId, d.Id()) + } + + request.GatewayId = helper.String(gatewayId) + request.GroupId = helper.String(groupId) + // The interface only supports public network + request.NetworkType = helper.String("Open") + request.Vip = cngwNetwork.PublicNetwork.Vip + + if d.HasChange("access_control") { + if dMap, ok := helper.InterfacesHeadMap(d, "access_control"); ok { + accessControl := tse.NetworkAccessControl{} + if v, ok := dMap["mode"]; ok { + accessControl.Mode = helper.String(v.(string)) + } + if v, ok := dMap["cidr_white_list"]; ok { + whitelist := v.([]interface{}) + accessControl.CidrWhiteList = helper.InterfacesStringsPoint(whitelist) + } + if v, ok := dMap["cidr_black_list"]; ok { + blacklist := v.([]interface{}) + accessControl.CidrBlackList = helper.InterfacesStringsPoint(blacklist) + } + request.AccessControl = &accessControl + } + } + + err = resource.Retry(tccommon.WriteRetryTimeout, func() *resource.RetryError { + result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseTseClient().ModifyNetworkAccessStrategy(request) + if e != nil { + return tccommon.RetryError(e) + } else { + log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString()) + } + return nil + }) + if err != nil { + log.Printf("[CRITAL]%s update tse cngwNetworkAccessStrategy failed, reason:%+v", logId, err) + return err + } + + conf := tccommon.BuildStateChangeConf([]string{}, []string{"Open"}, 5*tccommon.ReadRetryTimeout, time.Second, service.TseCngwNetworkStateRefreshFunc(gatewayId, groupId, networkId, []string{})) + + if _, e := conf.WaitForState(); e != nil { + return e + } + + return resourceTencentCloudTseCngwNetworkAccessControlRead(d, meta) +} + +func resourceTencentCloudTseCngwNetworkAccessControlDelete(d *schema.ResourceData, meta interface{}) error { + defer tccommon.LogElapsed("resource.tencentcloud_tse_cngw_network_access_control.delete")() + defer tccommon.InconsistentCheck(d, meta)() + + return nil +} diff --git a/tencentcloud/services/tse/resource_tc_tse_cngw_network_access_control.md b/tencentcloud/services/tse/resource_tc_tse_cngw_network_access_control.md new file mode 100644 index 0000000000..802be65882 --- /dev/null +++ b/tencentcloud/services/tse/resource_tc_tse_cngw_network_access_control.md @@ -0,0 +1,23 @@ +Provides a resource to create a tse cngw_network_access_control + +Example Usage + +```hcl +resource "tencentcloud_tse_cngw_network_access_control" "cngw_network_access_control" { + gateway_id = "gateway-cf8c99c3" + group_id = "group-a160d123" + network_id = "network-372b1e84" + access_control { + mode = "Whitelist" + cidr_white_list = ["1.1.1.0"] + } +} +``` + +Import + +tse cngw_route_rate_limit can be imported using the id, e.g. + +``` +terraform import tencentcloud_tse_cngw_network_access_control.cngw_network_access_control gatewayId#groupId#networkId +``` \ No newline at end of file diff --git a/tencentcloud/services/tse/resource_tc_tse_cngw_network_access_control_test.go b/tencentcloud/services/tse/resource_tc_tse_cngw_network_access_control_test.go new file mode 100644 index 0000000000..2697bd8101 --- /dev/null +++ b/tencentcloud/services/tse/resource_tc_tse_cngw_network_access_control_test.go @@ -0,0 +1,48 @@ +package tse_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + tcacctest "github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/acctest" +) + +func TestAccTencentCloudNeedFixTseCngwNetworkAccessControlResource_basic(t *testing.T) { + t.Parallel() + resource.Test(t, resource.TestCase{ + PreCheck: func() { + tcacctest.AccPreCheck(t) + }, + Providers: tcacctest.AccProviders, + Steps: []resource.TestStep{ + { + Config: testAccTseCngwNetworkAccessControl, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("tencentcloud_tse_cngw_network_access_control.cngw_network_access_control", "id"), + resource.TestCheckResourceAttr("tencentcloud_tse_cngw_network_access_control.cngw_network_access_control", "access_control.#", "1"), + resource.TestCheckResourceAttr("tencentcloud_tse_cngw_network_access_control.cngw_network_access_control", "access_control.0.mode", "Whitelist"), + resource.TestCheckResourceAttr("tencentcloud_tse_cngw_network_access_control.cngw_network_access_control", "access_control.0.cidr_white_list.#", "1"), + ), + }, + { + ResourceName: "tencentcloud_tse_cngw_network_access_control.cngw_network_access_control", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +const testAccTseCngwNetworkAccessControl = ` + +resource "tencentcloud_tse_cngw_network_access_control" "cngw_network_access_control" { + gateway_id = "gateway-cf1790c7" + group_id = "group-d8d99615" + network_id = "network-9cd9821f" + access_control { + mode = "Whitelist" + cidr_white_list = ["1.1.1.0"] + } + } + +` diff --git a/website/docs/r/tse_cngw_network_access_control.html.markdown b/website/docs/r/tse_cngw_network_access_control.html.markdown new file mode 100644 index 0000000000..bdf84b4e7d --- /dev/null +++ b/website/docs/r/tse_cngw_network_access_control.html.markdown @@ -0,0 +1,58 @@ +--- +subcategory: "Tencent Cloud Service Engine(TSE)" +layout: "tencentcloud" +page_title: "TencentCloud: tencentcloud_tse_cngw_network_access_control" +sidebar_current: "docs-tencentcloud-resource-tse_cngw_network_access_control" +description: |- + Provides a resource to create a tse cngw_network_access_control +--- + +# tencentcloud_tse_cngw_network_access_control + +Provides a resource to create a tse cngw_network_access_control + +## Example Usage + +```hcl +resource "tencentcloud_tse_cngw_network_access_control" "cngw_network_access_control" { + gateway_id = "gateway-cf8c99c3" + group_id = "group-a160d123" + network_id = "network-372b1e84" + access_control { + mode = "Whitelist" + cidr_white_list = ["1.1.1.0"] + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `gateway_id` - (Required, String, ForceNew) gateway ID. +* `group_id` - (Required, String, ForceNew) gateway group ID. +* `network_id` - (Required, String, ForceNew) network id. +* `access_control` - (Optional, List) access control policy. + +The `access_control` object supports the following: + +* `cidr_black_list` - (Optional, List) Black list. +* `cidr_white_list` - (Optional, List) White list. +* `mode` - (Optional, String) Access mode: `Whitelist`, `Blacklist`. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +* `id` - ID of the resource. + + + +## Import + +tse cngw_route_rate_limit can be imported using the id, e.g. + +``` +terraform import tencentcloud_tse_cngw_network_access_control.cngw_network_access_control gatewayId#groupId#networkId +``` + diff --git a/website/tencentcloud.erb b/website/tencentcloud.erb index 92074bdab9..c99fd73d39 100644 --- a/website/tencentcloud.erb +++ b/website/tencentcloud.erb @@ -4397,6 +4397,9 @@
  • tencentcloud_tse_cngw_network
  • +
  • + tencentcloud_tse_cngw_network_access_control +
  • tencentcloud_tse_cngw_route