github.com/koding/terraform@v0.6.4-0.20170608090606-5d7e0339779d/builtin/providers/vcd/resource_vcd_edgegateway_vpn.go (about) 1 package vcd 2 3 import ( 4 "fmt" 5 "github.com/hashicorp/terraform/helper/resource" 6 "github.com/hashicorp/terraform/helper/schema" 7 types "github.com/ukcloud/govcloudair/types/v56" 8 "log" 9 ) 10 11 func resourceVcdEdgeGatewayVpn() *schema.Resource { 12 return &schema.Resource{ 13 Create: resourceVcdEdgeGatewayVpnCreate, 14 Read: resourceVcdEdgeGatewayVpnRead, 15 Delete: resourceVcdEdgeGatewayVpnDelete, 16 17 Schema: map[string]*schema.Schema{ 18 19 "edge_gateway": &schema.Schema{ 20 Type: schema.TypeString, 21 Required: true, 22 ForceNew: true, 23 }, 24 25 "name": &schema.Schema{ 26 Type: schema.TypeString, 27 Required: true, 28 ForceNew: true, 29 }, 30 31 "description": &schema.Schema{ 32 Type: schema.TypeString, 33 Optional: true, 34 ForceNew: true, 35 }, 36 37 "encryption_protocol": &schema.Schema{ 38 Type: schema.TypeString, 39 Required: true, 40 ForceNew: true, 41 }, 42 43 "local_ip_address": &schema.Schema{ 44 Type: schema.TypeString, 45 Required: true, 46 ForceNew: true, 47 }, 48 49 "local_id": &schema.Schema{ 50 Type: schema.TypeString, 51 Required: true, 52 ForceNew: true, 53 }, 54 55 "mtu": &schema.Schema{ 56 Type: schema.TypeInt, 57 Required: true, 58 ForceNew: true, 59 }, 60 61 "peer_ip_address": &schema.Schema{ 62 Type: schema.TypeString, 63 Required: true, 64 ForceNew: true, 65 }, 66 67 "peer_id": &schema.Schema{ 68 Type: schema.TypeString, 69 Required: true, 70 ForceNew: true, 71 }, 72 73 "shared_secret": &schema.Schema{ 74 Type: schema.TypeString, 75 Required: true, 76 ForceNew: true, 77 }, 78 79 "local_subnets": &schema.Schema{ 80 Type: schema.TypeSet, 81 Optional: true, 82 ForceNew: true, 83 Elem: &schema.Resource{ 84 Schema: map[string]*schema.Schema{ 85 "local_subnet_name": &schema.Schema{ 86 Type: schema.TypeString, 87 Required: true, 88 }, 89 90 "local_subnet_gateway": &schema.Schema{ 91 Type: schema.TypeString, 92 Required: true, 93 }, 94 95 "local_subnet_mask": &schema.Schema{ 96 Type: schema.TypeString, 97 Required: true, 98 }, 99 }, 100 }, 101 }, 102 103 "peer_subnets": &schema.Schema{ 104 Type: schema.TypeSet, 105 Optional: true, 106 ForceNew: true, 107 Elem: &schema.Resource{ 108 Schema: map[string]*schema.Schema{ 109 "peer_subnet_name": &schema.Schema{ 110 Type: schema.TypeString, 111 Required: true, 112 }, 113 114 "peer_subnet_gateway": &schema.Schema{ 115 Type: schema.TypeString, 116 Required: true, 117 }, 118 119 "peer_subnet_mask": &schema.Schema{ 120 Type: schema.TypeString, 121 Required: true, 122 }, 123 }, 124 }, 125 }, 126 }, 127 } 128 } 129 130 func resourceVcdEdgeGatewayVpnCreate(d *schema.ResourceData, meta interface{}) error { 131 vcdClient := meta.(*VCDClient) 132 log.Printf("[TRACE] CLIENT: %#v", vcdClient) 133 vcdClient.Mutex.Lock() 134 defer vcdClient.Mutex.Unlock() 135 136 edgeGateway, err := vcdClient.OrgVdc.FindEdgeGateway(d.Get("edge_gateway").(string)) 137 138 localSubnetsList := d.Get("local_subnets").(*schema.Set).List() 139 peerSubnetsList := d.Get("peer_subnets").(*schema.Set).List() 140 141 localSubnets := make([]*types.IpsecVpnSubnet, len(localSubnetsList)) 142 peerSubnets := make([]*types.IpsecVpnSubnet, len(peerSubnetsList)) 143 144 for i, s := range localSubnetsList { 145 ls := s.(map[string]interface{}) 146 localSubnets[i] = &types.IpsecVpnSubnet{ 147 Name: ls["local_subnet_name"].(string), 148 Gateway: ls["local_subnet_gateway"].(string), 149 Netmask: ls["local_subnet_mask"].(string), 150 } 151 } 152 153 for i, s := range peerSubnetsList { 154 ls := s.(map[string]interface{}) 155 peerSubnets[i] = &types.IpsecVpnSubnet{ 156 Name: ls["peer_subnet_name"].(string), 157 Gateway: ls["peer_subnet_gateway"].(string), 158 Netmask: ls["peer_subnet_mask"].(string), 159 } 160 } 161 162 tunnel := &types.GatewayIpsecVpnTunnel{ 163 Name: d.Get("name").(string), 164 Description: d.Get("description").(string), 165 IpsecVpnLocalPeer: &types.IpsecVpnLocalPeer{ 166 ID: "", 167 Name: "", 168 }, 169 EncryptionProtocol: d.Get("encryption_protocol").(string), 170 LocalIPAddress: d.Get("local_ip_address").(string), 171 LocalID: d.Get("local_id").(string), 172 LocalSubnet: localSubnets, 173 Mtu: d.Get("mtu").(int), 174 PeerID: d.Get("peer_id").(string), 175 PeerIPAddress: d.Get("peer_ip_address").(string), 176 PeerSubnet: peerSubnets, 177 SharedSecret: d.Get("shared_secret").(string), 178 IsEnabled: true, 179 } 180 181 tunnels := make([]*types.GatewayIpsecVpnTunnel, 1) 182 tunnels[0] = tunnel 183 184 ipsecVPNConfig := &types.EdgeGatewayServiceConfiguration{ 185 Xmlns: "http://www.vmware.com/vcloud/v1.5", 186 GatewayIpsecVpnService: &types.GatewayIpsecVpnService{ 187 IsEnabled: true, 188 Tunnel: tunnels, 189 }, 190 } 191 192 log.Printf("[INFO] ipsecVPNConfig: %#v", ipsecVPNConfig) 193 194 err = retryCall(vcdClient.MaxRetryTimeout, func() *resource.RetryError { 195 edgeGateway.Refresh() 196 task, err := edgeGateway.AddIpsecVPN(ipsecVPNConfig) 197 if err != nil { 198 log.Printf("[INFO] Error setting ipsecVPNConfig rules: %s", err) 199 return resource.RetryableError( 200 fmt.Errorf("Error setting ipsecVPNConfig rules: %#v", err)) 201 } 202 203 return resource.RetryableError(task.WaitTaskCompletion()) 204 }) 205 if err != nil { 206 return fmt.Errorf("Error completing tasks: %#v", err) 207 } 208 209 d.SetId(d.Get("edge_gateway").(string)) 210 211 return resourceVcdEdgeGatewayVpnRead(d, meta) 212 } 213 214 func resourceVcdEdgeGatewayVpnDelete(d *schema.ResourceData, meta interface{}) error { 215 vcdClient := meta.(*VCDClient) 216 217 log.Printf("[TRACE] CLIENT: %#v", vcdClient) 218 219 vcdClient.Mutex.Lock() 220 defer vcdClient.Mutex.Unlock() 221 222 edgeGateway, err := vcdClient.OrgVdc.FindEdgeGateway(d.Get("edge_gateway").(string)) 223 224 ipsecVPNConfig := &types.EdgeGatewayServiceConfiguration{ 225 Xmlns: "http://www.vmware.com/vcloud/v1.5", 226 GatewayIpsecVpnService: &types.GatewayIpsecVpnService{ 227 IsEnabled: false, 228 }, 229 } 230 231 log.Printf("[INFO] ipsecVPNConfig: %#v", ipsecVPNConfig) 232 233 err = retryCall(vcdClient.MaxRetryTimeout, func() *resource.RetryError { 234 edgeGateway.Refresh() 235 task, err := edgeGateway.AddIpsecVPN(ipsecVPNConfig) 236 if err != nil { 237 log.Printf("[INFO] Error setting ipsecVPNConfig rules: %s", err) 238 return resource.RetryableError( 239 fmt.Errorf("Error setting ipsecVPNConfig rules: %#v", err)) 240 } 241 242 return resource.RetryableError(task.WaitTaskCompletion()) 243 }) 244 if err != nil { 245 return fmt.Errorf("Error completing tasks: %#v", err) 246 } 247 248 d.SetId(d.Get("edge_gateway").(string)) 249 250 if err != nil { 251 return fmt.Errorf("Error finding edge gateway: %#v", err) 252 } 253 254 return nil 255 } 256 257 func resourceVcdEdgeGatewayVpnRead(d *schema.ResourceData, meta interface{}) error { 258 vcdClient := meta.(*VCDClient) 259 260 edgeGateway, err := vcdClient.OrgVdc.FindEdgeGateway(d.Get("edge_gateway").(string)) 261 if err != nil { 262 return fmt.Errorf("Error finding edge gateway: %#v", err) 263 } 264 265 egsc := edgeGateway.EdgeGateway.Configuration.EdgeGatewayServiceConfiguration.GatewayIpsecVpnService 266 267 if len(egsc.Tunnel) == 0 { 268 d.SetId("") 269 return nil 270 } 271 272 if len(egsc.Tunnel) == 1 { 273 tunnel := egsc.Tunnel[0] 274 d.Set("name", tunnel.Name) 275 d.Set("description", tunnel.Description) 276 d.Set("encryption_protocol", tunnel.EncryptionProtocol) 277 d.Set("local_ip_address", tunnel.LocalIPAddress) 278 d.Set("local_id", tunnel.LocalID) 279 d.Set("mtu", tunnel.Mtu) 280 d.Set("peer_ip_address", tunnel.PeerIPAddress) 281 d.Set("peer_id", tunnel.PeerID) 282 d.Set("shared_secret", tunnel.SharedSecret) 283 d.Set("local_subnets", tunnel.LocalSubnet) 284 d.Set("peer_subnets", tunnel.PeerSubnet) 285 } else { 286 return fmt.Errorf("Multiple tunnels not currently supported") 287 } 288 289 return nil 290 }