github.com/koding/terraform@v0.6.4-0.20170608090606-5d7e0339779d/builtin/providers/vcd/resource_vcd_edgegateway_vpn.go (about)

     1  package vcd
     2  
     3  import (
     4  	"fmt"
     5  	"github.com/hashicorp/terraform/helper/resource"
     6  	"github.com/hashicorp/terraform/helper/schema"
     7  	types "github.com/ukcloud/govcloudair/types/v56"
     8  	"log"
     9  )
    10  
    11  func resourceVcdEdgeGatewayVpn() *schema.Resource {
    12  	return &schema.Resource{
    13  		Create: resourceVcdEdgeGatewayVpnCreate,
    14  		Read:   resourceVcdEdgeGatewayVpnRead,
    15  		Delete: resourceVcdEdgeGatewayVpnDelete,
    16  
    17  		Schema: map[string]*schema.Schema{
    18  
    19  			"edge_gateway": &schema.Schema{
    20  				Type:     schema.TypeString,
    21  				Required: true,
    22  				ForceNew: true,
    23  			},
    24  
    25  			"name": &schema.Schema{
    26  				Type:     schema.TypeString,
    27  				Required: true,
    28  				ForceNew: true,
    29  			},
    30  
    31  			"description": &schema.Schema{
    32  				Type:     schema.TypeString,
    33  				Optional: true,
    34  				ForceNew: true,
    35  			},
    36  
    37  			"encryption_protocol": &schema.Schema{
    38  				Type:     schema.TypeString,
    39  				Required: true,
    40  				ForceNew: true,
    41  			},
    42  
    43  			"local_ip_address": &schema.Schema{
    44  				Type:     schema.TypeString,
    45  				Required: true,
    46  				ForceNew: true,
    47  			},
    48  
    49  			"local_id": &schema.Schema{
    50  				Type:     schema.TypeString,
    51  				Required: true,
    52  				ForceNew: true,
    53  			},
    54  
    55  			"mtu": &schema.Schema{
    56  				Type:     schema.TypeInt,
    57  				Required: true,
    58  				ForceNew: true,
    59  			},
    60  
    61  			"peer_ip_address": &schema.Schema{
    62  				Type:     schema.TypeString,
    63  				Required: true,
    64  				ForceNew: true,
    65  			},
    66  
    67  			"peer_id": &schema.Schema{
    68  				Type:     schema.TypeString,
    69  				Required: true,
    70  				ForceNew: true,
    71  			},
    72  
    73  			"shared_secret": &schema.Schema{
    74  				Type:     schema.TypeString,
    75  				Required: true,
    76  				ForceNew: true,
    77  			},
    78  
    79  			"local_subnets": &schema.Schema{
    80  				Type:     schema.TypeSet,
    81  				Optional: true,
    82  				ForceNew: true,
    83  				Elem: &schema.Resource{
    84  					Schema: map[string]*schema.Schema{
    85  						"local_subnet_name": &schema.Schema{
    86  							Type:     schema.TypeString,
    87  							Required: true,
    88  						},
    89  
    90  						"local_subnet_gateway": &schema.Schema{
    91  							Type:     schema.TypeString,
    92  							Required: true,
    93  						},
    94  
    95  						"local_subnet_mask": &schema.Schema{
    96  							Type:     schema.TypeString,
    97  							Required: true,
    98  						},
    99  					},
   100  				},
   101  			},
   102  
   103  			"peer_subnets": &schema.Schema{
   104  				Type:     schema.TypeSet,
   105  				Optional: true,
   106  				ForceNew: true,
   107  				Elem: &schema.Resource{
   108  					Schema: map[string]*schema.Schema{
   109  						"peer_subnet_name": &schema.Schema{
   110  							Type:     schema.TypeString,
   111  							Required: true,
   112  						},
   113  
   114  						"peer_subnet_gateway": &schema.Schema{
   115  							Type:     schema.TypeString,
   116  							Required: true,
   117  						},
   118  
   119  						"peer_subnet_mask": &schema.Schema{
   120  							Type:     schema.TypeString,
   121  							Required: true,
   122  						},
   123  					},
   124  				},
   125  			},
   126  		},
   127  	}
   128  }
   129  
   130  func resourceVcdEdgeGatewayVpnCreate(d *schema.ResourceData, meta interface{}) error {
   131  	vcdClient := meta.(*VCDClient)
   132  	log.Printf("[TRACE] CLIENT: %#v", vcdClient)
   133  	vcdClient.Mutex.Lock()
   134  	defer vcdClient.Mutex.Unlock()
   135  
   136  	edgeGateway, err := vcdClient.OrgVdc.FindEdgeGateway(d.Get("edge_gateway").(string))
   137  
   138  	localSubnetsList := d.Get("local_subnets").(*schema.Set).List()
   139  	peerSubnetsList := d.Get("peer_subnets").(*schema.Set).List()
   140  
   141  	localSubnets := make([]*types.IpsecVpnSubnet, len(localSubnetsList))
   142  	peerSubnets := make([]*types.IpsecVpnSubnet, len(peerSubnetsList))
   143  
   144  	for i, s := range localSubnetsList {
   145  		ls := s.(map[string]interface{})
   146  		localSubnets[i] = &types.IpsecVpnSubnet{
   147  			Name:    ls["local_subnet_name"].(string),
   148  			Gateway: ls["local_subnet_gateway"].(string),
   149  			Netmask: ls["local_subnet_mask"].(string),
   150  		}
   151  	}
   152  
   153  	for i, s := range peerSubnetsList {
   154  		ls := s.(map[string]interface{})
   155  		peerSubnets[i] = &types.IpsecVpnSubnet{
   156  			Name:    ls["peer_subnet_name"].(string),
   157  			Gateway: ls["peer_subnet_gateway"].(string),
   158  			Netmask: ls["peer_subnet_mask"].(string),
   159  		}
   160  	}
   161  
   162  	tunnel := &types.GatewayIpsecVpnTunnel{
   163  		Name:        d.Get("name").(string),
   164  		Description: d.Get("description").(string),
   165  		IpsecVpnLocalPeer: &types.IpsecVpnLocalPeer{
   166  			ID:   "",
   167  			Name: "",
   168  		},
   169  		EncryptionProtocol: d.Get("encryption_protocol").(string),
   170  		LocalIPAddress:     d.Get("local_ip_address").(string),
   171  		LocalID:            d.Get("local_id").(string),
   172  		LocalSubnet:        localSubnets,
   173  		Mtu:                d.Get("mtu").(int),
   174  		PeerID:             d.Get("peer_id").(string),
   175  		PeerIPAddress:      d.Get("peer_ip_address").(string),
   176  		PeerSubnet:         peerSubnets,
   177  		SharedSecret:       d.Get("shared_secret").(string),
   178  		IsEnabled:          true,
   179  	}
   180  
   181  	tunnels := make([]*types.GatewayIpsecVpnTunnel, 1)
   182  	tunnels[0] = tunnel
   183  
   184  	ipsecVPNConfig := &types.EdgeGatewayServiceConfiguration{
   185  		Xmlns: "http://www.vmware.com/vcloud/v1.5",
   186  		GatewayIpsecVpnService: &types.GatewayIpsecVpnService{
   187  			IsEnabled: true,
   188  			Tunnel:    tunnels,
   189  		},
   190  	}
   191  
   192  	log.Printf("[INFO] ipsecVPNConfig: %#v", ipsecVPNConfig)
   193  
   194  	err = retryCall(vcdClient.MaxRetryTimeout, func() *resource.RetryError {
   195  		edgeGateway.Refresh()
   196  		task, err := edgeGateway.AddIpsecVPN(ipsecVPNConfig)
   197  		if err != nil {
   198  			log.Printf("[INFO] Error setting ipsecVPNConfig rules: %s", err)
   199  			return resource.RetryableError(
   200  				fmt.Errorf("Error setting ipsecVPNConfig rules: %#v", err))
   201  		}
   202  
   203  		return resource.RetryableError(task.WaitTaskCompletion())
   204  	})
   205  	if err != nil {
   206  		return fmt.Errorf("Error completing tasks: %#v", err)
   207  	}
   208  
   209  	d.SetId(d.Get("edge_gateway").(string))
   210  
   211  	return resourceVcdEdgeGatewayVpnRead(d, meta)
   212  }
   213  
   214  func resourceVcdEdgeGatewayVpnDelete(d *schema.ResourceData, meta interface{}) error {
   215  	vcdClient := meta.(*VCDClient)
   216  
   217  	log.Printf("[TRACE] CLIENT: %#v", vcdClient)
   218  
   219  	vcdClient.Mutex.Lock()
   220  	defer vcdClient.Mutex.Unlock()
   221  
   222  	edgeGateway, err := vcdClient.OrgVdc.FindEdgeGateway(d.Get("edge_gateway").(string))
   223  
   224  	ipsecVPNConfig := &types.EdgeGatewayServiceConfiguration{
   225  		Xmlns: "http://www.vmware.com/vcloud/v1.5",
   226  		GatewayIpsecVpnService: &types.GatewayIpsecVpnService{
   227  			IsEnabled: false,
   228  		},
   229  	}
   230  
   231  	log.Printf("[INFO] ipsecVPNConfig: %#v", ipsecVPNConfig)
   232  
   233  	err = retryCall(vcdClient.MaxRetryTimeout, func() *resource.RetryError {
   234  		edgeGateway.Refresh()
   235  		task, err := edgeGateway.AddIpsecVPN(ipsecVPNConfig)
   236  		if err != nil {
   237  			log.Printf("[INFO] Error setting ipsecVPNConfig rules: %s", err)
   238  			return resource.RetryableError(
   239  				fmt.Errorf("Error setting ipsecVPNConfig rules: %#v", err))
   240  		}
   241  
   242  		return resource.RetryableError(task.WaitTaskCompletion())
   243  	})
   244  	if err != nil {
   245  		return fmt.Errorf("Error completing tasks: %#v", err)
   246  	}
   247  
   248  	d.SetId(d.Get("edge_gateway").(string))
   249  
   250  	if err != nil {
   251  		return fmt.Errorf("Error finding edge gateway: %#v", err)
   252  	}
   253  
   254  	return nil
   255  }
   256  
   257  func resourceVcdEdgeGatewayVpnRead(d *schema.ResourceData, meta interface{}) error {
   258  	vcdClient := meta.(*VCDClient)
   259  
   260  	edgeGateway, err := vcdClient.OrgVdc.FindEdgeGateway(d.Get("edge_gateway").(string))
   261  	if err != nil {
   262  		return fmt.Errorf("Error finding edge gateway: %#v", err)
   263  	}
   264  
   265  	egsc := edgeGateway.EdgeGateway.Configuration.EdgeGatewayServiceConfiguration.GatewayIpsecVpnService
   266  
   267  	if len(egsc.Tunnel) == 0 {
   268  		d.SetId("")
   269  		return nil
   270  	}
   271  
   272  	if len(egsc.Tunnel) == 1 {
   273  		tunnel := egsc.Tunnel[0]
   274  		d.Set("name", tunnel.Name)
   275  		d.Set("description", tunnel.Description)
   276  		d.Set("encryption_protocol", tunnel.EncryptionProtocol)
   277  		d.Set("local_ip_address", tunnel.LocalIPAddress)
   278  		d.Set("local_id", tunnel.LocalID)
   279  		d.Set("mtu", tunnel.Mtu)
   280  		d.Set("peer_ip_address", tunnel.PeerIPAddress)
   281  		d.Set("peer_id", tunnel.PeerID)
   282  		d.Set("shared_secret", tunnel.SharedSecret)
   283  		d.Set("local_subnets", tunnel.LocalSubnet)
   284  		d.Set("peer_subnets", tunnel.PeerSubnet)
   285  	} else {
   286  		return fmt.Errorf("Multiple tunnels not currently supported")
   287  	}
   288  
   289  	return nil
   290  }