github.com/nevins-b/terraform@v0.3.8-0.20170215184714-bbae22007d5a/builtin/providers/google/resource_compute_vpn_tunnel.go (about) 1 package google 2 3 import ( 4 "bytes" 5 "fmt" 6 "log" 7 "net" 8 9 "github.com/hashicorp/terraform/helper/schema" 10 11 "google.golang.org/api/compute/v1" 12 "google.golang.org/api/googleapi" 13 ) 14 15 func resourceComputeVpnTunnel() *schema.Resource { 16 return &schema.Resource{ 17 // Unfortunately, the VPNTunnelService does not support update 18 // operations. This is why everything is marked forcenew 19 Create: resourceComputeVpnTunnelCreate, 20 Read: resourceComputeVpnTunnelRead, 21 Delete: resourceComputeVpnTunnelDelete, 22 23 Schema: map[string]*schema.Schema{ 24 "name": &schema.Schema{ 25 Type: schema.TypeString, 26 Required: true, 27 ForceNew: true, 28 }, 29 30 "peer_ip": &schema.Schema{ 31 Type: schema.TypeString, 32 Required: true, 33 ForceNew: true, 34 ValidateFunc: validatePeerAddr, 35 }, 36 37 "shared_secret": &schema.Schema{ 38 Type: schema.TypeString, 39 Required: true, 40 ForceNew: true, 41 }, 42 43 "target_vpn_gateway": &schema.Schema{ 44 Type: schema.TypeString, 45 Required: true, 46 ForceNew: true, 47 }, 48 49 "description": &schema.Schema{ 50 Type: schema.TypeString, 51 Optional: true, 52 ForceNew: true, 53 }, 54 55 "detailed_status": &schema.Schema{ 56 Type: schema.TypeString, 57 Computed: true, 58 }, 59 60 "ike_version": &schema.Schema{ 61 Type: schema.TypeInt, 62 Optional: true, 63 Default: 2, 64 ForceNew: true, 65 }, 66 67 "local_traffic_selector": &schema.Schema{ 68 Type: schema.TypeSet, 69 Optional: true, 70 ForceNew: true, 71 Elem: &schema.Schema{Type: schema.TypeString}, 72 Set: schema.HashString, 73 }, 74 75 "remote_traffic_selector": &schema.Schema{ 76 Type: schema.TypeSet, 77 Optional: true, 78 ForceNew: true, 79 Elem: &schema.Schema{Type: schema.TypeString}, 80 Set: schema.HashString, 81 }, 82 83 "project": &schema.Schema{ 84 Type: schema.TypeString, 85 Optional: true, 86 ForceNew: true, 87 }, 88 89 "region": &schema.Schema{ 90 Type: schema.TypeString, 91 Optional: true, 92 ForceNew: true, 93 }, 94 95 "self_link": &schema.Schema{ 96 Type: schema.TypeString, 97 Computed: true, 98 }, 99 }, 100 } 101 } 102 103 func resourceComputeVpnTunnelCreate(d *schema.ResourceData, meta interface{}) error { 104 config := meta.(*Config) 105 106 region, err := getRegion(d, config) 107 if err != nil { 108 return err 109 } 110 111 project, err := getProject(d, config) 112 if err != nil { 113 return err 114 } 115 116 name := d.Get("name").(string) 117 peerIp := d.Get("peer_ip").(string) 118 sharedSecret := d.Get("shared_secret").(string) 119 targetVpnGateway := d.Get("target_vpn_gateway").(string) 120 ikeVersion := d.Get("ike_version").(int) 121 122 if ikeVersion < 1 || ikeVersion > 2 { 123 return fmt.Errorf("Only IKE version 1 or 2 supported, not %d", ikeVersion) 124 } 125 126 // Build up the list of sources 127 var localTrafficSelectors []string 128 if v := d.Get("local_traffic_selector").(*schema.Set); v.Len() > 0 { 129 localTrafficSelectors = make([]string, v.Len()) 130 for i, v := range v.List() { 131 localTrafficSelectors[i] = v.(string) 132 } 133 } 134 135 var remoteTrafficSelectors []string 136 if v := d.Get("remote_traffic_selector").(*schema.Set); v.Len() > 0 { 137 remoteTrafficSelectors = make([]string, v.Len()) 138 for i, v := range v.List() { 139 remoteTrafficSelectors[i] = v.(string) 140 } 141 } 142 143 vpnTunnelsService := compute.NewVpnTunnelsService(config.clientCompute) 144 145 vpnTunnel := &compute.VpnTunnel{ 146 Name: name, 147 PeerIp: peerIp, 148 SharedSecret: sharedSecret, 149 TargetVpnGateway: targetVpnGateway, 150 IkeVersion: int64(ikeVersion), 151 LocalTrafficSelector: localTrafficSelectors, 152 RemoteTrafficSelector: remoteTrafficSelectors, 153 } 154 155 if v, ok := d.GetOk("description"); ok { 156 vpnTunnel.Description = v.(string) 157 } 158 159 op, err := vpnTunnelsService.Insert(project, region, vpnTunnel).Do() 160 if err != nil { 161 return fmt.Errorf("Error Inserting VPN Tunnel %s : %s", name, err) 162 } 163 164 err = computeOperationWaitRegion(config, op, project, region, "Inserting VPN Tunnel") 165 if err != nil { 166 return fmt.Errorf("Error Waiting to Insert VPN Tunnel %s: %s", name, err) 167 } 168 169 return resourceComputeVpnTunnelRead(d, meta) 170 } 171 172 func resourceComputeVpnTunnelRead(d *schema.ResourceData, meta interface{}) error { 173 config := meta.(*Config) 174 175 region, err := getRegion(d, config) 176 if err != nil { 177 return err 178 } 179 180 project, err := getProject(d, config) 181 if err != nil { 182 return err 183 } 184 185 name := d.Get("name").(string) 186 187 vpnTunnelsService := compute.NewVpnTunnelsService(config.clientCompute) 188 189 vpnTunnel, err := vpnTunnelsService.Get(project, region, name).Do() 190 if err != nil { 191 if gerr, ok := err.(*googleapi.Error); ok && gerr.Code == 404 { 192 log.Printf("[WARN] Removing VPN Tunnel %q because it's gone", d.Get("name").(string)) 193 // The resource doesn't exist anymore 194 d.SetId("") 195 196 return nil 197 } 198 199 return fmt.Errorf("Error Reading VPN Tunnel %s: %s", name, err) 200 } 201 202 localTrafficSelectors := []string{} 203 for _, lts := range vpnTunnel.LocalTrafficSelector { 204 localTrafficSelectors = append(localTrafficSelectors, lts) 205 } 206 d.Set("local_traffic_selector", localTrafficSelectors) 207 208 remoteTrafficSelectors := []string{} 209 for _, rts := range vpnTunnel.RemoteTrafficSelector { 210 remoteTrafficSelectors = append(remoteTrafficSelectors, rts) 211 } 212 d.Set("remote_traffic_selector", remoteTrafficSelectors) 213 214 d.Set("detailed_status", vpnTunnel.DetailedStatus) 215 d.Set("self_link", vpnTunnel.SelfLink) 216 217 d.SetId(name) 218 219 return nil 220 } 221 222 func resourceComputeVpnTunnelDelete(d *schema.ResourceData, meta interface{}) error { 223 config := meta.(*Config) 224 225 region, err := getRegion(d, config) 226 if err != nil { 227 return err 228 } 229 230 project, err := getProject(d, config) 231 if err != nil { 232 return err 233 } 234 235 name := d.Get("name").(string) 236 237 vpnTunnelsService := compute.NewVpnTunnelsService(config.clientCompute) 238 239 op, err := vpnTunnelsService.Delete(project, region, name).Do() 240 if err != nil { 241 return fmt.Errorf("Error Reading VPN Tunnel %s: %s", name, err) 242 } 243 244 err = computeOperationWaitRegion(config, op, project, region, "Deleting VPN Tunnel") 245 if err != nil { 246 return fmt.Errorf("Error Waiting to Delete VPN Tunnel %s: %s", name, err) 247 } 248 249 return nil 250 } 251 252 // validatePeerAddr returns false if a tunnel's peer_ip property 253 // is invalid. Currently, only addresses that collide with RFC 254 // 5735 (https://tools.ietf.org/html/rfc5735) fail validation. 255 func validatePeerAddr(i interface{}, val string) ([]string, []error) { 256 ip := net.ParseIP(i.(string)) 257 if ip == nil { 258 return nil, []error{fmt.Errorf("could not parse %q to IP address", val)} 259 } 260 for _, test := range invalidPeerAddrs { 261 if bytes.Compare(ip, test.from) >= 0 && bytes.Compare(ip, test.to) <= 0 { 262 return nil, []error{fmt.Errorf("address is invalid (is between %q and %q, conflicting with RFC5735)", test.from, test.to)} 263 } 264 } 265 return nil, nil 266 } 267 268 // invalidPeerAddrs is a collection of IP addres ranges that represent 269 // a conflict with RFC 5735 (https://tools.ietf.org/html/rfc5735#page-3). 270 // CIDR range notations in the RFC were converted to a (from, to) pair 271 // for easy checking with bytes.Compare. 272 var invalidPeerAddrs = []struct { 273 from net.IP 274 to net.IP 275 }{ 276 { 277 from: net.ParseIP("0.0.0.0"), 278 to: net.ParseIP("0.255.255.255"), 279 }, 280 { 281 from: net.ParseIP("10.0.0.0"), 282 to: net.ParseIP("10.255.255.255"), 283 }, 284 { 285 from: net.ParseIP("127.0.0.0"), 286 to: net.ParseIP("127.255.255.255"), 287 }, 288 { 289 from: net.ParseIP("169.254.0.0"), 290 to: net.ParseIP("169.254.255.255"), 291 }, 292 { 293 from: net.ParseIP("172.16.0.0"), 294 to: net.ParseIP("172.31.255.255"), 295 }, 296 { 297 from: net.ParseIP("192.0.0.0"), 298 to: net.ParseIP("192.0.0.255"), 299 }, 300 { 301 from: net.ParseIP("192.0.2.0"), 302 to: net.ParseIP("192.0.2.255"), 303 }, 304 { 305 from: net.ParseIP("192.88.99.0"), 306 to: net.ParseIP("192.88.99.255"), 307 }, 308 { 309 from: net.ParseIP("192.168.0.0"), 310 to: net.ParseIP("192.168.255.255"), 311 }, 312 { 313 from: net.ParseIP("198.18.0.0"), 314 to: net.ParseIP("198.19.255.255"), 315 }, 316 { 317 from: net.ParseIP("198.51.100.0"), 318 to: net.ParseIP("198.51.100.255"), 319 }, 320 { 321 from: net.ParseIP("203.0.113.0"), 322 to: net.ParseIP("203.0.113.255"), 323 }, 324 { 325 from: net.ParseIP("224.0.0.0"), 326 to: net.ParseIP("239.255.255.255"), 327 }, 328 { 329 from: net.ParseIP("240.0.0.0"), 330 to: net.ParseIP("255.255.255.255"), 331 }, 332 { 333 from: net.ParseIP("255.255.255.255"), 334 to: net.ParseIP("255.255.255.255"), 335 }, 336 }