Skip to content

Fix/vpn dpd #1227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Aug 23, 2022
Merged

Fix/vpn dpd #1227

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8cda56b
fix: support set dpd
Aug 23, 2022
998e8c1
fix: support set dpd
Aug 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ require (
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb v1.0.445
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cloudaudit v1.0.199
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cls v1.0.412
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.472
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.479
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.445
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.359
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dayu v1.0.335
Expand Down Expand Up @@ -62,11 +62,11 @@ require (
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tem v1.0.472
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/tke v1.0.438
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.398
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.479
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199
github.com/tencentyun/cos-go-sdk-v5 v0.7.33
github.com/yangwenmai/ratelimit v0.0.0-20180104140304-44221c2292e1
github.com/zclconf/go-cty v1.4.2 // indirect
golang.org/x/sys v0.0.0-20200523222454-059865788121 // indirect
gopkg.in/yaml.v2 v2.2.8 // indirect
gopkg.in/yaml.v2 v2.2.8
)
4 changes: 4 additions & 0 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -494,6 +494,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.445/go.mod
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.466/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.472 h1:kQxDatbhm8AbZebhnP7xgBBsXHqt3WfGfIPxE9Qmdmk=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.472/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.479 h1:3kwDb6p1J3LxmwnNgSSEheemPffo+vMewoDzKysYdig=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.479/go.mod h1:7sCQWVkxcsR38nffDW057DRGk8mUjK1Ing/EFOK8s8Y=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.445 h1:Bh7XD0ypNMHYyBOM8hhKsSu+y0VVKUnJVS+YKKhfpGg=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cvm v1.0.445/go.mod h1:jMDD351efCFpT1+KVFbcpu6SbmP4TYmp4qkoCfr63nQ=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cynosdb v1.0.359 h1:cNKqelPgUxrJkLY0Azd2QHr/UMYOPPnmqs88clt2akk=
Expand Down Expand Up @@ -553,6 +555,8 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199 h1:6Yt74l4
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vod v1.0.199/go.mod h1:Yw6OQ33z3s4k0HVYTNSffB12qOzEJ2Zf1Vj4+5S3sRs=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.398 h1:1JVKMl+yjZbntwAW0A6esjQI1/dXXqjQ9+OLai7ZS2w=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.398/go.mod h1:+TD/TRnb5WrLcE2SL3db7ROOpwED5gBfbC19gaXnGxs=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.479 h1:eArkuh12SjyaHaKDNfF2oLjkY3f8SnuazgM/2dV9hcA=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.479/go.mod h1:U+ZEKIS6qZu8unIM3K5qWBaK7bO4ydXgzmdNeRBjQQw=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199 h1:hMBLtiJPnZ9GvA677cTB6ELBR6B68wCR2QY1sNoGQc4=
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/wss v1.0.199/go.mod h1:nnY91/H3j/Gu7V/oCA6Zeg8T5D3q36EUdBh4EjmHwqY=
github.com/tencentyun/cos-go-sdk-v5 v0.7.33 h1:5jmJU7U/1nf/7ZPDkrUL8KlF1oDUzTHsdtLNY6x0hq4=
Expand Down
10 changes: 10 additions & 0 deletions tencentcloud/extension_vpc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -307,3 +307,13 @@ const (
VPCNotFound = "ResourceNotFound"
VPCUnsupportedOperation = "UnsupportedOperation"
)

const (
DPD_ACTION_CLEAR = "clear"
DPD_ACTION_RESTART = "restart"
)

var DPD_ACTIONS = []string{
DPD_ACTION_CLEAR,
DPD_ACTION_RESTART,
}
71 changes: 70 additions & 1 deletion tencentcloud/resource_tc_vpn_connection.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ import (
"context"
"fmt"
"log"
"strconv"
"time"

"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
Expand Down Expand Up @@ -249,6 +250,27 @@ func resourceTencentCloudVpnConnection() *schema.Resource {
Optional: true,
Description: "A list of tags used to associate different resources.",
},
"dpd_enable": {
Type: schema.TypeInt,
Optional: true,
Computed: true,
ValidateFunc: validateIntegerInRange(0, 1),
Description: "Specifies whether to enable DPD. Valid values: 0 (disable) and 1 (enable).",
},
"dpd_timeout": {
Type: schema.TypeInt,
Optional: true,
Computed: true,
ValidateFunc: validateIntegerInRange(30, 60),
Description: "DPD timeout period.Valid value ranges: [30~60], Default: 30; unit: second. If the request is not responded within this period, the peer end is considered not exists. This parameter is valid when the value of DpdEnable is 1.",
},
"dpd_action": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ValidateFunc: validateAllowedStringValue(DPD_ACTIONS),
Description: "The action after DPD timeout. Valid values: clear (disconnect) and restart (try again). It is valid when DpdEnable is 1.",
},
"create_time": {
Type: schema.TypeString,
Computed: true,
Expand Down Expand Up @@ -336,7 +358,16 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
request.VpnGatewayId = helper.String(d.Get("vpn_gateway_id").(string))
request.CustomerGatewayId = helper.String(d.Get("customer_gateway_id").(string))
request.PreShareKey = helper.String(d.Get("pre_share_key").(string))

if v, ok := d.GetOk("dpd_enable"); ok {
dpdEnable := v.(int)
request.DpdEnable = helper.IntInt64(dpdEnable)
}
if v, ok := d.GetOk("dpd_action"); ok {
request.DpdAction = helper.String(v.(string))
}
if v, ok := d.GetOk("dpd_timeout"); ok {
request.DpdTimeout = helper.String(strconv.Itoa(v.(int)))
}
//set up SecurityPolicyDatabases

sgps := d.Get("security_group_policy").(*schema.Set).List()
Expand Down Expand Up @@ -638,6 +669,15 @@ func resourceTencentCloudVpnConnectionRead(d *schema.ResourceData, meta interfac
_ = d.Set("enable_health_check", *connection.EnableHealthCheck)
_ = d.Set("health_check_local_ip", *connection.HealthCheckLocalIp)
_ = d.Set("health_check_remote_ip", *connection.HealthCheckRemoteIp)
// dpd
_ = d.Set("dpd_enable", *connection.DpdEnable)
dpdTimeoutInt, err := strconv.Atoi(*connection.DpdTimeout)
if err != nil {
return err
}
_ = d.Set("dpd_timeout", dpdTimeoutInt)
_ = d.Set("dpd_action", *connection.DpdAction)

//tags
tagService := TagService{client: meta.(*TencentCloudClient).apiV3Conn}
region := meta.(*TencentCloudClient).apiV3Conn.Region
Expand Down Expand Up @@ -705,6 +745,24 @@ func resourceTencentCloudVpnConnectionUpdate(d *schema.ResourceData, meta interf
}
changeFlag = true
}

if d.HasChange("dpd_enable") {
request.DpdEnable = helper.IntInt64(d.Get("dpd_enable").(int))
changeFlag = true
}
if d.HasChange("dpd_timeout") {
if v, ok := d.GetOk("dpd_timeout"); ok {
request.DpdTimeout = helper.String(strconv.Itoa(v.(int)))
changeFlag = true
}
}
if d.HasChange("dpd_action") {
if v, ok := d.GetOk("dpd_action"); ok {
request.DpdAction = helper.String(v.(string))
changeFlag = true
}
}

ikeChangeKeySet := map[string]bool{
"ike_proto_encry_algorithm": false,
"ike_proto_authen_algorithm": false,
Expand Down Expand Up @@ -842,6 +900,17 @@ func resourceTencentCloudVpnConnectionUpdate(d *schema.ResourceData, meta interf
d.SetPartial(key)
}
}

if d.HasChange("dpd_enable") {
d.SetPartial("dpd_enable")
}
if d.HasChange("dpd_timeout") {
d.SetPartial("dpd_timeout")
}
if d.HasChange("dpd_action") {
d.SetPartial("dpd_action")
}

//tag
if d.HasChange("tags") {
oldInterface, newInterface := d.GetChange("tags")
Expand Down
100 changes: 99 additions & 1 deletion tencentcloud/resource_tc_vpn_connection_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@ func TestAccTencentCloudVpnConnection_basic(t *testing.T) {
resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "encrypt_proto"),
resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "route_type"),
resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "vpn_proto"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "dpd_enable", "1"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "dpd_timeout", "30"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "dpd_action", "clear"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "enable_health_check", "true"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "health_check_local_ip", "192.168.0.2"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "health_check_remote_ip", "3.3.3.2"),
Expand Down Expand Up @@ -73,6 +76,40 @@ func TestAccTencentCloudVpnConnection_basic(t *testing.T) {
resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "encrypt_proto"),
resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "route_type"),
resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "vpn_proto"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "dpd_enable", "0"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "dpd_timeout", "30"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "dpd_action", "clear"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "enable_health_check", "false"),
),
},
{
Config: testAccVpnConnectionConfigUpdate2,
Check: resource.ComposeTestCheckFunc(
testAccCheckVpnConnectionExists("tencentcloud_vpn_connection.connection"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "name", "vpn_connection_test2"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "pre_share_key", "testt"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "tags.test", "testt"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "ike_proto_encry_algorithm", "3DES-CBC"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "ike_proto_authen_algorithm", "SHA"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "ike_local_identity", "ADDRESS"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "ike_remote_identity", "ADDRESS"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "ike_dh_group_name", "GROUP2"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "ike_exchange_mode", "AGGRESSIVE"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "ike_sa_lifetime_seconds", "86401"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "ipsec_encrypt_algorithm", "3DES-CBC"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "ipsec_integrity_algorithm", "SHA1"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "ipsec_pfs_dh_group", "NULL"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "ipsec_sa_lifetime_seconds", "7200"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "ipsec_sa_lifetime_traffic", "2570"),
//resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "security_group_policy.0.remote_cidr_block.0", "3.3.3.0/26"),
resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "net_status"),
resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "state"),
resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "encrypt_proto"),
resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "route_type"),
resource.TestCheckResourceAttrSet("tencentcloud_vpn_connection.connection", "vpn_proto"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "dpd_enable", "1"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "dpd_timeout", "40"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "dpd_action", "restart"),
resource.TestCheckResourceAttr("tencentcloud_vpn_connection.connection", "enable_health_check", "false"),
),
},
Expand Down Expand Up @@ -209,7 +246,9 @@ resource "tencentcloud_vpn_connection" "connection" {
ipsec_sa_lifetime_seconds = 3600
ipsec_pfs_dh_group = "DH-GROUP1"
ipsec_sa_lifetime_traffic = 2560

dpd_enable = 1
dpd_timeout = "30"
dpd_action = "clear"
security_group_policy {
local_cidr_block = "172.16.0.0/16"
remote_cidr_block = ["3.3.3.0/32", ]
Expand Down Expand Up @@ -264,6 +303,65 @@ resource "tencentcloud_vpn_connection" "connection" {
ipsec_sa_lifetime_seconds = 7200
ipsec_pfs_dh_group = "NULL"
ipsec_sa_lifetime_traffic = 2570
dpd_enable = 0
dpd_timeout = "30"
dpd_action = "clear"

security_group_policy {
local_cidr_block = "172.16.0.0/16"
remote_cidr_block = ["3.3.3.0/26", ]
}
tags = {
test = "testt"
}
enable_health_check = false
}
`

const testAccVpnConnectionConfigUpdate2 = `
resource "tencentcloud_vpn_customer_gateway" "cgw" {
name = "terraform_test"
public_ip_address = "1.3.3.3"
}

# Create VPC and Subnet
data "tencentcloud_vpc_instances" "foo" {
name = "Default-VPC"
}

resource "tencentcloud_vpn_gateway" "vpn" {
name = "terraform_update"
vpc_id = data.tencentcloud_vpc_instances.foo.instance_list.0.vpc_id
bandwidth = 5
zone = "ap-guangzhou-3"

tags = {
test = "test"
}
}
resource "tencentcloud_vpn_connection" "connection" {
name = "vpn_connection_test2"
vpc_id = data.tencentcloud_vpc_instances.foo.instance_list.0.vpc_id
vpn_gateway_id = tencentcloud_vpn_gateway.vpn.id
customer_gateway_id = tencentcloud_vpn_customer_gateway.cgw.id
pre_share_key = "testt"
ike_proto_encry_algorithm = "3DES-CBC"
ike_proto_authen_algorithm = "SHA"
ike_local_identity = "ADDRESS"
ike_exchange_mode = "AGGRESSIVE"
ike_local_address = tencentcloud_vpn_gateway.vpn.public_ip_address
ike_remote_identity = "ADDRESS"
ike_remote_address = tencentcloud_vpn_customer_gateway.cgw.public_ip_address
ike_dh_group_name = "GROUP2"
ike_sa_lifetime_seconds = 86401
ipsec_encrypt_algorithm = "3DES-CBC"
ipsec_integrity_algorithm = "SHA1"
ipsec_sa_lifetime_seconds = 7200
ipsec_pfs_dh_group = "NULL"
ipsec_sa_lifetime_traffic = 2570
dpd_enable = 1
dpd_timeout = "40"
dpd_action = "restart"

security_group_policy {
local_cidr_block = "172.16.0.0/16"
Expand Down
Loading