add tencentcloud_vpc_acl_attachment

Author: “guojunchu”

tencentcloud/provider.go

@@ -371,6 +371,7 @@ VPC
     tencentcloud_nat_gateway
     tencentcloud_ha_vip
     tencentcloud_ha_vip_eip_attachment
+	tencentcloud_vpc_acl_attachment
 
 VPN
   Data Source
@@ -615,6 +616,7 @@ func Provider() terraform.ResourceProvider {
 			"tencentcloud_cbs_storage_attachment":         resourceTencentCloudCbsStorageAttachment(),
 			"tencentcloud_cbs_snapshot_policy_attachment": resourceTencentCloudCbsSnapshotPolicyAttachment(),
 			"tencentcloud_vpc":                            resourceTencentCloudVpcInstance(),
+			"tencentcloud_vpc_acl_attachment":             resourceTencentCloudVpcAclAttachment(),
 			"tencentcloud_subnet":                         resourceTencentCloudVpcSubnet(),
 			"tencentcloud_route_entry":                    resourceTencentCloudRouteEntry(),
 			"tencentcloud_route_table_entry":              resourceTencentCloudVpcRouteEntry(),

tencentcloud/resource_tc_vpc_acl_attachment.go

@@ -0,0 +1,142 @@
+package tencentcloud
+
+import (
+	"context"
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"log"
+	"strings"
+	"time"
+)
+
+func resourceTencentCloudVpcAclAttachment() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudVpcAclAttachmentCreate,
+		Read:   resourceTencentCloudVpcAclAttachmentRead,
+		Delete: resourceTencentCloudVpcAclAttachmentDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Id of the attached ACL.",
+			},
+			"subnet_ids": {
+				Type:     schema.TypeList,
+				Required: true,
+				ForceNew: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Description: "ID list of the Subnet instance ID.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudVpcAclAttachmentCreate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_acl_attachment.create")()
+	var (
+		logId     = getLogId(contextNil)
+		ctx       = context.WithValue(context.TODO(), logIdKey, logId)
+		service   = VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
+		aclId     string
+		subnetIds []string
+		sub_id    string
+	)
+
+	if temp, ok := d.GetOk("id"); ok {
+		aclId = temp.(string)
+		if len(aclId) < 1 {
+			return fmt.Errorf("acl_id should be not empty string")
+		}
+	}
+	if temp, ok := d.GetOk("subnet_ids"); ok {
+		subnetIds = temp.([]string)
+	}
+
+	err := service.AssociateAclSubnets(ctx, aclId, subnetIds)
+	if err != nil {
+		return err
+	}
+
+	for _, temp_id := range subnetIds {
+		sub_id = sub_id + "#" + temp_id
+	}
+	d.SetId(aclId + "#" + sub_id)
+
+	aclAttachmentId := d.Id()
+	err = resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		e := service.DescribeByAclId(ctx, aclAttachmentId)
+		if e != nil {
+			return retryError(e)
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s read acl attachment failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+	time.Sleep(10 * time.Second)
+
+	return resourceTencentCloudVpcAclAttachmentRead(d, meta)
+}
+
+func resourceTencentCloudVpcAclAttachmentRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_acl_attachment.read")()
+	defer inconsistentCheck(d, meta)()
+
+	var (
+		logId        = getLogId(contextNil)
+		ctx          = context.WithValue(context.TODO(), logIdKey, logId)
+		service      = VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
+		attachmentId = d.Id()
+		aclId        string
+	)
+
+	if attachmentId == "" {
+		return fmt.Errorf("attachmentId does not exist")
+	}
+
+	aclId = strings.Split(attachmentId, "#")[0]
+
+	results, err := service.DescribeNetWorkAcls(ctx, aclId, "", "")
+	if err != nil {
+		return err
+	}
+	if len(results) < 1 && len(results[0].SubnetSet) < 1 {
+		return fmt.Errorf("[TECENT_TERRAFORM_CHECK][ACL attachment][Exists] check: CAM group policy attachment id is not set")
+	}
+	return nil
+
+}
+
+func resourceTencentCloudVpcAclAttachmentDelete(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_acl_attachment.delete")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+	service := VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
+	attachmentAcl := d.Id()
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		e := service.DeleteAclAttachment(ctx, attachmentAcl)
+		if e != nil {
+			log.Printf("[CRITAL]%s reason[%s]\n", logId, e.Error())
+			return retryError(e)
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s delete acl attachment failed, reason:%s\n", logId, err.Error())
+		return err
+	}
+
+	return nil
+
+}

tencentcloud/resource_tc_vpc_acl_attachment_test.go

@@ -0,0 +1,94 @@
+package tencentcloud
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+)
+
+func TestAccTencentCloudVpcAclAttachment_basic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testVpcAclAttachmentDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCamGroupPolicyAttachment_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testVpcAclAttachmentExists("tencentcloud_vpc_acl_attachment.attachment"),
+					resource.TestCheckResourceAttrSet("tencentcloud_vpc_acl_attachment.attachment", "id"),
+					resource.TestCheckResourceAttrSet("tencentcloud_vpc_acl_attachment.attachment", "subnet_ids"),
+				),
+			},
+		},
+	})
+}
+
+func testVpcAclAttachmentDestroy(s *terraform.State) error {
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+	service := VpcService{client: testAccProvider.Meta().(*TencentCloudClient).apiV3Conn}
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "tencentcloud_vpc_acl_attachment" {
+			continue
+		}
+		err := service.DescribeByAclId(ctx, rs.Primary.ID)
+		if err == nil {
+			return fmt.Errorf("[TECENT_TERRAFORM_CHECK][][Destroy] check: acl attachment still exists: %s", rs.Primary.ID)
+		}
+	}
+	return nil
+}
+
+func testVpcAclAttachmentExists(n string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		logId := getLogId(contextNil)
+		ctx := context.WithValue(context.TODO(), logIdKey, logId)
+		service := VpcService{client: testAccProvider.Meta().(*TencentCloudClient).apiV3Conn}
+
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("[TECENT_TERRAFORM_CHECK][][Exists] check:  %s is not found", n)
+		}
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("[TECENT_TERRAFORM_CHECK][][Exists] check: id is not set")
+		}
+		err := service.DescribeByAclId(ctx, rs.Primary.ID)
+		if err != nil {
+			return fmt.Errorf("[TECENT_TERRAFORM_CHECK][][Destroy] check:  still exists: %s", rs.Primary.ID)
+		}
+		return nil
+	}
+}
+
+const testAccCamGroupPolicyAttachment_basic = `
+resource "tencentcloud_vpc" "foo" {
+  name       = "guagua_vpc_instance_test"
+  cidr_block = "10.0.0.0/16"
+}
+
+data "tencentcloud_vpc_instances" "id_instances" {
+  vpc_id = tencentcloud_vpc.foo.id
+}
+
+resource "tencentcloud_vpc_acl" "foo" {  
+    vpc_id            	= data.tencentcloud_vpc_instances.default.instance_list.0.vpc_id
+    name  	= "test_acl_gogoowang"
+	ingress = [
+		"ACCEPT#192.168.1.0/24#800#TCP",
+		"ACCEPT#192.168.1.0/24#800-900#TCP",
+	]
+	egress = [
+    	"ACCEPT#192.168.1.0/24#800#TCP",
+    	"ACCEPT#192.168.1.0/24#800-900#TCP",
+	]
+}
+resource "tencentcloud_vpc_acl_attachment" "attachment"{
+		id = data.tencentcloud_source_vpc_acls.instances.
+		subnet_ids = data.tencentcloud_vpc_instances.id_instances.instance_list[*].subnet_ids
+}
+`