291 lines
7.4 KiB
Go
291 lines
7.4 KiB
Go
package vcd
|
|
|
|
import (
|
|
"fmt"
|
|
"github.com/hashicorp/terraform/helper/resource"
|
|
"github.com/hashicorp/terraform/helper/schema"
|
|
types "github.com/ukcloud/govcloudair/types/v56"
|
|
"log"
|
|
)
|
|
|
|
func resourceVcdEdgeGatewayVpn() *schema.Resource {
|
|
return &schema.Resource{
|
|
Create: resourceVcdEdgeGatewayVpnCreate,
|
|
Read: resourceVcdEdgeGatewayVpnRead,
|
|
Delete: resourceVcdEdgeGatewayVpnDelete,
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
"edge_gateway": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
ForceNew: true,
|
|
},
|
|
|
|
"name": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
ForceNew: true,
|
|
},
|
|
|
|
"description": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Optional: true,
|
|
ForceNew: true,
|
|
},
|
|
|
|
"encryption_protocol": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
ForceNew: true,
|
|
},
|
|
|
|
"local_ip_address": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
ForceNew: true,
|
|
},
|
|
|
|
"local_id": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
ForceNew: true,
|
|
},
|
|
|
|
"mtu": &schema.Schema{
|
|
Type: schema.TypeInt,
|
|
Required: true,
|
|
ForceNew: true,
|
|
},
|
|
|
|
"peer_ip_address": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
ForceNew: true,
|
|
},
|
|
|
|
"peer_id": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
ForceNew: true,
|
|
},
|
|
|
|
"shared_secret": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
ForceNew: true,
|
|
},
|
|
|
|
"local_subnets": &schema.Schema{
|
|
Type: schema.TypeSet,
|
|
Optional: true,
|
|
ForceNew: true,
|
|
Elem: &schema.Resource{
|
|
Schema: map[string]*schema.Schema{
|
|
"local_subnet_name": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
},
|
|
|
|
"local_subnet_gateway": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
},
|
|
|
|
"local_subnet_mask": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
|
|
"peer_subnets": &schema.Schema{
|
|
Type: schema.TypeSet,
|
|
Optional: true,
|
|
ForceNew: true,
|
|
Elem: &schema.Resource{
|
|
Schema: map[string]*schema.Schema{
|
|
"peer_subnet_name": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
},
|
|
|
|
"peer_subnet_gateway": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
},
|
|
|
|
"peer_subnet_mask": &schema.Schema{
|
|
Type: schema.TypeString,
|
|
Required: true,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func resourceVcdEdgeGatewayVpnCreate(d *schema.ResourceData, meta interface{}) error {
|
|
vcdClient := meta.(*VCDClient)
|
|
log.Printf("[TRACE] CLIENT: %#v", vcdClient)
|
|
vcdClient.Mutex.Lock()
|
|
defer vcdClient.Mutex.Unlock()
|
|
|
|
edgeGateway, err := vcdClient.OrgVdc.FindEdgeGateway(d.Get("edge_gateway").(string))
|
|
|
|
localSubnetsList := d.Get("local_subnets").(*schema.Set).List()
|
|
peerSubnetsList := d.Get("peer_subnets").(*schema.Set).List()
|
|
|
|
localSubnets := make([]*types.IpsecVpnSubnet, len(localSubnetsList))
|
|
peerSubnets := make([]*types.IpsecVpnSubnet, len(peerSubnetsList))
|
|
|
|
for i, s := range localSubnetsList {
|
|
ls := s.(map[string]interface{})
|
|
localSubnets[i] = &types.IpsecVpnSubnet{
|
|
Name: ls["local_subnet_name"].(string),
|
|
Gateway: ls["local_subnet_gateway"].(string),
|
|
Netmask: ls["local_subnet_mask"].(string),
|
|
}
|
|
}
|
|
|
|
for i, s := range peerSubnetsList {
|
|
ls := s.(map[string]interface{})
|
|
peerSubnets[i] = &types.IpsecVpnSubnet{
|
|
Name: ls["peer_subnet_name"].(string),
|
|
Gateway: ls["peer_subnet_gateway"].(string),
|
|
Netmask: ls["peer_subnet_mask"].(string),
|
|
}
|
|
}
|
|
|
|
tunnel := &types.GatewayIpsecVpnTunnel{
|
|
Name: d.Get("name").(string),
|
|
Description: d.Get("description").(string),
|
|
IpsecVpnLocalPeer: &types.IpsecVpnLocalPeer{
|
|
ID: "",
|
|
Name: "",
|
|
},
|
|
EncryptionProtocol: d.Get("encryption_protocol").(string),
|
|
LocalIPAddress: d.Get("local_ip_address").(string),
|
|
LocalID: d.Get("local_id").(string),
|
|
LocalSubnet: localSubnets,
|
|
Mtu: d.Get("mtu").(int),
|
|
PeerID: d.Get("peer_id").(string),
|
|
PeerIPAddress: d.Get("peer_ip_address").(string),
|
|
PeerSubnet: peerSubnets,
|
|
SharedSecret: d.Get("shared_secret").(string),
|
|
IsEnabled: true,
|
|
}
|
|
|
|
tunnels := make([]*types.GatewayIpsecVpnTunnel, 1)
|
|
tunnels[0] = tunnel
|
|
|
|
ipsecVPNConfig := &types.EdgeGatewayServiceConfiguration{
|
|
Xmlns: "http://www.vmware.com/vcloud/v1.5",
|
|
GatewayIpsecVpnService: &types.GatewayIpsecVpnService{
|
|
IsEnabled: true,
|
|
Tunnel: tunnels,
|
|
},
|
|
}
|
|
|
|
log.Printf("[INFO] ipsecVPNConfig: %#v", ipsecVPNConfig)
|
|
|
|
err = retryCall(vcdClient.MaxRetryTimeout, func() *resource.RetryError {
|
|
edgeGateway.Refresh()
|
|
task, err := edgeGateway.AddIpsecVPN(ipsecVPNConfig)
|
|
if err != nil {
|
|
log.Printf("[INFO] Error setting ipsecVPNConfig rules: %s", err)
|
|
return resource.RetryableError(
|
|
fmt.Errorf("Error setting ipsecVPNConfig rules: %#v", err))
|
|
}
|
|
|
|
return resource.RetryableError(task.WaitTaskCompletion())
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("Error completing tasks: %#v", err)
|
|
}
|
|
|
|
d.SetId(d.Get("edge_gateway").(string))
|
|
|
|
return resourceVcdEdgeGatewayVpnRead(d, meta)
|
|
}
|
|
|
|
func resourceVcdEdgeGatewayVpnDelete(d *schema.ResourceData, meta interface{}) error {
|
|
vcdClient := meta.(*VCDClient)
|
|
|
|
log.Printf("[TRACE] CLIENT: %#v", vcdClient)
|
|
|
|
vcdClient.Mutex.Lock()
|
|
defer vcdClient.Mutex.Unlock()
|
|
|
|
edgeGateway, err := vcdClient.OrgVdc.FindEdgeGateway(d.Get("edge_gateway").(string))
|
|
|
|
ipsecVPNConfig := &types.EdgeGatewayServiceConfiguration{
|
|
Xmlns: "http://www.vmware.com/vcloud/v1.5",
|
|
GatewayIpsecVpnService: &types.GatewayIpsecVpnService{
|
|
IsEnabled: false,
|
|
},
|
|
}
|
|
|
|
log.Printf("[INFO] ipsecVPNConfig: %#v", ipsecVPNConfig)
|
|
|
|
err = retryCall(vcdClient.MaxRetryTimeout, func() *resource.RetryError {
|
|
edgeGateway.Refresh()
|
|
task, err := edgeGateway.AddIpsecVPN(ipsecVPNConfig)
|
|
if err != nil {
|
|
log.Printf("[INFO] Error setting ipsecVPNConfig rules: %s", err)
|
|
return resource.RetryableError(
|
|
fmt.Errorf("Error setting ipsecVPNConfig rules: %#v", err))
|
|
}
|
|
|
|
return resource.RetryableError(task.WaitTaskCompletion())
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("Error completing tasks: %#v", err)
|
|
}
|
|
|
|
d.SetId(d.Get("edge_gateway").(string))
|
|
|
|
if err != nil {
|
|
return fmt.Errorf("Error finding edge gateway: %#v", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func resourceVcdEdgeGatewayVpnRead(d *schema.ResourceData, meta interface{}) error {
|
|
vcdClient := meta.(*VCDClient)
|
|
|
|
edgeGateway, err := vcdClient.OrgVdc.FindEdgeGateway(d.Get("edge_gateway").(string))
|
|
if err != nil {
|
|
return fmt.Errorf("Error finding edge gateway: %#v", err)
|
|
}
|
|
|
|
egsc := edgeGateway.EdgeGateway.Configuration.EdgeGatewayServiceConfiguration.GatewayIpsecVpnService
|
|
|
|
if len(egsc.Tunnel) == 0 {
|
|
d.SetId("")
|
|
return nil
|
|
}
|
|
|
|
if len(egsc.Tunnel) == 1 {
|
|
tunnel := egsc.Tunnel[0]
|
|
d.Set("name", tunnel.Name)
|
|
d.Set("description", tunnel.Description)
|
|
d.Set("encryption_protocol", tunnel.EncryptionProtocol)
|
|
d.Set("local_ip_address", tunnel.LocalIPAddress)
|
|
d.Set("local_id", tunnel.LocalID)
|
|
d.Set("mtu", tunnel.Mtu)
|
|
d.Set("peer_ip_address", tunnel.PeerIPAddress)
|
|
d.Set("peer_id", tunnel.PeerID)
|
|
d.Set("shared_secret", tunnel.SharedSecret)
|
|
d.Set("local_subnets", tunnel.LocalSubnet)
|
|
d.Set("peer_subnets", tunnel.PeerSubnet)
|
|
} else {
|
|
return fmt.Errorf("Multiple tunnels not currently supported")
|
|
}
|
|
|
|
return nil
|
|
}
|