feat(vpn-gateway-as-spoke) - Add support for VPN Gateway as spoke of Transit Gateway

Author: keerthi-gp

go.mod

@@ -38,7 +38,7 @@ require (
 	github.com/IBM/secrets-manager-go-sdk/v2 v2.0.15
 	github.com/IBM/vmware-go-sdk v0.1.5
 	github.com/IBM/vpc-beta-go-sdk v0.8.0
-	github.com/IBM/vpc-go-sdk v0.74.1
+	github.com/IBM/vpc-go-sdk v0.75.0
 	github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v5 v5.0.0

go.sum

@@ -170,6 +170,8 @@ github.com/IBM/vpc-beta-go-sdk v0.8.0 h1:cEPpv4iw3Ba5W2d0AWg3TIbKeJ8y1nPuUuibR5J
 github.com/IBM/vpc-beta-go-sdk v0.8.0/go.mod h1:hORgIyTFRzXrZIK9IohaWmCRBBlYiDRagsufi7M6akE=
 github.com/IBM/vpc-go-sdk v0.74.1 h1:qkWwdlILx3ZVNWht96CdlPKwhKL/y3ItN6XmwJ1rShM=
 github.com/IBM/vpc-go-sdk v0.74.1/go.mod h1:8lX6TpeYBbx1Vd4KTgM3PPQ4y3auGOPuD6qq3UBDdug=
+github.com/IBM/vpc-go-sdk v0.75.0 h1:8s11vR30n0eY9ptf6Osh9Bw13okhMVasb/KX9M52LEg=
+github.com/IBM/vpc-go-sdk v0.75.0/go.mod h1:8lX6TpeYBbx1Vd4KTgM3PPQ4y3auGOPuD6qq3UBDdug=
 github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56 h1:vuquMR410psHNax14XKNWa0Ae/kYgWJcXi0IFuX60N0=
 github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56/go.mod h1:Zb3OT4l0mf7P/GOs2w2Ilj5sdm5Whoq3pa24dAEBHFc=
 github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=

ibm/provider/provider.go

@@ -650,6 +650,9 @@ func Provider() *schema.Provider {
 
 			"ibm_is_vpn_gateway_connection_local_cidrs": vpc.DataSourceIBMIsVPNGatewayConnectionLocalCidrs(),
 			"ibm_is_vpn_gateway_connection_peer_cidrs":  vpc.DataSourceIBMIsVPNGatewayConnectionPeerCidrs(),
+			"ibm_is_vpn_gateway_advertised_cidrs":       vpc.DataSourceIBMIsVPNGatewayAdvertisedCidrs(),
+			"ibm_is_vpn_gateway_service_connection":     vpc.DataSourceIBMIsVPNGatewayServiceConnection(),
+			"ibm_is_vpn_gateway_service_connections":    vpc.DataSourceIBMIsVPNGatewayServiceConnections(),
 
 			"ibm_is_vpc_default_routing_table":       vpc.DataSourceIBMISVPCDefaultRoutingTable(),
 			"ibm_is_vpc_routing_table":               vpc.DataSourceIBMIsVPCRoutingTable(),
@@ -1408,6 +1411,7 @@ func Provider() *schema.Provider {
 			"ibm_is_volume":                                vpc.ResourceIBMISVolume(),
 			"ibm_is_vpn_gateway":                           vpc.ResourceIBMISVPNGateway(),
 			"ibm_is_vpn_gateway_connection":                vpc.ResourceIBMISVPNGatewayConnection(),
+			"ibm_is_vpn_gateway_advertised_cidr":           vpc.ResourceIBMISVPNGatewayAdvertisedCidr(),
 			"ibm_is_vpc":                                   vpc.ResourceIBMISVPC(),
 			"ibm_is_vpc_address_prefix":                    vpc.ResourceIBMISVpcAddressPrefix(),
 			"ibm_is_vpc_dns_resolution_binding":            vpc.ResourceIBMIsVPCDnsResolutionBinding(),

ibm/service/vpc/data_source_ibm_is_lb.go

@@ -620,7 +620,6 @@ func lbGetByName(context context.Context, d *schema.ResourceData, meta interface
 						healthMonitorInfo[healthMonitorType] = *(poolHealthMonitor.Type)
 						pool[healthMonitor] = healthMonitorInfo
 					}
-
 					if p.SessionPersistence != nil {
 						sessionPersistenceInfo := make(map[string]interface{})
 						sessionPersistenceInfo[sessionType] = *p.SessionPersistence.Type

ibm/service/vpc/data_source_ibm_is_vpn_gateway.go

@@ -267,6 +267,20 @@ func DataSourceIBMISVPNGateway() *schema.Resource {
 				Computed:    true,
 				Description: "Route mode VPN gateway.",
 			},
+			isVPNGatewayLocalAsn: {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Description: "The local autonomous system number (ASN) for this VPN gateway and its connections.",
+			},
+
+			isVPNGatewayAdvertisedCidrs: {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "The additional CIDRs advertised through any enabled routing protocol (for example, BGP). The routing protocol will advertise routes with these CIDRs and VPC prefixes as route destinations.",
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
 			"vpc": {
 				Type:        schema.TypeList,
 				Computed:    true,
@@ -445,6 +459,16 @@ func dataSourceIBMIsVPNGatewayRead(context context.Context, d *schema.ResourceDa
 	if err = d.Set("mode", vpnGateway.Mode); err != nil {
 		return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("Error setting mode: %s", err), "(Data) ibm_is_vpn_gateway", "read", "set-mode").GetDiag()
 	}
+	if vpnGateway.AdvertisedCIDRs != nil {
+		if err = d.Set("advertised_cidrs", vpnGateway.AdvertisedCIDRs); err != nil {
+			return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("Error setting advertised_cidrs: %s", err), "(Data) ibm_is_vpn_gateway", "read", "set-advertised_cidrs").GetDiag()
+		}
+	}
+	if vpnGateway.LocalAsn != nil {
+		if err = d.Set("local_asn", vpnGateway.LocalAsn); err != nil {
+			return flex.DiscriminatedTerraformErrorf(err, fmt.Sprintf("Error setting local_asn: %s", err), "(Data) ibm_is_vpn_gateway", "read", "set-local_asn").GetDiag()
+		}
+	}
 	if vpnGateway.VPC != nil {
 		err = d.Set("vpc", dataSourceVPNGatewayFlattenVPC(vpnGateway.VPC))
 		if err != nil {

ibm/service/vpc/data_source_ibm_is_vpn_gateway_advertised_cidrs.go

@@ -0,0 +1,112 @@
+// Copyright IBM Corp. 2024 All Rights Reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package vpc
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex"
+	"github.com/IBM/vpc-go-sdk/vpcv1"
+)
+
+func DataSourceIBMIsVPNGatewayAdvertisedCidrs() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: dataSourceIBMIsVPNGatewayAdvertisedCidrsRead,
+
+		Schema: map[string]*schema.Schema{
+			"vpn_gateway": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ExactlyOneOf: []string{"vpn_gateway_name", "vpn_gateway"},
+				Description:  "The VPN gateway identifier.",
+			},
+			"vpn_gateway_name": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ExactlyOneOf: []string{"vpn_gateway_name", "vpn_gateway"},
+				Description:  "The VPN gateway name.",
+			},
+			"advertised_cidrs": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "The additional CIDRs advertised through any enabled routing protocol (for example, BGP). The routing protocol will advertise routes with these CIDRs and VPC prefixes as route destinations.",
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+		},
+	}
+}
+
+func dataSourceIBMIsVPNGatewayAdvertisedCidrsRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	vpcClient, err := meta.(conns.ClientSession).VpcV1API()
+	if err != nil {
+		tfErr := flex.TerraformErrorf(err, fmt.Sprintf("vpcClient creation failed: %s", err.Error()), "(Data) ibm_is_vpn_gateway_advertised_cidrs", "read")
+		log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage())
+		return diag.FromErr(tfErr)
+	}
+	vpn_gateway_id := d.Get("vpn_gateway").(string)
+	vpn_gateway_name := d.Get("vpn_gateway_name").(string)
+
+	if vpn_gateway_name != "" {
+		listvpnGWOptions := vpcClient.NewListVPNGatewaysOptions()
+
+		start := ""
+		allrecs := []vpcv1.VPNGatewayIntf{}
+		for {
+			if start != "" {
+				listvpnGWOptions.Start = &start
+			}
+			availableVPNGateways, detail, err := vpcClient.ListVPNGatewaysWithContext(context, listvpnGWOptions)
+			if err != nil || availableVPNGateways == nil {
+				if err != nil {
+					tfErr := flex.TerraformErrorf(err, fmt.Sprintf("Error reading list of VPN Gateways:%s\n%s", err, detail), "(Data) ibm_is_vpn_gateway_advertised_cidrs", "read")
+					log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage())
+					return diag.FromErr(tfErr)
+				}
+			}
+			start = flex.GetNext(availableVPNGateways.Next)
+			allrecs = append(allrecs, availableVPNGateways.VPNGateways...)
+			if start == "" {
+				break
+			}
+		}
+		vpn_gateway_found := false
+		for _, vpnGatewayIntfItem := range allrecs {
+			if *vpnGatewayIntfItem.(*vpcv1.VPNGateway).Name == vpn_gateway_name {
+				vpnGateway := vpnGatewayIntfItem.(*vpcv1.VPNGateway)
+				vpn_gateway_id = *vpnGateway.ID
+				vpn_gateway_found = true
+				break
+			}
+		}
+		if !vpn_gateway_found {
+			tfErr := flex.TerraformErrorf(err, fmt.Sprintf("No vpn gateway found with given name %s", vpn_gateway_name), "(Data) ibm_is_vpn_gateway_advertised_cidrs", "read")
+			log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage())
+			return diag.FromErr(tfErr)
+		}
+	}
+
+	listVPNGatewayAdvertisedCIDRsOptions := &vpcv1.ListVPNGatewayAdvertisedCIDRsOptions{}
+
+	listVPNGatewayAdvertisedCIDRsOptions.SetVPNGatewayID(vpn_gateway_id)
+
+	vpnGatewayAdvertisedCidRs, response, err := vpcClient.ListVPNGatewayAdvertisedCIDRsWithContext(context, listVPNGatewayAdvertisedCIDRsOptions)
+	if err != nil {
+		tfErr := flex.TerraformErrorf(err, fmt.Sprintf("ListVPNGatewayAdvertisedCIDRsWithContext failed %s\n%s", err, response), "(Data) ibm_is_vpn_gateway_advertised_cidrs", "read")
+		log.Printf("[DEBUG]\n%s", tfErr.GetDebugMessage())
+		return diag.FromErr(tfErr)
+	}
+	d.SetId(time.Now().UTC().String())
+	d.Set("advertised_cidrs", vpnGatewayAdvertisedCidRs.AdvertisedCIDRs)
+
+	return nil
+}

ibm/service/vpc/data_source_ibm_is_vpn_gateway_advertised_cidrs_test.go

@@ -0,0 +1,121 @@
+// Copyright IBM Corp. 2024 All Rights Reserved.
+// Licensed under the Mozilla Public License v2.0
+
+package vpc_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest"
+)
+
+func TestAccIBMIsVPNGatewayAdvertisedCidrsDataSourceBasic(t *testing.T) {
+	vpcname := fmt.Sprintf("tfvpnuat-vpc-%d", acctest.RandIntRange(100, 200))
+	subnetname := fmt.Sprintf("tfvpnuat-subnet-%d", acctest.RandIntRange(100, 200))
+	vpngwname := fmt.Sprintf("tfvpnuat-vpngw-%d", acctest.RandIntRange(100, 200))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheck(t) },
+		Providers: acc.TestAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMIsVPNGatewayAdvertisedCidrsDataSourceConfigBasic(vpcname, subnetname, vpngwname),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_advertised_cidrs.is_vpn_gateway_advertised_cidrs", "advertised_cidrs.#"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccIBMIsVPNGatewayAdvertisedCidrsVPNGatewayNameDataSourceBasic(t *testing.T) {
+	vpcname := fmt.Sprintf("tfvpnuat-vpc-%d", acctest.RandIntRange(100, 200))
+	subnetname := fmt.Sprintf("tfvpnuat-subnet-%d", acctest.RandIntRange(100, 200))
+	vpngwname := fmt.Sprintf("tfvpnuat-vpngw-%d", acctest.RandIntRange(100, 200))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { acc.TestAccPreCheck(t) },
+		Providers: acc.TestAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMIsVPNGatewayAdvertisedCidrsWithVPNGatewayNameDataSourceConfigBasic(vpcname, subnetname, vpngwname),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.ibm_is_vpn_gateway_advertised_cidrs.is_vpn_gateway_advertised_cidrs", "advertised_cidrs.#"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckIBMIsVPNGatewayAdvertisedCidrsDataSourceConfigBasic(vpc, subnet, vpngwname string) string {
+	return fmt.Sprintf(`
+	resource "ibm_is_vpc" "example" {
+		name = "%s"
+	  }
+	  resource "ibm_is_subnet" "example" {
+		name            = "%s"
+		vpc             = ibm_is_vpc.example.id
+		zone            = "%s"
+		ipv4_cidr_block = "%s"
+	  
+	  }
+
+	  resource "ibm_is_vpn_gateway" "example" {
+		name   = "%s"
+		subnet = ibm_is_subnet.example.id
+		mode   = "route"
+		local_asn = 64520
+		lifecycle {
+			ignore_changes = [
+				advertised_cidrs
+			]
+  		}
+	  }
+
+	  resource "ibm_is_vpn_gateway_advertised_cidr" "example" {
+		vpn_gateway = ibm_is_vpn_gateway.example.id
+		cidr        = "10.45.0.0/25"
+	  }
+	  data "ibm_is_vpn_gateway_advertised_cidrs" "is_vpn_gateway_advertised_cidrs" {
+	  	depends_on = [resource.ibm_is_vpn_gateway_advertised_cidr.example]
+		vpn_gateway = ibm_is_vpn_gateway.example.id
+	  }
+	`, vpc, subnet, acc.ISZoneName, acc.ISCIDR, vpngwname)
+}
+
+func testAccCheckIBMIsVPNGatewayAdvertisedCidrsWithVPNGatewayNameDataSourceConfigBasic(vpc, subnet, vpngwname string) string {
+	return fmt.Sprintf(`
+	  resource "ibm_is_vpc" "example" {
+		 name = "%s"
+	  }
+	  resource "ibm_is_subnet" "example" {
+		name            = "%s"
+		vpc             = ibm_is_vpc.example.id
+		zone            = "%s"
+		ipv4_cidr_block = "%s"
+	  
+	  }
+	  resource "ibm_is_vpn_gateway" "example" {
+		name   = "%s"
+		subnet = ibm_is_subnet.example.id
+		mode   = "route"
+		lifecycle {
+			ignore_changes = [
+				advertised_cidrs
+			]
+  		}
+	  }
+	  resource "ibm_is_vpn_gateway_advertised_cidr" "example" {
+		vpn_gateway = ibm_is_vpn_gateway.example.id
+		cidr        = "10.45.0.0/25"
+	  }
+	  data "ibm_is_vpn_gateway_advertised_cidrs" "is_vpn_gateway_advertised_cidrs" {
+	  	depends_on = [resource.ibm_is_vpn_gateway_advertised_cidr.example]
+		vpn_gateway_name = ibm_is_vpn_gateway.example.name
+	  }
+	`, vpc, subnet, acc.ISZoneName, acc.ISCIDR, vpngwname)
+}