Added support for tags in is_vpn_server resource (IBM-Cloud#6295)

Co-authored-by: SunithaGudisagar <[email protected]>

Author: uibm

ibm/service/vpc/resource_ibm_is_vpn_server.go

@@ -7,6 +7,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"os"
 	"time"
 
 	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
@@ -373,6 +374,14 @@ func ResourceIBMIsVPNServer() *schema.Resource {
 				Set:         flex.ResourceIBMVPCHash,
 				Description: "List of access management tags",
 			},
+			"tags": {
+				Type:        schema.TypeSet,
+				Optional:    true,
+				Computed:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString, ValidateFunc: validate.InvokeValidator("ibm_is_vpn_server", "tags")},
+				Set:         flex.ResourceIBMVPCHash,
+				Description: "VPN server user tags list",
+			},
 		},
 	}
 }
@@ -426,6 +435,15 @@ func ResourceIBMIsVPNServerValidator() *validate.ResourceValidator {
 			Required:                   true,
 			AllowedValues:              "certificate , username",
 		},
+		validate.ValidateSchema{
+			Identifier:                 "tags",
+			ValidateFunctionIdentifier: validate.ValidateRegexpLen,
+			Type:                       validate.TypeString,
+			Optional:                   true,
+			Regexp:                     `^[A-Za-z0-9:_ .-]+$`,
+			MinValueLength:             1,
+			MaxValueLength:             128,
+		},
 		validate.ValidateSchema{
 			Identifier:                 "accesstag",
 			ValidateFunctionIdentifier: validate.ValidateRegexpLen,
@@ -568,12 +586,22 @@ func resourceIBMIsVPNServerCreate(context context.Context, d *schema.ResourceDat
 		return flex.DiscriminatedTerraformErrorf(err, err.Error(), "isWaitForVPNServerStable", "create", "wait-for-stable-vpnserver").GetDiag()
 	}
 
+	v := os.Getenv("IC_ENV_TAGS")
+	if _, ok := d.GetOk("tags"); ok || v != "" {
+		oldList, newList := d.GetChange("tags")
+		err = flex.UpdateGlobalTagsUsingCRN(oldList, newList, meta, *vpnServer.CRN, "", "user")
+		if err != nil {
+			log.Printf(
+				"Error on create of resource vpc VPN server (%s) tags: %s", d.Id(), err)
+		}
+	}
+
 	if _, ok := d.GetOk(isVPNServerAccessTags); ok {
 		oldList, newList := d.GetChange(isVPNServerAccessTags)
 		err = flex.UpdateGlobalTagsUsingCRN(oldList, newList, meta, *vpnServer.CRN, "", isVPNServerAccessTagType)
 		if err != nil {
 			log.Printf(
-				"Error on create of resource vpc (%s) access tags: %s", d.Id(), err)
+				"Error on create of resource vpc VPN server (%s) access tags: %s", d.Id(), err)
 		}
 	}
 
@@ -773,6 +801,16 @@ func resourceIBMIsVPNServerRead(context context.Context, d *schema.ResourceData,
 		return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_vpn_server", "read", "set-resource_type").GetDiag()
 	}
 
+	tags, err := flex.GetGlobalTagsUsingCRN(meta, *vpnServer.CRN, "", isUserTagType)
+	if err != nil {
+		log.Printf(
+			"Error on get of resource vpc VPN server (%s) tags: %s", d.Id(), err)
+	}
+	if err = d.Set("tags", tags); err != nil {
+		err = fmt.Errorf("Error setting tags: %s", err)
+		return flex.DiscriminatedTerraformErrorf(err, err.Error(), "ibm_is_vpn_server", "read", "set-tags").GetDiag()
+	}
+
 	accesstags, err := flex.GetGlobalTagsUsingCRN(meta, *vpnServer.CRN, "", isVPNServerAccessTagType)
 	if err != nil {
 		log.Printf(
@@ -947,6 +985,15 @@ func resourceIBMIsVPNServerUpdate(context context.Context, d *schema.ResourceDat
 	}
 	eTag := response.Headers.Get("ETag") // Getting Etag from the response headers.
 
+	if d.HasChange("tags") {
+		oldList, newList := d.GetChange("tags")
+		err = flex.UpdateGlobalTagsUsingCRN(oldList, newList, meta, *vpnServer.CRN, "", isUserTagType)
+		if err != nil {
+			log.Printf(
+				"Error on update of resource vpc Vpn Server (%s) tags: %s", d.Id(), err)
+		}
+	}
+
 	if d.HasChange(isVPNServerAccessTags) {
 		oldList, newList := d.GetChange(isVPNServerAccessTags)
 		err = flex.UpdateGlobalTagsUsingCRN(oldList, newList, meta, *vpnServer.CRN, "", isVPNServerAccessTagType)

ibm/service/vpc/resource_ibm_is_vpn_server_test.go

@@ -101,6 +101,95 @@ func TestAccIBMIsVPNServerBasic(t *testing.T) {
 		},
 	})
 }
+func TestAccIBMIsVPNServerBasicTags(t *testing.T) {
+	var vpnserver string
+	if acc.ISCertificateCrn == "" {
+		fmt.Println("[ERROR] Set the environment variable IS_CERTIFICATE_CRN for testing ibm_is_vpn_server resource")
+	}
+
+	if acc.ISClientCaCrn == "" {
+		fmt.Println("[ERROR] Set the environment variable IS_CLIENT_CA_CRN for testing ibm_is_vpn_server resource")
+	}
+	isCertificateCrn := acc.ISCertificateCrn
+	isClientCaCrn := acc.ISClientCaCrn
+	clientIPPool := "10.5.0.0/21"
+	clientIdleTimeout := fmt.Sprintf("%d", acctest.RandIntRange(0, 28800))
+	enableSplitTunneling := "true"
+	nameVpc := fmt.Sprintf("test-vpc-tf-%d", acctest.RandIntRange(10, 100))
+	nameSubnet1 := fmt.Sprintf("test-subnet1-tf-%d", acctest.RandIntRange(10, 100))
+	name := fmt.Sprintf("tf-name%d", acctest.RandIntRange(10, 100))
+	port := fmt.Sprintf("%d", acctest.RandIntRange(1, 65535))
+	protocol := "udp"
+
+	clientIPPoolUpdate := "10.6.0.0/21"
+	clientIdleTimeoutUpdate := fmt.Sprintf("%d", acctest.RandIntRange(0, 28800))
+	enableSplitTunnelingUpdate := "false"
+	nameUpdate := fmt.Sprintf("tf-name%d", acctest.RandIntRange(10, 100))
+	portUpdate := fmt.Sprintf("%d", acctest.RandIntRange(1, 65535))
+	protocolUpdate := "tcp"
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { acc.TestAccPreCheck(t) },
+		Providers:    acc.TestAccProviders,
+		CheckDestroy: testAccCheckIBMIsVPNServerDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckIBMIsVPNServerConfigBasicTags(nameVpc, nameSubnet1, clientIPPool, clientIdleTimeout, enableSplitTunneling, name, port, protocol, isCertificateCrn, isClientCaCrn),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckIBMIsVPNServerExists("ibm_is_vpn_server.is_vpn_server", vpnserver),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "certificate_crn"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "client_authentication.0.method"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "client_auto_delete"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "client_auto_delete_timeout"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "client_dns_server_ips.#"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "created_at"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "crn"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "hostname"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "href"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "health_state"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "vpn_server"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "lifecycle_state"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "private_ips.0.address"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "private_ips.0.href"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "private_ips.0.id"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "private_ips.0.name"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "private_ips.0.resource_type"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "resource_group"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "security_groups.#"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "resource_type"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "subnets.#"),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "vpc.#"),
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "client_ip_pool", clientIPPool),
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "client_idle_timeout", clientIdleTimeout),
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "enable_split_tunneling", enableSplitTunneling),
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "name", name),
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "port", port),
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "protocol", protocol),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "tags.#"),
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "tags.#", "2"),
+				),
+			},
+			{
+				Config: testAccCheckIBMIsVPNServerConfigBasicTags(nameVpc, nameSubnet1, clientIPPoolUpdate, clientIdleTimeoutUpdate, enableSplitTunnelingUpdate, nameUpdate, portUpdate, protocolUpdate, isCertificateCrn, isClientCaCrn),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "client_ip_pool", clientIPPoolUpdate),
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "client_idle_timeout", clientIdleTimeoutUpdate),
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "enable_split_tunneling", enableSplitTunnelingUpdate),
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "name", nameUpdate),
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "port", portUpdate),
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "protocol", protocolUpdate),
+					resource.TestCheckResourceAttrSet("ibm_is_vpn_server.is_vpn_server", "tags.#"),
+					resource.TestCheckResourceAttr("ibm_is_vpn_server.is_vpn_server", "tags.#", "2"),
+				),
+			},
+			{
+				ResourceName:      "ibm_is_vpn_server.is_vpn_server",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
 
 func testAccCheckIBMIsVPNServerConfigBasic(nameVpc string, nameSubnet1 string, clientIPPool string, clientIdleTimeout string, enableSplitTunneling string, vpnServerName string, port string, protocol string, isCertificateCrn string, isClientCaCrn string) string {
 	return fmt.Sprintf(`
@@ -132,6 +221,37 @@ func testAccCheckIBMIsVPNServerConfigBasic(nameVpc string, nameSubnet1 string, c
 		}
 	`, nameVpc, nameSubnet1, isCertificateCrn, isClientCaCrn, clientIPPool, clientIdleTimeout, enableSplitTunneling, vpnServerName, port, protocol)
 }
+func testAccCheckIBMIsVPNServerConfigBasicTags(nameVpc string, nameSubnet1 string, clientIPPool string, clientIdleTimeout string, enableSplitTunneling string, vpnServerName string, port string, protocol string, isCertificateCrn string, isClientCaCrn string) string {
+	return fmt.Sprintf(`
+		resource "ibm_is_vpc" "testacc_vpc" {
+			name = "%s" 
+		}
+		
+		resource "ibm_is_subnet" "testacc_subnet-1" {
+			name = "%s"
+			vpc = ibm_is_vpc.testacc_vpc.id
+			zone = "us-south-1"
+			ipv4_cidr_block = "10.240.0.0/24"
+		}
+		
+		resource "ibm_is_vpn_server" "is_vpn_server" {
+			certificate_crn = "%s"
+			client_authentication {
+				method = "certificate"
+				client_ca_crn = "%s"
+			}
+			client_ip_pool = "%s"
+			subnets = [ibm_is_subnet.testacc_subnet-1.id]
+			client_dns_server_ips = ["192.168.3.4"]
+			client_idle_timeout = %s
+			enable_split_tunneling = %s
+			name = "%s"
+			port = %s
+			protocol = "%s"
+			tags = [ "test:tags", "test:tags2" ]
+		}
+	`, nameVpc, nameSubnet1, isCertificateCrn, isClientCaCrn, clientIPPool, clientIdleTimeout, enableSplitTunneling, vpnServerName, port, protocol)
+}
 
 func testAccCheckIBMIsVPNServerExists(n string, obj string) resource.TestCheckFunc {
 

website/docs/r/is_vpn_server.html.markdown

@@ -78,6 +78,7 @@ Review the argument references that you can specify for your resource.
 - `resource_group` - (Optional, Forces new resource, String) The resource group (id), where the VPN gateway to be created.
 - `security_groups` - (Optional, List) The security groups `ID` to use for this VPN server. If unspecified, the VPC's default security group is used.
 - `subnets` - (Required, List) Comma-separated IDs of the subnets to provision this VPN server in.  Use subnets in different zones for high availability. User can also upgrade or downgrade the VPN server to high availability or standalone by adding/remove the subnets.
+- `tags`- (Optional, Array of Strings) A list of user tags that you want to add to your VPN server. (https://cloud.ibm.com/apidocs/tagging#types-of-tags)
 
 ## Attribute Reference