fix wording + handle 403 + first cassette

Author: Mia-Cross

docs/resources/vpc_gateway_network.md

@@ -113,7 +113,7 @@ In addition to all arguments above, the following attributes are exported:
 - `created_at` - The date and time of the creation of the GatewayNetwork.
 - `updated_at` - The date and time of the last update of the GatewayNetwork.
 - `status` - The status of the Public Gateway's connection to the Private Network.
-- `private_ip` - The list of private IPv4 addresses associated with the resource.
+- `private_ip` - The private IPv4 address associated with the resource.
     - `id` - The ID of the IPv4 address resource.
     - `address` - The private IPv4 address.
 

internal/services/vpcgw/helpers.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"time"
 
+	"github.com/hashicorp/go-cty/cty"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	ipamAPI "github.com/scaleway/scaleway-sdk-go/api/ipam/v1"
@@ -225,10 +226,10 @@ func readVPCGWResourceDataV2(d *schema.ResourceData, gw *v2.Gateway) diag.Diagno
 }
 
 // readVPCGWNetworkResourceDataV1 sets the resource data using a v1 gateway network
-func readVPCGWNetworkResourceDataV1(d *schema.ResourceData, gatewayNetwork *vpcgw.GatewayNetwork) diag.Diagnostics {
+func readVPCGWNetworkResourceDataV1(d *schema.ResourceData, gatewayNetwork *vpcgw.GatewayNetwork, diags diag.Diagnostics) diag.Diagnostics {
 	fetchRegion, err := gatewayNetwork.Zone.Region()
 	if err != nil {
-		return diag.FromErr(err)
+		return append(diags, diag.FromErr(err)...)
 	}
 
 	_ = d.Set("private_network_id", regional.NewIDString(fetchRegion, gatewayNetwork.PrivateNetworkID))
@@ -267,10 +268,10 @@ func readVPCGWNetworkResourceDataV1(d *schema.ResourceData, gatewayNetwork *vpcg
 }
 
 // readVPCGWNetworkResourceDataV2 sets the resource data using a v1 gateway network
-func readVPCGWNetworkResourceDataV2(d *schema.ResourceData, gatewayNetwork *v2.GatewayNetwork) diag.Diagnostics {
+func readVPCGWNetworkResourceDataV2(d *schema.ResourceData, gatewayNetwork *v2.GatewayNetwork, diags diag.Diagnostics) diag.Diagnostics {
 	fetchRegion, err := gatewayNetwork.Zone.Region()
 	if err != nil {
-		return diag.FromErr(err)
+		return append(diags, diag.FromErr(err)...)
 	}
 
 	_ = d.Set("private_network_id", regional.NewIDString(fetchRegion, gatewayNetwork.PrivateNetworkID))
@@ -303,14 +304,14 @@ func readVPCGWNetworkResourceDataV2(d *schema.ResourceData, gatewayNetwork *v2.G
 	return nil
 }
 
-func getPrivateIPsV1(ctx context.Context, gn *vpcgw.GatewayNetwork, m interface{}) interface{} {
+func getPrivateIPsV1(ctx context.Context, gn *vpcgw.GatewayNetwork, m interface{}) (interface{}, diag.Diagnostics) {
 	var privateIPs []map[string]interface{}
 
 	resourceID := gn.ID
 
 	region, err := gn.Zone.Region()
 	if err != nil {
-		return diag.FromErr(err)
+		return nil, diag.FromErr(err)
 	}
 
 	resourceType := ipamAPI.ResourceTypeVpcGatewayNetwork
@@ -322,20 +323,29 @@ func getPrivateIPsV1(ctx context.Context, gn *vpcgw.GatewayNetwork, m interface{
 
 	privateIPs, err = ipam.GetResourcePrivateIPs(ctx, m, region, opts)
 	if err != nil {
-		return diag.FromErr(err)
+		if !httperrors.Is403(err) {
+			return nil, diag.FromErr(err)
+		}
+
+		return nil, diag.Diagnostics{diag.Diagnostic{
+			Severity:      diag.Warning,
+			Summary:       err.Error(),
+			Detail:        "Got 403 while reading private IPs from IPAM API, please check your IAM permissions",
+			AttributePath: cty.GetAttrPath("private_ips"),
+		}}
 	}
 
-	return privateIPs
+	return privateIPs, nil
 }
 
-func getPrivateIPsV2(ctx context.Context, gn *v2.GatewayNetwork, m interface{}) interface{} {
+func getPrivateIPsV2(ctx context.Context, gn *v2.GatewayNetwork, m interface{}) (interface{}, diag.Diagnostics) {
 	var privateIPs []map[string]interface{}
 
 	resourceID := gn.ID
 
 	region, err := gn.Zone.Region()
 	if err != nil {
-		return diag.FromErr(err)
+		return nil, diag.FromErr(err)
 	}
 
 	resourceType := ipamAPI.ResourceTypeVpcGatewayNetwork
@@ -347,10 +357,19 @@ func getPrivateIPsV2(ctx context.Context, gn *v2.GatewayNetwork, m interface{})
 
 	privateIPs, err = ipam.GetResourcePrivateIPs(ctx, m, region, opts)
 	if err != nil {
-		return diag.FromErr(err)
+		if !httperrors.Is403(err) {
+			return nil, diag.FromErr(err)
+		}
+
+		return nil, diag.Diagnostics{diag.Diagnostic{
+			Severity:      diag.Warning,
+			Summary:       err.Error(),
+			Detail:        "Got 403 while reading private IPs from IPAM API, please check your IAM permissions",
+			AttributePath: cty.GetAttrPath("private_ips"),
+		}}
 	}
 
-	return privateIPs
+	return privateIPs, nil
 }
 
 // updateGatewayV1 performs the update of the public gateway using the v1 API

internal/services/vpcgw/network.go

@@ -125,10 +125,10 @@ func ResourceNetwork() *schema.Resource {
 				Computed:    true,
 				Description: "The mac address on this network",
 			},
-			"private_ips": {
+			"private_ip": {
 				Type:        schema.TypeList,
 				Computed:    true,
-				Description: "List of private IPv4 addresses associated with the resource.",
+				Description: "The private IPv4 address associated with the resource.",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"id": {
@@ -226,6 +226,8 @@ func ResourceVPCGatewayNetworkRead(ctx context.Context, d *schema.ResourceData,
 		return diag.FromErr(err)
 	}
 
+	var diags diag.Diagnostics
+
 	gatewayNetwork, err := waitForVPCGatewayNetworkV2(ctx, api, zone, ID, d.Timeout(schema.TimeoutRead))
 	if err != nil {
 		if httperrors.Is412(err) {
@@ -238,10 +240,15 @@ func ResourceVPCGatewayNetworkRead(ctx context.Context, d *schema.ResourceData,
 			}
 
 			if gatewayNetwork.PrivateNetworkID != "" {
-				_ = d.Set("private_ips", getPrivateIPsV1(ctx, gatewayV1, m))
+				privateIPs, diags := getPrivateIPsV1(ctx, gatewayV1, m)
+				if diags != nil && len(diags) > 0 && diags[0].Severity == diag.Error {
+					return diags
+				}
+
+				_ = d.Set("private_ip", privateIPs)
 			}
 
-			return readVPCGWNetworkResourceDataV1(d, gatewayV1)
+			return readVPCGWNetworkResourceDataV1(d, gatewayV1, diags)
 		} else if httperrors.Is404(err) {
 			d.SetId("")
 
@@ -252,10 +259,15 @@ func ResourceVPCGatewayNetworkRead(ctx context.Context, d *schema.ResourceData,
 	}
 
 	if gatewayNetwork.PrivateNetworkID != "" {
-		_ = d.Set("private_ips", getPrivateIPsV2(ctx, gatewayNetwork, m))
+		privateIPs, diags := getPrivateIPsV2(ctx, gatewayNetwork, m)
+		if diags != nil && len(diags) > 0 && diags[0].Severity == diag.Error {
+			return diags
+		}
+
+		_ = d.Set("private_ip", privateIPs)
 	}
 
-	return readVPCGWNetworkResourceDataV2(d, gatewayNetwork)
+	return readVPCGWNetworkResourceDataV2(d, gatewayNetwork, diags)
 }
 
 func ResourceVPCGatewayNetworkUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {

internal/services/vpcgw/network_test.go

@@ -64,8 +64,8 @@ func TestAccVPCGatewayNetwork_WithIPAMConfig(t *testing.T) {
 					resource.TestCheckResourceAttr("scaleway_vpc_gateway_network.main", "ipam_config.0.push_default_route", "true"),
 					resource.TestCheckResourceAttrSet("scaleway_vpc_gateway_network.main", "ipam_config.0.ipam_ip_id"),
 					resource.TestCheckResourceAttr("scaleway_vpc_gateway_network.main", "enable_masquerade", "true"),
-					resource.TestCheckResourceAttrSet("scaleway_vpc_gateway_network.main", "private_ips.0.id"),
-					resource.TestCheckResourceAttrSet("scaleway_vpc_gateway_network.main", "private_ips.0.address"),
+					resource.TestCheckResourceAttrSet("scaleway_vpc_gateway_network.main", "private_ip.0.id"),
+					resource.TestCheckResourceAttrSet("scaleway_vpc_gateway_network.main", "private_ip.0.address"),
 				),
 			},
 			{