add vpngw ssl client (#897)

Author: hellertang

tencentcloud/provider.go

@@ -576,6 +576,7 @@ VPN
     tencentcloud_vpn_gateway_route
     tencentcloud_vpn_connection
 	tencentcloud_vpn_ssl_server
+	tencentcloud_vpn_ssl_client
 
 EMR
   Data Source
@@ -919,6 +920,7 @@ func Provider() terraform.ResourceProvider {
 			"tencentcloud_vpn_gateway_route":                       resourceTencentCloudVpnGatewayRoute(),
 			"tencentcloud_vpn_connection":                          resourceTencentCloudVpnConnection(),
 			"tencentcloud_vpn_ssl_server":                          resourceTencentCloudVpnSslServer(),
+			"tencentcloud_vpn_ssl_client":                          resourceTencentCloudVpnSslClient(),
 			"tencentcloud_ha_vip":                                  resourceTencentCloudHaVip(),
 			"tencentcloud_ha_vip_eip_attachment":                   resourceTencentCloudHaVipEipAttachment(),
 			"tencentcloud_security_group":                          resourceTencentCloudSecurityGroup(),

tencentcloud/resource_tc_vpn_ssl_client.go

@@ -0,0 +1,176 @@
+/*
+Provide a resource to create a VPN SSL Client.
+
+Example Usage
+
+```hcl
+resource "tencentcloud_vpn_ssl_client" "client" {
+  ssl_vpn_server_id = "vpns-aog5xcjj"
+  ssl_vpn_client_name = "hello"
+}
+
+```
+
+Import
+
+VPN SSL Client can be imported, e.g.
+
+```
+$ terraform import tencentcloud_vpn_ssl_client.client vpn-client-id
+```
+*/
+package tencentcloud
+
+import (
+	"context"
+	"fmt"
+	vpc "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc/v20170312"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/internal/helper"
+	"github.com/tencentcloudstack/terraform-provider-tencentcloud/tencentcloud/ratelimit"
+	"log"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/errors"
+)
+
+func resourceTencentCloudVpnSslClient() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTencentCloudVpnSslClientCreate,
+		Read:   resourceTencentCloudVpnSslClientRead,
+		Delete: resourceTencentCloudVpnSslClientDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"ssl_vpn_server_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "VPN ssl server id.",
+			},
+			"ssl_vpn_client_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The name of ssl vpn client to be created.",
+			},
+		},
+	}
+}
+
+func resourceTencentCloudVpnSslClientCreate(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_vpn_ssl_client.create")()
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	var (
+		vpcService   = VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
+		request      = vpc.NewCreateVpnGatewaySslClientRequest()
+		sslVpnServerId string
+	)
+
+	if v, ok := d.GetOk("ssl_vpn_server_id"); ok {
+		sslVpnServerId = v.(string)
+		request.SslVpnServerId = helper.String(sslVpnServerId)
+	}
+	if v, ok := d.GetOk("ssl_vpn_client_name"); ok {
+		request.SslVpnClientName = helper.String(v.(string))
+	}
+
+	var taskId *uint64
+	if err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		ratelimit.Check(request.GetAction())
+		response, err := vpcService.client.UseVpcClient().CreateVpnGatewaySslClient(request)
+		if err != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
+				logId, request.GetAction(), request.ToJsonString(), err.Error())
+			return retryError(err, InternalError)
+		}
+		log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n",
+			logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+		taskId = response.Response.TaskId
+		return nil
+	}); err != nil {
+		return err
+	}
+
+	err := vpcService.DescribeTaskResult(ctx, helper.Uint64(*taskId))
+	if err != nil {
+		return err
+	}
+
+	// add protect
+	time.Sleep(3)
+
+	filter := make(map[string]string)
+	filter["ssl-vpn-server-id"] = sslVpnServerId
+
+	instances, err := vpcService.DescribeVpnGwSslClientByFilter(ctx, filter)
+
+	if err != nil {
+		return fmt.Errorf("get instance list error: %s", err.Error())
+	}
+
+	sslClient := instances[0]
+	d.SetId(*sslClient.SslVpnClientId)
+
+	return resourceTencentCloudVpnSslClientRead(d, meta)
+}
+
+func resourceTencentCloudVpnSslClientRead(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_vpn_ssl_client.read")()
+	defer inconsistentCheck(d, meta)()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	sslClientId := d.Id()
+	vpcService := VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
+
+	err := resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		has, info, e := vpcService.DescribeVpnSslClientById(ctx, sslClientId)
+		if e != nil {
+			return retryError(e)
+		}
+		if !has {
+			d.SetId("")
+			return nil
+		}
+
+		_ = d.Set("ssl_vpn_server_id", info.SslVpnServerId)
+		_ = d.Set("ssl_vpn_client_name", info.Name)
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func resourceTencentCloudVpnSslClientDelete(d *schema.ResourceData, meta interface{}) error {
+	defer logElapsed("resource.tencentcloud_vpn_ssl_client.delete")()
+
+	logId := getLogId(contextNil)
+	ctx := context.WithValue(context.TODO(), logIdKey, logId)
+
+	service := VpcService{client: meta.(*TencentCloudClient).apiV3Conn}
+
+	sslClientId := d.Id()
+
+	err := resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		if err := service.DeleteVpnGatewaySslClient(ctx, sslClientId); err != nil {
+			if sdkErr, ok := err.(*errors.TencentCloudSDKError); ok {
+				if sdkErr.Code == VPCNotFound {
+					return nil
+				}
+			}
+			return resource.RetryableError(err)
+		}
+		return nil
+	})
+
+	return err
+}

tencentcloud/service_tencentcloud_vpc.go

@@ -4346,6 +4346,107 @@ func (me *VpcService) DeleteVpnGatewaySslServer(ctx context.Context, SslServerId
 	return
 }
 
+func (me *VpcService) DescribeVpnSslClientById(ctx context.Context, sslId string) (has bool, gateway *vpc.SslVpnClient, err error) {
+	var (
+		logId    = getLogId(ctx)
+		request  = vpc.NewDescribeVpnGatewaySslClientsRequest()
+		response *vpc.DescribeVpnGatewaySslClientsResponse
+	)
+	request.SslVpnClientIds = []*string{&sslId}
+	err = resource.Retry(readRetryTimeout, func() *resource.RetryError {
+		response, err = me.client.UseVpcClient().DescribeVpnGatewaySslClients(request)
+		if err != nil {
+			ee, ok := err.(*sdkErrors.TencentCloudSDKError)
+			if !ok {
+				return retryError(err)
+			}
+			if ee.Code == VPCNotFound {
+				return nil
+			} else {
+				return retryError(err)
+			}
+		}
+		return nil
+	})
+	if err != nil {
+		log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%v]", logId, request.GetAction(), request.ToJsonString(), err)
+		return
+	}
+	if response == nil || response.Response == nil || len(response.Response.SslVpnClientSet) < 1 {
+		has = false
+		return
+	}
+
+	gateway = response.Response.SslVpnClientSet[0]
+	has = true
+	return
+}
+
+func (me *VpcService) DescribeVpnGwSslClientByFilter(ctx context.Context, filters map[string]string) (instances []*vpc.SslVpnClient, errRet error) {
+	var (
+		logId   = getLogId(ctx)
+		request = vpc.NewDescribeVpnGatewaySslClientsRequest()
+	)
+	request.Filters = make([]*vpc.Filter, 0, len(filters))
+	for k, v := range filters {
+		filter := vpc.Filter{
+			Name:   helper.String(k),
+			Values: []*string{helper.String(v)},
+		}
+		request.Filters = append(request.Filters, &filter)
+	}
+
+	var offset uint64 = 0
+	var pageSize uint64 = 100
+	instances = make([]*vpc.SslVpnClient, 0)
+
+	for {
+		request.Offset = &offset
+		request.Limit = &pageSize
+		ratelimit.Check(request.GetAction())
+		response, err := me.client.UseVpcClient().DescribeVpnGatewaySslClients(request)
+		if err != nil {
+			log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
+				logId, request.GetAction(), request.ToJsonString(), err.Error())
+			errRet = err
+			return
+		}
+		log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n",
+			logId, request.GetAction(), request.ToJsonString(), response.ToJsonString())
+
+		if response == nil || len(response.Response.SslVpnClientSet) < 1 {
+			break
+		}
+		instances = append(instances, response.Response.SslVpnClientSet...)
+		if len(response.Response.SslVpnClientSet) < int(pageSize) {
+			break
+		}
+		offset += pageSize
+	}
+	return
+}
+
+func (me *VpcService) DeleteVpnGatewaySslClient(ctx context.Context, SslClientId string) (errRet error) {
+	logId := getLogId(ctx)
+	request := vpc.NewDeleteVpnGatewaySslClientRequest()
+	defer func() {
+		if errRet != nil {
+			log.Printf("[CRITAL]%s api[%s] fail,reason[%s]", logId, request.GetAction(), errRet.Error())
+		}
+	}()
+	request.SslVpnClientId = &SslClientId
+
+	errRet = resource.Retry(writeRetryTimeout, func() *resource.RetryError {
+		ratelimit.Check(request.GetAction())
+		_, errRet = me.client.UseVpcClient().DeleteVpnGatewaySslClient(request)
+		if errRet != nil {
+			return retryError(errRet, InternalError)
+		}
+		return nil
+	})
+	return
+}
+
 func (me *VpcService) CreateNatGatewaySnat(ctx context.Context, natGatewayId string, snat *vpc.SourceIpTranslationNatRule) (errRet error) {
 	logId := getLogId(ctx)
 	request := vpc.NewCreateNatGatewaySourceIpTranslationNatRuleRequest()

website/docs/r/vpn_ssl_client.html.markdown

@@ -0,0 +1,45 @@
+---
+subcategory: "VPN"
+layout: "tencentcloud"
+page_title: "TencentCloud: tencentcloud_vpn_ssl_client"
+sidebar_current: "docs-tencentcloud-resource-vpn_ssl_client"
+description: |-
+  Provide a resource to create a VPN SSL Client.
+---
+
+# tencentcloud_vpn_ssl_client
+
+Provide a resource to create a VPN SSL Client.
+
+## Example Usage
+
+```hcl
+resource "tencentcloud_vpn_ssl_client" "client" {
+  ssl_vpn_server_id   = "vpns-aog5xcjj"
+  ssl_vpn_client_name = "hello"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `ssl_vpn_client_name` - (Required, ForceNew) The name of ssl vpn client to be created.
+* `ssl_vpn_server_id` - (Required, ForceNew) VPN ssl server id.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - ID of the resource.
+
+
+
+## Import
+
+VPN SSL Client can be imported, e.g.
+
+```
+$ terraform import tencentcloud_vpn_ssl_client.client vpn-client-id
+```
+

website/tencentcloud.erb

@@ -1487,6 +1487,9 @@
                                 <li>
                                     <a href="/docs/providers/tencentcloud/r/vpn_gateway_route.html">tencentcloud_vpn_gateway_route</a>
                                 </li>
+                                <li>
+                                    <a href="/docs/providers/tencentcloud/r/vpn_ssl_client.html">tencentcloud_vpn_ssl_client</a>
+                                </li>
                                 <li>
                                     <a href="/docs/providers/tencentcloud/r/vpn_ssl_server.html">tencentcloud_vpn_ssl_server</a>
                                 </li>