diff --git a/.changelog/3373.txt b/.changelog/3373.txt
new file mode 100644
index 0000000000..65e19882b3
--- /dev/null
+++ b/.changelog/3373.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/tencentcloud_vpn_connection: update `security_group_policy` code logic
+```
\ No newline at end of file
diff --git a/tencentcloud/services/vpc/service_tencentcloud_vpc.go b/tencentcloud/services/vpc/service_tencentcloud_vpc.go
index 0b9d91bdb7..2315dc9788 100644
--- a/tencentcloud/services/vpc/service_tencentcloud_vpc.go
+++ b/tencentcloud/services/vpc/service_tencentcloud_vpc.go
@@ -4256,31 +4256,44 @@ func (me *VpcService) DescribeVpngwById(ctx context.Context, vpngwId string) (ha
var (
logId = tccommon.GetLogId(ctx)
request = vpc.NewDescribeVpnGatewaysRequest()
- response *vpc.DescribeVpnGatewaysResponse
+ response = vpc.NewDescribeVpnGatewaysResponse()
)
+
+ var specArgs connectivity.IacExtInfo
+ specArgs.InstanceId = vpngwId
+
request.VpnGatewayIds = []*string{&vpngwId}
err = resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError {
- var specArgs connectivity.IacExtInfo
- specArgs.InstanceId = vpngwId
- response, err = me.client.UseVpcClient(specArgs).DescribeVpnGateways(request)
+ result, err := me.client.UseVpcClient(specArgs).DescribeVpnGateways(request)
if err != nil {
ee, ok := err.(*sdkErrors.TencentCloudSDKError)
if !ok {
return tccommon.RetryError(err)
}
+
if ee.Code == VPCNotFound {
return nil
} else {
return tccommon.RetryError(err)
}
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
}
+
+ if result == nil || result.Response == nil {
+ return resource.NonRetryableError(fmt.Errorf("Describ vpn gateways failed, Response is nil."))
+ }
+
+ response = result
return nil
})
+
if err != nil {
log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%v]", logId, request.GetAction(), request.ToJsonString(), err)
return
}
- if response == nil || response.Response == nil || len(response.Response.VpnGatewaySet) < 1 {
+
+ if len(response.Response.VpnGatewaySet) < 1 {
has = false
return
}
diff --git a/tencentcloud/services/vpn/resource_tc_vpn_connection.go b/tencentcloud/services/vpn/resource_tc_vpn_connection.go
index 4917cf3512..f42e89278f 100644
--- a/tencentcloud/services/vpn/resource_tc_vpn_connection.go
+++ b/tencentcloud/services/vpn/resource_tc_vpn_connection.go
@@ -378,6 +378,7 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
if err != nil {
return err
}
+
if !has {
return fmt.Errorf("[CRITAL] vpn_gateway_id %s doesn't exist", d.Get("vpn_gateway_id").(string))
}
@@ -396,6 +397,7 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
}
request.VpcId = helper.String("")
}
+
request.VpnGatewayId = helper.String(d.Get("vpn_gateway_id").(string))
request.CustomerGatewayId = helper.String(d.Get("customer_gateway_id").(string))
request.PreShareKey = helper.String(d.Get("pre_share_key").(string))
@@ -403,9 +405,11 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
dpdEnable := v.(int)
request.DpdEnable = helper.IntInt64(dpdEnable)
}
+
if v, ok := d.GetOk("dpd_action"); ok {
request.DpdAction = helper.String(v.(string))
}
+
if v, ok := d.GetOk("dpd_timeout"); ok {
request.DpdTimeout = helper.String(strconv.Itoa(v.(int)))
}
@@ -418,22 +422,26 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
request.NegotiationType = helper.String(v.(string))
}
- //set up SecurityPolicyDatabases
+ //set up SecurityPolicyDatabases
if v, ok := d.GetOk("security_group_policy"); ok {
- sgps := v.(*schema.Set).List()
- request.SecurityPolicyDatabases = make([]*vpc.SecurityPolicyDatabase, 0, len(sgps))
- for _, v := range sgps {
- m := v.(map[string]interface{})
- var sgp vpc.SecurityPolicyDatabase
- local := m["local_cidr_block"].(string)
- sgp.LocalCidrBlock = &local
- // list
- remoteCidrBlocks := m["remote_cidr_block"].(*schema.Set).List()
- for _, vv := range remoteCidrBlocks {
- remoteCidrBlock := vv.(string)
- sgp.RemoteCidrBlock = append(sgp.RemoteCidrBlock, &remoteCidrBlock)
+ for _, item := range v.(*schema.Set).List() {
+ if dMap, ok := item.(map[string]interface{}); ok && dMap != nil {
+ var sgp vpc.SecurityPolicyDatabase
+ if v, ok := dMap["local_cidr_block"].(string); ok && v != "" {
+ sgp.LocalCidrBlock = &v
+ }
+
+ if v, ok := dMap["remote_cidr_block"].(*schema.Set); ok {
+ remoteCidrBlocks := v.List()
+ for _, rcb := range remoteCidrBlocks {
+ if v, ok := rcb.(string); ok && v != "" {
+ sgp.RemoteCidrBlock = append(sgp.RemoteCidrBlock, &v)
+ }
+ }
+ }
+
+ request.SecurityPolicyDatabases = append(request.SecurityPolicyDatabases, &sgp)
}
- request.SecurityPolicyDatabases = append(request.SecurityPolicyDatabases, &sgp)
}
}
@@ -457,6 +465,7 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
return fmt.Errorf("ike_local_fqdn_name need to be set when ike_local_identity is `FQDN`")
}
}
+
if *ikeOptionsSpecification.LocalIdentity == svcvpc.VPN_IKE_IDENTITY_ADDRESS {
if v, ok := d.GetOk("ike_remote_address"); ok {
ikeOptionsSpecification.RemoteAddress = helper.String(v.(string))
@@ -493,9 +502,11 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
if v, ok := d.GetOk("enable_health_check"); ok {
request.EnableHealthCheck = helper.Bool(v.(bool))
}
+
if v, ok := d.GetOk("health_check_local_ip"); ok {
request.HealthCheckLocalIp = helper.String(v.(string))
}
+
if v, ok := d.GetOk("health_check_remote_ip"); ok {
request.HealthCheckRemoteIp = helper.String(v.(string))
}
@@ -564,20 +575,27 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
err = resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError {
result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseVpcClient().CreateVpnConnection(request)
if e != nil {
- log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
- logId, request.GetAction(), request.ToJsonString(), e.Error())
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, request.GetAction(), request.ToJsonString(), e.Error())
return tccommon.RetryError(e)
+ } else {
+ log.Printf("[DEBUG]%s api[%s] success, request body [%s], response body [%s]\n", logId, request.GetAction(), request.ToJsonString(), result.ToJsonString())
}
+
+ if result == nil || result.Response == nil {
+ return resource.NonRetryableError(fmt.Errorf("Create VPN connection failed, Response is nil."))
+ }
+
response = result
return nil
})
+
if err != nil {
log.Printf("[CRITAL]%s create VPN connection failed, reason:%s\n", logId, err.Error())
return err
}
if response.Response.VpnConnection == nil {
- return fmt.Errorf("VPN connection id is nil")
+ return fmt.Errorf("VpnConnection is nil.")
}
vpnConnectionId := ""
@@ -589,28 +607,31 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
if v, ok := d.GetOk("vpn_gateway_id"); ok {
params["vpn-gateway-id"] = v.(string)
}
+
if v, ok := d.GetOk("vpc_id"); ok && *gateway.Type != "CCN" {
params["vpc-id"] = v.(string)
}
+
if v, ok := d.GetOk("customer_gateway_id"); ok {
params["customer-gateway-id"] = v.(string)
}
+
for k, v := range params {
filter := &vpc.Filter{
Name: helper.String(k),
Values: []*string{helper.String(v)},
}
+
idRequest.Filters = append(idRequest.Filters, filter)
}
+
offset := uint64(0)
idRequest.Offset = &offset
err = resource.Retry(tccommon.ReadRetryTimeout, func() *resource.RetryError {
result, e := meta.(tccommon.ProviderMeta).GetAPIV3Conn().UseVpcClient().DescribeVpnConnections(idRequest)
-
if e != nil {
- log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n",
- logId, idRequest.GetAction(), idRequest.ToJsonString(), e.Error())
+ log.Printf("[CRITAL]%s api[%s] fail, request body [%s], reason[%s]\n", logId, idRequest.GetAction(), idRequest.ToJsonString(), e.Error())
return tccommon.RetryError(e, tccommon.InternalError)
} else {
if len(result.Response.VpnConnectionSet) == 0 || *result.Response.VpnConnectionSet[0].VpnConnectionId == "" {
@@ -629,7 +650,7 @@ func resourceTencentCloudVpnConnectionCreate(d *schema.ResourceData, meta interf
}
if vpnConnectionId == "" {
- return fmt.Errorf("VPN connection id is nil")
+ return fmt.Errorf("VPN connection id is nil.")
}
d.SetId(vpnConnectionId)
diff --git a/tencentcloud/services/vpn/resource_tc_vpn_connection.md b/tencentcloud/services/vpn/resource_tc_vpn_connection.md
index db2697eea3..f66d3b89ea 100644
--- a/tencentcloud/services/vpn/resource_tc_vpn_connection.md
+++ b/tencentcloud/services/vpn/resource_tc_vpn_connection.md
@@ -57,5 +57,5 @@ Import
VPN connection can be imported using the id, e.g.
```
-$ terraform import tencentcloud_vpn_connection.foo vpnx-nadifg3s
-```
\ No newline at end of file
+$ terraform import tencentcloud_vpn_connection.example vpnx-nadifg3s
+```
diff --git a/website/docs/r/vpn_connection.html.markdown b/website/docs/r/vpn_connection.html.markdown
index 0daff14917..fafaa6511a 100644
--- a/website/docs/r/vpn_connection.html.markdown
+++ b/website/docs/r/vpn_connection.html.markdown
@@ -138,6 +138,6 @@ In addition to all arguments above, the following attributes are exported:
VPN connection can be imported using the id, e.g.
```
-$ terraform import tencentcloud_vpn_connection.foo vpnx-nadifg3s
+$ terraform import tencentcloud_vpn_connection.example vpnx-nadifg3s
```