Merge pull request #89 from volcengine/feat/privatelink

Feat/privatelink

common/common_volcengine_version.go

@@ -2,5 +2,5 @@ package common
 
 const (
 	TerraformProviderName    = "terraform-provider-volcengine"
-	TerraformProviderVersion = "0.0.73"
+	TerraformProviderVersion = "0.0.74"
 )

docgen/main.go

@@ -143,6 +143,7 @@ var resourceKeys = map[string]string{
 	"mongodb":     "MONGODB",
 	"bioos":       "BIOOS",
 	"rds_mysql":   "RDS_MYSQL",
+	"privatelink": "PRIVATELINK",
 }
 
 type Products struct {

example/dataPrivatelinkVpcEndpointConnections/main.tf

@@ -0,0 +1,4 @@
+data "volcengine_privatelink_vpc_endpoint_connections" "default" {
+  endpoint_id = "ep-3rel74u229dz45zsk2i6l69qa"
+  service_id = "epsvc-2byz5mykk9y4g2dx0efs4aqz3"
+}

example/dataPrivatelinkVpcEndpointServicePermissions/main.tf

@@ -0,0 +1,3 @@
+data "volcengine_privatelink_vpc_endpoint_service_permissions" "default" {
+  service_id = "epsvc-3rel73uf2ewao5zsk2j2l58ro"
+}

example/dataPrivatelinkVpcEndpointServices/main.tf

@@ -0,0 +1,3 @@
+data "volcengine_privatelink_vpc_endpoint_services" "default" {
+  ids = ["epsvc-3rel73uf2ewao5zsk2j2l58ro", "epsvc-2d72mxjgq02yo58ozfe5tndeh"]
+}

example/dataPrivatelinkVpcEndpointZones/main.tf

@@ -0,0 +1,3 @@
+data "volcengine_privatelink_vpc_endpoint_zones" "default" {
+  endpoint_id = "ep-2byz5npiuu1hc2dx0efkv****"
+}

example/dataPrivatelinkVpcEndpoints/main.tf

@@ -0,0 +1,3 @@
+data "volcengine_privatelink_vpc_endpoints" "default" {
+  ids = ["ep-3rel74u229dz45zsk2i6l****"]
+}

example/privateLinkVpcEndpointZone/main.tf

@@ -0,0 +1,5 @@
+resource "volcengine_privatelink_vpc_endpoint_zone" "foo" {
+  endpoint_id = "ep-2byz5nlkimc5c2dx0ef9g****"
+  subnet_id = "subnet-2bz47q19zhx4w2dx0eevn****"
+  private_ip_address = "172.16.0.251"
+}

example/privatelinkSecurityGroup/main.tf

@@ -0,0 +1,4 @@
+resource "volcengine_privatelink_security_group" "foo" {
+  endpoint_id = "ep-2byz5npiuu1hc2dx0efkv7ehc"
+  security_group_id = "sg-2d6722jpp55og58ozfd1sqtdb"
+}

example/privatelinkVpcEndpoint/main.tf

@@ -0,0 +1,12 @@
+resource "volcengine_privatelink_vpc_endpoint" "endpoint" {
+  security_group_ids = ["sg-2d5z8cr53k45c58ozfdum****"]
+  service_id = "epsvc-2byz5nzgiansw2dx0eehh****"
+  endpoint_name = "tf-test-ep"
+  description = "tf-test"
+}
+
+resource "volcengine_privatelink_vpc_endpoint_zone" "zone" {
+  endpoint_id = volcengine_privatelink_vpc_endpoint.endpoint.id
+  subnet_id = "subnet-2bz47q19zhx4w2dx0eevn****"
+  private_ip_address = "172.16.0.252"
+}

example/privatelinkVpcEndpointConnection/main.tf

@@ -0,0 +1,5 @@
+resource "volcengine_privatelink_vpc_endpoint_connection" "foo" {
+  endpoint_id = "ep-3rel74u229dz45zsk2i6l69qa"
+  service_id = "epsvc-2byz5mykk9y4g2dx0efs4aqz3"
+}
+

example/privatelinkVpcEndpointService/main.tf

@@ -0,0 +1,8 @@
+resource "volcengine_privatelink_vpc_endpoint_service" "foo" {
+  resources {
+    resource_id   = "clb-2bzxccdjo9uyo2dx0eg0orzla"
+    resource_type = "CLB"
+  }
+  description         = "tftest"
+  auto_accept_enabled = true
+}

example/privatelinkVpcEndpointServicePermission/main.tf

@@ -0,0 +1,9 @@
+resource "volcengine_privatelink_vpc_endpoint_service_permission" "foo" {
+  service_id        = "epsvc-3rel73uf2ewao5zsk2j2l58ro"
+  permit_account_id = "210000000"
+}
+
+resource "volcengine_privatelink_vpc_endpoint_service_permission" "foo1" {
+  service_id        = "epsvc-3rel73uf2ewao5zsk2j2l58ro"
+  permit_account_id = "210000001"
+}

example/privatelinkVpcEndpointServiceResource/main.tf

@@ -0,0 +1,14 @@
+resource "volcengine_privatelink_vpc_endpoint_service_resource" "foo" {
+  service_id  = "epsvc-3rel73uf2ewao5zsk2j2l58ro"
+  resource_id = "clb-3reii8qfbp7gg5zsk2hsrbe3c"
+}
+
+resource "volcengine_privatelink_vpc_endpoint_service_resource" "foo1" {
+  service_id  = "epsvc-3rel73uf2ewao5zsk2j2l58ro"
+  resource_id = "clb-2d6sfye98rzls58ozfducee1o"
+}
+
+resource "volcengine_privatelink_vpc_endpoint_service_resource" "foo2" {
+  service_id  = "epsvc-3rel73uf2ewao5zsk2j2l58ro"
+  resource_id = "clb-3refkvae02gow5zsk2ilaev5y"
+}

volcengine/privatelink/security_group/resource_volcengine_privatelink_security_group.go

@@ -0,0 +1,91 @@
+package security_group
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	ve "github.com/volcengine/terraform-provider-volcengine/common"
+)
+
+/*
+
+Import
+PrivateLink Security Group Service can be imported using the endpoint id and security group id, e.g.
+```
+$ terraform import volcengine_privatelink_security_group.default ep-2fe630gurkl37k5gfuy33****:sg-xxxxx
+```
+
+*/
+
+func ResourceVolcenginePrivatelinkSecurityGroupService() *schema.Resource {
+	resource := &schema.Resource{
+		Create: resourceVolcenginePrivatelinkSecurityGroupCreate,
+		Read:   resourceVolcenginePrivatelinkSecurityGroupRead,
+		Delete: resourceVolcenginePrivatelinkSecurityGroupDelete,
+		Importer: &schema.ResourceImporter{
+			State: sgImporter,
+		},
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(30 * time.Minute),
+			Delete: schema.DefaultTimeout(30 * time.Minute),
+		},
+		Schema: map[string]*schema.Schema{
+			"endpoint_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The id of the endpoint.",
+			},
+			"security_group_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The id of the security group.",
+			},
+		},
+	}
+	return resource
+}
+
+func resourceVolcenginePrivatelinkSecurityGroupCreate(d *schema.ResourceData, meta interface{}) (err error) {
+	service := NewPrivateLinkSecurityGroupService(meta.(*ve.SdkClient))
+	err = ve.DefaultDispatcher().Create(service, d, ResourceVolcenginePrivatelinkSecurityGroupService())
+	if err != nil {
+		return fmt.Errorf("error on creating private link security group service %q, %w", d.Id(), err)
+	}
+	return resourceVolcenginePrivatelinkSecurityGroupRead(d, meta)
+}
+
+func resourceVolcenginePrivatelinkSecurityGroupRead(d *schema.ResourceData, meta interface{}) (err error) {
+	service := NewPrivateLinkSecurityGroupService(meta.(*ve.SdkClient))
+	err = ve.DefaultDispatcher().Read(service, d, ResourceVolcenginePrivatelinkSecurityGroupService())
+	if err != nil {
+		return fmt.Errorf("error on reading private link security group service %q, %w", d.Id(), err)
+	}
+	return nil
+}
+
+func resourceVolcenginePrivatelinkSecurityGroupDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	service := NewPrivateLinkSecurityGroupService(meta.(*ve.SdkClient))
+	err = ve.DefaultDispatcher().Delete(service, d, ResourceVolcenginePrivatelinkSecurityGroupService())
+	if err != nil {
+		return fmt.Errorf("error on deleting private link security group service %q, %w", d.Id(), err)
+	}
+	return nil
+}
+
+var sgImporter = func(data *schema.ResourceData, i interface{}) ([]*schema.ResourceData, error) {
+	items := strings.Split(data.Id(), ":")
+	if len(items) != 2 {
+		return []*schema.ResourceData{data}, fmt.Errorf("import id must split with ':'")
+	}
+	if err := data.Set("endpoint_id", items[0]); err != nil {
+		return []*schema.ResourceData{data}, err
+	}
+	if err := data.Set("security_group_id", items[1]); err != nil {
+		return []*schema.ResourceData{data}, err
+	}
+	return []*schema.ResourceData{data}, nil
+}

volcengine/privatelink/security_group/service_volcengine_privatelink_security_group.go

@@ -0,0 +1,170 @@
+package security_group
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	ve "github.com/volcengine/terraform-provider-volcengine/common"
+	"github.com/volcengine/terraform-provider-volcengine/logger"
+	"github.com/volcengine/terraform-provider-volcengine/volcengine/privatelink/vpc_endpoint"
+)
+
+type VolcenginePrivateLinkSecurityGroupService struct {
+	Client *ve.SdkClient
+}
+
+func (v *VolcenginePrivateLinkSecurityGroupService) GetClient() *ve.SdkClient {
+	return v.Client
+}
+
+func (v *VolcenginePrivateLinkSecurityGroupService) ReadResources(condition map[string]interface{}) (data []interface{}, err error) {
+	return data, err
+}
+
+func (v *VolcenginePrivateLinkSecurityGroupService) ReadResource(resourceData *schema.ResourceData, id string) (data map[string]interface{}, err error) {
+	if id == "" {
+		id = resourceData.Id()
+	}
+	ids := strings.Split(id, ":")
+	if len(ids) != 2 {
+		return data, errors.New("Invalid security group id ")
+	}
+	endpointId := ids[0]
+	securityGroupId := ids[1]
+	action := "DescribeVpcEndpointSecurityGroups"
+	req := map[string]interface{}{
+		"EndpointId": endpointId,
+	}
+	resp, err := v.Client.UniversalClient.DoCall(getUniversalInfo(action), &req)
+	if err != nil {
+		return data, err
+	}
+	if resp == nil {
+		return data, fmt.Errorf("Security group %s not exists ", id)
+	}
+	securityGroupIds, err := ve.ObtainSdkValue("Result.SecurityGroupIds", *resp)
+	if err != nil {
+		return data, err
+	}
+	for _, s := range securityGroupIds.([]interface{}) {
+		if _, ok := s.(string); !ok {
+			return data, errors.New("security group id is not string")
+		} else {
+			if securityGroupId == s.(string) {
+				data = map[string]interface{}{
+					"SecurityGroupId": securityGroupId,
+					"EndpointId":      endpointId,
+				}
+				break
+			}
+		}
+	}
+	if len(data) == 0 {
+		return data, fmt.Errorf("Security group %s not exists ", id)
+	}
+	return data, nil
+}
+
+func (v *VolcenginePrivateLinkSecurityGroupService) RefreshResourceState(data *schema.ResourceData, strings []string, duration time.Duration, s string) *resource.StateChangeConf {
+	return nil
+}
+
+func (v *VolcenginePrivateLinkSecurityGroupService) WithResourceResponseHandlers(m map[string]interface{}) []ve.ResourceResponseHandler {
+	handler := func() (map[string]interface{}, map[string]ve.ResponseConvert, error) {
+		return m, nil, nil
+	}
+	return []ve.ResourceResponseHandler{handler}
+}
+
+func (v *VolcenginePrivateLinkSecurityGroupService) CreateResource(resourceData *schema.ResourceData, resource *schema.Resource) []ve.Callback {
+	endpointId := resourceData.Get("endpoint_id").(string)
+	callback := ve.Callback{
+		Call: ve.SdkCall{
+			Action:      "AttachSecurityGroupToVpcEndpoint",
+			ConvertMode: ve.RequestConvertAll,
+			ExecuteCall: func(d *schema.ResourceData, client *ve.SdkClient, call ve.SdkCall) (*map[string]interface{}, error) {
+				logger.Debug(logger.ReqFormat, call.Action, call.SdkParam)
+				return v.Client.UniversalClient.DoCall(getUniversalInfo(call.Action), call.SdkParam)
+			},
+			AfterCall: func(d *schema.ResourceData, client *ve.SdkClient, resp *map[string]interface{}, call ve.SdkCall) error {
+				id := fmt.Sprintf("%s:%s", endpointId, d.Get("security_group_id"))
+				d.SetId(id)
+				return nil
+			},
+			ExtraRefresh: map[ve.ResourceService]*ve.StateRefresh{
+				vpc_endpoint.NewVpcEndpointService(v.Client): {
+					Target:     []string{"Available"},
+					Timeout:    resourceData.Timeout(schema.TimeoutCreate),
+					ResourceId: endpointId,
+				},
+			},
+			LockId: func(d *schema.ResourceData) string {
+				return endpointId
+			},
+		},
+	}
+	return []ve.Callback{callback}
+}
+
+func (v *VolcenginePrivateLinkSecurityGroupService) ModifyResource(data *schema.ResourceData, resource *schema.Resource) []ve.Callback {
+	return nil
+}
+
+func (v *VolcenginePrivateLinkSecurityGroupService) RemoveResource(resourceData *schema.ResourceData, resource *schema.Resource) []ve.Callback {
+	callback := ve.Callback{
+		Call: ve.SdkCall{
+			Action:      "DetachSecurityGroupFromVpcEndpoint",
+			ConvertMode: ve.RequestConvertIgnore,
+			SdkParam: &map[string]interface{}{
+				"EndpointId":      resourceData.Get("endpoint_id"),
+				"SecurityGroupId": resourceData.Get("security_group_id"),
+			},
+			ExecuteCall: func(d *schema.ResourceData, client *ve.SdkClient, call ve.SdkCall) (*map[string]interface{}, error) {
+				logger.Debug(logger.ReqFormat, call.Action, call.SdkParam)
+				return v.Client.UniversalClient.DoCall(getUniversalInfo(call.Action), call.SdkParam)
+			},
+			AfterCall: func(d *schema.ResourceData, client *ve.SdkClient, resp *map[string]interface{}, call ve.SdkCall) error {
+				return ve.CheckResourceUtilRemoved(d, v.ReadResource, 5*time.Minute)
+			},
+			ExtraRefresh: map[ve.ResourceService]*ve.StateRefresh{
+				vpc_endpoint.NewVpcEndpointService(v.Client): {
+					Target:     []string{"Available"},
+					Timeout:    resourceData.Timeout(schema.TimeoutCreate),
+					ResourceId: resourceData.Get("endpoint_id").(string),
+				},
+			},
+			LockId: func(d *schema.ResourceData) string {
+				return resourceData.Get("endpoint_id").(string)
+			},
+		},
+	}
+	return []ve.Callback{callback}
+}
+
+func (v *VolcenginePrivateLinkSecurityGroupService) DatasourceResources(data *schema.ResourceData, resource *schema.Resource) ve.DataSourceInfo {
+	return ve.DataSourceInfo{}
+}
+
+func (v *VolcenginePrivateLinkSecurityGroupService) ReadResourceId(id string) string {
+	return id
+}
+
+func NewPrivateLinkSecurityGroupService(c *ve.SdkClient) *VolcenginePrivateLinkSecurityGroupService {
+	return &VolcenginePrivateLinkSecurityGroupService{
+		Client: c,
+	}
+}
+
+func getUniversalInfo(actionName string) ve.UniversalInfo {
+	return ve.UniversalInfo{
+		ServiceName: "privatelink",
+		Version:     "2020-04-01",
+		HttpMethod:  ve.GET,
+		Action:      actionName,
+		ContentType: ve.Default,
+	}
+}