diff --git a/alicloud/connectivity/regions.go b/alicloud/connectivity/regions.go index 3c72285e1e8..e5d56a9c2ac 100644 --- a/alicloud/connectivity/regions.go +++ b/alicloud/connectivity/regions.go @@ -237,7 +237,7 @@ var ADBDBClusterLakeVersionSupportRegions = []Region{Hangzhou} var LindormInstanceRegions = []Region{Hangzhou, APSouthEast1} var NLBSupportRegions = []Region{Hangzhou} var BpStudioApplicationSupportRegions = []Region{Hangzhou} -var CloudFirewallVpcFirewallCenSupportRegions = []Region{Beijing} +var CloudFirewallVpcFirewallCenSupportRegions = []Region{Beijing, Hangzhou, Shanghai, Shenzhen, Hongkong, APSouthEast1, APSouthEast2, APSouthEast3, APSouthEast5, APSouthEast6, MEEast1} var CloudFirewallVpcFirewallSupportRegions = []Region{EUCentral1} var VPCSupportRegions = []Region{APSouth1, Shanghai, APSouthEast5, APSouthEast2, Beijing, Qingdao, ShanghaiFinance, ChengDu, USEast1, Hongkong, EUWest1, APNorthEast1, GuangZhou, CnNorth2Gov1, Shenzhen, APSouthEast1, Hangzhou, Zhangjiakou, APSouthEast3, Huhehaote, USWest1, MEEast1, WuLanChaBu, HeYuan, EUCentral1} var DMSEnterpriseProxyAccessSupportRegions = []Region{Hangzhou} diff --git a/alicloud/provider.go b/alicloud/provider.go index 703720f0936..69814fb305d 100644 --- a/alicloud/provider.go +++ b/alicloud/provider.go @@ -1547,7 +1547,7 @@ func Provider() terraform.ResourceProvider { "alicloud_ga_basic_endpoint_group": resourceAlicloudGaBasicEndpointGroup(), "alicloud_cms_metric_rule_black_list": resourceAlicloudCmsMetricRuleBlackList(), "alicloud_ga_basic_ip_set": resourceAlicloudGaBasicIpSet(), - "alicloud_cloud_firewall_vpc_firewall_cen": resourceAlicloudCloudFirewallVpcFirewallCen(), + "alicloud_cloud_firewall_vpc_firewall_cen": resourceAliCloudCloudFirewallVpcFirewallCen(), "alicloud_cloud_firewall_vpc_firewall": resourceAlicloudCloudFirewallVpcFirewall(), "alicloud_cloud_firewall_instance_member": resourceAlicloudCloudFirewallInstanceMember(), "alicloud_ga_basic_accelerate_ip": resourceAlicloudGaBasicAccelerateIp(), diff --git a/alicloud/resource_alicloud_cloud_firewall_vpc_firewall_cen.go b/alicloud/resource_alicloud_cloud_firewall_vpc_firewall_cen.go index 965fad64b22..d48a0c27128 100644 --- a/alicloud/resource_alicloud_cloud_firewall_vpc_firewall_cen.go +++ b/alicloud/resource_alicloud_cloud_firewall_vpc_firewall_cen.go @@ -12,12 +12,12 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/helper/schema" ) -func resourceAlicloudCloudFirewallVpcFirewallCen() *schema.Resource { +func resourceAliCloudCloudFirewallVpcFirewallCen() *schema.Resource { return &schema.Resource{ - Create: resourceAlicloudCloudFirewallVpcFirewallCenCreate, - Read: resourceAlicloudCloudFirewallVpcFirewallCenRead, - Update: resourceAlicloudCloudFirewallVpcFirewallCenUpdate, - Delete: resourceAlicloudCloudFirewallVpcFirewallCenDelete, + Create: resourceAliCloudCloudFirewallVpcFirewallCenCreate, + Read: resourceAliCloudCloudFirewallVpcFirewallCenRead, + Update: resourceAliCloudCloudFirewallVpcFirewallCenUpdate, + Delete: resourceAliCloudCloudFirewallVpcFirewallCenDelete, Importer: &schema.ResourceImporter{ State: schema.ImportStatePassthrough, }, @@ -27,189 +27,186 @@ func resourceAlicloudCloudFirewallVpcFirewallCen() *schema.Resource { Delete: schema.DefaultTimeout(31 * time.Minute), }, Schema: map[string]*schema.Schema{ + "vpc_firewall_name": { + Type: schema.TypeString, + Required: true, + }, "cen_id": { + Type: schema.TypeString, Required: true, ForceNew: true, + }, + "vpc_region": { Type: schema.TypeString, + Required: true, + ForceNew: true, }, - "connect_type": { - Computed: true, + "status": { Type: schema.TypeString, + Required: true, }, - "lang": { + "member_uid": { + Type: schema.TypeString, Optional: true, + ForceNew: true, + }, + "lang": { Type: schema.TypeString, - Computed: true, + Optional: true, + ForceNew: true, }, "local_vpc": { + Type: schema.TypeList, Required: true, ForceNew: true, - Type: schema.TypeList, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "attachment_id": { - Computed: true, + "network_instance_id": { Type: schema.TypeString, + Required: true, + ForceNew: true, }, - "attachment_name": { - Computed: true, + "network_instance_type": { Type: schema.TypeString, - }, - "defend_cidr_list": { Computed: true, - Type: schema.TypeList, - Elem: &schema.Schema{ - Type: schema.TypeString, - }, }, - "eni_list": { + "network_instance_name": { + Type: schema.TypeString, Computed: true, - Type: schema.TypeList, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "eni_id": { - Computed: true, - Type: schema.TypeString, - }, - "eni_private_ip_address": { - Computed: true, - Type: schema.TypeString, - }, - }, - }, }, - "manual_vswitch_id": { - Computed: true, + "vpc_id": { Type: schema.TypeString, + Computed: true, }, - "network_instance_id": { - Required: true, + "vpc_name": { Type: schema.TypeString, - }, - "network_instance_name": { Computed: true, + }, + "attachment_id": { Type: schema.TypeString, + Computed: true, }, - "network_instance_type": { + "attachment_name": { + Type: schema.TypeString, Computed: true, + }, + "manual_vswitch_id": { Type: schema.TypeString, + Computed: true, }, "owner_id": { - Computed: true, Type: schema.TypeString, + Computed: true, }, "region_no": { - Computed: true, Type: schema.TypeString, + Computed: true, }, "route_mode": { - Computed: true, Type: schema.TypeString, + Computed: true, }, "support_manual_mode": { - Computed: true, Type: schema.TypeString, + Computed: true, }, "transit_router_id": { - Computed: true, Type: schema.TypeString, + Computed: true, }, "transit_router_type": { - Computed: true, Type: schema.TypeString, + Computed: true, }, - "vpc_cidr_table_list": { + "defend_cidr_list": { + Type: schema.TypeList, Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "eni_list": { Type: schema.TypeList, + Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "route_entry_list": { + "eni_id": { + Type: schema.TypeString, + Computed: true, + }, + "eni_private_ip_address": { + Type: schema.TypeString, Computed: true, + }, + }, + }, + }, + "vpc_cidr_table_list": { + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "route_table_id": { + Type: schema.TypeString, + Computed: true, + }, + "route_entry_list": { Type: schema.TypeSet, + Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "destination_cidr": { - Computed: true, - Type: schema.TypeString, - }, "next_hop_instance_id": { + Type: schema.TypeString, Computed: true, + }, + "destination_cidr": { Type: schema.TypeString, + Computed: true, }, }, }, }, - "route_table_id": { - Computed: true, - Type: schema.TypeString, - }, }, }, }, - "vpc_id": { - Computed: true, - Type: schema.TypeString, - }, - "vpc_name": { - Computed: true, - Type: schema.TypeString, - }, }, }, }, - "member_uid": { - Optional: true, - Type: schema.TypeString, - }, - "status": { - Required: true, - Type: schema.TypeString, - }, "vpc_firewall_id": { - Computed: true, - Type: schema.TypeString, - }, - "vpc_firewall_name": { - Required: true, Type: schema.TypeString, + Computed: true, }, - "vpc_region": { - Required: true, - ForceNew: true, + "connect_type": { Type: schema.TypeString, + Computed: true, }, }, } } -func resourceAlicloudCloudFirewallVpcFirewallCenCreate(d *schema.ResourceData, meta interface{}) error { +func resourceAliCloudCloudFirewallVpcFirewallCenCreate(d *schema.ResourceData, meta interface{}) error { client := meta.(*connectivity.AliyunClient) cloudfwService := CloudfwService{client} + var response map[string]interface{} + action := "CreateVpcFirewallCenConfigure" request := make(map[string]interface{}) conn, err := client.NewCloudfwClient() if err != nil { return WrapError(err) } - if v, ok := d.GetOk("cen_id"); ok { - request["CenId"] = v - } - if v, ok := d.GetOk("lang"); ok { - request["Lang"] = v - } + request["VpcFirewallName"] = d.Get("vpc_firewall_name") + request["CenId"] = d.Get("cen_id") + request["VpcRegion"] = d.Get("vpc_region") + request["FirewallSwitch"] = d.Get("status") + if v, ok := d.GetOk("member_uid"); ok { request["MemberUid"] = v } - if v, ok := d.GetOk("status"); ok { - request["FirewallSwitch"] = v - } - if v, ok := d.GetOk("vpc_firewall_name"); ok { - request["VpcFirewallName"] = v - } - if v, ok := d.GetOk("vpc_region"); ok { - request["VpcRegion"] = v + + if v, ok := d.GetOk("lang"); ok { + request["Lang"] = v } + if v, ok := d.GetOk("local_vpc"); ok { networkInstanceId, err := jsonpath.Get("$[0].network_instance_id", v) if err != nil { @@ -218,11 +215,11 @@ func resourceAlicloudCloudFirewallVpcFirewallCenCreate(d *schema.ResourceData, m request["NetworkInstanceId"] = networkInstanceId } - var response map[string]interface{} - action := "CreateVpcFirewallCenConfigure" + runtime := util.RuntimeOptions{} + runtime.SetAutoretry(true) wait := incrementalWait(3*time.Second, 3*time.Second) err = resource.Retry(client.GetRetryTimeout(d.Timeout(schema.TimeoutCreate)), func() *resource.RetryError { - resp, err := conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2017-12-07"), StringPointer("AK"), nil, request, &util.RuntimeOptions{}) + response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2017-12-07"), StringPointer("AK"), nil, request, &runtime) if err != nil { if NeedRetry(err) { wait() @@ -230,10 +227,16 @@ func resourceAlicloudCloudFirewallVpcFirewallCenCreate(d *schema.ResourceData, m } return resource.NonRetryableError(err) } - response = resp - addDebug(action, response, request) + + if fmt.Sprint(response["Message"]) == "not buy user" { + conn.Endpoint = String(connectivity.CloudFirewallOpenAPIEndpointControlPolicy) + return resource.RetryableError(fmt.Errorf("%s", response)) + } + return nil }) + addDebug(action, response, request) + if err != nil { return WrapErrorf(err, DefaultErrorMsg, "alicloud_cloud_firewall_vpc_firewall_cen", action, AlibabaCloudSdkGoERROR) } @@ -243,35 +246,39 @@ func resourceAlicloudCloudFirewallVpcFirewallCenCreate(d *schema.ResourceData, m } else { d.SetId(fmt.Sprint(v)) } - stateConf := BuildStateConf([]string{}, []string{"closed", "opened"}, d.Timeout(schema.TimeoutCreate), 5*time.Second, cloudfwService.CloudFirewallVpcFirewallCenStateRefreshFunc(d, []string{})) + + stateConf := BuildStateConf([]string{}, []string{"opened", "closed"}, d.Timeout(schema.TimeoutCreate), 5*time.Second, cloudfwService.CloudFirewallVpcFirewallCenStateRefreshFunc(d, []string{})) if _, err := stateConf.WaitForState(); err != nil { return WrapErrorf(err, IdMsg, d.Id()) } - return resourceAlicloudCloudFirewallVpcFirewallCenRead(d, meta) + + return resourceAliCloudCloudFirewallVpcFirewallCenRead(d, meta) } -func resourceAlicloudCloudFirewallVpcFirewallCenRead(d *schema.ResourceData, meta interface{}) error { +func resourceAliCloudCloudFirewallVpcFirewallCenRead(d *schema.ResourceData, meta interface{}) error { client := meta.(*connectivity.AliyunClient) cloudfwService := CloudfwService{client} object, err := cloudfwService.DescribeCloudFirewallVpcFirewallCen(d.Id()) if err != nil { - if NotFoundError(err) { + if !d.IsNewResource() && NotFoundError(err) { log.Printf("[DEBUG] Resource alicloud_cloud_firewall_vpc_firewall_cen cloudfwService.DescribeCloudFirewallVpcFirewallCen Failed!!! %s", err) d.SetId("") return nil } return WrapError(err) } + objectExtra, err := cloudfwService.DescribeVpcFirewallCenList(d.Id()) if err != nil { - if NotFoundError(err) { + if !d.IsNewResource() && NotFoundError(err) { log.Printf("[DEBUG] Resource alicloud_cloud_firewall_vpc_firewall_cen cloudfwService.DescribeVpcFirewallCenList Failed!!! %s", err) d.SetId("") return nil } return WrapError(err) } + d.Set("member_uid", objectExtra["MemberUid"]) d.Set("cen_id", objectExtra["CenId"]) vpcRegion, err := jsonpath.Get("$.LocalVpc.RegionNo", objectExtra) @@ -336,36 +343,42 @@ func resourceAlicloudCloudFirewallVpcFirewallCenRead(d *schema.ResourceData, met return nil } -func resourceAlicloudCloudFirewallVpcFirewallCenUpdate(d *schema.ResourceData, meta interface{}) error { +func resourceAliCloudCloudFirewallVpcFirewallCenUpdate(d *schema.ResourceData, meta interface{}) error { client := meta.(*connectivity.AliyunClient) - - conn, err := client.NewCloudfwClient() - if err != nil { - return WrapError(err) - } cloudfwService := CloudfwService{client} + var response map[string]interface{} d.Partial(true) + update := false request := map[string]interface{}{ "VpcFirewallId": d.Id(), } - if v, ok := d.GetOk("lang"); ok { - request["Lang"] = v + if d.HasChange("vpc_firewall_name") { + update = true } + request["VpcFirewallName"] = d.Get("vpc_firewall_name") + if v, ok := d.GetOk("member_uid"); ok { request["MemberUid"] = v } - if !d.IsNewResource() && d.HasChange("vpc_firewall_name") { - update = true + + if v, ok := d.GetOk("lang"); ok { + request["Lang"] = v } - request["VpcFirewallName"] = d.Get("vpc_firewall_name") if update { action := "ModifyVpcFirewallCenConfigure" + conn, err := client.NewCloudfwClient() + if err != nil { + return WrapError(err) + } + + runtime := util.RuntimeOptions{} + runtime.SetAutoretry(true) wait := incrementalWait(3*time.Second, 3*time.Second) err = resource.Retry(client.GetRetryTimeout(d.Timeout(schema.TimeoutUpdate)), func() *resource.RetryError { - resp, err := conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2017-12-07"), StringPointer("AK"), nil, request, &util.RuntimeOptions{}) + response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2017-12-07"), StringPointer("AK"), nil, request, &runtime) if err != nil { if NeedRetry(err) { wait() @@ -373,15 +386,23 @@ func resourceAlicloudCloudFirewallVpcFirewallCenUpdate(d *schema.ResourceData, m } return resource.NonRetryableError(err) } - addDebug(action, resp, request) + + if fmt.Sprint(response["Message"]) == "not buy user" { + conn.Endpoint = String(connectivity.CloudFirewallOpenAPIEndpointControlPolicy) + return resource.RetryableError(fmt.Errorf("%s", response)) + } + return nil }) + addDebug(action, response, request) + if err != nil { return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR) } - d.SetPartial("lang") - d.SetPartial("member_uid") + d.SetPartial("vpc_firewall_name") + d.SetPartial("member_uid") + d.SetPartial("lang") } update = false @@ -389,22 +410,31 @@ func resourceAlicloudCloudFirewallVpcFirewallCenUpdate(d *schema.ResourceData, m "VpcFirewallId": d.Id(), } - if v, ok := d.GetOk("lang"); ok { - request["Lang"] = v + if d.HasChange("status") { + update = true } + request["FirewallSwitch"] = d.Get("status") + if v, ok := d.GetOk("member_uid"); ok { request["MemberUid"] = v } - if !d.IsNewResource() && d.HasChange("status") { - update = true + + if v, ok := d.GetOk("lang"); ok { + request["Lang"] = v } - request["FirewallSwitch"] = d.Get("status") if update { action := "ModifyVpcFirewallCenSwitchStatus" + conn, err := client.NewCloudfwClient() + if err != nil { + return WrapError(err) + } + + runtime := util.RuntimeOptions{} + runtime.SetAutoretry(true) wait := incrementalWait(3*time.Second, 3*time.Second) err = resource.Retry(client.GetRetryTimeout(d.Timeout(schema.TimeoutUpdate)), func() *resource.RetryError { - resp, err := conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2017-12-07"), StringPointer("AK"), nil, request, &util.RuntimeOptions{}) + response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2017-12-07"), StringPointer("AK"), nil, request, &runtime) if err != nil { if NeedRetry(err) { wait() @@ -412,49 +442,63 @@ func resourceAlicloudCloudFirewallVpcFirewallCenUpdate(d *schema.ResourceData, m } return resource.NonRetryableError(err) } - addDebug(action, resp, request) + + if fmt.Sprint(response["Message"]) == "not buy user" { + conn.Endpoint = String(connectivity.CloudFirewallOpenAPIEndpointControlPolicy) + return resource.RetryableError(fmt.Errorf("%s", response)) + } + return nil }) + addDebug(action, response, request) + if err != nil { return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR) } + stateConf := BuildStateConf([]string{}, []string{"opened", "closed"}, d.Timeout(schema.TimeoutUpdate), 5*time.Second, cloudfwService.CloudFirewallVpcFirewallCenStateRefreshFunc(d, []string{})) if _, err := stateConf.WaitForState(); err != nil { return WrapErrorf(err, IdMsg, d.Id()) } - d.SetPartial("lang") - d.SetPartial("member_uid") + d.SetPartial("status") + d.SetPartial("member_uid") + d.SetPartial("lang") } d.Partial(false) - return resourceAlicloudCloudFirewallVpcFirewallCenRead(d, meta) + + return resourceAliCloudCloudFirewallVpcFirewallCenRead(d, meta) } -func resourceAlicloudCloudFirewallVpcFirewallCenDelete(d *schema.ResourceData, meta interface{}) error { +func resourceAliCloudCloudFirewallVpcFirewallCenDelete(d *schema.ResourceData, meta interface{}) error { client := meta.(*connectivity.AliyunClient) cloudfwService := CloudfwService{client} + action := "DeleteVpcFirewallCenConfigure" + var response map[string]interface{} + conn, err := client.NewCloudfwClient() if err != nil { return WrapError(err) } request := map[string]interface{}{ - "VpcFirewallIdList.1": d.Id(), } - if v, ok := d.GetOk("lang"); ok { - request["Lang"] = v - } if v, ok := d.GetOk("member_uid"); ok { request["MemberUid"] = v } - action := "DeleteVpcFirewallCenConfigure" + if v, ok := d.GetOk("lang"); ok { + request["Lang"] = v + } + + runtime := util.RuntimeOptions{} + runtime.SetAutoretry(true) wait := incrementalWait(3*time.Second, 3*time.Second) err = resource.Retry(client.GetRetryTimeout(d.Timeout(schema.TimeoutDelete)), func() *resource.RetryError { - resp, err := conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2017-12-07"), StringPointer("AK"), nil, request, &util.RuntimeOptions{}) + response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2017-12-07"), StringPointer("AK"), nil, request, &runtime) if err != nil { if NeedRetry(err) { wait() @@ -462,19 +506,28 @@ func resourceAlicloudCloudFirewallVpcFirewallCenDelete(d *schema.ResourceData, m } return resource.NonRetryableError(err) } - addDebug(action, resp, request) + + if fmt.Sprint(response["Message"]) == "not buy user" { + conn.Endpoint = String(connectivity.CloudFirewallOpenAPIEndpointControlPolicy) + return resource.RetryableError(fmt.Errorf("%s", response)) + } + return nil }) + addDebug(action, response, request) + if err != nil { if NotFoundError(err) { return nil } return WrapErrorf(err, DefaultErrorMsg, d.Id(), action, AlibabaCloudSdkGoERROR) } + stateConf := BuildStateConf([]string{}, []string{}, d.Timeout(schema.TimeoutDelete), 5*time.Second, cloudfwService.CloudFirewallVpcFirewallCenStateRefreshFunc(d, []string{})) if _, err := stateConf.WaitForState(); err != nil { return WrapErrorf(err, IdMsg, d.Id()) } + return nil } func convertCloudFirewallVpcFirewallCenStatusRequest(source interface{}) interface{} { diff --git a/alicloud/resource_alicloud_cloud_firewall_vpc_firewall_cen_test.go b/alicloud/resource_alicloud_cloud_firewall_vpc_firewall_cen_test.go index 6b7b3b8e286..160cb9e25ca 100644 --- a/alicloud/resource_alicloud_cloud_firewall_vpc_firewall_cen_test.go +++ b/alicloud/resource_alicloud_cloud_firewall_vpc_firewall_cen_test.go @@ -9,20 +9,20 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/helper/resource" ) -func TestAccAlicloudCloudFirewallVpcFirewallCen_basic(t *testing.T) { +func TestAccAliCloudCloudFirewallVpcFirewallCen_basic(t *testing.T) { var v map[string]interface{} + checkoutSupportedRegions(t, true, connectivity.CloudFirewallVpcFirewallCenSupportRegions) resourceId := "alicloud_cloud_firewall_vpc_firewall_cen.default" - ra := resourceAttrInit(resourceId, AlicloudCloudFirewallVpcFirewallCenMap) + ra := resourceAttrInit(resourceId, AliCloudCloudFirewallVpcFirewallCenMap) rc := resourceCheckInitWithDescribeMethod(resourceId, &v, func() interface{} { return &CloudfwService{testAccProvider.Meta().(*connectivity.AliyunClient)} }, "DescribeCloudFirewallVpcFirewallCen") rac := resourceAttrCheckInit(rc, ra) testAccCheck := rac.resourceAttrMapUpdateSet() rand := acctest.RandIntRange(10000, 99999) - checkoutSupportedRegions(t, true, connectivity.CloudFirewallVpcFirewallCenSupportRegions) name := fmt.Sprintf("tf-testacc%scfwCen%d", defaultRegionToTest, rand) nameUpdate := fmt.Sprintf("tf-testacc%scfwCenup%d", defaultRegionToTest, rand) - testAccConfig := resourceTestAccConfigFunc(resourceId, name, AlicloudCloudFirewallVpcFirewallCenBasicDependence) + testAccConfig := resourceTestAccConfigFunc(resourceId, name, AliCloudCloudFirewallVpcFirewallCenBasicDependence) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) @@ -33,27 +33,29 @@ func TestAccAlicloudCloudFirewallVpcFirewallCen_basic(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccConfig(map[string]interface{}{ - "cen_id": "${data.alicloud_cen_instances.cen_instances_ds.instances.0.id}", + "vpc_firewall_name": name, + "cen_id": "${data.alicloud_cen_instances.cen_instances_ds.instances.0.id}", + "vpc_region": defaultRegionToTest, + "status": "open", "local_vpc": []map[string]interface{}{ { "network_instance_id": "${data.alicloud_vpcs.vpcs_ds.vpcs.0.id}", }, }, - "status": "open", - "member_uid": "${data.alicloud_account.current.id}", - "vpc_region": defaultRegionToTest, - "vpc_firewall_name": name, + "member_uid": "${data.alicloud_account.current.id}", + "lang": "zh", }), Check: resource.ComposeTestCheckFunc( testAccCheck(map[string]string{ + "vpc_firewall_name": name, "cen_id": CHECKSET, + "vpc_region": defaultRegionToTest, "status": "open", "member_uid": CHECKSET, - "vpc_region": defaultRegionToTest, - "vpc_firewall_name": name, }), ), - }, { + }, + { Config: testAccConfig(map[string]interface{}{ "vpc_firewall_name": nameUpdate, }), @@ -62,7 +64,8 @@ func TestAccAlicloudCloudFirewallVpcFirewallCen_basic(t *testing.T) { "vpc_firewall_name": nameUpdate, }), ), - }, { + }, + { Config: testAccConfig(map[string]interface{}{ "status": "close", }), @@ -71,7 +74,8 @@ func TestAccAlicloudCloudFirewallVpcFirewallCen_basic(t *testing.T) { "status": "close", }), ), - }, { + }, + { ResourceName: resourceId, ImportState: true, ImportStateVerify: true, @@ -81,26 +85,23 @@ func TestAccAlicloudCloudFirewallVpcFirewallCen_basic(t *testing.T) { }) } -var AlicloudCloudFirewallVpcFirewallCenMap = map[string]string{} +var AliCloudCloudFirewallVpcFirewallCenMap = map[string]string{} -func AlicloudCloudFirewallVpcFirewallCenBasicDependence(name string) string { +func AliCloudCloudFirewallVpcFirewallCenBasicDependence(name string) string { return fmt.Sprintf(` -variable "name" { - default = "%s" -} -data "alicloud_account" "current" { -} + variable "name" { + default = "%s" + } -data "alicloud_cen_instances" "cen_instances_ds" { - name_regex = "^cfw-test-no-deleting" -} + data "alicloud_account" "current" { + } -data "alicloud_vpcs" "vpcs_ds" { - name_regex = "^cfw-test-no-delete1" -} + data "alicloud_cen_instances" "cen_instances_ds" { + name_regex = "^cfw-test-no-deleting" + } -data "alicloud_vpcs" "vpcs_self" { - name_regex = "^default-NODELETING" -} + data "alicloud_vpcs" "vpcs_ds" { + name_regex = "^cfw-test-no-deleting" + } `, name) } diff --git a/alicloud/service_alicloud_cloudfw.go b/alicloud/service_alicloud_cloudfw.go index a4129cfeab4..5a70ddd4bc1 100644 --- a/alicloud/service_alicloud_cloudfw.go +++ b/alicloud/service_alicloud_cloudfw.go @@ -100,7 +100,6 @@ func (s *CloudfwService) DescribeCloudFirewallAddressBook(id string) (object map if fmt.Sprint(response["Message"]) == "not buy user" { conn.Endpoint = String(connectivity.CloudFirewallOpenAPIEndpointControlPolicy) return resource.RetryableError(fmt.Errorf("%s", response)) - } return nil @@ -205,6 +204,9 @@ func (s *CloudfwService) CloudFirewallInstanceMemberStateRefreshFunc(d *schema.R } func (s *CloudfwService) DescribeCloudFirewallVpcFirewallCen(id string) (object map[string]interface{}, err error) { + var response map[string]interface{} + action := "DescribeVpcFirewallCenDetail" + conn, err := s.client.NewCloudfwClient() if err != nil { return object, WrapError(err) @@ -214,13 +216,11 @@ func (s *CloudfwService) DescribeCloudFirewallVpcFirewallCen(id string) (object "VpcFirewallId": id, } - var response map[string]interface{} - action := "DescribeVpcFirewallCenDetail" runtime := util.RuntimeOptions{} runtime.SetAutoretry(true) wait := incrementalWait(3*time.Second, 3*time.Second) err = resource.Retry(5*time.Minute, func() *resource.RetryError { - resp, err := conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2017-12-07"), StringPointer("AK"), nil, request, &runtime) + response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2017-12-07"), StringPointer("AK"), nil, request, &runtime) if err != nil { if NeedRetry(err) { wait() @@ -228,31 +228,44 @@ func (s *CloudfwService) DescribeCloudFirewallVpcFirewallCen(id string) (object } return resource.NonRetryableError(err) } - response = resp - addDebug(action, response, request) + + if fmt.Sprint(response["Message"]) == "not buy user" { + conn.Endpoint = String(connectivity.CloudFirewallOpenAPIEndpointControlPolicy) + return resource.RetryableError(fmt.Errorf("%s", response)) + } + return nil }) + addDebug(action, response, request) + if err != nil { if IsExpectedErrors(err, []string{"ErrorVpcFirewallExist"}) { return object, WrapErrorf(Error(GetNotFoundMessage("VpcFirewallCen", id)), NotFoundMsg, ProviderERROR, fmt.Sprint(response["RequestId"])) } return object, WrapErrorf(err, DefaultErrorMsg, id, action, AlibabaCloudSdkGoERROR) } + v, err := jsonpath.Get("$", response) if err != nil { return object, WrapErrorf(err, FailedGetAttributeMsg, id, "$", response) } + status, err := jsonpath.Get("$.FirewallSwitchStatus", response) if err != nil { return object, WrapErrorf(err, FailedGetAttributeMsg, id, "$", response) } + if status.(string) == "notconfigured" { return object, WrapErrorf(Error(GetNotFoundMessage("VpcFirewallCen", id)), NotFoundWithResponse, response) } + return v.(map[string]interface{}), nil } func (s *CloudfwService) DescribeVpcFirewallCenList(id string) (object map[string]interface{}, err error) { + var response map[string]interface{} + action := "DescribeVpcFirewallCenList" + conn, err := s.client.NewCloudfwClient() if err != nil { return object, WrapError(err) @@ -262,13 +275,11 @@ func (s *CloudfwService) DescribeVpcFirewallCenList(id string) (object map[strin "VpcFirewallId": id, } - var response map[string]interface{} - action := "DescribeVpcFirewallCenList" runtime := util.RuntimeOptions{} runtime.SetAutoretry(true) wait := incrementalWait(3*time.Second, 3*time.Second) err = resource.Retry(5*time.Minute, func() *resource.RetryError { - resp, err := conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2017-12-07"), StringPointer("AK"), nil, request, &runtime) + response, err = conn.DoRequest(StringPointer(action), nil, StringPointer("POST"), StringPointer("2017-12-07"), StringPointer("AK"), nil, request, &runtime) if err != nil { if NeedRetry(err) { wait() @@ -276,22 +287,31 @@ func (s *CloudfwService) DescribeVpcFirewallCenList(id string) (object map[strin } return resource.NonRetryableError(err) } - response = resp - addDebug(action, response, request) + + if fmt.Sprint(response["Message"]) == "not buy user" { + conn.Endpoint = String(connectivity.CloudFirewallOpenAPIEndpointControlPolicy) + return resource.RetryableError(fmt.Errorf("%s", response)) + } + return nil }) + addDebug(action, response, request) + if err != nil { return object, WrapErrorf(err, DefaultErrorMsg, id, action, AlibabaCloudSdkGoERROR) } + v, err := jsonpath.Get("$.VpcFirewalls[0]", response) if err != nil { return object, WrapErrorf(err, FailedGetAttributeMsg, id, "$", response) } + totalCount, _ := jsonpath.Get("$.TotalCount", response) total, _ := totalCount.(json.Number).Int64() if err != nil && total == 0 { return object, WrapErrorf(Error(GetNotFoundMessage("VpcFirewallCen", id)), NotFoundWithResponse, response) } + return v.(map[string]interface{}), nil } diff --git a/website/docs/r/cloud_firewall_vpc_firewall_cen.html.markdown b/website/docs/r/cloud_firewall_vpc_firewall_cen.html.markdown index 248193b488d..b09ca69c719 100644 --- a/website/docs/r/cloud_firewall_vpc_firewall_cen.html.markdown +++ b/website/docs/r/cloud_firewall_vpc_firewall_cen.html.markdown @@ -13,7 +13,7 @@ Provides a Cloud Firewall Vpc Firewall Cen resource. For information about Cloud Firewall Vpc Firewall Cen and how to use it, see [What is Vpc Firewall Cen](https://www.alibabacloud.com/help/en/cloud-firewall/latest/createvpcfirewallcenconfigure). --> **NOTE:** Available in v1.194.0+. +-> **NOTE:** Available since v1.194.0. ## Example Usage @@ -28,7 +28,7 @@ resource "alicloud_cloud_firewall_vpc_firewall_cen" "default" { status = "open" member_uid = "1415189284827022" vpc_region = "ap-south-1" - vpc_firewall_name = "tf-test" + vpc_firewall_name = "tf-vpc-firewall-name" } ``` @@ -36,21 +36,21 @@ resource "alicloud_cloud_firewall_vpc_firewall_cen" "default" { The following arguments are supported: -* `cen_id` - (Required, ForceNew) The ID of the CEN instance. -* `lang` - (Optional) The language type of the requested and received messages. Value:**zh** (default): Chinese.**en**: English. -* `local_vpc` - (Required,Computed) The details of the VPC.See the following `Block LocalVpc`. -* `member_uid` - (Optional) The UID of the member account (other Alibaba Cloud account) of the current Alibaba cloud account. -* `status` - (Required) Firewall switch status * `vpc_firewall_name` - (Required) The name of the VPC firewall instance. +* `cen_id` - (Required, ForceNew) The ID of the CEN instance. * `vpc_region` - (Required, ForceNew) The ID of the region to which the VPC is created. +* `status` - (Required) Firewall switch status. +* `member_uid` - (Optional, ForceNew) The UID of the member account (other Alibaba Cloud account) of the current Alibaba cloud account. +* `lang` - (Optional, ForceNew) The language type of the requested and received messages. Valid values: + - `zh`: Chinese. + - `en`: English. +* `local_vpc` - (Required, ForceNew) The details of the VPC. See [`local_vpc`](#local_vpc) below. -### Block LocalVpc - -The LocalVpc supports the following: - -* `network_instance_id` - (Required,ForceNew) The ID of the VPC instance that created the VPC firewall. +### `local_vpc` +The local_vpc supports the following: +* `network_instance_id` - (Required, ForceNew) The ID of the VPC instance that created the VPC firewall. ## Attributes Reference @@ -65,7 +65,7 @@ The following attributes are exported: * `eni_list` - List of elastic network cards. * `eni_id` - The ID of the instance of the ENI in the VPC. * `eni_private_ip_address` - The private IP address of the ENI in the VPC. - * `manual_v_switch_id` - The ID of the vSwitch specified when the routing mode is manual mode. + * `manual_vswitch_id` - The ID of the vSwitch specified when the routing mode is manual mode. * `network_instance_name` - The name of the network instance. * `network_instance_type` - The type of the network instance. Value: **VPC * *. * `owner_id` - The UID of the Alibaba Cloud account to which the VPC belongs. @@ -83,12 +83,13 @@ The following attributes are exported: * `vpc_name` - The instance name of the VPC. * `vpc_firewall_id` - VPC firewall ID -### Timeouts +## Timeouts The `timeouts` block allows you to specify [timeouts](https://www.terraform.io/docs/configuration-0-11/resources.html#timeouts) for certain actions: + * `create` - (Defaults to 31 mins) Used when create the Vpc Firewall Cen. -* `delete` - (Defaults to 31 mins) Used when delete the Vpc Firewall Cen. * `update` - (Defaults to 31 mins) Used when update the Vpc Firewall Cen. +* `delete` - (Defaults to 31 mins) Used when delete the Vpc Firewall Cen. ## Import @@ -96,4 +97,4 @@ Cloud Firewall Vpc Firewall Cen can be imported using the id, e.g. ```shell $terraform import alicloud_cloud_firewall_vpc_firewall_cen.example -``` \ No newline at end of file +```