[Feat.] New VPCEP approval resource/opentelekomcloud_vpcep_approval_v1

docs/resources/vpcep_approval_v1.md

@@ -0,0 +1,96 @@
+---
+subcategory: "VPC Endpoint (VPCEP)"
+layout: "opentelekomcloud"
+page_title: "OpenTelekomCloud: opentelekomcloud_vpcep_approval_v1"
+sidebar_current: "docs-opentelekomcloud-resource-vpcep-approval-v1"
+description: |-
+  Manages a VPCEP Endpoint resource within OpenTelekomCloud.
+---
+
+
+# opentelekomcloud_vpcep_approval_v1
+
+Provides a resource to manage the VPC endpoint connections.
+
+## Example Usage
+
+```hcl
+variable "service_vpc_id" {}
+variable "vm_port" {}
+variable "vpc_id" {}
+variable "subnet_id" {}
+
+resource "opentelekomcloud_vpcep_service_v1" "srv" {
+  name        = "demo-service"
+  server_type = "VM"
+  vpc_id      = var.service_vpc_id
+  port_id     = var.vm_port
+
+  approval_enabled = true
+
+  port {
+    server_port = 8080
+    client_port = 80
+  }
+}
+
+resource "opentelekomcloud_vpcep_endpoint_v1" "ep" {
+  service_id = opentelekomcloud_vpcep_service_v1.srv.id
+  vpc_id     = var.vpc_id
+  subnet_id  = var.subnet_id
+  enable_dns = true
+
+  lifecycle {
+    # enable_dns and ip_address are not assigned until connecting to the service
+    ignore_changes = [
+      enable_dns,
+      ip_address
+    ]
+  }
+}
+
+resource "opentelekomcloud_vpcep_approval_v1" "approval" {
+  service_id = opentelekomcloud_vpcep_service_v1.srv.id
+  endpoints  = [opentelekomcloud_vpcep_endpoint_v1.ep.id]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `service_id` - (Required, String, ForceNew) Specifies the ID of the VPC endpoint service. Changing this creates a new
+  resource.
+
+* `endpoints` - (Required, List) Specifies the list of VPC endpoint IDs which accepted to connect to VPC endpoint
+  service. The VPC endpoints will be rejected when the resource was destroyed.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The unique ID in UUID format which equals to the ID of the VPC endpoint service.
+
+* `connections` - An array of VPC endpoints connect to the VPC endpoint service. Structure is documented below.
+  + `endpoint_id` - The unique ID of the VPC endpoint.
+  + `packet_id` - The packet ID of the VPC endpoint.
+  + `domain_id` - The user's domain ID.
+  + `status` - The connection status of the VPC endpoint.
+  + `description` - The description of the VPC endpoint service connection.
+
+* `region` - The VPC endpoint service region.
+
+## Timeouts
+
+This resource provides the following timeouts configuration options:
+
+* `create` - Default is 10 minute.
+* `delete` - Default is 3 minute.
+
+## Import
+
+VPC endpoint approval can be imported using the `id`, e.g.
+
+```bash
+$ terraform import opentelekomcloud_vpcep_approval_v1.apr <id>
+```

opentelekomcloud/acceptance/vpcep/resource_opentelekomcloud_vpcep_approval_v1_test.go

@@ -0,0 +1,121 @@
+package vpcep
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/opentelekomcloud/gophertelekomcloud/acceptance/tools"
+	"github.com/opentelekomcloud/gophertelekomcloud/openstack/vpcep/v1/endpoints"
+	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/common"
+)
+
+func TestAccVPCEndpointApproval_Basic(t *testing.T) {
+	var endpoint endpoints.Endpoint
+	rName := tools.RandomString("tf-test-ep-", 4)
+	resourceName := "opentelekomcloud_vpcep_approval_v1.approval"
+
+	rc := common.InitResourceCheck(
+		"opentelekomcloud_vpcep_endpoint_v1.endpoint",
+		&endpoint,
+		getVPCEndpointFunc,
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { common.TestAccPreCheck(t) },
+		ProviderFactories: common.TestAccProviderFactories,
+		CheckDestroy:      rc.CheckResourceDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccVPCEndpointApproval_Basic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					rc.CheckResourceExists(),
+					resource.TestCheckResourceAttrPair(resourceName, "id", "opentelekomcloud_vpcep_service_v1.service", "id"),
+					resource.TestCheckResourceAttrPair(resourceName, "connections.0.endpoint_id",
+						"opentelekomcloud_vpcep_endpoint_v1.endpoint", "id"),
+					resource.TestCheckResourceAttr(resourceName, "connections.0.status", "accepted"),
+				),
+			},
+			{
+				Config: testAccVPCEndpointApproval_Update(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrPair(resourceName, "connections.0.endpoint_id",
+						"opentelekomcloud_vpcep_endpoint_v1.endpoint", "id"),
+					resource.TestCheckResourceAttr(resourceName, "connections.0.status", "rejected"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccVPCEndpointApproval_Base(name string) string {
+	return fmt.Sprintf(`
+%s
+
+resource "opentelekomcloud_lb_loadbalancer_v2" "lb_1" {
+  vip_subnet_id = data.opentelekomcloud_vpc_subnet_v1.shared_subnet.subnet_id
+}
+
+resource "opentelekomcloud_vpcep_service_v1" "service" {
+  name        = "%s"
+  port_id     = opentelekomcloud_lb_loadbalancer_v2.lb_1.vip_port_id
+  vpc_id      = data.opentelekomcloud_vpc_subnet_v1.shared_subnet.vpc_id
+  server_type = "LB"
+  description = "test description"
+
+  approval_enabled = true
+
+  port {
+    client_port = 80
+    server_port = 8080
+  }
+
+  tags = {
+    "key" : "value",
+  }
+  whitelist = ["698f9bf85ca9437a9b2f41132ab3aa0e"]
+}
+
+resource "opentelekomcloud_vpcep_endpoint_v1" "endpoint" {
+  service_id = opentelekomcloud_vpcep_service_v1.service.id
+  vpc_id     = opentelekomcloud_vpcep_service_v1.service.vpc_id
+  subnet_id  = data.opentelekomcloud_vpc_subnet_v1.shared_subnet.id
+  enable_dns = true
+
+  tags = {
+    "fizz" : "buzz"
+  }
+
+  lifecycle {
+    ignore_changes = [enable_dns]
+  }
+}
+`, common.DataSourceSubnet, name)
+}
+
+func testAccVPCEndpointApproval_Basic(rName string) string {
+	return fmt.Sprintf(`
+%s
+
+resource "opentelekomcloud_vpcep_approval_v1" "approval" {
+  service_id = opentelekomcloud_vpcep_service_v1.service.id
+  endpoints  = [opentelekomcloud_vpcep_endpoint_v1.endpoint.id]
+}
+`, testAccVPCEndpointApproval_Base(rName))
+}
+
+func testAccVPCEndpointApproval_Update(rName string) string {
+	return fmt.Sprintf(`
+%s
+
+resource "opentelekomcloud_vpcep_approval_v1" "approval" {
+  service_id = opentelekomcloud_vpcep_service_v1.service.id
+  endpoints  = []
+}
+`, testAccVPCEndpointApproval_Base(rName))
+}

opentelekomcloud/provider.go

@@ -583,6 +583,7 @@ func Provider() *schema.Provider {
 			"opentelekomcloud_vpc_peering_connection_v2":                 vpc.ResourceVpcPeeringConnectionV2(),
 			"opentelekomcloud_vpc_peering_connection_accepter_v2":        vpc.ResourceVpcPeeringConnectionAccepterV2(),
 			"opentelekomcloud_vpc_route_table_v1":                        vpc.ResourceVPCRouteTableV1(),
+			"opentelekomcloud_vpcep_approval_v1":                         vpcep.ResourceVPCEPApprovalV1(),
 			"opentelekomcloud_vpcep_endpoint_v1":                         vpcep.ResourceVPCEPEndpointV1(),
 			"opentelekomcloud_vpcep_service_v1":                          vpcep.ResourceVPCEPServiceV1(),
 			"opentelekomcloud_vpc_route_v2":                              vpc.ResourceVPCRouteV2(),

opentelekomcloud/services/vpcep/common.go

@@ -1,4 +1,13 @@
 package vpcep
 
-const ErrClientCreate = "error creating VPC Endpoint v1 client: %w"
-const keyClient = "vpcep-client"
+const (
+	ErrClientCreate        = "error creating VPC Endpoint v1 client: %w"
+	keyClient              = "vpcep-client"
+	actionReceive   string = "receive"
+	actionReject    string = "reject"
+)
+
+var approvalActionStatusMap = map[string]string{
+	actionReceive: "accepted",
+	actionReject:  "rejected",
+}