feat(vpn): add resource VPN access policy (#5751)

docs/resources/vpn_access_policy.md

@@ -0,0 +1,65 @@
+---
+subcategory: "Virtual Private Network (VPN)"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_vpn_access_policy"
+description: |-
+  Manages a VPN access policy within HuaweiCloud.
+---
+
+# huaweicloud_vpn_access_policy
+
+Manages a VPN access policy within HuaweiCloud.
+
+## Example Usage
+
+```hcl
+variable "vpn_server_id" {}
+variable "name" {}
+variable "user_group_id" {}
+variable "dest_ip_cidr" {}
+
+resource "huaweicloud_vpn_access_policy" "test" {
+  vpn_server_id = var.vpn_server_id
+  name          = var.name
+  user_group_id = var.user_group_id
+  dest_ip_cidrs = [var.dest_ip_cidr]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region in which to create the resource.
+  If omitted, the provider-level region will be used.
+  Changing this creates a new resource.
+
+* `vpn_server_id` - (Required, String, NonUpdatable) Specifies the VPN server ID.
+
+* `name` - (Required, String) Specifies the access policy name.
+
+* `user_group_id` - (Required, String) Specifies the user group ID.
+
+* `dest_ip_cidrs` - (Required, List) Specifies the list of destination IP CIDRs.
+
+* `description` - (Optional, String) Specifies the description of the access policy.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The resource ID.
+
+* `user_group_name` - The user group name.
+
+* `created_at` - The creation time.
+
+* `updated_at` - The update time.
+
+## Import
+
+The access policy can be imported using `vpn_server_id` and `id`, separated by a slash (/), e.g.
+
+```bash
+$ terraform import huaweicloud_vpn_access_policy.test <vpn_server_id>/<id>
+```

huaweicloud/provider.go

@@ -1978,6 +1978,7 @@ func Provider() *schema.Provider {
 			"huaweicloud_vpcep_endpoint": vpcep.ResourceVPCEndpoint(),
 			"huaweicloud_vpcep_service":  vpcep.ResourceVPCEndpointService(),
 
+			"huaweicloud_vpn_access_policy":           vpn.ResourceAccessPolicy(),
 			"huaweicloud_vpn_gateway":                 vpn.ResourceGateway(),
 			"huaweicloud_vpn_customer_gateway":        vpn.ResourceCustomerGateway(),
 			"huaweicloud_vpn_connection":              vpn.ResourceConnection(),

huaweicloud/services/acceptance/vpn/resource_huaweicloud_vpn_access_policy_test.go

@@ -0,0 +1,135 @@
+package vpn
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/vpn"
+)
+
+func getAccessPolicyFunc(conf *config.Config, state *terraform.ResourceState) (interface{}, error) {
+	region := acceptance.HW_REGION_NAME
+
+	getAccessPolicyProduct := "vpn"
+	client, err := conf.NewServiceClient(getAccessPolicyProduct, region)
+	if err != nil {
+		return nil, fmt.Errorf("error creating VPN client: %s", err)
+	}
+
+	return vpn.GetAccessPolicy(client, state.Primary.Attributes["vpn_server_id"], state.Primary.ID)
+}
+
+func testAccessPolicyImportState(name string) resource.ImportStateIdFunc {
+	return func(s *terraform.State) (string, error) {
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return "", fmt.Errorf("resource (%s) not found: %s", name, rs)
+		}
+		if rs.Primary.Attributes["vpn_server_id"] == "" {
+			return "", fmt.Errorf("attribute (vpn_server_id) of Resource (%s) not found: %s", name, rs)
+		}
+		if rs.Primary.ID == "" {
+			return "", fmt.Errorf("attribute (id) of Resource (%s) not found: %s", name, rs)
+		}
+
+		return rs.Primary.Attributes["vpn_server_id"] + "/" + rs.Primary.ID, nil
+	}
+}
+
+func TestAccAccessPolicy_basic(t *testing.T) {
+	var obj interface{}
+
+	name := acceptance.RandomAccResourceName()
+	rName := "huaweicloud_vpn_access_policy.test"
+
+	rc := acceptance.InitResourceCheck(
+		rName,
+		&obj,
+		getAccessPolicyFunc,
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+			acceptance.TestAccPreCheckVPNP2cServer(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		CheckDestroy:      rc.CheckResourceDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAccessPolicy_basic(name),
+				Check: resource.ComposeTestCheckFunc(
+					rc.CheckResourceExists(),
+					resource.TestCheckResourceAttr(rName, "name", name),
+					resource.TestCheckResourceAttrPair(rName, "user_group_id", "huaweicloud_vpn_user_group.test.0", "id"),
+					resource.TestCheckResourceAttr(rName, "dest_ip_cidrs.#", "2"),
+					resource.TestCheckResourceAttrSet(rName, "vpn_server_id"),
+					resource.TestCheckResourceAttr(rName, "description", "test"),
+					resource.TestCheckResourceAttrSet(rName, "user_group_name"),
+					resource.TestCheckResourceAttrSet(rName, "created_at"),
+					resource.TestCheckResourceAttrSet(rName, "updated_at"),
+				),
+			},
+			{
+				Config: testAccAccessPolicy_update(name),
+				Check: resource.ComposeTestCheckFunc(
+					rc.CheckResourceExists(),
+					resource.TestCheckResourceAttr(rName, "name", name+"-update"),
+					resource.TestCheckResourceAttrPair(rName, "user_group_id", "huaweicloud_vpn_user_group.test.1", "id"),
+					resource.TestCheckResourceAttr(rName, "dest_ip_cidrs.#", "1"),
+					resource.TestCheckResourceAttr(rName, "description", ""),
+				),
+			},
+			{
+				ResourceName:      rName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateIdFunc: testAccessPolicyImportState(rName),
+			},
+		},
+	})
+}
+
+func testAccAccessPolicy_basic(name string) string {
+	return fmt.Sprintf(`
+%[1]s
+
+resource "huaweicloud_vpn_access_policy" "test" {
+  vpn_server_id = "%[2]s"
+  name          = "%[3]s"
+  user_group_id = huaweicloud_vpn_user_group.test[0].id
+  dest_ip_cidrs = ["192.168.0.0/16", "192.168.34.0/24"]
+  description   = "test"
+}
+`, testAccessPolicy_base(name), acceptance.HW_VPN_P2C_SERVER, name)
+}
+
+func testAccAccessPolicy_update(name string) string {
+	return fmt.Sprintf(`
+%[1]s
+
+resource "huaweicloud_vpn_access_policy" "test" {
+  vpn_server_id = "%[2]s"
+  name          = "%[3]s-update"
+  user_group_id = huaweicloud_vpn_user_group.test[1].id
+  dest_ip_cidrs = ["192.168.0.0/30"]
+  description   = ""
+}
+`, testAccessPolicy_base(name), acceptance.HW_VPN_P2C_SERVER, name)
+}
+
+func testAccessPolicy_base(name string) string {
+	return fmt.Sprintf(`
+resource "huaweicloud_vpn_user_group" "test" {
+  count         = 2
+  vpn_server_id = "%[1]s"
+  name          = "%[2]s${count.index}"
+  description   = "test${count.index} "
+}
+`, acceptance.HW_VPN_P2C_SERVER, name)
+}