Edge Gateway L2 VPN Tunnel resource and datasource (#1121)

* **New Resource:** `vcd_nsxt_edgegateway_l2_vpn_tunnel` to manage Edge Gateway L2 VPN Tunnel sessions [GH-1061]
* **New Data Source:** `vcd_nsxt_edgegateway_l2_vpn_tunnel` to read Edge Gateway L2 VPN Tunnel sessions [GH-1061]

---------

Signed-off-by: Adam Jasinski <[email protected]>

.changes/v3.11.0/1121-features.md

@@ -0,0 +1,2 @@
+* **New Resource:** `vcd_nsxt_edgegateway_l2_vpn_tunnel` to manage Edge Gateway L2 VPN Tunnel sessions [GH-1061]
+* **New Data Source:** `vcd_nsxt_edgegateway_l2_vpn_tunnel` to read Edge Gateway L2 VPN Tunnel sessions [GH-1061]

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0
 	github.com/kr/pretty v0.2.1
-	github.com/vmware/go-vcloud-director/v2 v2.22.0-alpha.5
+	github.com/vmware/go-vcloud-director/v2 v2.22.0-alpha.6
 )
 
 require (

go.sum

@@ -123,8 +123,8 @@ github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9
 github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
 github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
-github.com/vmware/go-vcloud-director/v2 v2.22.0-alpha.5 h1:/W3WHBsb1AHYFEijokIrB4TY5ZvNgjsfzmdcVXdyQ3E=
-github.com/vmware/go-vcloud-director/v2 v2.22.0-alpha.5/go.mod h1:QPxGFgrUcSyzy9IlpwDE4UNT3tsOy2047tJOPEJ4nlw=
+github.com/vmware/go-vcloud-director/v2 v2.22.0-alpha.6 h1:jvFqmN8tO39t7aFAvF+q5VL3+oZhfU9F0KeRlm9rxN0=
+github.com/vmware/go-vcloud-director/v2 v2.22.0-alpha.6/go.mod h1:QPxGFgrUcSyzy9IlpwDE4UNT3tsOy2047tJOPEJ4nlw=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/zclconf/go-cty v1.13.2 h1:4GvrUxe/QUDYuJKAav4EYqdM47/kZa672LwmXFmEKT0=
 github.com/zclconf/go-cty v1.13.2/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0=

vcd/datasource_vcd_nsxt_edgegateway_l2_vpn_tunnel.go

@@ -0,0 +1,92 @@
+package vcd
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func datasourceVcdNsxtEdgegatewayL2VpnTunnel() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: datasourceVcdNsxtEdgegatewayL2VpnTunnelRead,
+		Schema: map[string]*schema.Schema{
+			"org": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Description: "The name of organization to use, optional if defined at provider " +
+					"level. Useful when connected as sysadmin working across different organizations",
+			},
+			"edge_gateway_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Edge Gateway ID for the tunnel",
+			},
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Name of the L2 VPN Tunnel session",
+			},
+			"description": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Description of the L2 VPN Tunnel session",
+			},
+			"session_mode": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Mode of the tunnel session, either CLIENT or SERVER",
+			},
+			"enabled": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Status of the L2 VPN Tunnel session",
+			},
+			"local_endpoint_ip": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Local endpoint IP of the tunnel session, the IP is sub-allocated to the Edge Gateway",
+			},
+			"remote_endpoint_ip": {
+				Type:     schema.TypeString,
+				Computed: true,
+				Description: "The IP address of the remote endpoint, which corresponds to the device" +
+					"on the remote site terminating the VPN tunnel.",
+			},
+			"tunnel_interface": {
+				Type:     schema.TypeString,
+				Computed: true,
+				Description: "Network CIDR block over which the session interfaces. Only populated for " +
+					"`SERVER` sessions",
+			},
+			"connector_initiation_mode": {
+				Type:     schema.TypeString,
+				Computed: true,
+				Description: "Connector initation mode of the session describing how a connection is made. " +
+					"Only populated for `SERVER` sessions",
+			},
+			"pre_shared_key": {
+				Type:     schema.TypeString,
+				Computed: true,
+				Description: "Pre-shared key used for authentication, the field is only populated for " +
+					"`SERVER` sessions",
+			},
+			"peer_code": {
+				Type:     schema.TypeString,
+				Computed: true,
+				Description: "Base64 encoded string of the full configuration of the tunnel, " +
+					"only populated for `SERVER` sessions",
+			},
+			"stretched_network": {
+				Type:        schema.TypeSet,
+				Computed:    true,
+				Description: "Org VDC networks that are attached to this L2 VPN tunnel",
+				Elem:        stretchedNetwork,
+			},
+		},
+	}
+}
+
+func datasourceVcdNsxtEdgegatewayL2VpnTunnelRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	return genericNsxtEdgegatewayL2VpnTunnelRead(ctx, d, meta, "datasource")
+}

vcd/provider.go

@@ -138,6 +138,7 @@ var globalDataSourceMap = map[string]*schema.Resource{
 	"vcd_rde_interface_behavior":                    datasourceVcdRdeInterfaceBehavior(),             // 3.10
 	"vcd_rde_type_behavior":                         datasourceVcdRdeTypeBehavior(),                  // 3.10
 	"vcd_rde_type_behavior_acl":                     datasourceVcdRdeTypeBehaviorAccessLevel(),       // 3.10
+	"vcd_nsxt_edgegateway_l2_vpn_tunnel":            datasourceVcdNsxtEdgegatewayL2VpnTunnel(),       // 3.11
 	"vcd_rde_behavior_invocation":                   datasourceVcdRdeBehaviorInvocation(),            // 3.11
 }
 
@@ -240,6 +241,7 @@ var globalResourceMap = map[string]*schema.Resource{
 	"vcd_rde_interface_behavior":                    resourceVcdRdeInterfaceBehavior(),             // 3.10
 	"vcd_rde_type_behavior":                         resourceVcdRdeTypeBehavior(),                  // 3.10
 	"vcd_rde_type_behavior_acl":                     resourceVcdRdeTypeBehaviorAccessLevel(),       // 3.10
+	"vcd_nsxt_edgegateway_l2_vpn_tunnel":            resourceVcdNsxtEdgegatewayL2VpnTunnel(),       // 3.11
 }
 
 // Provider returns a terraform.ResourceProvider.

vcd/remove_leftovers_test.go

@@ -335,6 +335,23 @@ func removeLeftovers(govcdClient *govcd.VCDClient, verbose bool) error {
 					if err != nil {
 						return fmt.Errorf("error deleting NSX-T Edge Gateway '%s': %s", edgeGw.EdgeGateway.Name, err)
 					}
+					continue
+				}
+				// --------------------------------------------------------------
+				// L2 VPN Tunnels
+				// --------------------------------------------------------------
+				l2VpnTunnels, err := edgeGw.GetAllL2VpnTunnels(nil)
+				if err != nil {
+					return fmt.Errorf("error retrieving L2 VPN Tunnel list: %s", err)
+				}
+				for _, tunnel := range l2VpnTunnels {
+					toBeDeleted := shouldDeleteEntity(alsoDelete, doNotDelete, tunnel.NsxtL2VpnTunnel.Name, "vcd_nsxt_edgegateway_l2_vpn_tunnel", 3, verbose)
+					if toBeDeleted {
+						err := tunnel.Delete()
+						if err != nil {
+							return fmt.Errorf("error deleting L2 VPN Tunnel '%s': %s", tunnel.NsxtL2VpnTunnel.Name, err)
+						}
+					}
 				}
 			}
 		}

vcd/resource_vcd_lb_app_rule_test.go

@@ -35,6 +35,7 @@ acl other_page2 url_beg / other2 redirect location https://www.other2.com/ ifoth
 		"EdgeGateway":      testConfig.Networking.EdgeGateway,
 		"AppRuleName":      t.Name(),
 		"SingleLineScript": "acl vmware_page url_beg / vmware redirect location https://www.vmware.com/ ifvmware_page",
+		// #nosec G203 -- template.HTML - We can't escape HCL heredoc. Also the code is safe as it's hardcoded from this test.
 		"MultilineScript": template.HTML(`<<-EOT
 ` + MultiLineScript + `EOT`),
 		"MultilineFailScript": template.HTML(`<<-EOT