[Bug-Fix:] VPN Server

ibm/service/vpc/resource_ibm_is_vpn_server.go

@@ -54,7 +54,6 @@ func ResourceIBMIsVPNServer() *schema.Resource {
 				Type:        schema.TypeList,
 				Required:    true,
 				ForceNew:    false,
-				MaxItems:    1,
 				Description: "The methods used to authenticate VPN clients to this VPN server. VPN clients must authenticate against all provided methods.",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
@@ -384,15 +383,25 @@ func resourceIBMIsVPNServerCreate(context context.Context, d *schema.ResourceDat
 		clientAuthPrototype.Method = &method
 
 		if method == "certificate" {
-			crn_val := clientAuth["client_ca_crn"].(string)
-			certificateInstanceIdentity := &vpcv1.CertificateInstanceIdentity{}
-			certificateInstanceIdentity.CRN = &crn_val
-			clientAuthPrototype.ClientCa = certificateInstanceIdentity
+			if clientAuth["client_ca_crn"] != nil {
+				crn_val := clientAuth["client_ca_crn"].(string)
+				certificateInstanceIdentity := &vpcv1.CertificateInstanceIdentity{}
+				certificateInstanceIdentity.CRN = &crn_val
+				clientAuthPrototype.ClientCa = certificateInstanceIdentity
+
+			} else {
+				return diag.FromErr(fmt.Errorf("[ERROR] Error method type `certificate` should be passed with `client_ca_crn`"))
+			}
 		} else {
-			providerType := clientAuth["identity_provider"].(string)
-			clientAuthPrototype.IdentityProvider = &vpcv1.VPNServerAuthenticationByUsernameIDProvider{
-				ProviderType: &providerType,
+			if clientAuth["identity_provider"] != nil {
+				providerType := clientAuth["identity_provider"].(string)
+				clientAuthPrototype.IdentityProvider = &vpcv1.VPNServerAuthenticationByUsernameIDProvider{
+					ProviderType: &providerType,
+				}
+			} else {
+				return diag.FromErr(fmt.Errorf("[ERROR] Error method type `username` should be passed with `identity_provider`"))
 			}
+
 		}
 		clientAuthentication = append(clientAuthentication, clientAuthPrototype)
 	}
@@ -744,15 +753,25 @@ func resourceIBMIsVPNServerUpdate(context context.Context, d *schema.ResourceDat
 			clientAuthPrototype.Method = &method
 
 			if method == "certificate" {
-				crn_val := clientAuth["client_ca_crn"].(string)
-				certificateInstanceIdentity := &vpcv1.CertificateInstanceIdentity{}
-				certificateInstanceIdentity.CRN = &crn_val
-				clientAuthPrototype.ClientCa = certificateInstanceIdentity
+				if clientAuth["client_ca_crn"] != nil && clientAuth["client_ca_crn"] != "" {
+					crn_val := clientAuth["client_ca_crn"].(string)
+					certificateInstanceIdentity := &vpcv1.CertificateInstanceIdentity{}
+					certificateInstanceIdentity.CRN = &crn_val
+					clientAuthPrototype.ClientCa = certificateInstanceIdentity
+
+				} else {
+					return diag.FromErr(fmt.Errorf("[ERROR] Error method type `certificate` should be passed with `client_ca_crn`"))
+				}
 			} else {
-				providerType := clientAuth["identity_provider"].(string)
-				clientAuthPrototype.IdentityProvider = &vpcv1.VPNServerAuthenticationByUsernameIDProvider{
-					ProviderType: &providerType,
+				if clientAuth["identity_provider"] != nil && clientAuth["identity_provider"] != "" {
+					providerType := clientAuth["identity_provider"].(string)
+					clientAuthPrototype.IdentityProvider = &vpcv1.VPNServerAuthenticationByUsernameIDProvider{
+						ProviderType: &providerType,
+					}
+				} else {
+					return diag.FromErr(fmt.Errorf("[ERROR] Error method type `username` should be passed with `identity_provider`"))
 				}
+
 			}
 			clientAuthentication = append(clientAuthentication, clientAuthPrototype)
 		}

website/docs/r/is_vpn_server.html.markdown

@@ -49,11 +49,11 @@ Review the argument references that you can specify for your resource.
 	  - Constraints: Allowable values are: certificate, username
 
    -> **NOTE:** 
-      `identity_provider` and `client_ca_crn` are mutually exclusive, which means either one must be provided.
+      `identity_provider` and `client_ca_crn` are mutually exclusive, which means either one must be provided. When `method` has `certificate` as value `client_ca_crn` must be provided and when `method` has `username` as value `identity_provider` must be provided.
 
-	- `identity_provider` - (Optional, String) The type of identity provider to be used by VPN client.The type of identity provider to be used by the VPN client.- `iam`: IBM identity and access managementThe enumerated values for this property are expected to expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the route on which the unexpected property value was encountered.
+	- `identity_provider` - (Required, String) The type of identity provider to be used by VPN client.The type of identity provider to be used by the VPN client.- `iam`: IBM identity and access managementThe enumerated values for this property are expected to expand in the future. When processing this property, check for and log unknown values. Optionally halt processing and surface the error, or bypass the route on which the unexpected property value was encountered.
 		  - Constraints: Allowable values are: iam
-	- `client_ca_crn` - (Optional, String)  The CRN of the certificate instance or CRN of the secret from secrets manager to use for the VPN client certificate authority (CA). As the usage of certificate CRN from Certificate Manager is getting deprecated, It is recommended to use Secret manger for same.
+	- `client_ca_crn` - (Required, String)  The CRN of the certificate instance or CRN of the secret from secrets manager to use for the VPN client certificate authority (CA). As the usage of certificate CRN from Certificate Manager is getting deprecated, It is recommended to use Secret manger for same.
 	- `crl` - (Optional, String) The certificate revocation list contents, encoded in PEM format.
       - Constraints: The maximum length is `2` items. The minimum length is `1` item.