IBM-Cloud · hkantare · Jan 27, 2022 · Jan 11, 2022 · Jan 24, 2022 · Jan 26, 2022
diff --git a/go.mod b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/IBM/scc-go-sdk v1.3.4
 	github.com/IBM/schematics-go-sdk v0.1.3
 	github.com/IBM/secrets-manager-go-sdk v0.1.19
-	github.com/IBM/vpc-go-sdk v0.14.0
+	github.com/IBM/vpc-go-sdk v0.15.0
 	github.com/PromonLogicalis/asn1 v0.0.0-20190312173541-d60463189a56 // indirect
 	github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5
 	github.com/Shopify/sarama v1.29.1

diff --git a/go.sum b/go.sum
@@ -89,16 +89,14 @@ github.com/IBM/platform-services-go-sdk v0.22.6 h1:6op+tMkQk8Poqz6jY8AMA38TlXX/8
 github.com/IBM/platform-services-go-sdk v0.22.6/go.mod h1:0moTvGSCdWiSKPmXejOpblpfya/VgDSeG+x9Tjxy+qI=
 github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5 h1:NPUhkoOCRuv3OFWt19PmwjXGGTKlvmbuPg9fUrBUNe4=
 github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5/go.mod h1:b07XHUVh0XYnQE9s2mqgjYST1h9buaQNqN4EcKhOsX0=
-github.com/IBM/scc-go-sdk v1.3.3 h1:d7Z2lTf8G1uYgG4hlqDE3FzQ9CvWgIWMITGgri3gu0A=
-github.com/IBM/scc-go-sdk v1.3.3/go.mod h1:YhdeD5NcEM266w33vj+lfoxDroIWQNjUzU9FJPq3XC0=
 github.com/IBM/scc-go-sdk v1.3.4 h1:nvSsyA2GfwjX3Aloty/LStkrY0e2rV2r+CM+YYg3zR4=
 github.com/IBM/scc-go-sdk v1.3.4/go.mod h1:YhdeD5NcEM266w33vj+lfoxDroIWQNjUzU9FJPq3XC0=
 github.com/IBM/schematics-go-sdk v0.1.3 h1:8/2+aOlhdj5BX3bddtYiLRts5kBo8zT9hcOWq+WeEpk=
 github.com/IBM/schematics-go-sdk v0.1.3/go.mod h1:tKRsoiYvm6l/7ZV/L1aY84PnQZExrXIJBowwSE7oBg4=
 github.com/IBM/secrets-manager-go-sdk v0.1.19 h1:0GPs5EoTaWNsjo4QPj64GNxlWfN8VHJy4RDFLqddSe8=
 github.com/IBM/secrets-manager-go-sdk v0.1.19/go.mod h1:eO3dBhzPrHkkt+yPex/jB2xD6qHZxBko+Aw+0tfqHeA=
-github.com/IBM/vpc-go-sdk v0.14.0 h1:2uIhMiNiAJC8XiNkjhiMeMGBJlPU0jqE8KON2fvfSZI=
-github.com/IBM/vpc-go-sdk v0.14.0/go.mod h1:mIUjxBs5viRWIiCqfO/W4HPJ7aC6M+26mR4p5gaVls8=
+github.com/IBM/vpc-go-sdk v0.15.0 h1:doL1W0V1ZvHB06pCj4xRbOklcOsnC2v8GQLTIBSTamM=
+github.com/IBM/vpc-go-sdk v0.15.0/go.mod h1:mIUjxBs5viRWIiCqfO/W4HPJ7aC6M+26mR4p5gaVls8=
 github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56 h1:vuquMR410psHNax14XKNWa0Ae/kYgWJcXi0IFuX60N0=
 github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56/go.mod h1:Zb3OT4l0mf7P/GOs2w2Ilj5sdm5Whoq3pa24dAEBHFc=
 github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=

diff --git a/ibm/data_source_ibm_is_virtual_endpoint_gateway.go b/ibm/data_source_ibm_is_virtual_endpoint_gateway.go
@@ -51,6 +51,13 @@ func dataSourceIBMISEndpointGateway() *schema.Resource {
 				Computed:    true,
 				Description: "Endpoint gateway lifecycle state",
 			},
+			isVirtualEndpointGatewaySecurityGroups: {
+				Type:        schema.TypeSet,
+				Computed:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Set:         schema.HashString,
+				Description: "Endpoint gateway securitygroups list",
+			},
 			isVirtualEndpointGatewayIPs: {
 				Type:        schema.TypeList,
 				Computed:    true,
@@ -149,6 +156,9 @@ func dataSourceIBMISEndpointGatewayRead(
 			d.Set(isVirtualEndpointGatewayTarget, flattenEndpointGatewayTarget(
 				result.Target.(*vpcv1.EndpointGatewayTarget)))
 			d.Set(isVirtualEndpointGatewayVpcID, result.VPC.ID)
+			if result.SecurityGroups != nil {
+				d.Set(isVirtualEndpointGatewaySecurityGroups, flattenDataSourceSecurityGroups(result.SecurityGroups))
+			}
 			found = true
 			break
 		}

diff --git a/ibm/data_source_ibm_is_virtual_endpoint_gateways.go b/ibm/data_source_ibm_is_virtual_endpoint_gateways.go
@@ -66,6 +66,13 @@ func dataSourceIBMISEndpointGateways() *schema.Resource {
 							Computed:    true,
 							Description: "Endpoint gateway lifecycle state",
 						},
+						isVirtualEndpointGatewaySecurityGroups: {
+							Type:        schema.TypeSet,
+							Computed:    true,
+							Elem:        &schema.Schema{Type: schema.TypeString},
+							Set:         schema.HashString,
+							Description: "Endpoint gateway securitygroups list",
+						},
 						isVirtualEndpointGatewayIPs: {
 							Type:        schema.TypeList,
 							Computed:    true,
@@ -165,6 +172,10 @@ func dataSourceIBMISEndpointGatewaysRead(d *schema.ResourceData, meta interface{
 			flattenEndpointGatewayTarget(endpointGateway.Target.(*vpcv1.EndpointGatewayTarget))
 		endpointGatewayOutput[isVirtualEndpointGatewayIPs] =
 			flattenDataSourceIPs(endpointGateway.Ips)
+		if endpointGateway.SecurityGroups != nil {
+			endpointGatewayOutput[isVirtualEndpointGatewaySecurityGroups] =
+				flattenDataSourceSecurityGroups(endpointGateway.SecurityGroups)
+		}
 		endpointGateways = append(endpointGateways, endpointGatewayOutput)
 	}
 	d.SetId(dataSourceIBMISEndpointGatewaysCheckID(d))

diff --git a/ibm/resource_ibm_is_floating_ip.go b/ibm/resource_ibm_is_floating_ip.go
@@ -379,7 +379,7 @@ func fipUpdate(d *schema.ResourceData, meta interface{}, id string) error {
 
 	if d.HasChange(isFloatingIPTarget) {
 		target := d.Get(isFloatingIPTarget).(string)
-		floatingIPPatchModel.Target = &vpcv1.FloatingIPPatchTargetNetworkInterfaceIdentity{
+		floatingIPPatchModel.Target = &vpcv1.FloatingIPTargetPatch{
 			ID: &target,
 		}
 		hasChanged = true

diff --git a/ibm/resource_ibm_is_virtual_endpoint_gateway.go b/ibm/resource_ibm_is_virtual_endpoint_gateway.go
@@ -13,6 +13,7 @@ import (
 	"github.com/IBM/go-sdk-core/v5/core"
 	"github.com/IBM/vpc-go-sdk/vpcv1"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
@@ -36,6 +37,7 @@ const (
 	isVirtualEndpointGatewayTargetResourceType = "resource_type"
 	isVirtualEndpointGatewayVpcID              = "vpc"
 	isVirtualEndpointGatewayTags               = "tags"
+	isVirtualEndpointGatewaySecurityGroups     = "security_groups"
 )
 
 func resourceIBMISEndpointGateway() *schema.Resource {
@@ -101,6 +103,14 @@ func resourceIBMISEndpointGateway() *schema.Resource {
 				Computed:    true,
 				Description: "Endpoint gateway lifecycle state",
 			},
+			isVirtualEndpointGatewaySecurityGroups: {
+				Type:        schema.TypeSet,
+				Computed:    true,
+				Optional:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Set:         schema.HashString,
+				Description: "Endpoint gateway securitygroups list",
+			},
 			isVirtualEndpointGatewayIPs: {
 				Type:             schema.TypeList,
 				Optional:         true,
@@ -255,6 +265,22 @@ func resourceIBMisVirtualEndpointGatewayCreate(d *schema.ResourceData, meta inte
 		opt.SetIps(expandIPs(ips.([]interface{})))
 	}
 
+	// Security group option
+	var securityGroups *schema.Set
+	if sg, ok := d.GetOk(isVirtualEndpointGatewaySecurityGroups); ok {
+		securityGroups = sg.(*schema.Set)
+		if securityGroups != nil && securityGroups.Len() != 0 {
+			securityGroupobjs := make([]vpcv1.SecurityGroupIdentityIntf, securityGroups.Len())
+			for i, securityGroup := range securityGroups.List() {
+				securityGroupstr := securityGroup.(string)
+				securityGroupobjs[i] = &vpcv1.SecurityGroupIdentity{
+					ID: &securityGroupstr,
+				}
+			}
+			opt.SecurityGroups = securityGroupobjs
+		}
+	}
+
 	// Resource group option
 	if resourceGroup, ok := d.GetOk(isVirtualEndpointGatewayResourceGroupID); ok {
 		resourceGroupID := resourceGroup.(string)
@@ -305,6 +331,57 @@ func resourceIBMisVirtualEndpointGatewayUpdate(d *schema.ResourceData, meta inte
 		}
 
 	}
+
+	id := d.Id()
+	var remove, add []string
+	if d.HasChange(isVirtualEndpointGatewaySecurityGroups) {
+		o, n := d.GetChange(isVirtualEndpointGatewaySecurityGroups)
+		oSecurityGroups := o.(*schema.Set)
+		nSecurityGroups := n.(*schema.Set)
+		remove = expandStringList(oSecurityGroups.Difference(nSecurityGroups).List())
+		add = expandStringList(nSecurityGroups.Difference(oSecurityGroups).List())
+		if len(add) > 0 {
+			for _, sgId := range add {
+				createSecurityGroupTargetBindingOptions := &vpcv1.CreateSecurityGroupTargetBindingOptions{}
+				createSecurityGroupTargetBindingOptions.SecurityGroupID = &sgId
+				createSecurityGroupTargetBindingOptions.ID = &id
+				_, response, err := sess.CreateSecurityGroupTargetBinding(createSecurityGroupTargetBindingOptions)
+				if err != nil {
+					return fmt.Errorf("Error while creating Security Group Target Binding %s\n%s", err, response)
+				}
+				_, err = isWaitForVirtualEndpointGatewayAvailable(sess, d.Id(), d.Timeout(schema.TimeoutUpdate))
+				if err != nil {
+					return err
+				}
+			}
+		}
+		if len(remove) > 0 {
+			for _, sgId := range remove {
+				getSecurityGroupTargetOptions := &vpcv1.GetSecurityGroupTargetOptions{
+					SecurityGroupID: &sgId,
+					ID:              &id,
+				}
+				_, response, err := sess.GetSecurityGroupTarget(getSecurityGroupTargetOptions)
+				if err != nil {
+					if response != nil && response.StatusCode == 404 {
+						continue
+					}
+					return fmt.Errorf("Error Getting Security Group Target for this endpoint gateway (%s): %s\n%s", sgId, err, response)
+				}
+				deleteSecurityGroupTargetBindingOptions := sess.NewDeleteSecurityGroupTargetBindingOptions(sgId, id)
+				response, err = sess.DeleteSecurityGroupTargetBinding(deleteSecurityGroupTargetBindingOptions)
+				if err != nil {
+					return fmt.Errorf("Error Deleting Security Group Target for this endpoint gateway : %s\n%s", err, response)
+				}
+				_, err = isWaitForVirtualEndpointGatewayAvailable(sess, d.Id(), d.Timeout(schema.TimeoutUpdate))
+				if err != nil {
+					return err
+				}
+			}
+		}
+
+	}
+
 	if d.HasChange(isVirtualEndpointGatewayTags) {
 		opt := sess.NewGetEndpointGatewayOptions(d.Id())
 		result, response, err := sess.GetEndpointGateway(opt)
@@ -348,6 +425,9 @@ func resourceIBMisVirtualEndpointGatewayRead(d *schema.ResourceData, meta interf
 	d.Set(isVirtualEndpointGatewayTarget,
 		flattenEndpointGatewayTarget(result.Target.(*vpcv1.EndpointGatewayTarget)))
 	d.Set(isVirtualEndpointGatewayVpcID, result.VPC.ID)
+	if result.SecurityGroups != nil {
+		d.Set(isVirtualEndpointGatewaySecurityGroups, flattenDataSourceSecurityGroups(result.SecurityGroups))
+	}
 	tags, err := GetTagsUsingCRN(meta, *result.CRN)
 	if err != nil {
 		log.Printf(
@@ -448,3 +528,46 @@ func flattenEndpointGatewayTarget(target *vpcv1.EndpointGatewayTarget) interface
 	targetSlice = append(targetSlice, targetOutput)
 	return targetSlice
 }
+
+func flattenDataSourceSecurityGroups(securityGroupList []vpcv1.SecurityGroupReference) interface{} {
+	securitygroupList := make([]string, 0)
+	for _, securityGroup := range securityGroupList {
+		if securityGroup.ID != nil {
+			securityGroupID := *securityGroup.ID
+			securitygroupList = append(securitygroupList, securityGroupID)
+		}
+	}
+	return securitygroupList
+}
+
+func isWaitForVirtualEndpointGatewayAvailable(sess *vpcv1.VpcV1, endPointGatewayId string, timeout time.Duration) (interface{}, error) {
+	log.Printf("Waiting for virtual endpoint gateway (%s) to be available.", endPointGatewayId)
+
+	stateConf := &resource.StateChangeConf{
+		Pending:    []string{"waiting", "pending", "updating"},
+		Target:     []string{"stable", "failed", ""},
+		Refresh:    isVirtualEndpointGatewayRefreshFunc(sess, endPointGatewayId),
+		Timeout:    timeout,
+		Delay:      10 * time.Second,
+		MinTimeout: 10 * time.Second,
+	}
+
+	return stateConf.WaitForState()
+}
+
+func isVirtualEndpointGatewayRefreshFunc(sess *vpcv1.VpcV1, endPointGatewayId string) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+
+		opt := sess.NewGetEndpointGatewayOptions(endPointGatewayId)
+		result, response, err := sess.GetEndpointGateway(opt)
+		if err != nil {
+			if response != nil && response.StatusCode == 404 {
+				return nil, "", fmt.Errorf("Error Getting Virtual Endpoint Gateway : %s\n%s", err, response)
+			}
+		}
+		if *result.LifecycleState == "stable" || *result.LifecycleState == "failed" {
+			return result, *result.LifecycleState, nil
+		}
+		return result, *result.LifecycleState, nil
+	}
+}
diff --git a/ibm/resource_ibm_is_virtual_endpoint_gateway_test.go b/ibm/resource_ibm_is_virtual_endpoint_gateway_test.go
@@ -33,6 +33,28 @@ func TestAccIBMISVirtualEndpointGateway_Basic(t *testing.T) {
 	})
 }
 
+func TestAccIBMISVirtualEndpointGateway_Basic_SecurityGroups(t *testing.T) {
+	var endpointGateway string
+	vpcname1 := fmt.Sprintf("tfvpngw-vpc-%d", acctest.RandIntRange(10, 100))
+	subnetname1 := fmt.Sprintf("tfvpngw-subnet-%d", acctest.RandIntRange(10, 100))
+	name1 := fmt.Sprintf("tfvpngw-createname-%d", acctest.RandIntRange(10, 100))
+	sgname1 := fmt.Sprintf("tfsg-createname-%d", acctest.RandIntRange(10, 100))
+	name := "ibm_is_virtual_endpoint_gateway.endpoint_gateway"
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckisVirtualEndpointGatewayConfigBasicSecurityGroups(vpcname1, subnetname1, sgname1, name1),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckisVirtualEndpointGatewayExists(name, &endpointGateway),
+					resource.TestCheckResourceAttr(name, "name", name1),
+				),
+			},
+		},
+	})
+}
+
 func TestAccIBMISVirtualEndpointGateway_Import(t *testing.T) {
 	vpcname1 := fmt.Sprintf("tfvpngw-vpc-%d", acctest.RandIntRange(10, 100))
 	subnetname1 := fmt.Sprintf("tfvpngw-subnet-%d", acctest.RandIntRange(10, 100))
@@ -72,8 +94,8 @@ func TestAccIBMISVirtualEndpointGateway_FullySpecified(t *testing.T) {
 		CheckDestroy: testAccCheckisVirtualEndpointGatewayDestroy,
 		Steps: []resource.TestStep{
 			{
-				ExpectNonEmptyPlan: true,
-				Config:             testAccCheckisVirtualEndpointGatewayConfigFullySpecified(vpcname1, subnetname1, name1),
+				// ExpectNonEmptyPlan: true,
+				Config: testAccCheckisVirtualEndpointGatewayConfigFullySpecified(vpcname1, subnetname1, name1),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckisVirtualEndpointGatewayExists(name, &monitor),
 					resource.TestCheckResourceAttr(name, "name", name1),
@@ -237,3 +259,35 @@ func testAccCheckisVirtualEndpointGatewayConfigFullySpecified(vpcname1, subnetna
 		resource_group = data.ibm_resource_group.test_acc.id
 	}`, vpcname1, subnetname1, ISZoneName, ISCIDR, name1)
 }
+
+func testAccCheckisVirtualEndpointGatewayConfigBasicSecurityGroups(vpcname1, subnetname1, sgname1, name1 string) string {
+	return fmt.Sprintf(`
+	data "ibm_resource_group" "test_acc" {
+		is_default=true
+    }
+	resource "ibm_is_vpc" "testacc_vpc" {
+		name = "%[1]s"
+		resource_group = data.ibm_resource_group.test_acc.id
+	}
+	resource "ibm_is_subnet" "testacc_subnet" {
+		name = "%[2]s"
+		vpc = ibm_is_vpc.testacc_vpc.id
+		zone = "%[3]s"
+		ipv4_cidr_block = "%[4]s"
+		resource_group = data.ibm_resource_group.test_acc.id
+	}
+	resource "ibm_is_security_group" "testacc_security_group" {
+		name = "%[5]s"
+		vpc = ibm_is_vpc.testacc_vpc.id
+	}
+	resource "ibm_is_virtual_endpoint_gateway" "endpoint_gateway" {
+		name = "%[6]s"
+		target {
+		  name          = "ibm-dns-server2"
+		  resource_type = "provider_infrastructure_service"
+		}
+		vpc = ibm_is_vpc.testacc_vpc.id
+		resource_group = data.ibm_resource_group.test_acc.id
+		security_groups = [ibm_is_security_group.testacc_security_group.id]
+	}`, vpcname1, subnetname1, ISZoneName, ISCIDR, sgname1, name1)
+}
diff --git a/website/docs/d/is_virtual_endpoint_gateway.html.markdown b/website/docs/d/is_virtual_endpoint_gateway.html.markdown
@@ -54,4 +54,6 @@ In addition to the argument reference list, you can access the following attribu
   - `name` - (String) The target name.
   - `resource_type` - (String) The resource type of the subnet reserved IP.
 - `vpc` - (String) The VPC ID.
+- `security_groups` (List) - The security groups to use for this endpoint gateway.
+
 
diff --git a/website/docs/d/is_virtual_endpoint_gateways.html.markdown b/website/docs/d/is_virtual_endpoint_gateways.html.markdown
@@ -53,3 +53,5 @@ In addition to the argument reference list, you can access the following attribu
     - `name` - (String) The endpoint gateway target name.
     - `resource_type` - (String) The endpoint gateway target resource type.
   - `vpc` - (String) The VPC ID.
+  - `security_groups` (List) - The security groups to use for this endpoint gateway.
+
diff --git a/website/docs/r/is_virtual_endpoint_gateway.html.markdown b/website/docs/r/is_virtual_endpoint_gateway.html.markdown
@@ -34,6 +34,7 @@ resource "ibm_is_virtual_endpoint_gateway" "endpoint_gateway1" {
   }
   vpc = ibm_is_vpc.testacc_vpc.id
   resource_group = data.ibm_resource_group.test_acc.id
+  security_groups = [ibm_is_security_group.testacc_security_group.id]
 }
 
 resource "ibm_is_virtual_endpoint_gateway" "endpoint_gateway2" {
@@ -48,6 +49,7 @@ resource "ibm_is_virtual_endpoint_gateway" "endpoint_gateway2" {
 		name        = "test-reserved-ip1"
 	}
 	resource_group = data.ibm_resource_group.test_acc.id
+  security_groups = [ibm_is_security_group.testacc_security_group.id]
 }
 
 resource "ibm_is_virtual_endpoint_gateway" "endpoint_gateway3" {
@@ -61,6 +63,7 @@ resource "ibm_is_virtual_endpoint_gateway" "endpoint_gateway3" {
 		id   = "0737-5ab3c18e-6f6c-4a69-8f48-20e3456647b5"
 	}
 	resource_group = data.ibm_resource_group.test_acc.id
+  security_groups = [ibm_is_security_group.testacc_security_group.id]
 }
 
 resource "ibm_is_virtual_endpoint_gateway" "endpoint_gateway3" {
@@ -71,6 +74,7 @@ resource "ibm_is_virtual_endpoint_gateway" "endpoint_gateway3" {
   }
   vpc            = ibm_is_vpc.testacc_vpc.id
   resource_group = data.ibm_resource_group.test_acc.id
+  security_groups = [ibm_is_security_group.testacc_security_group.id]
 }
 ```
 
@@ -88,6 +92,8 @@ Review the argument references that you can specify for your resource.
   **NOTE**: `id` and `subnet` are mutually exclusive.
 
 - `resource_group` - (Optional, Forces new resource, String) The resource group ID.
+- `security_groups` - (Optional, list) The security groups to use for this endpoint gateway. If unspecified, the VPC's default security group is used.
+  **NOTE:** either of `ibm_is_security_group_target` resource or `security_groups` attribute should be used, both can't be use together. 
 - `tags`- (Optional, Array of Strings) A list of tags associated with the instance.
 - `target` - (Required, List) The endpoint gateway target.