From 888c49eb176dd64a9f1d56e4e87d90fa9872d5ee Mon Sep 17 00:00:00 2001
From: Ujjwal Kumar <ujjwal.kumar1@ibm.com>
Date: Tue, 14 Jan 2025 01:40:46 +0530
Subject: [PATCH 1/2] fixed cidrs update on vpn gateway connections

---
 ...resource_ibm_is_vpn_gateway_connections.go | 101 ++++++++++++++++++
 1 file changed, 101 insertions(+)

diff --git a/ibm/service/vpc/resource_ibm_is_vpn_gateway_connections.go b/ibm/service/vpc/resource_ibm_is_vpn_gateway_connections.go
index 8f1bdf19a5..1425bf946b 100644
--- a/ibm/service/vpc/resource_ibm_is_vpn_gateway_connections.go
+++ b/ibm/service/vpc/resource_ibm_is_vpn_gateway_connections.go
@@ -752,11 +752,112 @@ func vpngwconUpdate(d *schema.ResourceData, meta interface{}, gID, gConnID strin
 		vpnGatewayConnectionPatchModel.EstablishMode = &newEstablishMode
 		hasChanged = true
 	}
+
+	if d.HasChange("local.0.cidrs") {
+		o, n := d.GetChange("local.0.cidrs")
+		oldSet := o.(*schema.Set)
+		newSet := n.(*schema.Set)
+
+		// Find items to remove (present in old but not in new)
+		toRemove := oldSet.Difference(newSet)
+		if toRemove.Len() > 0 {
+			for _, cidr := range toRemove.List() {
+				cidrStr := cidr.(string)
+				removeVPNGatewayConnectionsLocalCIDROptions := &vpcv1.RemoveVPNGatewayConnectionsLocalCIDROptions{
+					VPNGatewayID: &gID,
+					ID:           &gConnID,
+					CIDR:         &cidrStr,
+				}
+
+				res, err := sess.RemoveVPNGatewayConnectionsLocalCIDR(removeVPNGatewayConnectionsLocalCIDROptions)
+				if err != nil {
+					return fmt.Errorf("error removing VPN Gateway Connection Local CIDR %s: %w", cidrStr, err)
+				}
+
+				if res.StatusCode != 201 && res.StatusCode != 204 {
+					return fmt.Errorf("unexpected status code %d while removing Local CIDR %s", res.StatusCode, cidrStr)
+				}
+			}
+		}
+
+		// Find items to add (present in new but not in old)
+		toAdd := newSet.Difference(oldSet)
+		if toAdd.Len() > 0 {
+			for _, cidr := range toAdd.List() {
+				cidrStr := cidr.(string)
+				addVPNGatewayConnectionsLocalCIDROptions := &vpcv1.AddVPNGatewayConnectionsLocalCIDROptions{
+					VPNGatewayID: &gID,
+					ID:           &gConnID,
+					CIDR:         &cidrStr,
+				}
+
+				res, err := sess.AddVPNGatewayConnectionsLocalCIDR(addVPNGatewayConnectionsLocalCIDROptions)
+				if err != nil {
+					return fmt.Errorf("error adding VPN Gateway Connection Local CIDR %s: %w", cidrStr, err)
+				}
+
+				if res.StatusCode != 201 && res.StatusCode != 204 {
+					return fmt.Errorf("unexpected status code %d while adding Local CIDR %s", res.StatusCode, cidrStr)
+				}
+			}
+		}
+	}
+
 	if d.HasChange("peer") {
 		peer, err := resourceIBMIsVPNGatewayConnectionMapToVPNGatewayConnectionPeerPatch(d.Get("peer.0").(map[string]interface{}))
 		if err != nil {
 			return err
 		}
+		if d.HasChange("peer.0.cidrs") {
+			o, n := d.GetChange("peer.0.cidrs")
+			oldSet := o.(*schema.Set)
+			newSet := n.(*schema.Set)
+
+			// Find items to remove (present in old but not in new)
+			toRemove := oldSet.Difference(newSet)
+			if toRemove.Len() > 0 {
+				for _, cidr := range toRemove.List() {
+					cidrStr := cidr.(string)
+					removeVPNGatewayConnectionsPeerCIDROptions := &vpcv1.RemoveVPNGatewayConnectionsPeerCIDROptions{
+						VPNGatewayID: &gID,
+						ID:           &gConnID,
+						CIDR:         &cidrStr,
+					}
+
+					res, err := sess.RemoveVPNGatewayConnectionsPeerCIDR(removeVPNGatewayConnectionsPeerCIDROptions)
+					if err != nil {
+						return fmt.Errorf("error removing VPN Gateway Connection Peer CIDR %s: %w", cidrStr, err)
+					}
+
+					if res.StatusCode != 201 && res.StatusCode != 204 {
+						return fmt.Errorf("unexpected status code %d while removing CIDR %s", res.StatusCode, cidrStr)
+					}
+				}
+			}
+
+			// Find items to add (present in new but not in old)
+			toAdd := newSet.Difference(oldSet)
+			if toAdd.Len() > 0 {
+				for _, cidr := range toAdd.List() {
+					cidrStr := cidr.(string)
+					addVPNGatewayConnectionsPeerCIDROptions := &vpcv1.AddVPNGatewayConnectionsPeerCIDROptions{
+						VPNGatewayID: &gID,
+						ID:           &gConnID,
+						CIDR:         &cidrStr,
+					}
+
+					res, err := sess.AddVPNGatewayConnectionsPeerCIDR(addVPNGatewayConnectionsPeerCIDROptions)
+					if err != nil {
+						return fmt.Errorf("error adding VPN Gateway Connection Peer CIDR %s: %w", cidrStr, err)
+					}
+
+					if res.StatusCode != 201 && res.StatusCode != 204 {
+						return fmt.Errorf("unexpected status code %d while adding CIDR %s", res.StatusCode, cidrStr)
+					}
+				}
+			}
+
+		}
 		vpnGatewayConnectionPatchModel.Peer = peer
 		hasChanged = true
 	}

From 2cd3f478189d94ca1aa9b1d5ec3b51804133d33c Mon Sep 17 00:00:00 2001
From: Ujjwal Kumar <ujjwal.kumar1@ibm.com>
Date: Tue, 14 Jan 2025 01:44:14 +0530
Subject: [PATCH 2/2] added test cases

---
 ...urce_ibm_is_vpn_gateway_connection_test.go | 107 ++++++++++++++++++
 1 file changed, 107 insertions(+)

diff --git a/ibm/service/vpc/resource_ibm_is_vpn_gateway_connection_test.go b/ibm/service/vpc/resource_ibm_is_vpn_gateway_connection_test.go
index 296d08a5a3..8f79ff27d3 100644
--- a/ibm/service/vpc/resource_ibm_is_vpn_gateway_connection_test.go
+++ b/ibm/service/vpc/resource_ibm_is_vpn_gateway_connection_test.go
@@ -1539,3 +1539,110 @@ func testAccCheckIBMISVPNGatewayConnectionNullPatchConfig(vpc, subnet, vpnname,
 	`, vpc, subnet, acc.ISZoneName, acc.ISCIDR, vpnname, ikepolicyname, ipsecpolicyname, name, noNullPass, noNullPass)
 
 }
+
+func TestAccIBMISVPNGatewayConnection_CIDRUpdates(t *testing.T) {
+	var VPNGatewayConnection string
+	vpcname := fmt.Sprintf("tfvpngc-vpc-%d", acctest.RandIntRange(100, 200))
+	subnetname1 := fmt.Sprintf("tfvpngc-subnet-%d", acctest.RandIntRange(100, 200))
+	subnetname2 := fmt.Sprintf("tfvpngc-subnet-%d", acctest.RandIntRange(100, 200))
+	vpnname := fmt.Sprintf("tfvpngc-vpn-%d", acctest.RandIntRange(100, 200))
+	name := fmt.Sprintf("tfvpngc-conn-%d", acctest.RandIntRange(100, 200))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { acc.TestAccPreCheck(t) },
+		Providers:    acc.TestAccProviders,
+		CheckDestroy: testAccCheckIBMISVPNGatewayConnectionDestroy,
+		Steps: []resource.TestStep{
+			// Initial configuration
+			{
+				Config: testAccCheckIBMISVPNGatewayConnectionCIDRConfig(vpcname, subnetname1, subnetname2, vpnname, name, false),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIBMISVPNGatewayConnectionExists("ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection", VPNGatewayConnection),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection", "name", name),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection", "peer.0.cidrs.#", "1"),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection", "local.0.cidrs.#", "1"),
+				),
+			},
+			// Add additional CIDRs
+			{
+				Config: testAccCheckIBMISVPNGatewayConnectionCIDRConfig(vpcname, subnetname1, subnetname2, vpnname, name, true),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIBMISVPNGatewayConnectionExists("ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection", VPNGatewayConnection),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection", "peer.0.cidrs.#", "2"),
+					resource.TestCheckResourceAttr(
+						"ibm_is_vpn_gateway_connection.testacc_VPNGatewayConnection", "local.0.cidrs.#", "2"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckIBMISVPNGatewayConnectionCIDRConfig(vpc, subnet1, subnet2, vpnname, name string, additionalCIDRs bool) string {
+	base := fmt.Sprintf(`
+	resource "ibm_is_vpc" "testacc_vpc" {
+		name = "%s"
+	}
+	
+	resource "ibm_is_subnet" "testacc_subnet1" {
+		name                     = "%s"
+		vpc                      = ibm_is_vpc.testacc_vpc.id
+		zone                     = "%s"
+		total_ipv4_address_count = 64
+	}
+	
+	resource "ibm_is_subnet" "testacc_subnet2" {
+		name                     = "%s"
+		vpc                      = ibm_is_vpc.testacc_vpc.id
+		zone                     = "%s"
+		total_ipv4_address_count = 64
+	}
+	
+	resource "ibm_is_vpn_gateway" "testacc_VPNGateway" {
+		name   = "%s"
+		subnet = ibm_is_subnet.testacc_subnet1.id
+		mode   = "policy"
+	}
+	`, vpc, subnet1, acc.ISZoneName, subnet2, acc.ISZoneName, vpnname)
+
+	if !additionalCIDRs {
+		return base + fmt.Sprintf(`
+		resource "ibm_is_vpn_gateway_connection" "testacc_VPNGatewayConnection" {
+			name          = "%s"
+			vpn_gateway   = ibm_is_vpn_gateway.testacc_VPNGateway.id
+			peer {
+				cidrs    = [ibm_is_subnet.testacc_subnet1.ipv4_cidr_block]
+				address  = cidrhost(ibm_is_subnet.testacc_subnet1.ipv4_cidr_block, 14)
+			}
+			local {
+				cidrs    = [ibm_is_subnet.testacc_subnet1.ipv4_cidr_block]
+			}
+			preshared_key = "VPNDemoPassword"
+		}
+		`, name)
+	}
+
+	return base + fmt.Sprintf(`
+		resource "ibm_is_vpn_gateway_connection" "testacc_VPNGatewayConnection" {
+			name          = "%s"
+			vpn_gateway   = ibm_is_vpn_gateway.testacc_VPNGateway.id
+			peer {
+				cidrs    = [
+					ibm_is_subnet.testacc_subnet1.ipv4_cidr_block,
+					ibm_is_subnet.testacc_subnet2.ipv4_cidr_block
+				]
+				address  = cidrhost(ibm_is_subnet.testacc_subnet1.ipv4_cidr_block, 14)
+			}
+			local {
+				cidrs    = [
+					ibm_is_subnet.testacc_subnet1.ipv4_cidr_block,
+					ibm_is_subnet.testacc_subnet2.ipv4_cidr_block
+				]
+			}
+			preshared_key = "VPNDemoPassword"
+		}
+		`, name)
+}