From bb7ef8db67d5e663b11713aa9fb8a4d2cce59e4f Mon Sep 17 00:00:00 2001
From: Sander van Harmelen <sander@xanzy.io>
Date: Mon, 9 Mar 2015 14:00:29 +0100
Subject: [PATCH] Adding tests and docs for the new VPN resources

And did some (very) minor refactoring in the existing docs
---
 builtin/providers/cloudstack/provider_test.go |   3 +-
 .../resource_cloudstack_ipaddress_test.go     |   2 +-
 ...source_cloudstack_network_acl_rule_test.go |   4 +-
 .../resource_cloudstack_network_acl_test.go   |   2 +-
 .../resource_cloudstack_network_test.go       |   2 +-
 .../resource_cloudstack_vpc_test.go           |   6 +-
 ...resource_cloudstack_vpn_connection_test.go | 142 +++++++++++
 ...ce_cloudstack_vpn_customer_gateway_test.go | 225 ++++++++++++++++++
 .../resource_cloudstack_vpn_gateway.go        |   4 +-
 .../resource_cloudstack_vpn_gateway_test.go   | 101 ++++++++
 .../r/egress_firewall.html.markdown           |   2 +-
 .../cloudstack/r/firewall.html.markdown       |   2 +-
 .../r/network_acl_rule.html.markdown          |   2 +-
 .../cloudstack/r/vpn_connection.html.markdown |  38 +++
 .../r/vpn_customer_gateway.html.markdown      |  59 +++++
 .../cloudstack/r/vpn_gateway.html.markdown    |  35 +++
 website/source/layouts/cloudstack.erb         | 116 +++++----
 17 files changed, 679 insertions(+), 66 deletions(-)
 create mode 100644 builtin/providers/cloudstack/resource_cloudstack_vpn_connection_test.go
 create mode 100644 builtin/providers/cloudstack/resource_cloudstack_vpn_customer_gateway_test.go
 create mode 100644 builtin/providers/cloudstack/resource_cloudstack_vpn_gateway_test.go
 create mode 100644 website/source/docs/providers/cloudstack/r/vpn_connection.html.markdown
 create mode 100644 website/source/docs/providers/cloudstack/r/vpn_customer_gateway.html.markdown
 create mode 100644 website/source/docs/providers/cloudstack/r/vpn_gateway.html.markdown

diff --git a/builtin/providers/cloudstack/provider_test.go b/builtin/providers/cloudstack/provider_test.go
index a13839177e..537a2664f8 100644
--- a/builtin/providers/cloudstack/provider_test.go
+++ b/builtin/providers/cloudstack/provider_test.go
@@ -51,7 +51,8 @@ var CLOUDSTACK_NETWORK_1_OFFERING = ""
 var CLOUDSTACK_NETWORK_1_IPADDRESS = ""
 var CLOUDSTACK_NETWORK_2 = ""
 var CLOUDSTACK_NETWORK_2_IPADDRESS = ""
-var CLOUDSTACK_VPC_CIDR = ""
+var CLOUDSTACK_VPC_CIDR_1 = ""
+var CLOUDSTACK_VPC_CIDR_2 = ""
 var CLOUDSTACK_VPC_OFFERING = ""
 var CLOUDSTACK_VPC_NETWORK_CIDR = ""
 var CLOUDSTACK_VPC_NETWORK_OFFERING = ""
diff --git a/builtin/providers/cloudstack/resource_cloudstack_ipaddress_test.go b/builtin/providers/cloudstack/resource_cloudstack_ipaddress_test.go
index 5b1fc9a317..dfdeba2090 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_ipaddress_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_ipaddress_test.go
@@ -132,6 +132,6 @@ resource "cloudstack_vpc" "foobar" {
 resource "cloudstack_ipaddress" "foo" {
   vpc = "${cloudstack_vpc.foobar.name}"
 }`,
-	CLOUDSTACK_VPC_CIDR,
+	CLOUDSTACK_VPC_CIDR_1,
 	CLOUDSTACK_VPC_OFFERING,
 	CLOUDSTACK_ZONE)
diff --git a/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule_test.go b/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule_test.go
index 037b9d10ba..dbceb8d8da 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule_test.go
@@ -196,7 +196,7 @@ resource "cloudstack_network_acl_rule" "foo" {
     traffic_type = "ingress"
   }
 }`,
-	CLOUDSTACK_VPC_CIDR,
+	CLOUDSTACK_VPC_CIDR_1,
 	CLOUDSTACK_VPC_OFFERING,
 	CLOUDSTACK_ZONE)
 
@@ -233,6 +233,6 @@ resource "cloudstack_network_acl_rule" "foo" {
     traffic_type = "egress"
   }
 }`,
-	CLOUDSTACK_VPC_CIDR,
+	CLOUDSTACK_VPC_CIDR_1,
 	CLOUDSTACK_VPC_OFFERING,
 	CLOUDSTACK_ZONE)
diff --git a/builtin/providers/cloudstack/resource_cloudstack_network_acl_test.go b/builtin/providers/cloudstack/resource_cloudstack_network_acl_test.go
index e625d4c2d8..9bf0bb0cfa 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_network_acl_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_network_acl_test.go
@@ -112,6 +112,6 @@ resource "cloudstack_network_acl" "foo" {
   description = "terraform-acl-text"
   vpc = "${cloudstack_vpc.foobar.name}"
 }`,
-	CLOUDSTACK_VPC_CIDR,
+	CLOUDSTACK_VPC_CIDR_1,
 	CLOUDSTACK_VPC_OFFERING,
 	CLOUDSTACK_ZONE)
diff --git a/builtin/providers/cloudstack/resource_cloudstack_network_test.go b/builtin/providers/cloudstack/resource_cloudstack_network_test.go
index 750761f020..d936f8cb06 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_network_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_network_test.go
@@ -186,7 +186,7 @@ resource "cloudstack_network" "foo" {
   aclid = "${cloudstack_network_acl.foo.id}"
   zone = "${cloudstack_vpc.foobar.zone}"
 }`,
-	CLOUDSTACK_VPC_CIDR,
+	CLOUDSTACK_VPC_CIDR_1,
 	CLOUDSTACK_VPC_OFFERING,
 	CLOUDSTACK_ZONE,
 	CLOUDSTACK_VPC_NETWORK_CIDR,
diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpc_test.go b/builtin/providers/cloudstack/resource_cloudstack_vpc_test.go
index bf4e8f448d..07861a0913 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpc_test.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpc_test.go
@@ -72,8 +72,8 @@ func testAccCheckCloudStackVPCAttributes(
 			return fmt.Errorf("Bad display text: %s", vpc.Displaytext)
 		}
 
-		if vpc.Cidr != CLOUDSTACK_VPC_CIDR {
-			return fmt.Errorf("Bad VPC offering: %s", vpc.Cidr)
+		if vpc.Cidr != CLOUDSTACK_VPC_CIDR_1 {
+			return fmt.Errorf("Bad VPC CIDR: %s", vpc.Cidr)
 		}
 
 		return nil
@@ -113,6 +113,6 @@ resource "cloudstack_vpc" "foo" {
   vpc_offering = "%s"
   zone = "%s"
 }`,
-	CLOUDSTACK_VPC_CIDR,
+	CLOUDSTACK_VPC_CIDR_1,
 	CLOUDSTACK_VPC_OFFERING,
 	CLOUDSTACK_ZONE)
diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpn_connection_test.go b/builtin/providers/cloudstack/resource_cloudstack_vpn_connection_test.go
new file mode 100644
index 0000000000..ff7a46fd39
--- /dev/null
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpn_connection_test.go
@@ -0,0 +1,142 @@
+package cloudstack
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/xanzy/go-cloudstack/cloudstack"
+)
+
+func TestAccCloudStackVPNConnection_basic(t *testing.T) {
+	var vpnConnection cloudstack.VpnConnection
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckCloudStackVPNConnectionDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccCloudStackVPNConnection_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudStackVPNConnectionExists(
+						"cloudstack_vpn_connection.foo", &vpnConnection),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckCloudStackVPNConnectionExists(
+	n string, vpnConnection *cloudstack.VpnConnection) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No VPN Connection ID is set")
+		}
+
+		cs := testAccProvider.Meta().(*cloudstack.CloudStackClient)
+		v, _, err := cs.VPN.GetVpnConnectionByID(rs.Primary.ID)
+
+		if err != nil {
+			return err
+		}
+
+		if v.Id != rs.Primary.ID {
+			return fmt.Errorf("VPN Connection not found")
+		}
+
+		*vpnConnection = *v
+
+		return nil
+	}
+}
+
+func testAccCheckCloudStackVPNConnectionDestroy(s *terraform.State) error {
+	cs := testAccProvider.Meta().(*cloudstack.CloudStackClient)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "cloudstack_vpn_connection" {
+			continue
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No VPN Connection ID is set")
+		}
+
+		p := cs.VPN.NewDeleteVpnConnectionParams(rs.Primary.ID)
+		_, err := cs.VPN.DeleteVpnConnection(p)
+
+		if err != nil {
+			return fmt.Errorf(
+				"Error deleting VPN Connection (%s): %s",
+				rs.Primary.ID, err)
+		}
+	}
+
+	return nil
+}
+
+var testAccCloudStackVPNConnection_basic = fmt.Sprintf(`
+resource "cloudstack_vpc" "foo" {
+  name = "terraform-vpc"
+  display_text = "terraform-vpc-text"
+  cidr = "%s"
+  vpc_offering = "%s"
+  zone = "%s"
+}
+
+resource "cloudstack_vpc" "bar" {
+  name = "terraform-vpc"
+  display_text = "terraform-vpc-text"
+  cidr = "%s"
+  vpc_offering = "%s"
+  zone = "%s"
+}
+
+resource "cloudstack_vpn_gateway" "foo" {
+    vpc = "${cloudstack_vpc.foo.name}"
+}
+
+resource "cloudstack_vpn_gateway" "bar" {
+    vpc = "${cloudstack_vpc.bar.name}"
+}
+
+resource "cloudstack_vpn_customer_gateway" "foo" {
+    name = "terraform-foo"
+    cidr = "${cloudstack_vpc.foo.cidr}"
+    esp_policy = "aes256-sha1"
+    gateway = "${cloudstack_vpn_gateway.foo.publicip}"
+    ike_policy = "aes256-sha1"
+    ipsec_psk = "terraform"
+}
+
+resource "cloudstack_vpn_customer_gateway" "bar" {
+    name = "terraform-bar"
+    cidr = "${cloudstack_vpc.bar.cidr}"
+    esp_policy = "aes256-sha1"
+    gateway = "${cloudstack_vpn_gateway.bar.publicip}"
+    ike_policy = "aes256-sha1"
+    ipsec_psk = "terraform"
+}
+
+resource "cloudstack_vpn_connection" "foo-bar" {
+    customergatewayid = "${cloudstack_vpn_customer_gateway.foo.id}"
+    vpngatewayid = "${cloudstack_vpn_gateway.bar.id}"
+}
+
+resource "cloudstack_vpn_connection" "bar-foo" {
+    customergatewayid = "${cloudstack_vpn_customer_gateway.bar.id}"
+    vpngatewayid = "${cloudstack_vpn_gateway.foo.id}"
+}`,
+	CLOUDSTACK_VPC_CIDR_1,
+	CLOUDSTACK_VPC_OFFERING,
+	CLOUDSTACK_ZONE,
+	CLOUDSTACK_VPC_CIDR_2,
+	CLOUDSTACK_VPC_OFFERING,
+	CLOUDSTACK_ZONE)
diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpn_customer_gateway_test.go b/builtin/providers/cloudstack/resource_cloudstack_vpn_customer_gateway_test.go
new file mode 100644
index 0000000000..9475e31a36
--- /dev/null
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpn_customer_gateway_test.go
@@ -0,0 +1,225 @@
+package cloudstack
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/xanzy/go-cloudstack/cloudstack"
+)
+
+func TestAccCloudStackVPNCustomerGateway_basic(t *testing.T) {
+	var vpnCustomerGateway cloudstack.VpnCustomerGateway
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckCloudStackVPNCustomerGatewayDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccCloudStackVPNCustomerGateway_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudStackVPNCustomerGatewayExists(
+						"cloudstack_vpn_connection.foo", &vpnCustomerGateway),
+					testAccCheckCloudStackVPNCustomerGatewayAttributes(&vpnCustomerGateway),
+					resource.TestCheckResourceAttr(
+						"cloudstack_vpn_connection.foo", "name", "terraform-foo"),
+					resource.TestCheckResourceAttr(
+						"cloudstack_vpn_connection.bar", "name", "terraform-bar"),
+					resource.TestCheckResourceAttr(
+						"cloudstack_vpn_connection.foo", "ike_policy", "aes256-sha1"),
+					resource.TestCheckResourceAttr(
+						"cloudstack_vpn_connection.bar", "esp_policy", "aes256-sha1"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccCloudStackVPNCustomerGateway_update(t *testing.T) {
+	var nic cloudstack.Nic
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckCloudStackNICDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: TestAccCloudStackVPNCustomerGateway_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudStackVPNCustomerGatewayExists(
+						"cloudstack_vpn_connection.foo", &vpnCustomerGateway),
+					testAccCheckCloudStackVPNCustomerGatewayAttributes(&vpnCustomerGateway),
+					resource.TestCheckResourceAttr(
+						"cloudstack_vpn_connection.foo", "name", "terraform-foo"),
+					resource.TestCheckResourceAttr(
+						"cloudstack_vpn_connection.bar", "name", "terraform-bar"),
+					resource.TestCheckResourceAttr(
+						"cloudstack_vpn_connection.foo", "ike_policy", "aes256-sha1"),
+					resource.TestCheckResourceAttr(
+						"cloudstack_vpn_connection.bar", "esp_policy", "aes256-sha1"),
+				),
+			},
+
+			resource.TestStep{
+				Config: TestAccCloudStackVPNCustomerGateway_update,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudStackVPNCustomerGatewayExists(
+						"cloudstack_vpn_connection.foo", &vpnCustomerGateway),
+					testAccCheckCloudStackVPNCustomerGatewayAttributes(&vpnCustomerGateway),
+					resource.TestCheckResourceAttr(
+						"cloudstack_vpn_connection.foo", "name", "terraform-foo-bar"),
+					resource.TestCheckResourceAttr(
+						"cloudstack_vpn_connection.bar", "name", "terraform-bar-foo"),
+					resource.TestCheckResourceAttr(
+						"cloudstack_vpn_connection.foo", "ike_policy", "3des-md5"),
+					resource.TestCheckResourceAttr(
+						"cloudstack_vpn_connection.bar", "esp_policy", "3des-md5"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckCloudStackVPNCustomerGatewayExists(
+	n string, vpnCustomerGateway *cloudstack.VpnCustomerGateway) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No VPN CustomerGateway ID is set")
+		}
+
+		cs := testAccProvider.Meta().(*cloudstack.CloudStackClient)
+		v, _, err := cs.VPN.GetVpnCustomerGatewayByID(rs.Primary.ID)
+
+		if err != nil {
+			return err
+		}
+
+		if v.Id != rs.Primary.ID {
+			return fmt.Errorf("VPN CustomerGateway not found")
+		}
+
+		*vpnCustomerGateway = *v
+
+		return nil
+	}
+}
+
+func testAccCheckCloudStackVPNCustomerGatewayAttributes(
+	vpnCustomerGateway *cloudstack.VpnCustomerGateway) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+
+		if vpnCustomerGateway.Esppolicy != "aes256-sha1" {
+			return fmt.Errorf("Bad ESP policy: %s", vpnCustomerGateway.Esppolicy)
+		}
+
+		if vpnCustomerGateway.Ikepolicy != "aes256-sha1" {
+			return fmt.Errorf("Bad IKE policy: %s", vpnCustomerGateway.Ikepolicy)
+		}
+
+		if vpnCustomerGateway.Ipsecpsk != "terraform" {
+			return fmt.Errorf("Bad IPSEC pre-shared key: %s", vpnCustomerGateway.Ipsecpsk)
+		}
+
+		return nil
+	}
+}
+
+func testAccCheckCloudStackVPNCustomerGatewayDestroy(s *terraform.State) error {
+	cs := testAccProvider.Meta().(*cloudstack.CloudStackClient)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "cloudstack_vpn_connection" {
+			continue
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No VPN Customer Gateway ID is set")
+		}
+
+		p := cs.VPN.NewDeleteVpnCustomerGatewayParams(rs.Primary.ID)
+		_, err := cs.VPN.DeleteVpnCustomerGateway(p)
+
+		if err != nil {
+			return fmt.Errorf(
+				"Error deleting VPN Customer Gateway (%s): %s",
+				rs.Primary.ID, err)
+		}
+	}
+
+	return nil
+}
+
+var testAccCloudStackVPNCustomerGateway_basic = fmt.Sprintf(`
+resource "cloudstack_vpc" "foo" {
+  name = "terraform-vpc"
+  display_text = "terraform-vpc-text"
+  cidr = "%s"
+  vpc_offering = "%s"
+  zone = "%s"
+}
+
+resource "cloudstack_vpc" "bar" {
+  name = "terraform-vpc"
+  display_text = "terraform-vpc-text"
+  cidr = "%s"
+  vpc_offering = "%s"
+  zone = "%s"
+}
+
+resource "cloudstack_vpn_gateway" "foo" {
+    vpc = "${cloudstack_vpc.foo.name}"
+}
+
+resource "cloudstack_vpn_gateway" "bar" {
+    vpc = "${cloudstack_vpc.bar.name}"
+}
+
+resource "cloudstack_vpn_customer_gateway" "foo" {
+    name = "terraform-foo"
+    cidr = "${cloudstack_vpc.foo.cidr}"
+    esp_policy = "aes256-sha1"
+    gateway = "${cloudstack_vpn_gateway.foo.publicip}"
+    ike_policy = "aes256-sha1"
+    ipsec_psk = "terraform"
+}
+
+resource "cloudstack_vpn_customer_gateway" "bar" {
+    name = "terraform-bar"
+    cidr = "${cloudstack_vpc.bar.cidr}"
+    esp_policy = "aes256-sha1"
+    gateway = "${cloudstack_vpn_gateway.bar.publicip}"
+    ike_policy = "aes256-sha1"
+    ipsec_psk = "terraform"
+}`,
+	CLOUDSTACK_VPC_CIDR_1,
+	CLOUDSTACK_VPC_OFFERING,
+	CLOUDSTACK_ZONE,
+	CLOUDSTACK_VPC_CIDR_2,
+	CLOUDSTACK_VPC_OFFERING,
+	CLOUDSTACK_ZONE)
+
+var testAccCloudStackVPNCustomerGateway_update = fmt.Sprintf(`
+resource "cloudstack_vpn_customer_gateway" "foo" {
+    name = "terraform-foo-bar"
+    cidr = "${cloudstack_vpc.foo.cidr}"
+    esp_policy = "3des-md5"
+    gateway = "${cloudstack_vpn_gateway.foo.publicip}"
+    ike_policy = "3des-md5"
+    ipsec_psk = "terraform"
+}
+
+resource "cloudstack_vpn_customer_gateway" "bar" {
+    name = "terraform-bar-foo"
+    cidr = "${cloudstack_vpc.bar.cidr}"
+    esp_policy = "3des-md5"
+    gateway = "${cloudstack_vpn_gateway.bar.publicip}"
+    ike_policy = "3des-md5"
+    ipsec_psk = "terraform"
+}`)
diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpn_gateway.go b/builtin/providers/cloudstack/resource_cloudstack_vpn_gateway.go
index 650df6530e..063c317771 100644
--- a/builtin/providers/cloudstack/resource_cloudstack_vpn_gateway.go
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpn_gateway.go
@@ -22,7 +22,7 @@ func resourceCloudStackVPNGateway() *schema.Resource {
 				ForceNew: true,
 			},
 
-			"publicip": &schema.Schema{
+			"public_ip": &schema.Schema{
 				Type:     schema.TypeString,
 				Computed: true,
 			},
@@ -69,7 +69,7 @@ func resourceCloudStackVPNGatewayRead(d *schema.ResourceData, meta interface{})
 		return err
 	}
 
-	d.Set("publicip", v.Publicip)
+	d.Set("public_ip", v.Publicip)
 
 	return nil
 }
diff --git a/builtin/providers/cloudstack/resource_cloudstack_vpn_gateway_test.go b/builtin/providers/cloudstack/resource_cloudstack_vpn_gateway_test.go
new file mode 100644
index 0000000000..db6c0085a3
--- /dev/null
+++ b/builtin/providers/cloudstack/resource_cloudstack_vpn_gateway_test.go
@@ -0,0 +1,101 @@
+package cloudstack
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/xanzy/go-cloudstack/cloudstack"
+)
+
+func TestAccCloudStackVPNGateway_basic(t *testing.T) {
+	var vpnGateway cloudstack.VpnGateway
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckCloudStackVPNGatewayDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccCloudStackVPNGateway_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckCloudStackVPNGatewayExists(
+						"cloudstack_vpn_gateway.foo", &vpnGateway),
+					resource.TestCheckResourceAttr(
+						"cloudstack_vpn_gateway.foo", "vpc", "terraform-vpc"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckCloudStackVPNGatewayExists(
+	n string, vpnGateway *cloudstack.VpnGateway) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No VPN Gateway ID is set")
+		}
+
+		cs := testAccProvider.Meta().(*cloudstack.CloudStackClient)
+		v, _, err := cs.VPN.GetVpnGatewayByID(rs.Primary.ID)
+
+		if err != nil {
+			return err
+		}
+
+		if v.Id != rs.Primary.ID {
+			return fmt.Errorf("VPN Gateway not found")
+		}
+
+		*vpnGateway = *v
+
+		return nil
+	}
+}
+
+func testAccCheckCloudStackVPNGatewayDestroy(s *terraform.State) error {
+	cs := testAccProvider.Meta().(*cloudstack.CloudStackClient)
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "cloudstack_vpn_gateway" {
+			continue
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No VPN Gateway ID is set")
+		}
+
+		p := cs.VPN.NewDeleteVpnGatewayParams(rs.Primary.ID)
+		_, err := cs.VPN.DeleteVpnGateway(p)
+
+		if err != nil {
+			return fmt.Errorf(
+				"Error deleting VPN Gateway (%s): %s",
+				rs.Primary.ID, err)
+		}
+	}
+
+	return nil
+}
+
+var testAccCloudStackVPNGateway_basic = fmt.Sprintf(`
+resource "cloudstack_vpc" "foo" {
+  name = "terraform-vpc"
+  display_text = "terraform-vpc-text"
+  cidr = "%s"
+  vpc_offering = "%s"
+  zone = "%s"
+}
+
+resource "cloudstack_vpn_gateway" "foo" {
+    vpc = "${cloudstack_vpc.foo.name}"
+}`,
+	CLOUDSTACK_VPC_CIDR_1,
+	CLOUDSTACK_VPC_OFFERING,
+	CLOUDSTACK_ZONE)
diff --git a/website/source/docs/providers/cloudstack/r/egress_firewall.html.markdown b/website/source/docs/providers/cloudstack/r/egress_firewall.html.markdown
index 17fa20927e..b905bc0e99 100644
--- a/website/source/docs/providers/cloudstack/r/egress_firewall.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/egress_firewall.html.markdown
@@ -58,4 +58,4 @@ The `rule` block supports:
 
 The following attributes are exported:
 
-* `ID` - The network ID for which the egress firewall rules are created.
+* `id` - The network ID for which the egress firewall rules are created.
diff --git a/website/source/docs/providers/cloudstack/r/firewall.html.markdown b/website/source/docs/providers/cloudstack/r/firewall.html.markdown
index 1c659e6bfc..8b8aa0089c 100644
--- a/website/source/docs/providers/cloudstack/r/firewall.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/firewall.html.markdown
@@ -58,4 +58,4 @@ The `rule` block supports:
 
 The following attributes are exported:
 
-* `ID` - The IP address ID for which the firewall rules are created.
+* `id` - The IP address ID for which the firewall rules are created.
diff --git a/website/source/docs/providers/cloudstack/r/network_acl_rule.html.markdown b/website/source/docs/providers/cloudstack/r/network_acl_rule.html.markdown
index fb6b0891fb..f82b8f4464 100644
--- a/website/source/docs/providers/cloudstack/r/network_acl_rule.html.markdown
+++ b/website/source/docs/providers/cloudstack/r/network_acl_rule.html.markdown
@@ -66,4 +66,4 @@ The `rule` block supports:
 
 The following attributes are exported:
 
-* `ID` - The ACL ID for which the rules are created.
+* `id` - The ACL ID for which the rules are created.
diff --git a/website/source/docs/providers/cloudstack/r/vpn_connection.html.markdown b/website/source/docs/providers/cloudstack/r/vpn_connection.html.markdown
new file mode 100644
index 0000000000..3ecf17cbca
--- /dev/null
+++ b/website/source/docs/providers/cloudstack/r/vpn_connection.html.markdown
@@ -0,0 +1,38 @@
+---
+layout: "cloudstack"
+page_title: "CloudStack: cloudstack_vpn_connection"
+sidebar_current: "docs-cloudstack-resource-vpn-connection"
+description: |-
+  Creates a site to site VPN connection.
+---
+
+# cloudstack\_vpn\_connection
+
+Creates a site to site VPN connection.
+
+## Example Usage
+
+Basic usage:
+
+```
+resource "cloudstack_vpn_connection" "default" {
+    customergatewayid = "xxx"
+    vpngatewayid = "xxx"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `customergatewayid` - (Required) The Customer Gateway ID to connect.
+    Changing this forces a new resource to be created.
+
+* `vpngatewayid` - (Required) The VPN Gateway ID to connect.
+    Changing this forces a new resource to be created.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The ID of the VPN Connection.
diff --git a/website/source/docs/providers/cloudstack/r/vpn_customer_gateway.html.markdown b/website/source/docs/providers/cloudstack/r/vpn_customer_gateway.html.markdown
new file mode 100644
index 0000000000..84183b8d6c
--- /dev/null
+++ b/website/source/docs/providers/cloudstack/r/vpn_customer_gateway.html.markdown
@@ -0,0 +1,59 @@
+---
+layout: "cloudstack"
+page_title: "CloudStack: cloudstack_vpn_customer_gateway"
+sidebar_current: "docs-cloudstack-resource-vpn-customer-gateway"
+description: |-
+  Creates a site to site VPN local customer gateway.
+---
+
+# cloudstack\_vpn\_customer\_gateway
+
+Creates a site to site VPN local customer gateway.
+
+## Example Usage
+
+Basic usage:
+
+```
+resource "cloudstack_vpn_customer_gateway" "default" {
+    name = "test-vpc"
+    cidr = "10.0.0.0/8"
+    esp_policy = "aes256-sha1"
+    gateway = "192.168.0.1"
+    ike_policy = "aes256-sha1"
+    ipsec_psk = "terraform"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the VPN Customer Gateway.
+
+* `cidr` - (Required) The CIDR block that needs to be routed through this gateway.
+
+* `esp_policy` - (Required) The ESP policy to use for this VPN Customer Gateway.
+
+* `gateway` - (Required) The public IP address of the related VPN Gateway.
+
+* `ike_policy` - (Required) The IKE policy to use for this VPN Customer Gateway.
+
+* `ipsec_psk` - (Required) The IPSEC pre-shared key used for this gateway.
+
+* `dpd` - (Optional) If DPD is enabled for the related VPN connection (defaults false)
+
+* `esp_lifetime` - (Optional) The ESP lifetime of phase 2 VPN connection to this
+    VPN Customer Gateway in seconds (defaults 86400)
+
+* `ike_lifetime` - (Optional) The IKE lifetime of phase 2 VPN connection to this
+    VPN Customer Gateway in seconds (defaults 86400)
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The ID of the VPN Customer Gateway.
+* `dpd` - Enable or disable DPD is enabled for the related VPN connection.
+* `esp_lifetime` - The ESP lifetime of phase 2 VPN connection to this VPN Customer Gateway.
+* `ike_lifetime` - The IKE lifetime of phase 2 VPN connection to this VPN Customer Gateway.
diff --git a/website/source/docs/providers/cloudstack/r/vpn_gateway.html.markdown b/website/source/docs/providers/cloudstack/r/vpn_gateway.html.markdown
new file mode 100644
index 0000000000..10aabd7967
--- /dev/null
+++ b/website/source/docs/providers/cloudstack/r/vpn_gateway.html.markdown
@@ -0,0 +1,35 @@
+---
+layout: "cloudstack"
+page_title: "CloudStack: cloudstack_vpn_gateway"
+sidebar_current: "docs-cloudstack-resource-vpn-gateway"
+description: |-
+  Creates a site to site VPN local gateway.
+---
+
+# cloudstack\_vpn\_gateway
+
+Creates a site to site VPN local gateway.
+
+## Example Usage
+
+Basic usage:
+
+```
+resource "cloudstack_vpn_gateway" "default" {
+    vpc = "test-vpc"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `vpc` - (Required) The name of the VPC for which to create the VPN Gateway.
+    Changing this forces a new resource to be created.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The ID of the VPN Gateway.
+* `public_ip` - The public IP address associated with the VPN Gateway.
diff --git a/website/source/layouts/cloudstack.erb b/website/source/layouts/cloudstack.erb
index a0e137aae3..ee1ae6587c 100644
--- a/website/source/layouts/cloudstack.erb
+++ b/website/source/layouts/cloudstack.erb
@@ -1,66 +1,78 @@
 <% wrap_layout :inner do %>
-	<% content_for :sidebar do %>
-		<div class="docs-sidebar hidden-print affix-top" role="complementary">
-			<ul class="nav docs-sidenav">
-				<li<%= sidebar_current("docs-home") %>>
-				  <a href="/docs/index.html">&laquo; Documentation Home</a>
-        </li>
+    <% content_for :sidebar do %>
+        <div class="docs-sidebar hidden-print affix-top" role="complementary">
+            <ul class="nav docs-sidenav">
+                <li<%= sidebar_current("docs-home") %>>
+                    <a href="/docs/index.html">&laquo; Documentation Home</a>
+                </li>
 
-				<li<%= sidebar_current("docs-cloudstack-index") %>>
-				  <a href="/docs/providers/cloudstack/index.html">CloudStack Provider</a>
-        </li>
+                <li<%= sidebar_current("docs-cloudstack-index") %>>
+                    <a href="/docs/providers/cloudstack/index.html">CloudStack Provider</a>
+                </li>
 
-				<li<%= sidebar_current("docs-cloudstack-resource") %>>
-				  <a href="#">Resources</a>
-          <ul class="nav nav-visible">
-            <li<%= sidebar_current("docs-cloudstack-resource-disk") %>>
-					    <a href="/docs/providers/cloudstack/r/disk.html">cloudstack_disk</a>
-            </li>
+                <li<%= sidebar_current("docs-cloudstack-resource") %>>
+                    <a href="#">Resources</a>
+                    <ul class="nav nav-visible">
+                        <li<%= sidebar_current("docs-cloudstack-resource-disk") %>>
+                        <a href="/docs/providers/cloudstack/r/disk.html">cloudstack_disk</a>
+                        </li>
 
-            <li<%= sidebar_current("docs-cloudstack-resource-egress-firewall") %>>
-              <a href="/docs/providers/cloudstack/r/egress_firewall.html">cloudstack_egress_firewall</a>
-            </li>
+                        <li<%= sidebar_current("docs-cloudstack-resource-egress-firewall") %>>
+                            <a href="/docs/providers/cloudstack/r/egress_firewall.html">cloudstack_egress_firewall</a>
+                        </li>
 
-            <li<%= sidebar_current("docs-cloudstack-resource-firewall") %>>
-					    <a href="/docs/providers/cloudstack/r/firewall.html">cloudstack_firewall</a>
-            </li>
+                        <li<%= sidebar_current("docs-cloudstack-resource-firewall") %>>
+                            <a href="/docs/providers/cloudstack/r/firewall.html">cloudstack_firewall</a>
+                        </li>
 
-            <li<%= sidebar_current("docs-cloudstack-resource-instance") %>>
-					    <a href="/docs/providers/cloudstack/r/instance.html">cloudstack_instance</a>
-            </li>
+                        <li<%= sidebar_current("docs-cloudstack-resource-instance") %>>
+                            <a href="/docs/providers/cloudstack/r/instance.html">cloudstack_instance</a>
+                        </li>
 
-            <li<%= sidebar_current("docs-cloudstack-resource-ipaddress") %>>
-               <a href="/docs/providers/cloudstack/r/ipaddress.html">cloudstack_ipaddress</a>
-            </li>
+                        <li<%= sidebar_current("docs-cloudstack-resource-ipaddress") %>>
+                            <a href="/docs/providers/cloudstack/r/ipaddress.html">cloudstack_ipaddress</a>
+                        </li>
 
-            <li<%= sidebar_current("docs-cloudstack-resource-network") %>>
-               <a href="/docs/providers/cloudstack/r/network.html">cloudstack_network</a>
-            </li>
+                        <li<%= sidebar_current("docs-cloudstack-resource-network") %>>
+                            <a href="/docs/providers/cloudstack/r/network.html">cloudstack_network</a>
+                        </li>
 
-            <li<%= sidebar_current("docs-cloudstack-resource-network-acl") %>>
-					    <a href="/docs/providers/cloudstack/r/network_acl.html">cloudstack_network_acl</a>
-            </li>
+                        <li<%= sidebar_current("docs-cloudstack-resource-network-acl") %>>
+                            <a href="/docs/providers/cloudstack/r/network_acl.html">cloudstack_network_acl</a>
+                        </li>
 
-            <li<%= sidebar_current("docs-cloudstack-resource-network-acl-rule") %>>
-					    <a href="/docs/providers/cloudstack/r/network_acl_rule.html">cloudstack_network_acl_rule</a>
-            </li>
+                        <li<%= sidebar_current("docs-cloudstack-resource-network-acl-rule") %>>
+                            <a href="/docs/providers/cloudstack/r/network_acl_rule.html">cloudstack_network_acl_rule</a>
+                        </li>
 
-            <li<%= sidebar_current("docs-cloudstack-resource-nic") %>>
-					    <a href="/docs/providers/cloudstack/r/nic.html">cloudstack_nic</a>
-					  </li>
+                        <li<%= sidebar_current("docs-cloudstack-resource-nic") %>>
+                            <a href="/docs/providers/cloudstack/r/nic.html">cloudstack_nic</a>
+                        </li>
 
-            <li<%= sidebar_current("docs-cloudstack-resource-port-forward") %>>
-              <a href="/docs/providers/cloudstack/r/port_forward.html">cloudstack_port_forward</a>
-            </li>
+                        <li<%= sidebar_current("docs-cloudstack-resource-port-forward") %>>
+                            <a href="/docs/providers/cloudstack/r/port_forward.html">cloudstack_port_forward</a>
+                        </li>
 
-            <li<%= sidebar_current("docs-cloudstack-resource-vpc") %>>
-					    <a href="/docs/providers/cloudstack/r/vpc.html">cloudstack_vpc</a>
-				    </li>
-				  </ul>
-				</li>
-			</ul>
-		</div>
-	<% end %>
+                        <li<%= sidebar_current("docs-cloudstack-resource-vpc") %>>
+                            <a href="/docs/providers/cloudstack/r/vpc.html">cloudstack_vpc</a>
+                        </li>
 
-	<%= yield %>
-	<% end %>
+                        <li<%= sidebar_current("docs-cloudstack-resource-vpn-gateway") %>>
+                            <a href="/docs/providers/cloudstack/r/vpn_gateway.html">cloudstack_vpn_gateway</a>
+                        </li>
+
+                        <li<%= sidebar_current("docs-cloudstack-resource-vpn-customer-gateway") %>>
+                            <a href="/docs/providers/cloudstack/r/vpn_customer_gateway.html">cloudstack_vpn_customer_gateway</a>
+                        </li>
+
+                        <li<%= sidebar_current("docs-cloudstack-resource-vpn-connection") %>>
+                            <a href="/docs/providers/cloudstack/r/vpn_connection.html">cloudstack_vpn_connection</a>
+                        </li>
+                    </ul>
+                </li>
+            </ul>
+        </div>
+    <% end %>
+
+    <%= yield %>
+<% end %>