feat(NAT): add private nat resources (#971)

docs/resources/nat_private_dnat_rule.md

@@ -0,0 +1,163 @@
+---
+subcategory: "NAT Gateway (NAT)"
+---
+
+# flexibleengine_nat_private_dnat_rule
+
+Manages a DNAT rule resource of the **private** NAT within FlexibleEngine.
+
+## Example Usage
+
+### DNAT rules forwarded with ECS instance as the backend
+
+```hcl
+variable "gateway_id" {}
+variable "transit_ip_id" {}
+
+resource "flexibleengine_compute_instance_v2" "test" {
+  ...
+}
+
+resource "flexibleengine_nat_private_dnat_rule" "test" {
+  gateway_id            = var.gateway_id
+  protocol              = "tcp"
+  transit_ip_id         = var.transit_ip_id
+  transit_service_port  = 1000
+  backend_interface_id  = flexibleengine_compute_instance_v2.test.network[0].port
+  internal_service_port = 2000
+}
+```
+
+### DNAT rules forwarded with ELB loadbalancer as the backend
+
+```hcl
+variable "network_id" {}
+variable "gateway_id" {}
+variable "transit_ip_id" {}
+
+resource "flexibleengine_lb_loadbalancer_v3" "test" {
+  ...
+}
+
+data "flexibleengine_networking_port" "test" {
+  network_id = var.network_id
+  fixed_ip   = flexibleengine_lb_loadbalancer_v3.test.ipv4_address
+}
+
+resource "flexibleengine_nat_private_dnat_rule" "test" {
+  gateway_id            = var.gateway_id
+  protocol              = "tcp"
+  transit_ip_id         = var.transit_ip_id
+  transit_service_port  = 1000
+  backend_interface_id  = data.flexibleengine_networking_port.test.id
+  internal_service_port = 2000
+}
+```
+
+### DNAT rules forwarded with VIP as the backend
+
+```hcl
+variable "network_id" {}
+variable "gateway_id" {}
+variable "transit_ip_id" {}
+
+resource "flexibleengine_networking_vip_v2" "test" {
+  network_id = var.network_id
+}
+
+resource "flexibleengine_nat_private_dnat_rule" "test" {
+  gateway_id            = var.gateway_id
+  protocol              = "tcp"
+  transit_ip_id         = var.transit_ip_id
+  transit_service_port  = 1000
+  backend_interface_id  = flexibleengine_networking_vip_v2.test.id
+  internal_service_port = 2000
+}
+```
+
+### DNAT rules forwarded with a custom private IP address as the backend
+
+```hcl
+variable "gateway_id" {}
+variable "transit_ip_id" {}
+
+resource "flexibleengine_nat_private_dnat_rule" "test" {
+  gateway_id            = var.gateway_id
+  protocol              = "tcp"
+  transit_ip_id         = var.transit_ip_id
+  transit_service_port  = 1000
+  backend_private_ip    = "172.168.0.69"
+  internal_service_port = 2000
+}
+```
+
+### DNAT rules for all ports
+
+```hcl
+variable "gateway_id" {}
+variable "transit_ip_id" {}
+
+resource "flexibleengine_nat_private_dnat_rule" "test" {
+  gateway_id         = var.gateway_id
+  protocol           = "any"
+  transit_ip_id      = var.transit_ip_id
+  backend_private_ip = "172.168.0.69"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region where the DNAT rule is located.  
+  If omitted, the provider-level region will be used. Changing this will create a new resource.
+
+* `gateway_id` - (Required, String, ForceNew) Specifies the private NAT gateway ID to which the DNAT rule belongs.  
+  Changing this will create a new resource.
+
+* `transit_ip_id` - (Required, String) Specifies the ID of the transit IP for private NAT.
+
+* `transit_service_port` - (Optional, Int) Specifies the port of the transit IP.  
+
+-> Defaults to `0` and the default port is only available for rules with the protocol **any**.
+
+* `protocol` - (Optional, String) Specifies the protocol type.  
+  The valid values are **tcp**, **udp** and **any**. Defaults to **any**.
+
+* `backend_interface_id` - (Optional, String) Specifies the network interface ID of the transit IP for private NAT.  
+  Exactly one of `backend_interface_id` and `backend_private_ip` must be set.
+
+* `backend_private_ip` - (Optional, String) Specifies the private IP address of the backend instance.
+
+* `internal_service_port` - (Optional, Int) Specifies the port of the backend instance.
+
+-> Defaults to `0` and the default port is only available for rules with the protocol **any**.
+
+* `description` - (Optional, String) Specifies the description of the DNAT rule, which contain maximum of `255`
+  characters, and angle brackets (< and >) are not allowed.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The resource ID in UUID format.
+
+* `backend_type` - The type of backend instance.
+  The valid values are as follows:
+  + **COMPUTE**: ECS instance.
+  + **VIP**: VIP.
+  + **ELB**: ELB loadbalancer.
+  + **ELBv3**: ver.3 ELB loadbalancer.
+  + **CUSTOMIZE**: custom backend IP address.
+
+* `created_at` - The creation time of the DNAT rule.
+
+* `updated_at` - The latest update time of the DNAT rule.
+
+## Import
+
+DNAT rules can be imported using their `id`, e.g.
+
+```bash
+terraform import flexibleengine_nat_private_dnat_rule.test 19e3f4ed-fde0-406a-828d-7e0482400da9
+```

docs/resources/nat_private_gateway.md

@@ -0,0 +1,79 @@
+---
+subcategory: "NAT Gateway (NAT)"
+---
+
+# flexibleengine_nat_private_gateway
+
+Manages a gateway resource of the **private** NAT within FlexibleEngine.
+
+## Example Usage
+
+```hcl
+variable "subnet_id" {}
+variable "gateway_name" {}
+
+resource "flexibleengine_nat_private_gateway" "test" {
+  subnet_id             = var.subnet_id
+  name                  = var.gateway_name
+  spec                  = "Small"
+  description           = "Created by terraform script"
+  enterprise_project_id = "0"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region where the private NAT gateway is located.  
+  If omitted, the provider-level region will be used. Changing this will create a new resource.
+
+* `subnet_id` - (Required, String, ForceNew) Specifies the network ID of the subnet to which the private NAT gateway
+  belongs.  
+  Changing this will create a new resource.
+
+* `name` - (Required, String) Specifies the private NAT gateway name.  
+  The valid length is limited from `1` to `64`, only English letters, Chinese characters, digits, hyphens (-) and
+  underscores (_) are allowed.
+
+* `spec` - (Optional, String) Specifies the specification of the private NAT gateway.  
+  The valid values are as follows:
+  + **Small**: Small type, which supports up to `20` rules, `200 Mbit/s` bandwidth, `20,000` PPS and `2,000` SNAT
+    connections.
+  + **Medium**: Medium type, which supports up to `50` rules, `500 Mbit/s` bandwidth, `50,000` PPS and `5,000` SNAT
+    connections.
+  + **Large**: Large type, which supports up to `200` rules, `2 Gbit/s` bandwidth, `200,000` PPS and `20,000` SNAT
+    connections.
+  + **Extra-Large**: Extra-large type, which supports up to `500` rules, `5 Gbit/s` bandwidth, `500,000` PPS and
+    `50,000` SNAT connections.
+
+  Defaults to **Small**.
+
+* `description` - (Optional, String) Specifies the description of the private NAT gateway, which contain maximum of
+  `255` characters, and angle brackets (< and >) are not allowed.
+
+* `enterprise_project_id` - (Optional, String, ForceNew) Specifies the ID of the enterprise project to which the private
+  NAT gateway belongs.  
+  Changing this will create a new resource.
+
+* `tags` - (Optional, Map) Specifies the key/value pairs to associate with the private NAT geteway.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The resource ID in UUID format.
+
+* `created_at` - The creation time of the private NAT gateway.
+
+* `updated_at` - The latest update time of the private NAT gateway.
+
+* `status` - The current status of the private NAT gateway.
+
+## Import
+
+The private NAT gateways can be imported using their `id`, e.g.
+
+```bash
+terraform import flexibleengine_nat_private_gateway.test 13d9d015-9d6f-483d-882d-d996cdf2c1d0
+```

docs/resources/nat_private_snat_rule.md

@@ -0,0 +1,80 @@
+---
+subcategory: "NAT Gateway (NAT)"
+---
+
+# flexibleengine_nat_private_snat_rule
+
+Manages an SNAT rule resource of the **private** NAT within FlexibleEngine.
+
+## Example Usage
+
+### Create an SNAT rule via subnet ID
+
+```hcl
+variable "gateway_id" {}
+variable "transit_ip_id" {}
+variable "subnet_id" {}
+
+resource "flexibleengine_nat_private_snat_rule" "test" {
+  gateway_id    = var.gateway_id
+  transit_ip_id = var.transit_ip_id
+  subnet_id     = var.subnet_id
+}
+```
+
+### Create an SNAT rule via CIDR
+
+```hcl
+variable "gateway_id" {}
+variable "transit_ip_id" {}
+variable "cidr_block" {}
+
+resource "flexibleengine_nat_private_snat_rule" "test" {
+  gateway_id    = var.gateway_id
+  transit_ip_id = var.transit_ip_id
+  cidr          = var.cidr_block
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region where the SNAT rule is located.  
+  If omitted, the provider-level region will be used. Changing this will create a new resource.
+
+* `gateway_id` - (Required, String, ForceNew) Specifies the private NAT gateway ID to which the SNAT rule belongs.  
+  Changing this will create a new resource.
+
+* `transit_ip_id` - (Required, String) Specifies the ID of the transit IP associated with SNAT rule.
+
+* `cidr` - (Optional, String, ForceNew) Specifies the CIDR block of the match rule.  
+  Changing this will create a new resource.  
+  Exactly one of `cidr` and `subnet_id` must be set.
+
+-> SNAT rules under the same private NAT gateway cannot have the same CIDR, but they can be proper subsets of other
+   CIDRs.
+
+* `subnet_id` - (Optional, String, ForceNew) Specifies the subnet ID of the match rule.  
+  Changing this will create a new resource.
+
+* `description` - (Optional, String) Specifies the description of the SNAT rule, which contain maximum of `255`
+  characters, and angle brackets (< and >) are not allowed.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The resource ID in UUID format.
+
+* `created_at` - The creation time of the SNAT rule.
+
+* `updated_at` - The latest update time of the SNAT rule.
+
+## Import
+
+SNAT rules can be imported using their `id`, e.g.
+
+```bash
+terraform import flexibleengine_nat_private_snat_rule.test df9b61e9-79c1-4a75-bfab-736e224ced71
+```

docs/resources/nat_private_transit_ip.md

@@ -0,0 +1,66 @@
+---
+subcategory: "NAT Gateway (NAT)"
+---
+
+# flexibleengine_nat_private_transit_ip
+
+Manages a transit IP resource of the **private** NAT within FlexibleEngine.
+
+## Example Usage
+
+```hcl
+variable "subnet_id" {}
+variable "ipv4_address" {}
+variable "enterprise_project_id" {}
+
+resource "flexibleengine_nat_private_transit_ip" "test" {
+  subnet_id             = var.subnet_id
+  ip_address            = var.ipv4_address
+  enterprise_project_id = var.enterprise_project_id
+
+  tags = {
+    foo = "bar"
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region where the transit IP is located.  
+  If omitted, the provider-level region will be used. Changing this will create a new resource.
+
+* `subnet_id` - (Required, String, ForceNew) Specifies the transit subnet ID to which the transit IP belongs.  
+  Changing this will create a new resource.
+
+* `ip_address` - (Optional, String, ForceNew) Specifies the IP address of the transit subnet.  
+  Changing this will create a new resource.
+
+* `enterprise_project_id` - (Optional, String, ForceNew) Specifies the ID of the enterprise project to which the transit
+  IP belongs.  
+  Changing this will create a new resource.
+
+* `tags` - (Optional, Map) Specifies the key/value pairs to associate with the transit IP.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The resource ID in UUID format.
+
+* `network_interface_id` - The network interface ID of the transit IP for private NAT.
+
+* `gateway_id` - The ID of the private NAT gateway to which the transit IP belongs.
+
+* `created_at` - The creation time of the transit IP for private NAT.
+
+* `updated_at` - The latest update time of the transit IP for private NAT.
+
+## Import
+
+Transit IPs can be imported using their `id`, e.g.
+
+```bash
+terraform import flexibleengine_nat_private_transit_ip.test 5a1d921c-1df5-477d-8481-317b3fb47b5d
+```