From b8c55bb204c494ff3bf049521e75c92c473f5dd4 Mon Sep 17 00:00:00 2001 From: SunithaGudisagar <127872893+SunithaGudisagarIBM1@users.noreply.github.com> Date: Thu, 28 Mar 2024 18:22:09 +0530 Subject: [PATCH] Feature is sg rule local ip (#5244) * SDK Changes * Development and Documentation * Added test and maturity param * SDK update * SDK update * Go Version Update * REview comments incorporated --- go.mod | 4 +- go.sum | 4 + .../vpc/data_source_ibm_is_security_group.go | 48 +++++++++++ .../data_source_ibm_is_security_group_rule.go | 67 ++++++++++++++++ ...data_source_ibm_is_security_group_rules.go | 48 ++++++++++- .../vpc/data_source_ibm_is_security_groups.go | 50 ++++++++++++ .../vpc/resource_ibm_is_lb_listener.go | 2 +- .../vpc/resource_ibm_is_lb_listener_policy.go | 14 ++-- .../vpc/resource_ibm_is_security_group.go | 36 +++++++++ .../resource_ibm_is_security_group_rule.go | 80 +++++++++++++++++++ ...esource_ibm_is_security_group_rule_test.go | 1 + .../docs/d/is_security_group.html.markdown | 1 + .../d/is_security_group_rule.html.markdown | 6 ++ .../d/is_security_group_rules.html.markdown | 5 ++ .../docs/d/is_security_groups.html.markdown | 11 ++- .../docs/r/is_security_group.html.markdown | 1 + .../r/is_security_group_rule.html.markdown | 1 + 17 files changed, 366 insertions(+), 13 deletions(-) diff --git a/go.mod b/go.mod index 90c014f351..434a612143 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( github.com/IBM/schematics-go-sdk v0.2.3 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 github.com/IBM/vpc-beta-go-sdk v0.6.0 - github.com/IBM/vpc-go-sdk v0.49.1 + github.com/IBM/vpc-go-sdk v0.50.0 github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 github.com/akamai/AkamaiOPEN-edgegrid-golang/v5 v5.0.0 @@ -243,4 +243,4 @@ exclude ( github.com/kubernetes-incubator/external-storage v0.20.4-openstorage-rc2 k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible k8s.io/client-go v12.0.0+incompatible -) +) \ No newline at end of file diff --git a/go.sum b/go.sum index 023d34bb27..ff7c7f7cbb 100644 --- a/go.sum +++ b/go.sum @@ -178,6 +178,8 @@ github.com/IBM/vpc-beta-go-sdk v0.6.0 h1:wfM3AcW3zOM3xsRtZ+EA6+sESlGUjQ6Yf4n5QQy github.com/IBM/vpc-beta-go-sdk v0.6.0/go.mod h1:fzHDAQIqH/5yJmYsKodKHLcqxMDT+yfH6vZjdiw8CQA= github.com/IBM/vpc-go-sdk v0.49.1 h1:VIkZ8iJMBHqBulUXcPtN0ifxsa0xwlBtaLslU2V9HsY= github.com/IBM/vpc-go-sdk v0.49.1/go.mod h1:iBg9UJY1y/XpkweyP6YH7G6guzKPV8BYDoBMTdPupH4= +github.com/IBM/vpc-go-sdk v0.50.0 h1:+vnXYK0FXFXYqaS/5/X1XEqH0bbRotkzkerRk21ZEjE= +github.com/IBM/vpc-go-sdk v0.50.0/go.mod h1:iBg9UJY1y/XpkweyP6YH7G6guzKPV8BYDoBMTdPupH4= github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E= github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc= github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56 h1:vuquMR410psHNax14XKNWa0Ae/kYgWJcXi0IFuX60N0= @@ -1267,6 +1269,7 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl github.com/onsi/gomega v1.18.0/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= +github.com/onsi/gomega v1.20.0/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo= github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo= github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= @@ -1489,6 +1492,7 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= diff --git a/ibm/service/vpc/data_source_ibm_is_security_group.go b/ibm/service/vpc/data_source_ibm_is_security_group.go index 4cfefa735d..cb41feb4ac 100644 --- a/ibm/service/vpc/data_source_ibm_is_security_group.go +++ b/ibm/service/vpc/data_source_ibm_is_security_group.go @@ -20,6 +20,7 @@ const ( isSgRuleDirection = "direction" isSgRuleIPVersion = "ip_version" isSgRuleRemote = "remote" + isSgRuleLocal = "local" isSgRuleType = "type" isSgRuleCode = "code" isSgRulePortMax = "port_max" @@ -81,6 +82,26 @@ func DataSourceIBMISSecurityGroup() *schema.Resource { Description: "Security group id: an IP address, a CIDR block, or a single security group identifier", }, + "local": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules).", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "address": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered.", + }, + "cidr_block": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered.", + }, + }, + }, + }, + isSgRuleType: { Type: schema.TypeInt, Computed: true, @@ -248,6 +269,15 @@ func securityGroupGet(d *schema.ResourceData, meta interface{}, name string) err } } } + local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal) + if ok { + if local != nil && !reflect.ValueOf(local).IsNil() { + localList := []map[string]interface{}{} + localMap := dataSourceSecurityGroupRuleLocalToMap(local) + localList = append(localList, localMap) + r["local"] = localList + } + } rules = append(rules, r) } @@ -273,6 +303,15 @@ func securityGroupGet(d *schema.ResourceData, meta interface{}, name string) err } } } + local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal) + if ok { + if local != nil && !reflect.ValueOf(local).IsNil() { + localList := []map[string]interface{}{} + localMap := dataSourceSecurityGroupRuleLocalToMap(local) + localList = append(localList, localMap) + r["local"] = localList + } + } rules = append(rules, r) } @@ -303,6 +342,15 @@ func securityGroupGet(d *schema.ResourceData, meta interface{}, name string) err } } } + local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal) + if ok { + if local != nil && !reflect.ValueOf(local).IsNil() { + localList := []map[string]interface{}{} + localMap := dataSourceSecurityGroupRuleLocalToMap(local) + localList = append(localList, localMap) + r["local"] = localList + } + } rules = append(rules, r) } } diff --git a/ibm/service/vpc/data_source_ibm_is_security_group_rule.go b/ibm/service/vpc/data_source_ibm_is_security_group_rule.go index 39134bc688..4226aec4ea 100644 --- a/ibm/service/vpc/data_source_ibm_is_security_group_rule.go +++ b/ibm/service/vpc/data_source_ibm_is_security_group_rule.go @@ -104,6 +104,25 @@ func DataSourceIBMIsSecurityGroupRule() *schema.Resource { }, }, }, + "local": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules).", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "address": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered.", + }, + "cidr_block": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered.", + }, + }, + }, + }, "code": &schema.Schema{ Type: schema.TypeInt, Computed: true, @@ -173,6 +192,16 @@ func dataSourceIBMIsSecurityGroupRuleRead(context context.Context, d *schema.Res return diag.FromErr(fmt.Errorf("Error setting remote %s", err)) } } + if securityGroupRule.Local != nil { + securityGroupRuleLocal, err := dataSourceSecurityGroupRuleFlattenLocal(securityGroupRule.Local) + if err != nil { + return diag.FromErr(fmt.Errorf("Error flattening securityGroupRule.Local %s", err)) + } + err = d.Set("local", securityGroupRuleLocal) + if err != nil { + return diag.FromErr(fmt.Errorf("Error setting local %s", err)) + } + } } case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolIcmp": @@ -202,6 +231,16 @@ func dataSourceIBMIsSecurityGroupRuleRead(context context.Context, d *schema.Res return diag.FromErr(fmt.Errorf("Error setting remote %s", err)) } } + if securityGroupRule.Local != nil { + securityGroupRuleLocal, err := dataSourceSecurityGroupRuleFlattenLocal(securityGroupRule.Local) + if err != nil { + return diag.FromErr(fmt.Errorf("Error flattening securityGroupRule.Local %s", err)) + } + err = d.Set("local", securityGroupRuleLocal) + if err != nil { + return diag.FromErr(fmt.Errorf("Error setting local %s", err)) + } + } if err = d.Set("code", flex.IntValue(securityGroupRule.Code)); err != nil { return diag.FromErr(fmt.Errorf("Error setting code: %s", err)) @@ -237,6 +276,16 @@ func dataSourceIBMIsSecurityGroupRuleRead(context context.Context, d *schema.Res return diag.FromErr(fmt.Errorf("Error setting remote %s", err)) } } + if securityGroupRule.Local != nil { + securityGroupRuleLocal, err := dataSourceSecurityGroupRuleFlattenLocal(securityGroupRule.Local) + if err != nil { + return diag.FromErr(fmt.Errorf("Error flattening securityGroupRule.Local %s", err)) + } + err = d.Set("local", securityGroupRuleLocal) + if err != nil { + return diag.FromErr(fmt.Errorf("Error setting local %s", err)) + } + } if err = d.Set("port_max", flex.IntValue(securityGroupRule.PortMax)); err != nil { return diag.FromErr(fmt.Errorf("Error setting port_max: %s", err)) } @@ -289,6 +338,24 @@ func dataSourceSecurityGroupRuleRemoteToMap(remoteItem *vpcv1.SecurityGroupRuleR return remoteMap } +func dataSourceSecurityGroupRuleFlattenLocal(m vpcv1.SecurityGroupRuleLocalIntf) ([]map[string]interface{}, error) { + var ruleList []map[string]interface{} + ruleMap := dataSourceSecurityGroupRuleLocalToMap(m.(*vpcv1.SecurityGroupRuleLocal)) + ruleList = append(ruleList, ruleMap) + return ruleList, nil +} + +func dataSourceSecurityGroupRuleLocalToMap(localItem *vpcv1.SecurityGroupRuleLocal) (localMap map[string]interface{}) { + localMap = map[string]interface{}{} + if localItem.Address != nil { + localMap["address"] = *localItem.Address + } + if localItem.CIDRBlock != nil { + localMap["cidr_block"] = *localItem.CIDRBlock + } + return localMap +} + func dataSourceSecurityGroupRuleRemoteDeletedToMap(deletedItem *vpcv1.SecurityGroupReferenceDeleted) (resultMap map[string]interface{}) { resultMap = map[string]interface{}{} diff --git a/ibm/service/vpc/data_source_ibm_is_security_group_rules.go b/ibm/service/vpc/data_source_ibm_is_security_group_rules.go index fb1eb1f900..0917fd97e5 100644 --- a/ibm/service/vpc/data_source_ibm_is_security_group_rules.go +++ b/ibm/service/vpc/data_source_ibm_is_security_group_rules.go @@ -106,6 +106,25 @@ func DataSourceIBMIsSecurityGroupRules() *schema.Resource { }, }, }, + "local": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules).", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "address": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered.", + }, + "cidr_block": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered.", + }, + }, + }, + }, "code": &schema.Schema{ Type: schema.TypeInt, Computed: true, @@ -168,6 +187,13 @@ func dataSourceIBMIsSecurityGroupRulesRead(d *schema.ResourceData, meta interfac remoteList = append(remoteList, remoteMap) l["remote"] = remoteList } + // nested map for local. + if rulex.Local != nil { + localList := []map[string]interface{}{} + localMap := dataSourceSecurityGroupRuleLocalToMap(rulex.Local.(*vpcv1.SecurityGroupRuleLocal)) + localList = append(localList, localMap) + l["local"] = localList + } } case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolIcmp": @@ -177,9 +203,13 @@ func dataSourceIBMIsSecurityGroupRulesRead(d *schema.ResourceData, meta interfac l["href"] = *rulex.Href l["id"] = *rulex.ID l["ip_version"] = *rulex.IPVersion - l["code"] = *rulex.Code + if rulex.Code != nil { + l["code"] = *rulex.Code + } l["protocol"] = *rulex.Protocol - l["type"] = *rulex.Type + if rulex.Type != nil { + l["type"] = *rulex.Type + } // remote if rulex.Remote != nil { remoteList := []map[string]interface{}{} @@ -187,6 +217,13 @@ func dataSourceIBMIsSecurityGroupRulesRead(d *schema.ResourceData, meta interfac remoteList = append(remoteList, remoteMap) l["remote"] = remoteList } + // nested map for local. + if rulex.Local != nil { + localList := []map[string]interface{}{} + localMap := dataSourceSecurityGroupRuleLocalToMap(rulex.Local.(*vpcv1.SecurityGroupRuleLocal)) + localList = append(localList, localMap) + l["local"] = localList + } } case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolTcpudp": { @@ -205,6 +242,13 @@ func dataSourceIBMIsSecurityGroupRulesRead(d *schema.ResourceData, meta interfac remoteList = append(remoteList, remoteMap) l["remote"] = remoteList } + // nested map for local. + if rulex.Local != nil { + localList := []map[string]interface{}{} + localMap := dataSourceSecurityGroupRuleLocalToMap(rulex.Local.(*vpcv1.SecurityGroupRuleLocal)) + localList = append(localList, localMap) + l["local"] = localList + } } } rulesInfo = append(rulesInfo, l) diff --git a/ibm/service/vpc/data_source_ibm_is_security_groups.go b/ibm/service/vpc/data_source_ibm_is_security_groups.go index 4cc777384e..a24137927c 100644 --- a/ibm/service/vpc/data_source_ibm_is_security_groups.go +++ b/ibm/service/vpc/data_source_ibm_is_security_groups.go @@ -128,6 +128,25 @@ func DataSourceIBMIsSecurityGroups() *schema.Resource { Computed: true, Description: "The protocol to enforce.", }, + "local": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules).", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "address": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered.", + }, + "cidr_block": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered.", + }, + }, + }, + }, "remote": &schema.Schema{ Type: schema.TypeList, Computed: true, @@ -476,6 +495,12 @@ func dataSourceSecurityGroupCollectionSecurityGroupsRulesToMap(rulesItem vpcv1.S remoteList = append(remoteList, remoteMap) resultMap["remote"] = remoteList } + if securityGroupRule.Local != nil { + localList := []map[string]interface{}{} + localMap := dataSourceSecurityGroupsLocalToMap(*securityGroupRule.Local.(*vpcv1.SecurityGroupRuleLocal)) + localList = append(localList, localMap) + resultMap["local"] = localList + } } case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolIcmp": { @@ -511,6 +536,12 @@ func dataSourceSecurityGroupCollectionSecurityGroupsRulesToMap(rulesItem vpcv1.S remoteList = append(remoteList, remoteMap) resultMap["remote"] = remoteList } + if securityGroupRule.Local != nil { + localList := []map[string]interface{}{} + localMap := dataSourceSecurityGroupsLocalToMap(*securityGroupRule.Local.(*vpcv1.SecurityGroupRuleLocal)) + localList = append(localList, localMap) + resultMap["local"] = localList + } } case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolTcpudp": { @@ -546,6 +577,12 @@ func dataSourceSecurityGroupCollectionSecurityGroupsRulesToMap(rulesItem vpcv1.S remoteList = append(remoteList, remoteMap) resultMap["remote"] = remoteList } + if securityGroupRule.Local != nil { + localList := []map[string]interface{}{} + localMap := dataSourceSecurityGroupsLocalToMap(*securityGroupRule.Local.(*vpcv1.SecurityGroupRuleLocal)) + localList = append(localList, localMap) + resultMap["local"] = localList + } } } @@ -703,3 +740,16 @@ func dataSourceSecurityGroupsRemoteToMap(remoteItem vpcv1.SecurityGroupRuleRemot } return remoteMap } + +func dataSourceSecurityGroupsLocalToMap(localItem vpcv1.SecurityGroupRuleLocal) (localMap map[string]interface{}) { + localMap = map[string]interface{}{} + + if localItem.Address != nil { + localMap["address"] = *localItem.Address + } + + if localItem.CIDRBlock != nil { + localMap["cidr_block"] = *localItem.CIDRBlock + } + return localMap +} diff --git a/ibm/service/vpc/resource_ibm_is_lb_listener.go b/ibm/service/vpc/resource_ibm_is_lb_listener.go index 84ee4ee34e..667c382d6c 100644 --- a/ibm/service/vpc/resource_ibm_is_lb_listener.go +++ b/ibm/service/vpc/resource_ibm_is_lb_listener.go @@ -619,7 +619,7 @@ func lbListenerUpdate(d *schema.ResourceData, meta interface{}, lbID, lbListener diag.FromErr(err) } defPool = lbpool - loadBalancerListenerPatchModel.DefaultPool = &vpcv1.LoadBalancerPoolIdentity{ + loadBalancerListenerPatchModel.DefaultPool = &vpcv1.LoadBalancerListenerDefaultPoolPatch{ ID: &defPool, } hasChanged = true diff --git a/ibm/service/vpc/resource_ibm_is_lb_listener_policy.go b/ibm/service/vpc/resource_ibm_is_lb_listener_policy.go index 03ee1638ad..5c5ba0da2f 100644 --- a/ibm/service/vpc/resource_ibm_is_lb_listener_policy.go +++ b/ibm/service/vpc/resource_ibm_is_lb_listener_policy.go @@ -500,7 +500,7 @@ func lbListenerPolicyCreate(d *schema.ResourceData, meta interface{}, lbID, list target = &urlPrototype } else if actionChk.(string) == "https_redirect" { - urlPrototype := vpcv1.LoadBalancerListenerPolicyTargetPrototypeLoadBalancerListenerHTTPSRedirectPrototype{} + urlPrototype := vpcv1.LoadBalancerListenerPolicyTargetPrototypeLoadBalancerListenerPolicyHTTPSRedirectPrototype{} if listenerSet { listener := listener.(string) @@ -838,7 +838,7 @@ func lbListenerPolicyUpdate(d *schema.ResourceData, meta interface{}, lbID, list } } else if d.Get(isLBListenerPolicyAction).(string) == "https_redirect" { - httpsRedirectPatch := vpcv1.LoadBalancerListenerPolicyTargetPatchLoadBalancerListenerHTTPSRedirectPatch{} + httpsRedirectPatch := vpcv1.LoadBalancerListenerPolicyTargetPatchLoadBalancerListenerPolicyHTTPSRedirectPatch{} targetChange := false if d.HasChange(isLBListenerPolicyHTTPSRedirectListener) { @@ -1121,8 +1121,8 @@ func lbListenerPolicyGet(d *schema.ResourceData, meta interface{}, lbID, listene } } } else if *(policy.Action) == "https_redirect" { - if reflect.TypeOf(policy.Target).String() == "*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerHTTPSRedirect" { - target, ok := policy.Target.(*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerHTTPSRedirect) + if reflect.TypeOf(policy.Target).String() == "*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerPolicyHTTPSRedirect" { + target, ok := policy.Target.(*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerPolicyHTTPSRedirect) if ok { d.Set(isLBListenerPolicyHTTPSRedirectListener, target.Listener.ID) d.Set(isLBListenerPolicyHTTPSRedirectStatusCode, target.HTTPStatusCode) @@ -1180,8 +1180,8 @@ func resourceIBMIsLbListenerPolicyLoadBalancerListenerPolicyTargetToMap(model vp return resourceIBMIsLbListenerPolicyLoadBalancerListenerPolicyTargetLoadBalancerPoolReferenceToMap(model.(*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerPoolReference)) } else if _, ok := model.(*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerPolicyRedirectURL); ok { return resourceIBMIsLbListenerPolicyLoadBalancerListenerPolicyTargetLoadBalancerListenerPolicyRedirectURLToMap(model.(*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerPolicyRedirectURL)) - } else if _, ok := model.(*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerHTTPSRedirect); ok { - return resourceIBMIsLbListenerPolicyLoadBalancerListenerPolicyTargetLoadBalancerListenerHTTPSRedirectToMap(model.(*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerHTTPSRedirect)) + } else if _, ok := model.(*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerPolicyHTTPSRedirect); ok { + return resourceIBMIsLbListenerPolicyLoadBalancerListenerPolicyTargetLoadBalancerListenerHTTPSRedirectToMap(model.(*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerPolicyHTTPSRedirect)) } else if _, ok := model.(*vpcv1.LoadBalancerListenerPolicyTarget); ok { modelMap := make(map[string]interface{}) model := model.(*vpcv1.LoadBalancerListenerPolicyTarget) @@ -1271,7 +1271,7 @@ func resourceIBMIsLbListenerPolicyLoadBalancerListenerPolicyTargetLoadBalancerLi return modelMap, nil } -func resourceIBMIsLbListenerPolicyLoadBalancerListenerPolicyTargetLoadBalancerListenerHTTPSRedirectToMap(model *vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerHTTPSRedirect) (map[string]interface{}, error) { +func resourceIBMIsLbListenerPolicyLoadBalancerListenerPolicyTargetLoadBalancerListenerHTTPSRedirectToMap(model *vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerPolicyHTTPSRedirect) (map[string]interface{}, error) { modelMap := make(map[string]interface{}) modelMap["http_status_code"] = flex.IntValue(model.HTTPStatusCode) listenerMap, err := resourceIBMIsLbListenerPolicyLoadBalancerListenerReferenceToMap(model.Listener) diff --git a/ibm/service/vpc/resource_ibm_is_security_group.go b/ibm/service/vpc/resource_ibm_is_security_group.go index 56f865ac9a..598837069b 100644 --- a/ibm/service/vpc/resource_ibm_is_security_group.go +++ b/ibm/service/vpc/resource_ibm_is_security_group.go @@ -289,6 +289,16 @@ func resourceIBMISSecurityGroupRead(d *schema.ResourceData, meta interface{}) er } } } + local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal) + if ok { + if local != nil && reflect.ValueOf(local).IsNil() == false { + if local.Address != nil { + r[isSecurityGroupRuleLocal] = local.Address + } else if local.CIDRBlock != nil { + r[isSecurityGroupRuleLocal] = local.CIDRBlock + } + } + } rules = append(rules, r) } case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolAll": @@ -312,6 +322,16 @@ func resourceIBMISSecurityGroupRead(d *schema.ResourceData, meta interface{}) er } } } + local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal) + if ok { + if local != nil && reflect.ValueOf(local).IsNil() == false { + if local.Address != nil { + r[isSecurityGroupRuleLocal] = local.Address + } else if local.CIDRBlock != nil { + r[isSecurityGroupRuleLocal] = local.CIDRBlock + } + } + } rules = append(rules, r) } case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolTcpudp": @@ -341,6 +361,16 @@ func resourceIBMISSecurityGroupRead(d *schema.ResourceData, meta interface{}) er } } } + local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal) + if ok { + if local != nil && reflect.ValueOf(local).IsNil() == false { + if local.Address != nil { + r[isSecurityGroupRuleLocal] = local.Address + } else if local.CIDRBlock != nil { + r[isSecurityGroupRuleLocal] = local.CIDRBlock + } + } + } rules = append(rules, r) } } @@ -548,6 +578,12 @@ func makeIBMISSecurityRuleSchema() map[string]*schema.Schema { Description: "Security group id: an IP address, a CIDR block, or a single security group identifier", }, + isSecurityGroupRuleLocal: { + Type: schema.TypeString, + Computed: true, + Description: "Security group local ip: an IP address, a CIDR block", + }, + isSecurityGroupRuleType: { Type: schema.TypeInt, Computed: true, diff --git a/ibm/service/vpc/resource_ibm_is_security_group_rule.go b/ibm/service/vpc/resource_ibm_is_security_group_rule.go index fe86556abf..daa1f71ff0 100644 --- a/ibm/service/vpc/resource_ibm_is_security_group_rule.go +++ b/ibm/service/vpc/resource_ibm_is_security_group_rule.go @@ -27,6 +27,7 @@ const ( isSecurityGroupRuleProtocolUDP = "udp" isSecurityGroupRuleProtocol = "protocol" isSecurityGroupRuleRemote = "remote" + isSecurityGroupRuleLocal = "local" isSecurityGroupRuleType = "type" isSecurityGroupID = "group" isSecurityGroupRuleID = "rule_id" @@ -73,6 +74,13 @@ func ResourceIBMISSecurityGroupRule() *schema.Resource { }, isSecurityGroupRuleRemote: { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Security group local ip: an IP address, a CIDR block", + }, + + isSecurityGroupRuleLocal: { Type: schema.TypeString, Optional: true, Computed: true, @@ -340,6 +348,16 @@ func resourceIBMISSecurityGroupRuleRead(d *schema.ResourceData, meta interface{} } } } + local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal) + if ok { + if local != nil && reflect.ValueOf(local).IsNil() == false { + if local.Address != nil { + d.Set(isSecurityGroupRuleLocal, local.Address) + } else if local.CIDRBlock != nil { + d.Set(isSecurityGroupRuleLocal, local.CIDRBlock) + } + } + } } case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolAll": { @@ -362,6 +380,16 @@ func resourceIBMISSecurityGroupRuleRead(d *schema.ResourceData, meta interface{} } } } + local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal) + if ok { + if local != nil && reflect.ValueOf(local).IsNil() == false { + if local.Address != nil { + d.Set(isSecurityGroupRuleLocal, local.Address) + } else if local.CIDRBlock != nil { + d.Set(isSecurityGroupRuleLocal, local.CIDRBlock) + } + } + } } case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolTcpudp": { @@ -399,6 +427,16 @@ func resourceIBMISSecurityGroupRuleRead(d *schema.ResourceData, meta interface{} } } } + local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal) + if ok { + if local != nil && reflect.ValueOf(local).IsNil() == false { + if local.Address != nil { + d.Set(isSecurityGroupRuleLocal, local.Address) + } else if local.CIDRBlock != nil { + d.Set(isSecurityGroupRuleLocal, local.CIDRBlock) + } + } + } } } return nil @@ -514,6 +552,9 @@ type parsedIBMISSecurityGroupRuleDictionary struct { remoteAddress string remoteCIDR string remoteSecGrpID string + local string + localAddress string + localCIDR string protocol string icmpType int64 icmpCode int64 @@ -534,6 +575,17 @@ func inferRemoteSecurityGroup(s string) (address, cidr, id string, err error) { } } +func inferLocalSecurityGroup(s string) (address, cidr string, err error) { + if validate.IsSecurityGroupAddress(s) { + address = s + return + } else if validate.IsSecurityGroupCIDR(s) { + cidr = s + return + } + return +} + func parseIBMISSecurityGroupRuleDictionary(d *schema.ResourceData, tag string, sess *vpcv1.VpcV1) (*parsedIBMISSecurityGroupRuleDictionary, *vpcv1.SecurityGroupRulePrototype, *vpcv1.UpdateSecurityGroupRuleOptions, error) { parsed := &parsedIBMISSecurityGroupRuleDictionary{} sgTemplate := &vpcv1.SecurityGroupRulePrototype{} @@ -605,9 +657,37 @@ func parseIBMISSecurityGroupRuleDictionary(d *schema.ResourceData, tag string, s sgTemplate.Remote = remoteTemplate securityGroupRulePatchModel.Remote = remoteTemplateUpdate } + + if err != nil { + return nil, nil, nil, err + } + + //Local + parsed.local = "" + if pl, ok := d.GetOk(isSecurityGroupRuleLocal); ok { + parsed.local = pl.(string) + } + parsed.localAddress = "" + parsed.localCIDR = "" + err = nil + if parsed.local != "" { + parsed.localAddress, parsed.localCIDR, err = inferLocalSecurityGroup(parsed.local) + localTemplate := &vpcv1.SecurityGroupRuleLocalPrototype{} + localTemplateUpdate := &vpcv1.SecurityGroupRuleLocalPatch{} + if parsed.localAddress != "" { + localTemplate.Address = &parsed.localAddress + localTemplateUpdate.Address = &parsed.localAddress + } else if parsed.localCIDR != "" { + localTemplate.CIDRBlock = &parsed.localCIDR + localTemplateUpdate.CIDRBlock = &parsed.localCIDR + } + sgTemplate.Local = localTemplate + securityGroupRulePatchModel.Local = localTemplateUpdate + } if err != nil { return nil, nil, nil, err } + parsed.protocol = "all" if icmpInterface, ok := d.GetOk("icmp"); ok { diff --git a/ibm/service/vpc/resource_ibm_is_security_group_rule_test.go b/ibm/service/vpc/resource_ibm_is_security_group_rule_test.go index 7f29bc4df7..abc0ba51a7 100644 --- a/ibm/service/vpc/resource_ibm_is_security_group_rule_test.go +++ b/ibm/service/vpc/resource_ibm_is_security_group_rule_test.go @@ -204,6 +204,7 @@ func testAccCheckIBMISsecurityGroupRuleConfig(vpcname, name string) string { group = ibm_is_security_group.testacc_security_group.id direction = "inbound" remote = "127.0.0.1" + local = "192.168.3.4" tcp { } } diff --git a/website/docs/d/is_security_group.html.markdown b/website/docs/d/is_security_group.html.markdown index c2fa12fd1b..6a8eddf06c 100644 --- a/website/docs/d/is_security_group.html.markdown +++ b/website/docs/d/is_security_group.html.markdown @@ -90,6 +90,7 @@ In addition to all argument reference list, you can access the following attribu Nested scheme for `rules`: - `rule_id`- (String) ID of the rule. - `direction` - (String) Direction of traffic to enforce, either inbound or outbound. + - `local` - (String) The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules). an IP address, a `CIDR` block. - `ip_version` - (String) IP version: IPv4 - `protocol` - (String) The type of the protocol `all`, `icmp`, `tcp`, `udp`. - `type` - (String) The traffic type to allow. diff --git a/website/docs/d/is_security_group_rule.html.markdown b/website/docs/d/is_security_group_rule.html.markdown index 712bab6442..4c52e3907c 100644 --- a/website/docs/d/is_security_group_rule.html.markdown +++ b/website/docs/d/is_security_group_rule.html.markdown @@ -39,6 +39,12 @@ In addition to all argument references listed, you can access the following attr - `href` - (String) The URL for this security group rule. +- `local` - (List) The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules). + + Nested scheme for `local`: + - `address` - (String) The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered. + - `cidr_block` - (String) The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered. + - `ip_version` - (String) The IP version to enforce. The format of `remote.address` or `remote.cidr_block` must match this property, if they are used. Alternatively, if `remote` references a security group, then this rule only applies to IP addresses (network interfaces) in that group matching this IP version. - `port_max` - (Integer) The inclusive upper bound of TCP/UDP port range. diff --git a/website/docs/d/is_security_group_rules.html.markdown b/website/docs/d/is_security_group_rules.html.markdown index c890ba5bba..6539bb7fbc 100644 --- a/website/docs/d/is_security_group_rules.html.markdown +++ b/website/docs/d/is_security_group_rules.html.markdown @@ -37,6 +37,11 @@ Nested scheme for `rules`: - `href` - (String) The URL for this security group rule. - `id` - (String) The unique identifier for this security group rule. - `ip_version` - (String) The IP version to enforce. The format of `remote.address` or `remote.cidr_block` must match this property, if they are used. Alternatively, if `remote` references a security group, then this rule only applies to IP addresses (network interfaces) in that group matching this IP version. + - `local` - (List) The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules). + + Nested scheme for `local`: + - `address` - (String) The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered. + - `cidr_block` - (String) The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered. - `port_max` - (Integer) The inclusive upper bound of TCP/UDP port range. - `port_min` - (Integer) The inclusive lower bound of TCP/UDP port range. - `protocol` - (String) The protocol to enforce. diff --git a/website/docs/d/is_security_groups.html.markdown b/website/docs/d/is_security_groups.html.markdown index db9700fb51..8b08fb0f0b 100644 --- a/website/docs/d/is_security_groups.html.markdown +++ b/website/docs/d/is_security_groups.html.markdown @@ -62,6 +62,7 @@ In addition to all argument references listed, you can access the following attr - `vpc_crn` - Filters the collection to resources in the VPC with the specified CRN - `resource_group` - Filters the collection to resources in the resource group with the specified identifier - `security_groups` - (List) Collection of security groups. + Nested scheme for `security_groups`: - `access_tags` - (List) Access management tags associated for the security group. - `created_at` - (String) The date and time that this security group was created. @@ -70,22 +71,30 @@ In addition to all argument references listed, you can access the following attr - `id` - (String) The unique identifier for this security group. - `name` - (String) The user-defined name for this security group. Names must be unique within the VPC the security group resides in. - `resource_group` - (List) The resource group object, for this security group. + Nested scheme for `resource_group`: - `href` - (String) The URL for this resource group. - `id` - (String) The unique identifier for this resource group. - `name` - (String) The user-defined name for this resource group. - `rules` - (List) The rules for this security group. If no rules exist, all traffic will be denied. + Nested scheme for `rules`: - `code` - (Integer) The ICMP traffic code to allow. - `direction` - (String) The direction of traffic to enforce, either `inbound` or `outbound`. - `href` - (String) The URL for this security group rule. - `id` - (String) The unique identifier for this security group rule. - `ip_version` - (String) The IP version to enforce. The format of `remote.address` or `remote.cidr_block` must match this property, if they are used. Alternatively, if `remote` references a security group, then this rule only applies to IP addresses (network interfaces) in that group matching this IP version. + - `local` - (List) The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules). + + Nested scheme for `local`: + - `address` - (String) The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered. + - `cidr_block` - (String) The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered. - `port_max` - (Integer) The inclusive upper bound of TCP/UDP port range. - `port_min` - (Integer) The inclusive lower bound of TCP/UDP port range. - `protocol` - (String) The protocol to enforce. - `remote` - (List) The IP addresses or security groups from which this rule allows traffic (or to which,for outbound rules). Can be specified as an IP address, a CIDR block, or a securitygroup. A CIDR block of `0.0.0.0/0` allows traffic from any source (or to any source,for outbound rules). - Nested scheme for `remote`: + + Nested scheme for `remote`: - `address` - (String) The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered. - `cidr_block` - (String) The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered. - `crn` - (String) The security group's CRN. diff --git a/website/docs/r/is_security_group.html.markdown b/website/docs/r/is_security_group.html.markdown index 838358e601..50acb6734d 100644 --- a/website/docs/r/is_security_group.html.markdown +++ b/website/docs/r/is_security_group.html.markdown @@ -61,6 +61,7 @@ In addition to all argument reference list, you can access the following attribu - `code` - (String) The `ICMP` traffic code to allow. - `direction`- (String) The direction of the traffic either `inbound` or `outbound`. - `ip_version` - (String) IP version: `ipv4` + - `local` - (String) The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules). an IP address, a `CIDR` block. - `protocol` - (String) The type of the protocol `all`, `icmp`, `tcp`, `udp`. - `port_max`- (Integer) The `TCP/UDP` port range that includes the maximum bound. - `port_min`- (Integer) The `TCP/UDP` port range that includes the minimum bound. diff --git a/website/docs/r/is_security_group_rule.html.markdown b/website/docs/r/is_security_group_rule.html.markdown index bf9d04d28e..0931d0a57f 100644 --- a/website/docs/r/is_security_group_rule.html.markdown +++ b/website/docs/r/is_security_group_rule.html.markdown @@ -101,6 +101,7 @@ Review the argument references that you can specify for your resource. - `direction` - (Required, String) The direction of the traffic either `inbound` or `outbound`. - `group` - (Required, Forces new resource, String) The security group ID. +- `local` - (String) The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules). an IP address, a `CIDR` block. - `ip_version` - (Optional, String) The IP version either `IPv4` or `IPv6`. Default `IPv4`. - `icmp` - (Optional, List) A nested block describes the `icmp` protocol of this security group rule.