Support enable secure-by-default #5751
Conversation
|
|
| Type: schema.TypeBool, | ||
| Optional: true, | ||
| Description: "Enable Secure-by-default on existing clusters (note: can be used on existing clusters)", | ||
| ValidateFunc: func(i interface{}, s string) (warnings []string, errors []error) { |
There was a problem hiding this comment.
Why we are checking if its type bool or value can be true or false since we defined it as bool type will not it implictly take only true/false
There was a problem hiding this comment.
you are right, the first check is not needed. I'll remove it
| if err := ClusterClient.VPCs().SetOutboundTrafficProtection(clusterID, outbound_traffic_protection, Env); err != nil { | ||
| return err | ||
| if d.HasChange(DisableOutboundTrafficProtectionFlag) { | ||
| outbound_traffic_protection := !d.Get(DisableOutboundTrafficProtectionFlag).(bool) |
There was a problem hiding this comment.
why we are storing opposite value of DisableOutboundTrafficProtectionFlag
There was a problem hiding this comment.
It's a legacy stuff, I didn't change the functionality here. On the other hand if I'm right the DisableOutboundTrafficProtectionFlag was introduced first, and after that in an upcoming change the opposite value of this was needed. It's a bit wierd, but this is how it's working.
go.mod
Outdated
| @@ -245,3 +245,5 @@ exclude ( | |||
| k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible | |||
| k8s.io/client-go v12.0.0+incompatible | |||
| ) | |||
|
|
|||
| replace github.com/IBM-Cloud/bluemix-go => github.com/golibali/bluemix-go v0.0.0-20241025125601-938969bd5ada | |||
There was a problem hiding this comment.
Why we do replace for local or fork code
There was a problem hiding this comment.
I'll remove this. I used it until my bluemix change was not merged.
| @@ -609,6 +626,10 @@ func resourceIBMContainerVpcClusterCreate(d *schema.ResourceData, meta interface | |||
|
|
|||
| disableOutboundTrafficProtection := d.Get(DisableOutboundTrafficProtectionFlag).(bool) | |||
|
|
|||
| if _, ok := d.GetOk(EnableSecureByDefaultFlag); ok { | |||
There was a problem hiding this comment.
Can you move this logic to CustomizeDiff implementation so we can validate during plan itself .
https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/customizing-differences
There was a problem hiding this comment.
Sure I'll move it to there
| } | ||
|
|
||
| if d.HasChange(EnableSecureByDefaultFlag) { |
There was a problem hiding this comment.
Once we enable we can disable it back also?
There was a problem hiding this comment.
I'm not sure, I can follow you.
This resource flag can be set to only true. Basically an allready created cluster where this flag was not set, it can be set to true, but after that it can't be set to any other value. The validation for the "only true" is where the flag is described:
|
test rerun: |
Support enabling secure-by-default on allready created non secure-by-default clusters. It can be set only to true.
Community Note
Relates OR Closes #0000
Output from acceptance testing: