Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update schema for r/netowrking_port_v2 #1045

Merged
merged 4 commits into from
May 6, 2021
+248 −64
Merged

Update schema for r/netowrking_port_v2 #1045

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
085c61e
Add possibility to set port_security
lego963 May 5, 2021
524ceb6
Add new acceptance test
lego963 May 5, 2021
9c937bb
Fix acceptance test
lego963 May 5, 2021
cff39c4
Fix issues with new argument
lego963 May 5, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions docs/resources/networking_port_v2.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,11 @@ The following arguments are supported:
port. The security groups must be specified by ID and not name (as opposed
to how they are configured with the Compute Instance).

* `no_security_groups` - (Optional) If set to `true`, then no security groups
are applied to the port. If set to `false` and no `security_group_ids` are specified,
then the port will yield to the default behavior of the Networking service,
which is to usually apply the `"default"` security group.

* `device_id` - (Optional) The ID of the device attached to the port. Changing this
creates a new port.

Expand All @@ -74,6 +79,13 @@ The `allowed_address_pairs` block supports:

* `mac_address` - (Optional) The additional MAC address.

* `port_security_enabled` - (Optional) Whether to explicitly enable or disable
port security on the port. Port Security is usually enabled by default, so
omitting argument will usually result in a value of `true`. Setting this
explicitly to `false` will disable port security. In order to disable port
security, the port must not have any security groups. Valid values are `true`
and `false`.

## Attributes Reference

The following attributes are exported:
Expand All @@ -94,6 +106,8 @@ The following attributes are exported:

* `all fixed_ips` - The collection of Fixed IP addresses on the port in the order returned by the Network v2 API.

* `port_security_enabled` - See Argument Reference above.

## Import

Ports can be imported using the `id`, e.g.
Expand Down
156 changes: 140 additions & 16 deletions opentelekomcloud/acceptance/vpc/resource_opentelekomcloud_networking_port_v2_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (

"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/terraform"
"github.com/opentelekomcloud/gophertelekomcloud/openstack/networking/v2/extensions/portsecurity"
"github.com/opentelekomcloud/gophertelekomcloud/openstack/networking/v2/networks"
"github.com/opentelekomcloud/gophertelekomcloud/openstack/networking/v2/ports"
"github.com/opentelekomcloud/gophertelekomcloud/openstack/networking/v2/subnets"
Expand All @@ -15,6 +16,11 @@ import (
"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/cfg"
)

type testPortWithExtensions struct {
ports.Port
portsecurity.PortSecurityExt
}

func TestAccNetworkingV2Port_basic(t *testing.T) {
var network networks.Network
var port ports.Port
Expand Down Expand Up @@ -63,7 +69,7 @@ func TestAccNetworkingV2Port_noip(t *testing.T) {
func TestAccNetworkingV2Port_allowedAddressPairs(t *testing.T) {
var network networks.Network
var subnet subnets.Subnet
var vrrp_port_1, vrrp_port_2, instance_port ports.Port
var vrrpPort1, vrrpPort2, instancePort ports.Port

resource.Test(t, resource.TestCase{
PreCheck: func() { common.TestAccPreCheck(t) },
Expand All @@ -75,9 +81,38 @@ func TestAccNetworkingV2Port_allowedAddressPairs(t *testing.T) {
Check: resource.ComposeTestCheckFunc(
TestAccCheckNetworkingV2SubnetExists("opentelekomcloud_networking_subnet_v2.vrrp_subnet", &subnet),
TestAccCheckNetworkingV2NetworkExists("opentelekomcloud_networking_network_v2.vrrp_network", &network),
testAccCheckNetworkingV2PortExists("opentelekomcloud_networking_port_v2.vrrp_port_1", &vrrp_port_1),
testAccCheckNetworkingV2PortExists("opentelekomcloud_networking_port_v2.vrrp_port_2", &vrrp_port_2),
testAccCheckNetworkingV2PortExists("opentelekomcloud_networking_port_v2.instance_port", &instance_port),
testAccCheckNetworkingV2PortExists("opentelekomcloud_networking_port_v2.vrrp_port_1", &vrrpPort1),
testAccCheckNetworkingV2PortExists("opentelekomcloud_networking_port_v2.vrrp_port_2", &vrrpPort2),
testAccCheckNetworkingV2PortExists("opentelekomcloud_networking_port_v2.instance_port", &instancePort),
),
},
},
})
}

func TestAccNetworkingV2Port_portSecurity_enabled(t *testing.T) {
var port testPortWithExtensions
resourceName := "opentelekomcloud_networking_port_v2.port_1"

resource.Test(t, resource.TestCase{
PreCheck: func() { common.TestAccPreCheck(t) },
Providers: common.TestAccProviders,
CheckDestroy: testAccCheckNetworkingV2PortDestroy,
Steps: []resource.TestStep{
{
Config: testAccNetworkingV2PortSecurityEnabled,
Check: resource.ComposeTestCheckFunc(
testAccCheckNetworkingV2PortWithExtensionsExists(resourceName, &port),
resource.TestCheckResourceAttr(resourceName, "port_security_enabled", "true"),
testAccCheckNetworkingV2PortPortSecurity(&port, true),
),
},
{
Config: testAccNetworkingV2PortSecurityDisabled,
Check: resource.ComposeTestCheckFunc(
testAccCheckNetworkingV2PortWithExtensionsExists(resourceName, &port),
resource.TestCheckResourceAttr(resourceName, "port_security_enabled", "false"),
testAccCheckNetworkingV2PortPortSecurity(&port, false),
),
},
},
Expand Down Expand Up @@ -108,19 +143,19 @@ func TestAccNetworkingV2Port_timeout(t *testing.T) {

func testAccCheckNetworkingV2PortDestroy(s *terraform.State) error {
config := common.TestAccProvider.Meta().(*cfg.Config)
networkingClient, err := config.NetworkingV2Client(env.OS_REGION_NAME)
client, err := config.NetworkingV2Client(env.OS_REGION_NAME)
if err != nil {
return fmt.Errorf("Error creating OpenTelekomCloud networking client: %s", err)
return fmt.Errorf("error creating OpenTelekomCloud NetworkingV2 client: %w", err)
}

for _, rs := range s.RootModule().Resources {
if rs.Type != "opentelekomcloud_networking_port_v2" {
continue
}

_, err := ports.Get(networkingClient, rs.Primary.ID).Extract()
_, err := ports.Get(client, rs.Primary.ID).Extract()
if err == nil {
return fmt.Errorf("Port still exists")
return fmt.Errorf("port still exists")
}
}

Expand All @@ -131,26 +166,26 @@ func testAccCheckNetworkingV2PortExists(n string, port *ports.Port) resource.Tes
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Not found: %s", n)
return fmt.Errorf("not found: %s", n)
}

if rs.Primary.ID == "" {
return fmt.Errorf("No ID is set")
return fmt.Errorf("no ID is set")
}

config := common.TestAccProvider.Meta().(*cfg.Config)
networkingClient, err := config.NetworkingV2Client(env.OS_REGION_NAME)
client, err := config.NetworkingV2Client(env.OS_REGION_NAME)
if err != nil {
return fmt.Errorf("Error creating OpenTelekomCloud networking client: %s", err)
return fmt.Errorf("error creating OpenTelekomCloud NetworkingV2 client: %w", err)
}

found, err := ports.Get(networkingClient, rs.Primary.ID).Extract()
found, err := ports.Get(client, rs.Primary.ID).Extract()
if err != nil {
return err
}

if found.ID != rs.Primary.ID {
return fmt.Errorf("Port not found")
return fmt.Errorf("port not found")
}

*port = *found
Expand All @@ -159,10 +194,43 @@ func testAccCheckNetworkingV2PortExists(n string, port *ports.Port) resource.Tes
}
}

func testAccCheckNetworkingV2PortWithExtensionsExists(n string, port *testPortWithExtensions) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("not found: %s", n)
}

if rs.Primary.ID == "" {
return fmt.Errorf("no ID is set")
}

config := common.TestAccProvider.Meta().(*cfg.Config)
client, err := config.NetworkingV2Client(env.OS_REGION_NAME)
if err != nil {
return fmt.Errorf("error creating OpenTelekomCloud NetworkingV2 client: %s", err)
}

var found testPortWithExtensions
err = ports.Get(client, rs.Primary.ID).ExtractInto(&found)
if err != nil {
return err
}

if found.ID != rs.Primary.ID {
return fmt.Errorf("port not found")
}

*port = found

return nil
}
}

func testAccCheckNetworkingV2PortCountFixedIPs(port *ports.Port, expected int) resource.TestCheckFunc {
return func(s *terraform.State) error {
if len(port.FixedIPs) != expected {
return fmt.Errorf("Expected %d Fixed IPs, got %d", expected, len(port.FixedIPs))
return fmt.Errorf("expected %d Fixed IPs, got %d", expected, len(port.FixedIPs))
}

return nil
Expand All @@ -172,7 +240,17 @@ func testAccCheckNetworkingV2PortCountFixedIPs(port *ports.Port, expected int) r
func testAccCheckNetworkingV2PortCountSecurityGroups(port *ports.Port, expected int) resource.TestCheckFunc {
return func(s *terraform.State) error {
if len(port.SecurityGroups) != expected {
return fmt.Errorf("Expected %d Security Groups, got %d", expected, len(port.SecurityGroups))
return fmt.Errorf("expected %d Security Groups, got %d", expected, len(port.SecurityGroups))
}

return nil
}
}

func testAccCheckNetworkingV2PortPortSecurity(port *testPortWithExtensions, expected bool) resource.TestCheckFunc {
return func(s *terraform.State) error {
if port.PortSecurityEnabled != expected {
return fmt.Errorf("port has wrong port_security_enabled. Expected %t, got %t", expected, port.PortSecurityEnabled)
}

return nil
Expand Down Expand Up @@ -361,6 +439,52 @@ resource "opentelekomcloud_networking_port_v2" "port_1" {
}
`

const testAccNetworkingV2PortSecurityDisabled = `
resource "opentelekomcloud_networking_network_v2" "network_1" {
name = "network_1"
}
resource "opentelekomcloud_networking_subnet_v2" "subnet_1" {
name = "subnet_1"
cidr = "192.168.199.0/24"
ip_version = 4
network_id = opentelekomcloud_networking_network_v2.network_1.id
}

resource "opentelekomcloud_networking_port_v2" "port_1" {
name = "port_1"
network_id = opentelekomcloud_networking_network_v2.network_1.id
port_security_enabled = false
no_security_groups = true
fixed_ip {
subnet_id = opentelekomcloud_networking_subnet_v2.subnet_1.id
ip_address = "192.168.199.23"
}
}
`

const testAccNetworkingV2PortSecurityEnabled = `
resource "opentelekomcloud_networking_network_v2" "network_1" {
name = "network_1"
}
resource "opentelekomcloud_networking_subnet_v2" "subnet_1" {
name = "subnet_1"
cidr = "192.168.199.0/24"
ip_version = 4
network_id = opentelekomcloud_networking_network_v2.network_1.id
}

resource "opentelekomcloud_networking_port_v2" "port_1" {
name = "port_1"
network_id = opentelekomcloud_networking_network_v2.network_1.id
port_security_enabled = true
no_security_groups = false
fixed_ip {
subnet_id = opentelekomcloud_networking_subnet_v2.subnet_1.id
ip_address = "192.168.199.23"
}
}
`

const testAccNetworkingV2Port_timeout = `
resource "opentelekomcloud_networking_network_v2" "network_1" {
name = "network_1"
Expand Down
Loading