From 0941a742f06cd9a58f6c69ea920eae87da3feb75 Mon Sep 17 00:00:00 2001 From: michaelkad Date: Wed, 14 Aug 2024 15:35:26 -0500 Subject: [PATCH] [D] Network Security Group [R] Add NSG [R] Add NSG Action [R] Add NSG Member [R] Add NSG Member test --- go.mod | 13 +- go.sum | 24 +- ibm/acctest/acctest.go | 6 + ibm/provider/provider.go | 5 + ...ta_source_ibm_pi_network_security_group.go | 304 ++++++++++++++ ...urce_ibm_pi_network_security_group_test.go | 38 ++ ...a_source_ibm_pi_network_security_groups.go | 247 ++++++++++++ ...rce_ibm_pi_network_security_groups_test.go | 35 ++ ibm/service/power/ibm_pi_constants.go | 28 +- .../resource_ibm_pi_network_security_group.go | 358 +++++++++++++++++ ...ce_ibm_pi_network_security_group_action.go | 163 ++++++++ ...m_pi_network_security_group_action_test.go | 44 ++ ...ce_ibm_pi_network_security_group_member.go | 375 ++++++++++++++++++ ...m_pi_network_security_group_member_test.go | 81 ++++ ...urce_ibm_pi_network_security_group_test.go | 105 +++++ .../d/pi_network_security_group.html.markdown | 88 ++++ .../pi_network_security_groups.html.markdown | 86 ++++ .../r/pi_network_security_group.html.markdown | 87 ++++ ...etwork_security_group_action.html.markdown | 56 +++ ...etwork_security_group_member.html.markdown | 97 +++++ 20 files changed, 2233 insertions(+), 7 deletions(-) create mode 100644 ibm/service/power/data_source_ibm_pi_network_security_group.go create mode 100644 ibm/service/power/data_source_ibm_pi_network_security_group_test.go create mode 100644 ibm/service/power/data_source_ibm_pi_network_security_groups.go create mode 100644 ibm/service/power/data_source_ibm_pi_network_security_groups_test.go create mode 100644 ibm/service/power/resource_ibm_pi_network_security_group.go create mode 100644 ibm/service/power/resource_ibm_pi_network_security_group_action.go create mode 100644 ibm/service/power/resource_ibm_pi_network_security_group_action_test.go create mode 100644 ibm/service/power/resource_ibm_pi_network_security_group_member.go create mode 100644 ibm/service/power/resource_ibm_pi_network_security_group_member_test.go create mode 100644 ibm/service/power/resource_ibm_pi_network_security_group_test.go create mode 100644 website/docs/d/pi_network_security_group.html.markdown create mode 100644 website/docs/d/pi_network_security_groups.html.markdown create mode 100644 website/docs/r/pi_network_security_group.html.markdown create mode 100644 website/docs/r/pi_network_security_group_action.html.markdown create mode 100644 website/docs/r/pi_network_security_group_member.html.markdown diff --git a/go.mod b/go.mod index 2effbbf28c..e1c3171528 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ toolchain go1.22.5 require ( github.com/IBM-Cloud/bluemix-go v0.0.0-20240719075425-078fcb3a55be github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20240725064144-454a2ae23113 - github.com/IBM-Cloud/power-go-client v1.7.0 + github.com/IBM-Cloud/power-go-client v1.8.0-beta12 github.com/IBM/apigateway-go-sdk v0.0.0-20210714141226-a5d5d49caaca github.com/IBM/appconfiguration-go-admin-sdk v0.3.0 github.com/IBM/appid-management-go-sdk v0.0.0-20210908164609-dd0e0eaf732f @@ -75,6 +75,7 @@ require ( require ( cloud.google.com/go/kms v1.10.1 // indirect cloud.google.com/go/monitoring v1.13.0 // indirect + github.com/Bowery/prompt v0.0.0-20190916142128-fa8279994f75 // indirect github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56 // indirect github.com/PromonLogicalis/asn1 v0.0.0-20190312173541-d60463189a56 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect @@ -93,6 +94,7 @@ require ( github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a // indirect + github.com/dchest/safefile v0.0.0-20151022103144-855e8d98f185 // indirect github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect github.com/eapache/go-resiliency v1.4.0 // indirect github.com/eapache/go-xerial-snappy v0.0.0-20230731223053-c322873962e3 // indirect @@ -125,6 +127,7 @@ require ( github.com/google/gnostic v0.6.9 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect + github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-checkpoint v0.5.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -165,6 +168,7 @@ require ( github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/kardianos/govendor v1.0.9 // indirect github.com/klauspost/compress v1.16.7 // indirect github.com/kube-object-storage/lib-bucket-provisioner v0.0.0-20221122204822-d1a8c34382f1 // indirect github.com/leodido/go-urn v1.4.0 // indirect @@ -176,6 +180,8 @@ require ( github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect github.com/mitchellh/go-wordwrap v1.0.0 // indirect + github.com/mitchellh/gox v1.0.1 // indirect + github.com/mitchellh/iochan v1.0.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/spdystream v0.2.0 // indirect @@ -212,10 +218,13 @@ require ( golang.org/x/mod v0.17.0 // indirect golang.org/x/net v0.27.0 // indirect golang.org/x/oauth2 v0.7.0 // indirect - golang.org/x/sys v0.22.0 // indirect + golang.org/x/sys v0.25.0 // indirect golang.org/x/term v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.3.0 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect + golang.org/x/tools/cmd/cover v0.1.0-deprecated // indirect + golang.org/x/tools/go/vcs v0.1.0-deprecated // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect diff --git a/go.sum b/go.sum index c3a7916418..1c92a74861 100644 --- a/go.sum +++ b/go.sum @@ -105,6 +105,8 @@ github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= +github.com/Bowery/prompt v0.0.0-20190916142128-fa8279994f75 h1:xGHheKK44eC6K0u5X+DZW/fRaR1LnDdqPHMZMWx5fv8= +github.com/Bowery/prompt v0.0.0-20190916142128-fa8279994f75/go.mod h1:4/6eNcqZ09BZ9wLK3tZOjBA1nDj+B0728nlX5YRlSmQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0= github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= @@ -118,8 +120,8 @@ github.com/IBM-Cloud/bluemix-go v0.0.0-20240719075425-078fcb3a55be/go.mod h1:/7h github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20240725064144-454a2ae23113 h1:f2Erqfea1dKpaTFagTJM6W/wnD3JGq/Vn9URh8nuRwk= github.com/IBM-Cloud/container-services-go-sdk v0.0.0-20240725064144-454a2ae23113/go.mod h1:xUQL9SGAjoZFd4GNjrjjtEpjpkgU7RFXRyHesbKTjiY= github.com/IBM-Cloud/ibm-cloud-cli-sdk v0.5.3/go.mod h1:RiUvKuHKTBmBApDMUQzBL14pQUGKcx/IioKQPIcRQjs= -github.com/IBM-Cloud/power-go-client v1.7.0 h1:/GuGwPMTKoCZACfnwt7b6wKr4v32q1VO1AMFGNETRN4= -github.com/IBM-Cloud/power-go-client v1.7.0/go.mod h1:9izycYAmNQ+NAdVPXDC3fHYxqWLjlR2YiwqKYveMv5Y= +github.com/IBM-Cloud/power-go-client v1.8.0-beta12 h1:4DXa4lUMGKlf7cWrBG+nWa9Gdiz20z1O9h1gSX4Q7JY= +github.com/IBM-Cloud/power-go-client v1.8.0-beta12/go.mod h1:oAkZiHX25cmr2Yun5V0q6CpnUemegvSrpcEy/oQcjzU= github.com/IBM-Cloud/softlayer-go v1.0.5-tf h1:koUAyF9b6X78lLLruGYPSOmrfY2YcGYKOj/Ug9nbKNw= github.com/IBM-Cloud/softlayer-go v1.0.5-tf/go.mod h1:6HepcfAXROz0Rf63krk5hPZyHT6qyx2MNvYyHof7ik4= github.com/IBM/apigateway-go-sdk v0.0.0-20210714141226-a5d5d49caaca h1:crniVcf+YcmgF03NmmfonXwSQ73oJF+IohFYBwknMxs= @@ -390,6 +392,8 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a h1:saTgr5tMLFnmy/yg3qDTft4rE5DY2uJ/cCxCe3q0XTU= github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a/go.mod h1:Bw9BbhOJVNR+t0jCqx2GC6zv0TGBsShs56Y3gfSCvl0= +github.com/dchest/safefile v0.0.0-20151022103144-855e8d98f185 h1:3T8ZyTDp5QxTx3NU48JVb2u+75xc040fofcBaN+6jPA= +github.com/dchest/safefile v0.0.0-20151022103144-855e8d98f185/go.mod h1:cFRxtTwTOJkz2x3rQUNCYKWC93yP1VKjR8NUhqFxZNU= github.com/denisenkom/go-mssqldb v0.0.0-20190412130859-3b1d194e553a/go.mod h1:zAg7JM8CkOJ43xKXIj7eRO9kmWm/TW578qo+oDO6tuM= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba h1:p6poVbjHDkKa+wtC8frBMwQtT3BmqGYBjzMwJ63tuR4= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= @@ -778,6 +782,8 @@ github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20230510103437-eeec1cb781c3 h1:2XF1Vzq06X+inNqgJ9tRnGuw+ZVCB3FazXODD6JE1R8= github.com/google/pprof v0.0.0-20230510103437-eeec1cb781c3/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -947,6 +953,7 @@ github.com/hashicorp/go-uuid v1.0.2-0.20191001231223-f32f5fe8d6a8/go.mod h1:6SBZ github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-version v1.0.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= @@ -1139,6 +1146,8 @@ github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVY github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +github.com/kardianos/govendor v1.0.9 h1:WOH3FcVI9eOgnIZYg96iwUwrL4eOVx+aQ66oyX2R8Yc= +github.com/kardianos/govendor v1.0.9/go.mod h1:yvmR6q9ZZ7nSF5Wvh40v0wfP+3TwwL8zYQp+itoZSVM= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= github.com/kelseyhightower/envconfig v1.3.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= @@ -1257,7 +1266,10 @@ github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= +github.com/mitchellh/gox v1.0.1 h1:x0jD3dcHk9a9xPSDN6YEL4xL6Qz0dvNYm8yZqui5chI= +github.com/mitchellh/gox v1.0.1/go.mod h1:ED6BioOGXMswlXa2zxfh/xdd5QhwYliBFn9V18Ap4z4= github.com/mitchellh/hashstructure v1.0.0/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ= +github.com/mitchellh/iochan v1.0.0 h1:C+X3KsSTLFVBr/tK1eYN/vs4rJcvsiLU338UhYPJWeY= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= @@ -2050,8 +2062,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -2189,6 +2201,10 @@ golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58 golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools/cmd/cover v0.1.0-deprecated h1:Rwy+mWYz6loAF+LnG1jHG/JWMHRMMC2/1XX3Ejkx9lA= +golang.org/x/tools/cmd/cover v0.1.0-deprecated/go.mod h1:hMDiIvlpN1NoVgmjLjUJE9tMHyxHjFX7RuQ+rW12mSA= +golang.org/x/tools/go/vcs v0.1.0-deprecated h1:cOIJqWBl99H1dH5LWizPa+0ImeeJq3t3cJjaeOWUAL4= +golang.org/x/tools/go/vcs v0.1.0-deprecated/go.mod h1:zUrvATBAvEI9535oC0yWYsLsHIV4Z7g63sNPVMtuBy8= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/ibm/acctest/acctest.go b/ibm/acctest/acctest.go index 410539545e..28cb43f35b 100644 --- a/ibm/acctest/acctest.go +++ b/ibm/acctest/acctest.go @@ -217,6 +217,7 @@ var ( Pi_instance_name string Pi_key_name string Pi_network_name string + Pi_network_security_group_id string Pi_placement_group_name string Pi_replication_volume_name string Pi_resource_group_id string @@ -1061,6 +1062,11 @@ func init() { fmt.Println("[INFO] Set the environment variable PI_NETWORK_NAME for testing ibm_pi_network_name resource else it is set to default value 'terraform-test-power'") } + Pi_network_security_group_id = os.Getenv("PI_NETWORK_SECURITY_GROUP_ID") + if Pi_network_security_group_id == "" { + Pi_network_security_group_id = "terraform-test-power" + fmt.Println("[INFO] Set the environment variable PI_NETWORK_SECURITY_GROUP_ID for testing ibm_pi_network_security_group resource else it is set to default value 'terraform-test-power'") + } Pi_volume_name = os.Getenv("PI_VOLUME_NAME") if Pi_volume_name == "" { Pi_volume_name = "terraform-test-power" diff --git a/ibm/provider/provider.go b/ibm/provider/provider.go index dc4a116869..1d209b3122 100644 --- a/ibm/provider/provider.go +++ b/ibm/provider/provider.go @@ -652,6 +652,8 @@ func Provider() *schema.Provider { "ibm_pi_key": power.DataSourceIBMPIKey(), "ibm_pi_keys": power.DataSourceIBMPIKeys(), "ibm_pi_network_port": power.DataSourceIBMPINetworkPort(), + "ibm_pi_network_security_group": power.DataSourceIBMPINetworkSecurityGroup(), + "ibm_pi_network_security-groups": power.DataSourceIBMPINetworkSecurityGroups(), "ibm_pi_network": power.DataSourceIBMPINetwork(), "ibm_pi_networks": power.DataSourceIBMPINetworks(), "ibm_pi_placement_group": power.DataSourceIBMPIPlacementGroup(), @@ -1297,6 +1299,9 @@ func Provider() *schema.Provider { "ibm_pi_ipsec_policy": power.ResourceIBMPIIPSecPolicy(), "ibm_pi_key": power.ResourceIBMPIKey(), "ibm_pi_network_port_attach": power.ResourceIBMPINetworkPortAttach(), + "ibm_pi_network_security_group_action": power.ResourceIBMPINetworkSecurityGroupAction(), + "ibm_pi_network_security_group_member": power.ResourceIBMPINetworkSecurityGroupMember(), + "ibm_pi_network_security_group": power.ResourceIBMPINetworkSecurityGroup(), "ibm_pi_network": power.ResourceIBMPINetwork(), "ibm_pi_placement_group": power.ResourceIBMPIPlacementGroup(), "ibm_pi_shared_processor_pool": power.ResourceIBMPISharedProcessorPool(), diff --git a/ibm/service/power/data_source_ibm_pi_network_security_group.go b/ibm/service/power/data_source_ibm_pi_network_security_group.go new file mode 100644 index 0000000000..9c8de28c2c --- /dev/null +++ b/ibm/service/power/data_source_ibm_pi_network_security_group.go @@ -0,0 +1,304 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package power + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + + "github.com/IBM-Cloud/power-go-client/clients/instance" + "github.com/IBM-Cloud/power-go-client/power/models" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func DataSourceIBMPINetworkSecurityGroup() *schema.Resource { + return &schema.Resource{ + ReadContext: dataSourceIBMPINetworkSecurityGroupRead, + + Schema: map[string]*schema.Schema{ + // Arguments + Arg_CloudInstanceID: { + Description: "The GUID of the service instance associated with an account.", + Required: true, + Type: schema.TypeString, + ValidateFunc: validation.NoZeroValues, + }, + Arg_NetworkSecurityGroupID: { + Description: "network security group ID.", + Required: true, + Type: schema.TypeString, + ValidateFunc: validation.NoZeroValues, + }, + // Attributes + Attr_CRN: { + Computed: true, + Description: "The network security group's crn.", + Type: schema.TypeString, + }, + Attr_Members: { + Computed: true, + Description: "The list of IPv4 addresses and, or network interfaces in the network security group.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_ID: { + Computed: true, + Description: "The ID of the member in a network security group.", + Type: schema.TypeString, + }, + Attr_MacAddress: { + Computed: true, + Description: "The mac address of a network interface included if the type is network-interface.", + Type: schema.TypeString, + }, + Attr_Target: { + Computed: true, + Description: "If ipv4-address type, then IPv4 address or if network-interface type, then network interface ID.", + Type: schema.TypeString, + }, + Attr_Type: { + Computed: true, + Description: "The type of member.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_Name: { + Computed: true, + Description: "The name of the network security group.", + Type: schema.TypeString, + }, + Attr_Rules: { + Computed: true, + Description: "The list of rules in the network security group.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Action: { + Computed: true, + Description: "The action to take if the rule matches network traffic.", + Type: schema.TypeString, + }, + Attr_DestinationPort: { + Computed: true, + Description: "The list of destination port.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Maximum: { + Computed: true, + Description: "The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number.", + Type: schema.TypeInt, + }, + Attr_Minimum: { + Computed: true, + Description: "The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number.", + Type: schema.TypeInt, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_ID: { + Computed: true, + Description: "The ID of the rule in a network security group.", + Type: schema.TypeString, + }, + Attr_Protocol: { + Computed: true, + Description: "The list of protocol.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_ICMPTypes: { + Computed: true, + Description: "If icmp type, the list of ICMP packet types (by numbers) affected by ICMP rules and if not present then all types are matched.", + Elem: &schema.Schema{ + Type: schema.TypeInt, + }, + Type: schema.TypeList, + }, + Attr_TCPFlags: { + Computed: true, + Description: "If tcp type, the list of TCP flags and if not present then all flags are matched.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Flag: { + Computed: true, + Description: "TCP flag.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_Type: { + Computed: true, + Description: "The protocol of the network traffic.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_Remote: { + Computed: true, + Description: "List of remote.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_ID: { + Computed: true, + Description: "The ID of the remote Network Address Group or network security group the rules apply to. Not required for default-network-address-group.", + Type: schema.TypeString, + }, + Attr_Type: { + Computed: true, + Description: "The type of remote group the rules apply to.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_SourcePort: { + Computed: true, + Description: "ist of source port", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Maximum: { + Computed: true, + Description: "The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number.", + Type: schema.TypeInt, + }, + Attr_Minimum: { + Computed: true, + Description: "The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number.", + Type: schema.TypeInt, + }, + }, + }, + Type: schema.TypeList, + }, + }, + }, + Type: schema.TypeList, + }, + }, + } +} + +func dataSourceIBMPINetworkSecurityGroupRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sess, err := meta.(conns.ClientSession).IBMPISession() + if err != nil { + return diag.FromErr(err) + } + + cloudInstanceID := d.Get(Arg_CloudInstanceID).(string) + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(ctx, sess, cloudInstanceID) + + networkSecurityGroup, err := nsgClient.Get(d.Get(Arg_NetworkSecurityGroupID).(string)) + if err != nil { + return diag.FromErr(err) + } + + d.SetId(*networkSecurityGroup.ID) + d.Set(Attr_CRN, networkSecurityGroup.Crn) + + if len(networkSecurityGroup.Members) > 0 { + members := []map[string]interface{}{} + for _, mbr := range networkSecurityGroup.Members { + mbrMap := networkSecurityGroupMemberToMap(mbr) + members = append(members, mbrMap) + } + d.Set(Attr_Members, members) + } + + d.Set(Attr_Name, networkSecurityGroup.Name) + + if len(networkSecurityGroup.Rules) > 0 { + rules := []map[string]interface{}{} + for _, rule := range networkSecurityGroup.Rules { + ruleMap := networkSecurityGroupRuleToMap(rule) + rules = append(rules, ruleMap) + } + d.Set(Attr_Rules, rules) + } + + return nil +} + +func networkSecurityGroupMemberToMap(mbr *models.NetworkSecurityGroupMember) map[string]interface{} { + mbrMap := make(map[string]interface{}) + mbrMap[Attr_ID] = mbr.ID + if mbr.MacAddress != "" { + mbrMap[Attr_MacAddress] = mbr.MacAddress + } + mbrMap[Attr_Target] = mbr.Target + mbrMap[Attr_Type] = mbr.Type + return mbrMap +} + +func networkSecurityGroupRuleToMap(rule *models.NetworkSecurityGroupRule) map[string]interface{} { + ruleMap := make(map[string]interface{}) + ruleMap[Attr_Action] = rule.Action + if rule.DestinationPort != nil { + destinationPortMap := networkSecurityGroupRulePortToMap(rule.DestinationPort) + ruleMap[Attr_DestinationPort] = []map[string]interface{}{destinationPortMap} + } + + ruleMap[Attr_ID] = rule.ID + + protocolMap := networkSecurityGroupRuleProtocolToMap(rule.Protocol) + ruleMap[Attr_Protocol] = []map[string]interface{}{protocolMap} + + remoteMap := networkSecurityGroupRuleRemoteToMap(rule.Remote) + + ruleMap[Attr_Remote] = []map[string]interface{}{remoteMap} + + if rule.SourcePort != nil { + sourcePortMap := networkSecurityGroupRulePortToMap(rule.SourcePort) + ruleMap[Attr_SourcePort] = []map[string]interface{}{sourcePortMap} + } + + return ruleMap +} + +func networkSecurityGroupRulePortToMap(port *models.NetworkSecurityGroupRulePort) map[string]interface{} { + portMap := make(map[string]interface{}) + portMap[Attr_Maximum] = port.Maximum + portMap[Attr_Minimum] = port.Minimum + return portMap +} + +func networkSecurityGroupRuleProtocolToMap(protocol *models.NetworkSecurityGroupRuleProtocol) map[string]interface{} { + protocolMap := make(map[string]interface{}) + if protocol.IcmpTypes != nil { + protocolMap[Attr_ICMPTypes] = protocol.IcmpTypes + } + if len(protocol.TCPFlags) > 0 { + tcpFlags := []map[string]interface{}{} + for _, tcpFlagsItem := range protocol.TCPFlags { + tcpFlagsItemMap := make(map[string]interface{}) + tcpFlagsItemMap[Attr_Flag] = tcpFlagsItem.Flag + tcpFlags = append(tcpFlags, tcpFlagsItemMap) + } + protocolMap[Attr_TCPFlags] = tcpFlags + } + if protocol.Type != "" { + protocolMap[Attr_Type] = protocol.Type + } + return protocolMap +} + +func networkSecurityGroupRuleRemoteToMap(remote *models.NetworkSecurityGroupRuleRemote) map[string]interface{} { + remoteMap := make(map[string]interface{}) + if remote.ID != "" { + remoteMap[Attr_ID] = remote.ID + } + if remote.Type != "" { + remoteMap[Attr_Type] = remote.Type + } + return remoteMap +} diff --git a/ibm/service/power/data_source_ibm_pi_network_security_group_test.go b/ibm/service/power/data_source_ibm_pi_network_security_group_test.go new file mode 100644 index 0000000000..5655784dfe --- /dev/null +++ b/ibm/service/power/data_source_ibm_pi_network_security_group_test.go @@ -0,0 +1,38 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package power_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" +) + +func TestAccIBMPINetworkSecurityGroupDataSourceBasic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMPINetworkSecurityGroupDataSourceConfigBasic(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.ibm_pi_network_security_group.network_security_group", "id"), + resource.TestCheckResourceAttrSet("data.ibm_pi_network_security_group.network_security_group", "crn"), + resource.TestCheckResourceAttrSet("data.ibm_pi_network_security_group.network_security_group", "name"), + ), + }, + }, + }) +} + +func testAccCheckIBMPINetworkSecurityGroupDataSourceConfigBasic() string { + return fmt.Sprintf(` + data "ibm_pi_network_security_group" "network_security_group" { + pi_cloud_instance_id = "%s" + pi_network_security_group_id = "%s" + }`, acc.Pi_cloud_instance_id, acc.Pi_network_security_group_id) +} diff --git a/ibm/service/power/data_source_ibm_pi_network_security_groups.go b/ibm/service/power/data_source_ibm_pi_network_security_groups.go new file mode 100644 index 0000000000..3db7754cfc --- /dev/null +++ b/ibm/service/power/data_source_ibm_pi_network_security_groups.go @@ -0,0 +1,247 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package power + +import ( + "context" + + "github.com/hashicorp/go-uuid" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + + "github.com/IBM-Cloud/power-go-client/clients/instance" + "github.com/IBM-Cloud/power-go-client/power/models" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func DataSourceIBMPINetworkSecurityGroups() *schema.Resource { + return &schema.Resource{ + ReadContext: dataSourceIBMPINetworkSecurityGroupsRead, + + Schema: map[string]*schema.Schema{ + // Arguments + Arg_CloudInstanceID: { + Description: "The GUID of the service instance associated with an account.", + Required: true, + Type: schema.TypeString, + ValidateFunc: validation.NoZeroValues, + }, + // Attributes + Attr_NetworkSecurityGroups: { + Computed: true, + Description: "list of Network Security Groups.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_CRN: { + Computed: true, + Description: "The network security group's crn.", + Type: schema.TypeString, + }, + Attr_Members: { + Computed: true, + Description: "The list of IPv4 addresses and, or network interfaces in the network security group.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_ID: { + Computed: true, + Description: "The ID of the member in a network security group.", + Type: schema.TypeString, + }, + Attr_MacAddress: { + Computed: true, + Description: "The mac address of a network interface included if the type is network-interface.", + Type: schema.TypeString, + }, + Attr_Target: { + Computed: true, + Description: "If ipv4-address type, then IPv4 address or if network-interface type, then network interface ID.", + Type: schema.TypeString, + }, + Attr_Type: { + Computed: true, + Description: "The type of member.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_Name: { + Computed: true, + Description: "The name of the network security group.", + Type: schema.TypeString, + }, + Attr_Rules: { + Computed: true, + Description: "The list of rules in the network security group.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Action: { + Computed: true, + Description: "The action to take if the rule matches network traffic.", + Type: schema.TypeString, + }, + Attr_DestinationPort: { + Computed: true, + Description: "The list of destination port.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Maximum: { + Computed: true, + Description: "The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number.", + Type: schema.TypeInt, + }, + Attr_Minimum: { + Computed: true, + Description: "The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number.", + Type: schema.TypeInt, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_ID: { + Computed: true, + Description: "The ID of the rule in a network security group.", + Type: schema.TypeString, + }, + Attr_Protocol: { + Computed: true, + Description: "The list of protocol.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_ICMPTypes: { + Computed: true, + Description: "If icmp type, the list of ICMP packet types (by numbers) affected by ICMP rules and if not present then all types are matched.", + Elem: &schema.Schema{ + Type: schema.TypeInt, + }, + Type: schema.TypeList, + }, + Attr_TCPFlags: { + Computed: true, + Description: "If tcp type, the list of TCP flags and if not present then all flags are matched.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Flag: { + Computed: true, + Description: "TCP flag.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_Type: { + Computed: true, + Description: "The protocol of the network traffic.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_Remote: { + Computed: true, + Description: "List of remote.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_ID: { + Computed: true, + Description: "The ID of the remote Network Address Group or network security group the rules apply to. Not required for default-network-address-group.", + Type: schema.TypeString, + }, + Attr_Type: { + Computed: true, + Description: "The type of remote group the rules apply to.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_SourcePort: { + Computed: true, + Description: "List of source port", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Maximum: { + Computed: true, + Description: "The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number.", + Type: schema.TypeInt, + }, + Attr_Minimum: { + Computed: true, + Description: "The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number.", + Type: schema.TypeInt, + }, + }, + }, + Type: schema.TypeList, + }, + }, + }, + Type: schema.TypeList, + }, + }, + }, + Type: schema.TypeList, + }, + }, + } +} + +func dataSourceIBMPINetworkSecurityGroupsRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sess, err := meta.(conns.ClientSession).IBMPISession() + if err != nil { + return diag.FromErr(err) + } + + cloudInstanceID := d.Get(Arg_CloudInstanceID).(string) + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(ctx, sess, cloudInstanceID) + nsgResp, err := nsgClient.GetAll() + if err != nil { + return diag.FromErr(err) + } + + var clientgenU, _ = uuid.GenerateUUID() + d.SetId(clientgenU) + + networkSecurityGroups := []map[string]interface{}{} + if len(nsgResp.NetworkSecurityGroups) > 0 { + for _, nsg := range nsgResp.NetworkSecurityGroups { + networkSecurityGroup := networkSecurityGroupToMap(nsg) + networkSecurityGroups = append(networkSecurityGroups, networkSecurityGroup) + } + } + + d.Set(Attr_NetworkSecurityGroups, networkSecurityGroups) + + return nil +} + +func networkSecurityGroupToMap(nsg *models.NetworkSecurityGroup) map[string]interface{} { + networkSecurityGroup := make(map[string]interface{}) + networkSecurityGroup[Attr_CRN] = nsg.Crn + networkSecurityGroup[Attr_ID] = nsg.ID + if len(nsg.Members) > 0 { + members := []map[string]interface{}{} + for _, mbr := range nsg.Members { + mbrMap := networkSecurityGroupMemberToMap(mbr) + members = append(members, mbrMap) + } + networkSecurityGroup[Attr_Members] = members + } + networkSecurityGroup[Attr_Name] = nsg.Name + if len(nsg.Rules) > 0 { + rules := []map[string]interface{}{} + for _, rule := range nsg.Rules { + rulesItemMap := networkSecurityGroupRuleToMap(rule) + rules = append(rules, rulesItemMap) + } + networkSecurityGroup[Attr_Rules] = rules + } + return networkSecurityGroup +} diff --git a/ibm/service/power/data_source_ibm_pi_network_security_groups_test.go b/ibm/service/power/data_source_ibm_pi_network_security_groups_test.go new file mode 100644 index 0000000000..7d3c9abf05 --- /dev/null +++ b/ibm/service/power/data_source_ibm_pi_network_security_groups_test.go @@ -0,0 +1,35 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package power_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" +) + +func TestAccIBMPINetworkSecurityGroupsDataSourceBasic(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMPINetworkSecurityGroupsDataSourceConfigBasic(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("data.ibm_pi_network_security_groups.network_security_groups", "id"), + ), + }, + }, + }) +} + +func testAccCheckIBMPINetworkSecurityGroupsDataSourceConfigBasic() string { + return fmt.Sprintf(` + data "ibm_pi_network_security_groups" "network_security_groups" { + pi_cloud_instance_id = "%s" + }`, acc.Pi_cloud_instance_id) +} diff --git a/ibm/service/power/ibm_pi_constants.go b/ibm/service/power/ibm_pi_constants.go index 6f3fff8509..a84d9f8693 100644 --- a/ibm/service/power/ibm_pi_constants.go +++ b/ibm/service/power/ibm_pi_constants.go @@ -46,6 +46,9 @@ const ( Arg_Name = "pi_name" Arg_Network = "pi_network" Arg_NetworkName = "pi_network_name" + Arg_NetworkSecurityGroupID = "pi_network_security_group_id" + Arg_NetworkSecurityGroupMemberID = "pi_network_security_group_member_id" + Arg_PIInstanceSharedProcessorPool = "pi_shared_processor_pool" Arg_PinPolicy = "pi_pin_policy" Arg_PlacementGroupID = "pi_placement_group_id" Arg_PlacementGroupName = "pi_placement_group_name" @@ -83,8 +86,11 @@ const ( Arg_StoragePoolAffinity = "pi_storage_pool_affinity" Arg_StorageType = "pi_storage_type" Arg_SysType = "pi_sys_type" + Arg_Target = "pi_target" Arg_TargetStorageTier = "pi_target_storage_tier" + Arg_Type = "pi_type" Arg_UserData = "pi_user_data" + Arg_UserTags = "pi_user_tags" Arg_VirtualCoresAssigned = "pi_virtual_cores_assigned" Arg_VirtualOpticalDevice = "pi_virtual_optical_device" Arg_VolumeCloneName = "pi_volume_clone_name" @@ -160,9 +166,11 @@ const ( Attr_DeleteOnTermination = "delete_on_termination" Attr_DeploymentType = "deployment_type" Attr_Description = "description" + Attr_DestinationPort = "destination_port" Attr_Details = "details" Attr_DhcpID = "dhcp_id" Attr_DhcpManaged = "dhcp_managed" + Attr_Direction = "direction" Attr_DisasterRecoveryLocations = "disaster_recovery_locations" Attr_DiskFormat = "disk_format" Attr_DiskType = "disk_type" @@ -174,6 +182,7 @@ const ( Attr_FailureMessage = "failure_message" Attr_FailureReason = "failure_reason" Attr_Fault = "fault" + Attr_Flag = "flag" Attr_FlashCopyMappings = "flash_copy_mappings" Attr_FlashCopyName = "flash_copy_name" Attr_FreezeTime = "freeze_time" @@ -197,6 +206,7 @@ const ( Attr_IBMiPHA = "ibmi_pha" Attr_IBMiRDS = "ibmi_rds" Attr_IBMiRDSUsers = "ibmi_rds_users" + Attr_ICMPTypes = "icmp_types" Attr_ID = "id" Attr_ImageID = "image_id" Attr_ImageInfo = "image_info" @@ -235,6 +245,7 @@ const ( Attr_MaxAllocationSize = "max_allocation_size" Attr_MaxAvailable = "max_available" Attr_MaxCoresAvailable = "max_cores_available" + Attr_Maximum = "maximum" Attr_MaximumStorageAllocation = "max_storage_allocation" Attr_MaxMem = "maxmem" Attr_MaxMemory = "max_memory" @@ -248,6 +259,7 @@ const ( Attr_Metered = "metered" Attr_MigrationStatus = "migration_status" Attr_Min = "min" + Attr_Minimum = "minimum" Attr_MinMem = "minmem" Attr_MinMemory = "min_memory" Attr_MinProc = "minproc" @@ -260,6 +272,8 @@ const ( Attr_NetworkName = "network_name" Attr_NetworkPorts = "network_ports" Attr_Networks = "networks" + Attr_NetworkSecurityGroupID = "network_security_group_id" + Attr_NetworkSecurityGroups = "network_security_groups" Attr_NumberOfVolumes = "number_of_volumes" Attr_Onboardings = "onboardings" Attr_OperatingSystem = "operating_system" @@ -282,11 +296,13 @@ const ( Attr_ProfileID = "profile_id" Attr_Profiles = "profiles" Attr_Progress = "progress" + Attr_Protocol = "protocol" Attr_PublicIP = "public_ip" Attr_PVMInstanceID = "pvm_instance_id" Attr_PVMInstances = "pvm_instances" Attr_PVMSnapshots = "pvm_snapshots" Attr_Region = "region" + Attr_Remote = "remote" Attr_RemoteCopyID = "remote_copy_id" Attr_RemoteCopyRelationshipNames = "remote_copy_relationship_names" Attr_RemoteCopyRelationships = "remote_copy_relationships" @@ -299,6 +315,7 @@ const ( Attr_ReservedMemory = "reserved_memory" Attr_ResultsOnboardedVolumes = "results_onboarded_volumes" Attr_ResultsVolumeOnboardingFailures = "results_volume_onboarding_failures" + Attr_Rules = "rules" Attr_SAPS = "saps" Attr_Secondaries = "secondaries" Attr_ServerName = "server_name" @@ -325,6 +342,7 @@ const ( Attr_SharedProcessorPoolStatusDetail = "status_detail" Attr_Size = "size" Attr_SnapshotID = "snapshot_id" + Attr_SourcePort = "source_port" Attr_SourceVolumeID = "source_volume_id" Attr_SourceVolumeName = "source_volume_name" Attr_Speed = "speed" @@ -351,8 +369,10 @@ const ( Attr_Systems = "systems" Attr_SysType = "sys_type" Attr_Systype = "systype" + Attr_Target = "target" Attr_TargetVolumeName = "target_volume_name" Attr_TaskID = "task_id" + Attr_TCPFlags = "tcp_flags" Attr_TenantID = "tenant_id" Attr_TenantName = "tenant_name" Attr_TotalCapacity = "total_capacity" @@ -371,6 +391,7 @@ const ( Attr_UsedIPPercent = "used_ip_percent" Attr_UsedMemory = "used_memory" Attr_UserIPAddress = "user_ip_address" + Attr_UserTags = "user_tags" Attr_VCPUs = "vcpus" Attr_Vendor = "vendor" Attr_VirtualCoresAssigned = "virtual_cores_assigned" @@ -427,11 +448,15 @@ const ( DeploymentTypeEpic = "EPIC" DeploymentTypeVMNoStorage = "VMNoStorage" DHCPVlan = "dhcp-vlan" + Disable = "disable" + Enable = "enable" Hana = "Hana" Hard = "hard" Host = "host" HostGroup = "hostGroup" + IPV4_Address = "ipv4-address" Netweaver = "Netweaver" + Network_Interface = "network-interface" None = "none" OK = "OK" PER = "power-edge-router" @@ -483,12 +508,13 @@ const ( State_PendingReclamation = "pending_reclamation" State_Provisioning = "provisioning" State_Removed = "removed" + State_Removing = "removing" State_Resize = "resize" State_RESIZE = "RESIZE" State_Retry = "retry" State_Shutoff = "shutoff" - State_Stopping = "stopping" State_SHUTOFF = "SHUTOFF" + State_Stopping = "stopping" State_Up = "up" State_Updating = "updating" State_VerifyResize = "verify_resize" diff --git a/ibm/service/power/resource_ibm_pi_network_security_group.go b/ibm/service/power/resource_ibm_pi_network_security_group.go new file mode 100644 index 0000000000..ce9fdb30ea --- /dev/null +++ b/ibm/service/power/resource_ibm_pi_network_security_group.go @@ -0,0 +1,358 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package power + +import ( + "context" + "fmt" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" + + "github.com/IBM-Cloud/power-go-client/clients/instance" + "github.com/IBM-Cloud/power-go-client/power/models" +) + +func ResourceIBMPINetworkSecurityGroup() *schema.Resource { + return &schema.Resource{ + CreateContext: resourceIBMPINetworkSecurityGroupCreate, + ReadContext: resourceIBMPINetworkSecurityGroupRead, + UpdateContext: resourceIBMPINetworkSecurityGroupUpdate, + DeleteContext: resourceIBMPINetworkSecurityGroupDelete, + Importer: &schema.ResourceImporter{}, + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(10 * time.Minute), + Update: schema.DefaultTimeout(10 * time.Minute), + Delete: schema.DefaultTimeout(10 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + // Arguments + Arg_CloudInstanceID: { + Description: "The GUID of the service instance associated with an account.", + ForceNew: true, + Required: true, + Type: schema.TypeString, + ValidateFunc: validation.NoZeroValues, + }, + Arg_Name: { + Description: "The name of the network security group.", + Required: true, + Type: schema.TypeString, + ValidateFunc: validation.NoZeroValues, + }, + Arg_UserTags: { + Description: "The user tags associated with this resource.", + Elem: &schema.Schema{Type: schema.TypeString}, + ForceNew: true, + Optional: true, + Type: schema.TypeList, + }, + // Attributes + Attr_CRN: { + Computed: true, + Description: "The network security group's crn.", + Type: schema.TypeString, + }, + Attr_Members: { + Computed: true, + Description: "The list of IPv4 addresses and, or network interfaces in the network security group.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_ID: { + Computed: true, + Description: "The ID of the member in a network security group.", + Type: schema.TypeString, + }, + Attr_MacAddress: { + Computed: true, + Description: "The mac address of a network interface included if the type is network-interface.", + Type: schema.TypeString, + }, + Attr_Target: { + Computed: true, + Description: "If ipv4-address type, then IPv4 address or if network-interface type, then network interface ID.", + Type: schema.TypeString, + }, + Attr_Type: { + Computed: true, + Description: "The type of member.", + Type: schema.TypeString, + }, + }, + }, + + // Optional: true, + Type: schema.TypeList, + }, + Attr_NetworkSecurityGroupID: { + Computed: true, + Description: "The unique identifier of the network security group.", + Type: schema.TypeString, + }, + Attr_Rules: { + Computed: true, + Description: "The list of rules in the network security group.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Action: { + Computed: true, + Description: "The action to take if the rule matches network traffic.", + Type: schema.TypeString, + }, + Attr_DestinationPort: { + Computed: true, + Description: "The list of destination port.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Maximum: { + Computed: true, + Description: "The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number.", + Type: schema.TypeInt, + }, + Attr_Minimum: { + Computed: true, + Description: "The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number.", + Type: schema.TypeInt, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_ID: { + Computed: true, + Description: "The ID of the rule in a network security group.", + Type: schema.TypeString, + }, + Attr_Protocol: { + Computed: true, + Description: "The list of protocol.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_ICMPTypes: { + Computed: true, + Description: "If icmp type, the list of ICMP packet types (by numbers) affected by ICMP rules and if not present then all types are matched.", + Elem: &schema.Schema{ + Type: schema.TypeInt, + }, + Type: schema.TypeList, + }, + Attr_TCPFlags: { + Computed: true, + Description: "If tcp type, the list of TCP flags and if not present then all flags are matched.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Flag: { + Computed: true, + Description: "TCP flag.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_Type: { + Computed: true, + Description: "The protocol of the network traffic.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_Remote: { + Computed: true, + Description: "List of remote.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_ID: { + Computed: true, + Description: "The ID of the remote Network Address Group or network security group the rules apply to. Not required for default-network-address-group.", + Type: schema.TypeString, + }, + Attr_Type: { + Computed: true, + Description: "The type of remote group the rules apply to.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_SourcePort: { + Computed: true, + Description: "ist of source port", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Maximum: { + Computed: true, + Description: "The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number.", + Type: schema.TypeInt, + }, + Attr_Minimum: { + Computed: true, + Description: "The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number.", + Type: schema.TypeInt, + }, + }, + }, + Type: schema.TypeList, + }, + }, + }, + Default: nil, + Optional: true, + Type: schema.TypeList, + }, + }, + } +} + +func resourceIBMPINetworkSecurityGroupCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sess, err := meta.(conns.ClientSession).IBMPISession() + if err != nil { + return diag.FromErr(err) + } + + cloudInstanceID := d.Get(Arg_CloudInstanceID).(string) + name := d.Get(Arg_Name).(string) + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(ctx, sess, cloudInstanceID) + + body := &models.NetworkSecurityGroupCreate{ + Name: &name, + } + if v, ok := d.GetOk(Arg_UserTags); ok { + if len(v.([]interface{})) > 0 { + userTags := flex.ExpandStringList(v.([]interface{})) + body.UserTags = userTags + } + } + + networkSecurityGroup, err := nsgClient.Create(body) + if err != nil { + return diag.FromErr(err) + } + nsgID := *networkSecurityGroup.ID + d.SetId(fmt.Sprintf("%s/%s", cloudInstanceID, nsgID)) + + return resourceIBMPINetworkSecurityGroupRead(ctx, d, meta) +} + +func resourceIBMPINetworkSecurityGroupRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sess, err := meta.(conns.ClientSession).IBMPISession() + if err != nil { + return diag.FromErr(err) + } + cloudInstanceID, nsgID, err := splitID(d.Id()) + if err != nil { + return diag.FromErr(err) + } + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(ctx, sess, cloudInstanceID) + networkSecurityGroup, err := nsgClient.Get(nsgID) + if err != nil { + return diag.FromErr(err) + } + d.Set(Arg_Name, networkSecurityGroup.Name) + d.Set(Attr_CRN, networkSecurityGroup.Crn) + + if len(networkSecurityGroup.Members) > 0 { + members := []map[string]interface{}{} + for _, mbr := range networkSecurityGroup.Members { + mbrMap := networkSecurityGroupMemberToMap(mbr) + members = append(members, mbrMap) + } + d.Set(Attr_Members, members) + } else { + d.Set(Attr_Members, []string{}) + } + + d.Set(Attr_NetworkSecurityGroupID, networkSecurityGroup.ID) + + if len(networkSecurityGroup.Rules) > 0 { + rules := []map[string]interface{}{} + for _, rule := range networkSecurityGroup.Rules { + ruleMap := networkSecurityGroupRuleToMap(rule) + rules = append(rules, ruleMap) + } + d.Set(Attr_Rules, rules) + } else { + d.Set(Attr_Rules, []string{}) + } + + return nil +} + +func resourceIBMPINetworkSecurityGroupUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sess, err := meta.(conns.ClientSession).IBMPISession() + if err != nil { + return diag.FromErr(err) + } + cloudInstanceID, nsgID, err := splitID(d.Id()) + if err != nil { + return diag.FromErr(err) + } + if d.HasChange(Arg_Name) { + body := &models.NetworkSecurityGroupUpdate{ + Name: d.Get(Arg_Name).(string), + } + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(ctx, sess, cloudInstanceID) + _, err = nsgClient.Update(nsgID, body) + if err != nil { + return diag.FromErr(err) + } + } + return resourceIBMPINetworkSecurityGroupRead(ctx, d, meta) +} + +func resourceIBMPINetworkSecurityGroupDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sess, err := meta.(conns.ClientSession).IBMPISession() + if err != nil { + return diag.FromErr(err) + } + cloudInstanceID, nsgID, err := splitID(d.Id()) + if err != nil { + return diag.FromErr(err) + } + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(ctx, sess, cloudInstanceID) + err = nsgClient.Delete(nsgID) + if err != nil { + return diag.FromErr(err) + } + _, err = isWaitForIBMPINetworkSecurityGroupDeleted(ctx, nsgClient, nsgID, d.Timeout(schema.TimeoutDelete)) + if err != nil { + return diag.FromErr(err) + } + d.SetId("") + + return nil +} +func isWaitForIBMPINetworkSecurityGroupDeleted(ctx context.Context, client *instance.IBMPINetworkSecurityGroupClient, nsgID string, timeout time.Duration) (interface{}, error) { + stateConf := &retry.StateChangeConf{ + Pending: []string{State_Deleting}, + Target: []string{State_NotFound}, + Refresh: isIBMPINetworkSecurityGroupDeleteRefreshFunc(client, nsgID), + Delay: Timeout_Delay, + MinTimeout: Timeout_Active, + Timeout: timeout, + } + + return stateConf.WaitForStateContext(ctx) +} + +func isIBMPINetworkSecurityGroupDeleteRefreshFunc(client *instance.IBMPINetworkSecurityGroupClient, nsgID string) retry.StateRefreshFunc { + return func() (interface{}, string, error) { + nsg, err := client.Get(nsgID) + if err != nil { + return nsg, State_NotFound, nil + } + return nsg, State_Deleting, nil + } +} diff --git a/ibm/service/power/resource_ibm_pi_network_security_group_action.go b/ibm/service/power/resource_ibm_pi_network_security_group_action.go new file mode 100644 index 0000000000..aa6adc3dc3 --- /dev/null +++ b/ibm/service/power/resource_ibm_pi_network_security_group_action.go @@ -0,0 +1,163 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package power + +import ( + "context" + "fmt" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + + "github.com/IBM-Cloud/power-go-client/clients/instance" + "github.com/IBM-Cloud/power-go-client/power/models" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/validate" +) + +func ResourceIBMPINetworkSecurityGroupAction() *schema.Resource { + return &schema.Resource{ + CreateContext: resourceIBMPINetworkSecurityGroupActionCreate, + ReadContext: resourceIBMPINetworkSecurityGroupActionRead, + UpdateContext: resourceIBMPINetworkSecurityGroupActionUpdate, + DeleteContext: resourceIBMPINetworkSecurityGroupActionDelete, + Importer: &schema.ResourceImporter{}, + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(5 * time.Minute), + Update: schema.DefaultTimeout(5 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + // Arguments + Arg_CloudInstanceID: { + Description: "The GUID of the service instance associated with an account.", + ForceNew: true, + Required: true, + Type: schema.TypeString, + ValidateFunc: validation.NoZeroValues, + }, + Arg_Action: { + Description: "Name of the action to take; can be enable to enable NSGs in a workspace or disable to disable NSGs in a workspace.", + Required: true, + Type: schema.TypeString, + ValidateFunc: validate.ValidateAllowedStringValues([]string{Disable, Enable}), + }, + // Attribute + Attr_State: { + Computed: true, + Description: "The workspace network security group's state.", + Type: schema.TypeString, + }, + }, + } +} + +func resourceIBMPINetworkSecurityGroupActionCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sess, err := meta.(conns.ClientSession).IBMPISession() + if err != nil { + return diag.FromErr(err) + } + + cloudInstanceID := d.Get(Arg_CloudInstanceID).(string) + action := d.Get(Arg_Action).(string) + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(ctx, sess, cloudInstanceID) + + body := &models.NetworkSecurityGroupsAction{Action: &action} + err = nsgClient.Action(body) + if err != nil { + return diag.FromErr(err) + } + wsclient := instance.NewIBMPIWorkspacesClient(ctx, sess, cloudInstanceID) + _, err = iswaitForNSGStatus(ctx, wsclient, cloudInstanceID, action, d.Timeout(schema.TimeoutCreate)) + if err != nil { + return diag.FromErr(err) + } + d.SetId(cloudInstanceID) + return resourceIBMPINetworkSecurityGroupActionRead(ctx, d, meta) +} + +func resourceIBMPINetworkSecurityGroupActionRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sess, err := meta.(conns.ClientSession).IBMPISession() + if err != nil { + return diag.FromErr(err) + } + wsclient := instance.NewIBMPIWorkspacesClient(ctx, sess, d.Id()) + ws, err := wsclient.Get(d.Id()) + if err != nil { + return diag.FromErr(err) + } + d.Set(Attr_State, ws.Details.NetworkSecurityGroups.State) + + return nil +} +func resourceIBMPINetworkSecurityGroupActionUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sess, err := meta.(conns.ClientSession).IBMPISession() + if err != nil { + return diag.FromErr(err) + } + + cloudInstanceID := d.Get(Arg_CloudInstanceID).(string) + if d.HasChange(Arg_Action) { + action := d.Get(Arg_Action).(string) + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(ctx, sess, cloudInstanceID) + + body := &models.NetworkSecurityGroupsAction{Action: &action} + err = nsgClient.Action(body) + if err != nil { + return diag.FromErr(err) + } + wsclient := instance.NewIBMPIWorkspacesClient(ctx, sess, cloudInstanceID) + _, err = iswaitForNSGStatus(ctx, wsclient, cloudInstanceID, action, d.Timeout(schema.TimeoutUpdate)) + if err != nil { + return diag.FromErr(err) + } + } + + return resourceIBMPINetworkSecurityGroupActionRead(ctx, d, meta) +} +func resourceIBMPINetworkSecurityGroupActionDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + d.SetId("") + return nil +} + +func iswaitForNSGStatus(ctx context.Context, client *instance.IBMPIWorkspacesClient, id, action string, timeout time.Duration) (interface{}, error) { + stateConf := &retry.StateChangeConf{ + Pending: []string{State_Configuring, State_Removing}, + Target: []string{State_Active, State_Inactive}, + Refresh: isPERWorkspaceNSGRefreshFunc(client, id, action), + Timeout: timeout, + Delay: 10 * time.Second, + MinTimeout: 10 * time.Second, + } + + return stateConf.WaitForStateContext(ctx) +} + +func isPERWorkspaceNSGRefreshFunc(client *instance.IBMPIWorkspacesClient, id, action string) retry.StateRefreshFunc { + return func() (interface{}, string, error) { + ws, err := client.Get(id) + if err != nil { + return nil, "", err + } + + if *(ws.Details.NetworkSecurityGroups.State) == State_Active && action == Enable { + return ws, State_Active, nil + } + if *(ws.Details.NetworkSecurityGroups.State) == State_Inactive && action == Disable { + return ws, State_Inactive, nil + } + if *(ws.Details.NetworkSecurityGroups.State) == State_Removing { + return ws, State_Removing, nil + } + if *(ws.Details.NetworkSecurityGroups.State) == State_Error { + return ws, *ws.Details.NetworkSecurityGroups.State, fmt.Errorf("[ERROR] workspace network security group configuration failed to %s", action) + } + + return ws, State_Configuring, nil + } +} diff --git a/ibm/service/power/resource_ibm_pi_network_security_group_action_test.go b/ibm/service/power/resource_ibm_pi_network_security_group_action_test.go new file mode 100644 index 0000000000..d7cb8683b2 --- /dev/null +++ b/ibm/service/power/resource_ibm_pi_network_security_group_action_test.go @@ -0,0 +1,44 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package power_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/service/power" +) + +func TestAccIBMPINetworkSecurityGroupActionBasic(t *testing.T) { + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMPINetworkSecurityGroupActionConfigBasic(power.Enable), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("ibm_pi_network_security_group_action.network_security_group_action", "pi_action", power.Enable), + ), + }, + { + Config: testAccCheckIBMPINetworkSecurityGroupActionConfigBasic(power.Disable), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("ibm_pi_network_security_group_action.network_security_group_action", "pi_action", power.Disable), + ), + }, + }, + }) +} + +func testAccCheckIBMPINetworkSecurityGroupActionConfigBasic(action string) string { + return fmt.Sprintf(` + resource "ibm_pi_network_security_group_action" "network_security_group_action" { + pi_action = "%[1]s" + pi_cloud_id = "%[2]s" + }`, action, acc.Pi_cloud_instance_id) +} diff --git a/ibm/service/power/resource_ibm_pi_network_security_group_member.go b/ibm/service/power/resource_ibm_pi_network_security_group_member.go new file mode 100644 index 0000000000..69447185d6 --- /dev/null +++ b/ibm/service/power/resource_ibm_pi_network_security_group_member.go @@ -0,0 +1,375 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package power + +import ( + "context" + "fmt" + "slices" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/validate" + + "github.com/IBM-Cloud/power-go-client/clients/instance" + "github.com/IBM-Cloud/power-go-client/power/models" +) + +func ResourceIBMPINetworkSecurityGroupMember() *schema.Resource { + return &schema.Resource{ + CreateContext: resourceIBMPINetworkSecurityGroupMemberCreate, + ReadContext: resourceIBMPINetworkSecurityGroupMemberRead, + DeleteContext: resourceIBMPINetworkSecurityGroupMemberDelete, + Importer: &schema.ResourceImporter{}, + + Timeouts: &schema.ResourceTimeout{ + Delete: schema.DefaultTimeout(10 * time.Minute), + }, + + Schema: map[string]*schema.Schema{ + // Arguments + Arg_CloudInstanceID: { + Description: "The GUID of the service instance associated with an account.", + ForceNew: true, + Required: true, + Type: schema.TypeString, + ValidateFunc: validation.NoZeroValues, + }, + Arg_NetworkSecurityGroupID: { + Description: "network security group ID.", + ForceNew: true, + Required: true, + Type: schema.TypeString, + }, + Arg_NetworkSecurityGroupMemberID: { + ConflictsWith: []string{Arg_Target, Arg_Type}, + Description: "network security group member ID.", + ForceNew: true, + Optional: true, + Type: schema.TypeString, + }, + Arg_Target: { + ConflictsWith: []string{Arg_NetworkSecurityGroupMemberID}, + Description: "The target member to add. An IP4 address if ipv4-address type or a network interface ID if network-interface type.", + ForceNew: true, + Optional: true, + RequiredWith: []string{Arg_Type}, + Type: schema.TypeString, + }, + Arg_Type: { + ConflictsWith: []string{Arg_NetworkSecurityGroupMemberID}, + Description: "The type of member.", + ForceNew: true, + Optional: true, + RequiredWith: []string{Arg_Target}, + Type: schema.TypeString, + ValidateFunc: validate.ValidateAllowedStringValues([]string{IPV4_Address, Network_Interface}), + }, + // Attributes + Attr_CRN: { + Computed: true, + Description: "The network security group's crn.", + Type: schema.TypeString, + }, + Attr_Members: { + Computed: true, + Description: "The list of IPv4 addresses and, or network interfaces in the network security group.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_ID: { + Computed: true, + Description: "The ID of the member in a network security group.", + Type: schema.TypeString, + }, + Attr_MacAddress: { + Computed: true, + Description: "The mac address of a network interface included if the type is network-interface.", + Type: schema.TypeString, + }, + Attr_Target: { + Computed: true, + Description: "If ipv4-address type, then IPv4 address or if network-interface type, then network interface ID.", + Type: schema.TypeString, + }, + Attr_Type: { + Computed: true, + Description: "The type of member.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_Name: { + Computed: true, + Description: "The name of the network security group.", + Type: schema.TypeString, + }, + Attr_Rules: { + Computed: true, + Description: "The list of rules in the network security group.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Action: { + Computed: true, + Description: "The action to take if the rule matches network traffic.", + Type: schema.TypeString, + }, + Attr_DestinationPort: { + Computed: true, + Description: "The list of destination port.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Maximum: { + Computed: true, + Description: "The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number.", + Type: schema.TypeInt, + }, + Attr_Minimum: { + Computed: true, + Description: "The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number.", + Type: schema.TypeInt, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_ID: { + Computed: true, + Description: "The ID of the rule in a network security group.", + Type: schema.TypeString, + }, + Attr_Protocol: { + Computed: true, + Description: "The list of protocol.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_ICMPTypes: { + Computed: true, + Description: "If icmp type, the list of ICMP packet types (by numbers) affected by ICMP rules and if not present then all types are matched.", + Elem: &schema.Schema{ + Type: schema.TypeInt, + }, + Type: schema.TypeList, + }, + Attr_TCPFlags: { + Computed: true, + Description: "If tcp type, the list of TCP flags and if not present then all flags are matched.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Flag: { + Computed: true, + Description: "TCP flag.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_Type: { + Computed: true, + Description: "The protocol of the network traffic.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_Remote: { + Computed: true, + Description: "List of remote.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_ID: { + Computed: true, + Description: "The ID of the remote Network Address Group or network security group the rules apply to. Not required for default-network-address-group.", + Type: schema.TypeString, + }, + Attr_Type: { + Computed: true, + Description: "The type of remote group the rules apply to.", + Type: schema.TypeString, + }, + }, + }, + Type: schema.TypeList, + }, + Attr_SourcePort: { + Computed: true, + Description: "List of source port", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + Attr_Maximum: { + Computed: true, + Description: "The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number.", + Type: schema.TypeInt, + }, + Attr_Minimum: { + Computed: true, + Description: "The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number.", + Type: schema.TypeInt, + }, + }, + }, + Type: schema.TypeList, + }, + }, + }, + Optional: true, + Type: schema.TypeList, + }, + Attr_UserTags: { + Computed: true, + Description: "The user tags associated with this resource.", + Elem: &schema.Schema{Type: schema.TypeString}, + Optional: true, + Type: schema.TypeList, + }, + }, + } +} + +func resourceIBMPINetworkSecurityGroupMemberCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sess, err := meta.(conns.ClientSession).IBMPISession() + if err != nil { + return diag.FromErr(err) + } + + cloudInstanceID := d.Get(Arg_CloudInstanceID).(string) + nsgID := d.Get(Arg_NetworkSecurityGroupID).(string) + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(ctx, sess, cloudInstanceID) + if mbrID, ok := d.GetOk(Arg_NetworkSecurityGroupMemberID); ok { + err = nsgClient.DeleteMember(nsgID, mbrID.(string)) + if err != nil { + return diag.FromErr(err) + } + _, err = isWaitForIBMPINetworkSecurityGroupMemberDeleted(ctx, nsgClient, nsgID, mbrID.(string), d.Timeout(schema.TimeoutDelete)) + if err != nil { + return diag.FromErr(err) + } + d.SetId(fmt.Sprintf("%s/%s", cloudInstanceID, nsgID)) + } else { + target := d.Get(Arg_Target).(string) + mbrType := d.Get(Arg_Type).(string) + body := &models.NetworkSecurityGroupAddMember{ + Target: &target, + Type: &mbrType, + } + member, err := nsgClient.AddMember(nsgID, body) + if err != nil { + return diag.FromErr(err) + } + + d.SetId(fmt.Sprintf("%s/%s/%s", cloudInstanceID, nsgID, *member.ID)) + } + + return resourceIBMPINetworkSecurityGroupMemberRead(ctx, d, meta) +} + +func resourceIBMPINetworkSecurityGroupMemberRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sess, err := meta.(conns.ClientSession).IBMPISession() + if err != nil { + return diag.FromErr(err) + } + parts, err := flex.IdParts(d.Id()) + if err != nil { + return diag.FromErr(err) + } + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(ctx, sess, parts[0]) + networkSecurityGroup, err := nsgClient.Get(parts[1]) + if err != nil { + return diag.FromErr(err) + } + d.Set(Attr_CRN, networkSecurityGroup.Crn) + + if len(networkSecurityGroup.Members) > 0 { + members := []map[string]interface{}{} + for _, mbr := range networkSecurityGroup.Members { + mbrMap := networkSecurityGroupMemberToMap(mbr) + members = append(members, mbrMap) + } + d.Set(Attr_Members, members) + } else { + d.Set(Attr_Members, nil) + } + d.Set(Attr_Name, networkSecurityGroup.Name) + + if len(networkSecurityGroup.Rules) > 0 { + rules := []map[string]interface{}{} + for _, rule := range networkSecurityGroup.Rules { + ruleMap := networkSecurityGroupRuleToMap(rule) + rules = append(rules, ruleMap) + } + d.Set(Attr_Rules, rules) + } else { + d.Set(Attr_Rules, nil) + } + + if len(Attr_UserTags) > 0 { + d.Set(Attr_UserTags, networkSecurityGroup.UserTags) + } + + return nil +} + +func resourceIBMPINetworkSecurityGroupMemberDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + sess, err := meta.(conns.ClientSession).IBMPISession() + if err != nil { + return diag.FromErr(err) + } + parts, err := flex.IdParts(d.Id()) + if err != nil { + return diag.FromErr(err) + } + if len(parts) > 2 { + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(ctx, sess, parts[0]) + err = nsgClient.DeleteMember(parts[1], parts[2]) + if err != nil { + return diag.FromErr(err) + } + _, err = isWaitForIBMPINetworkSecurityGroupMemberDeleted(ctx, nsgClient, parts[1], parts[2], d.Timeout(schema.TimeoutDelete)) + if err != nil { + return diag.FromErr(err) + } + } + + d.SetId("") + + return nil +} +func isWaitForIBMPINetworkSecurityGroupMemberDeleted(ctx context.Context, client *instance.IBMPINetworkSecurityGroupClient, nsgID, nsgMemberID string, timeout time.Duration) (interface{}, error) { + stateConf := &retry.StateChangeConf{ + Pending: []string{State_Deleting}, + Target: []string{State_NotFound}, + Refresh: isIBMPINetworkSecurityGroupMemberDeleteRefreshFunc(client, nsgID, nsgMemberID), + Delay: 10 * time.Second, + MinTimeout: Timeout_Active, + Timeout: timeout, + } + + return stateConf.WaitForStateContext(ctx) +} + +func isIBMPINetworkSecurityGroupMemberDeleteRefreshFunc(client *instance.IBMPINetworkSecurityGroupClient, nsgID, nsgMemberID string) retry.StateRefreshFunc { + return func() (interface{}, string, error) { + nsg, err := client.Get(nsgID) + if err != nil { + return nsg, "", err + } + var mbrIDs []string + for _, mbr := range nsg.Members { + mbrIDs = append(mbrIDs, *mbr.ID) + } + if !slices.Contains(mbrIDs, nsgMemberID) { + return nsg, State_NotFound, nil + } + return nsg, State_Deleting, nil + } +} diff --git a/ibm/service/power/resource_ibm_pi_network_security_group_member_test.go b/ibm/service/power/resource_ibm_pi_network_security_group_member_test.go new file mode 100644 index 0000000000..4a1bb454a7 --- /dev/null +++ b/ibm/service/power/resource_ibm_pi_network_security_group_member_test.go @@ -0,0 +1,81 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package power_test + +import ( + "context" + "errors" + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + + "github.com/IBM-Cloud/power-go-client/clients/instance" + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/service/power" +) + +func TestAccIBMPINetworkSecurityGroupMemberBasic(t *testing.T) { + + target := "01e364a7-b01c-4caa-b708-4d0a9cb6acd5" + typeVar := "network-interface" + name := fmt.Sprintf("tf-nsg-name-%d", acctest.RandIntRange(10, 100)) + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMPINetworkSecurityGroupMemberConfigBasic(name, target, typeVar), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMPINetworkSecurityGroupMemberExists("ibm_pi_network_security_group_member.network_security_group_member"), + resource.TestCheckResourceAttrSet("ibm_pi_network_security_group_member.network_security_group_member", power.Arg_NetworkSecurityGroupID), + resource.TestCheckResourceAttr("ibm_pi_network_security_group_member.network_security_group_member", "pi_target", target), + resource.TestCheckResourceAttr("ibm_pi_network_security_group_member.network_security_group_member", "pi_type", typeVar), + resource.TestCheckResourceAttrSet("ibm_pi_network_security_group_member.network_security_group_member", power.Attr_Name), + ), + }, + }, + }) +} + +func testAccCheckIBMPINetworkSecurityGroupMemberConfigBasic(name, target, typeVar string) string { + return testAccCheckIBMPINetworkSecurityGroupConfigBasic(name) + fmt.Sprintf(` + resource "ibm_pi_network_security_group_member" "network_security_group_member" { + pi_cloud_instance_id = "%[1]s" + pi_network_security_group_id = ibm_pi_network_security_group.network_security_group.network_security_group_id + pi_target = "%[2]s" + pi_type = "%[3]s" + }`, acc.Pi_cloud_instance_id, target, typeVar) +} + +func testAccCheckIBMPINetworkSecurityGroupMemberExists(n string) resource.TestCheckFunc { + + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return errors.New("No Record ID is set") + } + sess, err := acc.TestAccProvider.Meta().(conns.ClientSession).IBMPISession() + if err != nil { + return err + } + cloudInstanceID, nsgID, err := splitID(rs.Primary.ID) + if err != nil { + return err + } + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(context.Background(), sess, cloudInstanceID) + _, err = nsgClient.Get(nsgID) + if err != nil { + return err + } + return nil + } +} diff --git a/ibm/service/power/resource_ibm_pi_network_security_group_test.go b/ibm/service/power/resource_ibm_pi_network_security_group_test.go new file mode 100644 index 0000000000..f69a5ef015 --- /dev/null +++ b/ibm/service/power/resource_ibm_pi_network_security_group_test.go @@ -0,0 +1,105 @@ +// Copyright IBM Corp. 2024 All Rights Reserved. +// Licensed under the Mozilla Public License v2.0 + +package power_test + +import ( + "context" + "errors" + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + + "github.com/IBM-Cloud/power-go-client/clients/instance" + acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" + "github.com/IBM-Cloud/terraform-provider-ibm/ibm/service/power" +) + +func TestAccIBMPINetworkSecurityGroupBasic(t *testing.T) { + name := fmt.Sprintf("tf-nsg-name-%d", acctest.RandIntRange(10, 100)) + nameUpdate := fmt.Sprintf("tf-nsg-name-update-%d", acctest.RandIntRange(10, 100)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { acc.TestAccPreCheck(t) }, + Providers: acc.TestAccProviders, + CheckDestroy: testAccCheckIBMPINetworkSecurityGroupDestroy, + Steps: []resource.TestStep{ + { + Config: testAccCheckIBMPINetworkSecurityGroupConfigBasic(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckIBMPINetworkSecurityGroupExists("ibm_pi_network_security_group.network_security_group"), + resource.TestCheckResourceAttr("ibm_pi_network_security_group.network_security_group", power.Arg_Name, name), + ), + }, + { + Config: testAccCheckIBMPINetworkSecurityGroupConfigBasic(nameUpdate), + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("ibm_pi_network_security_group.network_security_group", power.Arg_Name, nameUpdate), + ), + }, + }, + }) +} + +func testAccCheckIBMPINetworkSecurityGroupConfigBasic(name string) string { + return fmt.Sprintf(` + resource "ibm_pi_network_security_group" "network_security_group" { + pi_cloud_instance_id = "%[1]s" + pi_name = "%[2]s" + }`, acc.Pi_cloud_instance_id, name) +} + +func testAccCheckIBMPINetworkSecurityGroupExists(n string) resource.TestCheckFunc { + + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + if rs.Primary.ID == "" { + return errors.New("No Record ID is set") + } + sess, err := acc.TestAccProvider.Meta().(conns.ClientSession).IBMPISession() + if err != nil { + return err + } + cloudInstanceID, nsgID, err := splitID(rs.Primary.ID) + if err != nil { + return err + } + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(context.Background(), sess, cloudInstanceID) + _, err = nsgClient.Get(nsgID) + if err != nil { + return err + } + return nil + } +} + +func testAccCheckIBMPINetworkSecurityGroupDestroy(s *terraform.State) error { + sess, err := acc.TestAccProvider.Meta().(conns.ClientSession).IBMPISession() + if err != nil { + return err + } + for _, rs := range s.RootModule().Resources { + if rs.Type != "ibm_pi_network_security_group" { + continue + } + + cloudInstanceID, nsgID, err := splitID(rs.Primary.ID) + if err != nil { + return err + } + nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(context.Background(), sess, cloudInstanceID) + _, err = nsgClient.Get(nsgID) + if err == nil { + return fmt.Errorf("network_security_group still exists: %s", rs.Primary.ID) + } + } + + return nil +} diff --git a/website/docs/d/pi_network_security_group.html.markdown b/website/docs/d/pi_network_security_group.html.markdown new file mode 100644 index 0000000000..420f45967b --- /dev/null +++ b/website/docs/d/pi_network_security_group.html.markdown @@ -0,0 +1,88 @@ +--- +layout: "ibm" +page_title: "IBM : ibm_pi_network_security_group" +description: |- + Get information about pi_network_security_group +subcategory: "Power Systems" +--- + +# ibm_pi_network_security_group + +Retrieves information about a network security group. + +## Example Usage + +```terraform + data "ibm_pi_network_security_group" "network_security_group" { + pi_cloud_instance_id = "" + pi_network_security_group_id = "" + } +``` + +### Notes + +- Please find [supported Regions](https://cloud.ibm.com/apidocs/power-cloud#endpoint) for endpoints. +- If a Power cloud instance is provisioned at `lon04`, The provider level attributes should be as follows: + - `region` - `lon` + - `zone` - `lon04` + +Example usage: + + ```terraform + provider "ibm" { + region = "lon" + zone = "lon04" + } + ``` + +## Argument Reference + +You can specify the following arguments for this data source. + +- `pi_cloud_instance_id` - (Required, String) The GUID of the service instance associated with an account. +- `pi_network_security_group_id` - (Required, String) network security group id or name. + +## Attribute Reference + +In addition to all argument reference list, you can access the following attribute references after your data source is created. + +- `crn` - (String) The network security group's crn. + +- `members` - (List) The list of IPv4 addresses and\or network interfaces in the network security group. + + Nested schema for `members`: + - `id` - (String) The id of the member in a network security group. + - `mac_address` - (String) The mac address of a network interface included if the type is `network-interface`. + - `target` - (String) If `ipv4-address` type, then IPv4 address or if `network-interface` type, then network interface id. + - `type` - (String) The type of member. Supported values are: `ipv4-address`, `network-interface`. + +- `name` - (String) The name of the network security group. + +- `rules` - (List) The list of rules in the network security group. + + Nested schema for `rules`: + - `action` - (String) The action to take if the rule matches network traffic. Supported values are: `allow`, `deny`. + - `destination_port` - (List) The list of destination port. + + Nested schema for `destination_port`: + - `maximum` - (Integer) The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number. + - `minimum` - (Integer) The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number. + - `id` - (String) The id of the rule in a network security group. + - `protocol` - (List) The list of protocol. + + Nested schema for `protocol`: + - `icmp_types` - (List) If icmp type, the list of ICMP packet types (by numbers) affected by ICMP rules and if not present then all types are matched. + - `tcp_flags` - (List) If tcp type, the list of TCP flags and if not present then all flags are matched. Supported values are: `syn`, `ack`, `fin`, `rst`, `urg`, `psh`, `wnd`, `chk`, `seq`. + Nested schema for `icmp_types`: + - `flags` - (String) TCP flag. + - `type` - (String) The protocol of the network traffic. Supported values are: `icmp`, `tcp`, `udp`, `all`. + - `remote` - (List) List of remote. + + Nested schema for `remote`: + - `id` - (String) The id of the remote network Address group or network security group the rules apply to. Not required for default-network-address-group. + - `type` - (String) The type of remote group the rules apply to. Supported values are: `network-security-group`, `network-address-group`, `default-network-address-group`. + - `source_port` - (List) List of source port. + + Nested schema for `source_port`: + - `maximum` - (Integer) The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number. + - `minimum` - (Integer) The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number. diff --git a/website/docs/d/pi_network_security_groups.html.markdown b/website/docs/d/pi_network_security_groups.html.markdown new file mode 100644 index 0000000000..618185f7cc --- /dev/null +++ b/website/docs/d/pi_network_security_groups.html.markdown @@ -0,0 +1,86 @@ +--- +layout: "ibm" +page_title: "IBM : ibm_pi_network_security_groups" +description: |- + Get information about pi_network_security_groups +subcategory: "Power Systems" +--- + +# ibm_pi_network_security_groups + +Retrieves information about network security groups. + +## Example Usage + +```terraform + data "ibm_pi_network_security_groups" "network_security_groups" { + pi_cloud_instance_id = "" + } +``` + +### Notes + +- Please find [supported Regions](https://cloud.ibm.com/apidocs/power-cloud#endpoint) for endpoints. +- If a Power cloud instance is provisioned at `lon04`, The provider level attributes should be as follows: + - `region` - `lon` + - `zone` - `lon04` + +Example usage: + + ```terraform + provider "ibm" { + region = "lon" + zone = "lon04" + } + ``` + +## Argument reference + +Review the argument references that you can specify for your data source. + +- `pi_cloud_instance_id` - (Required, String) The GUID of the service instance associated with an account. + +## Attribute Reference + +After your data source is created, you can read values from the following attributes. + +- `network_security_groups` - (List) list of network security Groups. + + Nested schema for `network_security_groups`: + - `crn` - (String) The network security group's crn. + - `id` - (String) The id of the network security group. + - `members` - (List) The list of IPv4 addresses and\or network Interfaces in the network security group. + + Nested schema for `members`: + - `id` - (String) The id of the member in a network security group. + - `mac_address` - (String) The mac address of a network Interface included if the type is `network-interface`. + - `target` - (String) If `ipv4-address` type, then IPv4 address or if `network-interface` type, then network interface id. + - `type` - (String) The type of member. Supported values are: `ipv4-address`, `network-interface`. + - `name` - (String) The name of the network security group. + - `rules` - (List) The list of rules in the network security group. + + Nested schema for `rules`: + - `action` - (String) The action to take if the rule matches network traffic. Supported values are: `allow`, `deny`. + - `destination_port` - (List) List of destination port. + + Nested schema for `destination_port`: + - `maximum` - (Integer) The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number. + - `minimum` - (Integer) The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number. + + - `id` - (String) The id of the rule in a network security group. + - `protocol` - (List) List of protocol. + + Nested schema for `protocol`: + - `icmp_types` - (List) If icmp type, the list of ICMP packet types (by numbers) affected by ICMP rules and if not present then all types are matched. + - `tcp_flags` - (String) If tcp type, the list of TCP flags and if not present then all flags are matched. Supported values are: `syn`, `ack`, `fin`, `rst`, `urg`, `psh`, `wnd`, `chk`, `seq`. + - `type` - (String) The protocol of the network traffic. Supported values are: `icmp`, `tcp`, `udp`, `all`. + - `remote` - (List) List of remote. + + Nested schema for `remote`: + - `id` - (String) The id of the remote network Address group or network security group the rules apply to. Not required for default-network-address-group. + - `type` - (String) The type of remote group the rules apply to. Supported values are: `network-security-group`, `network-address-group`, `default-network-address-group`. + - `source_port` - (List) List of source port. + + Nested schema for `source_port`: + - `maximum` - (Integer) The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number. + - `minimum` - (Integer) The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number. diff --git a/website/docs/r/pi_network_security_group.html.markdown b/website/docs/r/pi_network_security_group.html.markdown new file mode 100644 index 0000000000..5101c16d3c --- /dev/null +++ b/website/docs/r/pi_network_security_group.html.markdown @@ -0,0 +1,87 @@ +--- +layout: "ibm" +page_title: "IBM : ibm_pi_network_security_group" +description: |- + Manages pi_network_security_group. +subcategory: "Power Systems" +--- + +# ibm_pi_network_security_group + +Create, update, and delete a network security group. + +## Example Usage + +```terraform + resource "ibm_pi_network_security_group" "network_security_group" { + pi_cloud_instance_id = "" + pi_name = "name" + pi_user_tags = ["tag1", "tag2"] + } +``` + +### Notes + +- Please find [supported Regions](https://cloud.ibm.com/apidocs/power-cloud#endpoint) for endpoints. +- If a Power cloud instance is provisioned at `lon04`, The provider level attributes should be as follows: + - `region` - `lon` + - `zone` - `lon04` + +Example usage: + + ```terraform + provider "ibm" { + region = "lon" + zone = "lon04" + } + ``` + +## Argument Reference + +Review the argument references that you can specify for your resource. + +- `pi_cloud_instance_id` - (Required, String) The GUID of the service instance associated with an account. +- `pi_name` - (Required, String) The name of the Network Security Group. +- `pi_user_tags` - (Optional, List) A list of tags. + +## Attribute Reference + +In addition to all argument reference list, you can access the following attribute reference after your resource is created. + +- `crn` - (String) The network security group's crn. + +- `members` - (List) The list of IPv4 addresses and\or network interfaces in the network security group. + + Nested schema for `members`: + - `id` - (String) The id of the member in a network security group. + - `mac_address` - (String) The mac address of a network interface included if the type is `network-interface`. + - `target` - (String) If `ipv4-address` type, then IPv4 address or if `network-interface` type, then network interface id. + - `type` - (String) The type of member. Supported values are: `ipv4-address`, `network-interface`. + +- `network_security_group_id` -(String) The unique identifier of the network security group. +- `rules` - (List) The list of rules in the network security group. + + Nested schema for `rules`: + - `action` - (String) The action to take if the rule matches network traffic. Supported values are: `allow`, `deny`. + - `destination_port` - (List) The list of destination port. + + Nested schema for `destination_port`: + - `maximum` - (Integer) The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number. + - `minimum` - (Integer) The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number. + - `id` - (String) The id of the rule in a network security group. + - `protocol` - (List) The list of protocol. + + Nested schema for `protocol`: + - `icmp_types` - (List) If icmp type, the list of ICMP packet types (by numbers) affected by ICMP rules and if not present then all types are matched. + - `tcp_flags` - (String) If tcp type, the list of TCP flags and if not present then all flags are matched. Supported values are: `syn`, `ack`, `fin`, `rst`, `urg`, `psh`, `wnd`, `chk`, `seq`. + - `type` - (String) The protocol of the network traffic. Supported values are: `icmp`, `tcp`, `udp`, `all`. + - `remote` - (List) List of remote. + + Nested schema for `remote`: + - `id` - (String) The id of the remote network Address group or network security group the rules apply to. Not required for default-network-address-group. + - `type` - (String) The type of remote group the rules apply to. Supported values are: `network-security-group`, `network-address-group`, `default-network-address-group`. + - `source_port` - (List) List of source port + + Nested schema for `source_port`: + - `maximum` - (Integer) The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number. + - `minimum` - (Integer) The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number. diff --git a/website/docs/r/pi_network_security_group_action.html.markdown b/website/docs/r/pi_network_security_group_action.html.markdown new file mode 100644 index 0000000000..39f2a36dc3 --- /dev/null +++ b/website/docs/r/pi_network_security_group_action.html.markdown @@ -0,0 +1,56 @@ +--- +layout: "ibm" +page_title: "IBM : ibm_pi_network_security_group_action" +description: |- + Manages pi_network_security_group_action. +subcategory: "Power Systems" +--- + +# ibm_pi_network_security_group_action + +Enable or disable a network security group in your workspace. + +## Example Usage + +```terraform + resource "ibm_pi_network_security_group_action" "network_security_group_action" { + pi_cloud_instance_id = "" + pi_action = "enable" + } +``` + +### Notes + +- Please find [supported Regions](https://cloud.ibm.com/apidocs/power-cloud#endpoint) for endpoints. +- If a Power cloud instance is provisioned at `lon04`, The provider level attributes should be as follows: + - `region` - `lon` + - `zone` - `lon04` + +Example usage: + + ```terraform + provider "ibm" { + region = "lon" + zone = "lon04" + } + ``` + +## Timeouts + +The `ibm_pi_network_security_group_action` provides the following [Timeouts](https://www.terraform.io/docs/language/resources/syntax.html) configuration options: + +- **create** - (Default 5 minutes) Used for enabling a network security group. +- **update** - (Default 5 minutes) Used for disabling a network security group. + +## Argument Reference + +Review the argument references that you can specify for your resource. + +- `pi_action` - (Required, String) Name of the action to take; can be enable to enable NSGs in a workspace or disable to disable NSGs in a workspace. Supported values are: `enable`, `disable`. +- `pi_cloud_instance_id` - (Required, String) The GUID of the service instance associated with an account. + +## Attribute Reference + +In addition to all argument reference list, you can access the following attribute reference after your resource is created. + +- `state` - (String) The workspace network security group's state. diff --git a/website/docs/r/pi_network_security_group_member.html.markdown b/website/docs/r/pi_network_security_group_member.html.markdown new file mode 100644 index 0000000000..0691f25d58 --- /dev/null +++ b/website/docs/r/pi_network_security_group_member.html.markdown @@ -0,0 +1,97 @@ +--- +layout: "ibm" +page_title: "IBM : ibm_pi_network_security_group_member" +description: |- + Manages pi_network_security_group_member. +subcategory: "Power Systems" +--- + +# ibm_pi_network_security_group_member + +Add or remove a network security group member. + +## Example Usage + +```terraform + resource "ibm_pi_network_security_group_member" "network_security_group_member" { + pi_cloud_instance_id = "" + pi_network_security_group_id = "network_security_group_id" + pi_target = "target" + pi_type = "ipv4-address" + } +``` + +### Notes + +- Please find [supported Regions](https://cloud.ibm.com/apidocs/power-cloud#endpoint) for endpoints. +- If a Power cloud instance is provisioned at `lon04`, The provider level attributes should be as follows: + - `region` - `lon` + - `zone` - `lon04` + +Example usage: + + ```terraform + provider "ibm" { + region = "lon" + zone = "lon04" + } + ``` + +## Timeouts + +The `ibm_pi_network_security_group_member` provides the following [Timeouts](https://www.terraform.io/docs/language/resources/syntax.html) configuration options: + +- **delete** - (Default 5 minutes) Used for deleting a network security group member. + +## Argument Reference + +Review the argument references that you can specify for your resource. + +- `pi_cloud_instance_id` - (Required, String) The GUID of the service instance associated with an account. +- `pi_network_security_group_id` - (Required, String) Network security group ID. +- `pi_network_security_group_member_id` - (Optional, String) Network security group member ID. This conflicts with `pi_target` and `pi_type`. +- `pi_target` - (Optional, String) The target member to add. Required with `pi_type`. This conflicts with `pi_network_security_group_member_id`. +- `pi_type` - (Optional, String) The type of member. Supported values are: `ipv4-address`, `network-interface`. Required with `pi_target`. This conflicts with `pi_network_security_group_member_id`. + +## Attribute Reference + +In addition to all argument reference list, you can access the following attribute reference after your resource is created. + +- `id` - (String) The unique identifier of the network security group. +- `crn` - (String) The network security group's crn. + +- `members` - (List) The list of IPv4 addresses and\or network interfaces in the network security group. + + Nested schema for `members`: + - `id` - (String) The id of the member in a network security group. + - `mac_address` - (String) The mac address of a network interface included if the type is `network-interface`. + - `target` - (String) If `ipv4-address` type, then IPv4 address or if `network-interface` type, then network interface id. + - `type` - (String) The type of member. Supported values are: `ipv4-address`, `network-interface`. + +- `name` - (String) The name of the network security group. +- `rules` - (List) The list of rules in the network security group. + + Nested schema for `rules`: + - `action` - (String) The action to take if the rule matches network traffic. Supported values are: `allow`, `deny`. + - `destination_port` - (List) The list of destination port. + + Nested schema for `destination_port`: + - `maximum` - (Integer) The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number. + - `minimum` - (Integer) The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum port number. + - `id` - (String) The id of the rule in a network security group. + - `protocol` - (List) The list of protocol. + + Nested schema for `protocol`: + - `icmp_types` - (List) If icmp type, the list of ICMP packet types (by numbers) affected by ICMP rules and if not present then all types are matched. + - `tcp_flags` - (String) If tcp type, the list of TCP flags and if not present then all flags are matched. Supported values are: `syn`, `ack`, `fin`, `rst`, `urg`, `psh`, `wnd`, `chk`, `seq`. + - `type` - (String) The protocol of the network traffic. Supported values are: `icmp`, `tcp`, `udp`, `all`. + - `remote` - (List) List of remote. + + Nested schema for `remote`: + - `id` - (String) The id of the remote network Address group or network security group the rules apply to. Not required for default-network-address-group. + - `type` - (String) The type of remote group the rules apply to. Supported values are: `network-security-group`, `network-address-group`, `default-network-address-group`. + - `source_port` - (List) List of source port + + Nested schema for `source_port`: + - `maximum` - (Integer) The end of the port range, if applicable. If the value is not present then the default value of 65535 will be the maximum port number. + - `minimum` - (Integer) The start of the port range, if applicable. If the value is not present then the default value of 1 will be the minimum