forked from IBM-Cloud/terraform-provider-ibm
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[R] Add NSG [R] Add NSG Action [R] Add NSG Member [R] Add NSG Member test Update Provider
- Loading branch information
1 parent
045433e
commit 26e064a
Showing
20 changed files
with
2,113 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
320 changes: 320 additions & 0 deletions
320
ibm/service/power/data_source_ibm_pi_network_security_group.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,320 @@ | ||
// Copyright IBM Corp. 2024 All Rights Reserved. | ||
// Licensed under the Mozilla Public License v2.0 | ||
|
||
package power | ||
|
||
import ( | ||
"context" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/diag" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
|
||
"github.com/IBM-Cloud/power-go-client/clients/instance" | ||
"github.com/IBM-Cloud/power-go-client/power/models" | ||
"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" | ||
) | ||
|
||
func DataSourceIBMPINetworkSecurityGroup() *schema.Resource { | ||
return &schema.Resource{ | ||
ReadContext: dataSourceIBMPINetworkSecurityGroupRead, | ||
|
||
Schema: map[string]*schema.Schema{ | ||
// Arguments | ||
Arg_CloudInstanceID: { | ||
Description: "The GUID of the service instance associated with an account.", | ||
Required: true, | ||
Type: schema.TypeString, | ||
ValidateFunc: validation.NoZeroValues, | ||
}, | ||
Arg_NetworkSecurityGroupID: { | ||
Description: "network security group ID.", | ||
Required: true, | ||
Type: schema.TypeString, | ||
ValidateFunc: validation.NoZeroValues, | ||
}, | ||
// Attributes | ||
Attr_CRN: { | ||
Computed: true, | ||
Description: "The network security group's crn.", | ||
Type: schema.TypeString, | ||
}, | ||
Attr_Members: { | ||
Computed: true, | ||
Description: "The list of IPv4 addresses and, or network interfaces in the network security group.", | ||
Elem: &schema.Resource{ | ||
Schema: map[string]*schema.Schema{ | ||
Attr_ID: { | ||
Computed: true, | ||
Description: "The ID of the member in a network security group.", | ||
Type: schema.TypeString, | ||
}, | ||
Attr_MacAddress: { | ||
Computed: true, | ||
Description: "The mac address of a network interface included if the type is network-interface.", | ||
Type: schema.TypeString, | ||
}, | ||
Attr_Target: { | ||
Computed: true, | ||
Description: "If ipv4-address type, then IPv4 address or if network-interface type, then network interface ID.", | ||
Type: schema.TypeString, | ||
}, | ||
Attr_Type: { | ||
Computed: true, | ||
Description: "The type of member.", | ||
Type: schema.TypeString, | ||
}, | ||
}, | ||
}, | ||
Type: schema.TypeList, | ||
}, | ||
Attr_Name: { | ||
Computed: true, | ||
Description: "The name of the network security group.", | ||
Type: schema.TypeString, | ||
}, | ||
Attr_Rules: { | ||
Computed: true, | ||
Description: "The list of rules in the network security group.", | ||
Elem: &schema.Resource{ | ||
Schema: map[string]*schema.Schema{ | ||
Attr_Action: { | ||
Computed: true, | ||
Description: "The action to take if the rule matches network traffic.", | ||
Type: schema.TypeString, | ||
}, | ||
Attr_DestinationPort: { | ||
Computed: true, | ||
Description: "The list of destination port.", | ||
Elem: &schema.Resource{ | ||
Schema: map[string]*schema.Schema{ | ||
Attr_Maximum: { | ||
Computed: true, | ||
Description: "The end of the port range, if applicable, If values are not present then all ports are in the range.", | ||
Type: schema.TypeFloat, | ||
}, | ||
Attr_Minimum: { | ||
Computed: true, | ||
Description: "The start of the port range, if applicable. If values are not present then all ports are in the range.", | ||
Type: schema.TypeFloat, | ||
}, | ||
}, | ||
}, | ||
Type: schema.TypeList, | ||
}, | ||
Attr_ID: { | ||
Computed: true, | ||
Description: "The ID of the rule in a network security group.", | ||
Type: schema.TypeString, | ||
}, | ||
Attr_Name: { | ||
Computed: true, | ||
Description: "The unique name of the network security group rule.", | ||
Type: schema.TypeString, | ||
}, | ||
Attr_Protocol: { | ||
Computed: true, | ||
Description: "The list of protocol.", | ||
Elem: &schema.Resource{ | ||
Schema: map[string]*schema.Schema{ | ||
Attr_ICMTypes: { | ||
Computed: true, | ||
Description: "If icmp type, the list of ICMP packet types (by numbers) affected by ICMP rules and if not present then all types are matched.", | ||
Elem: &schema.Schema{ | ||
Type: schema.TypeFloat, | ||
}, | ||
Type: schema.TypeList, | ||
}, | ||
Attr_TCPFlags: { | ||
Computed: true, | ||
Description: "If tcp type, the list of TCP flags and if not present then all flags are matched.", | ||
Elem: &schema.Resource{ | ||
Schema: map[string]*schema.Schema{ | ||
Attr_Flag: { | ||
Computed: true, | ||
Description: "TCP flag.", | ||
Type: schema.TypeString, | ||
}, | ||
}, | ||
}, | ||
Type: schema.TypeList, | ||
}, | ||
Attr_Type: { | ||
Computed: true, | ||
Description: "The protocol of the network traffic.", | ||
Type: schema.TypeString, | ||
}, | ||
}, | ||
}, | ||
Type: schema.TypeList, | ||
}, | ||
Attr_Remote: { | ||
Computed: true, | ||
Description: "List of remote.", | ||
Elem: &schema.Resource{ | ||
Schema: map[string]*schema.Schema{ | ||
Attr_ID: { | ||
Computed: true, | ||
Description: "The ID of the remote Network Address Group or network security group the rules apply to. Not required for default-network-address-group.", | ||
Type: schema.TypeString, | ||
}, | ||
Attr_Type: { | ||
Computed: true, | ||
Description: "The type of remote group the rules apply to.", | ||
Type: schema.TypeString, | ||
}, | ||
}, | ||
}, | ||
Type: schema.TypeList, | ||
}, | ||
Attr_SourcePort: { | ||
Computed: true, | ||
Description: "ist of source port", | ||
Elem: &schema.Resource{ | ||
Schema: map[string]*schema.Schema{ | ||
Attr_Maximum: { | ||
Computed: true, | ||
Description: "The end of the port range, if applicable, If values are not present then all ports are in the range.", | ||
Type: schema.TypeFloat, | ||
}, | ||
Attr_Minimum: { | ||
Computed: true, | ||
Description: "The start of the port range, if applicable. If values are not present then all ports are in the range.", | ||
Type: schema.TypeFloat, | ||
}, | ||
}, | ||
}, | ||
Type: schema.TypeList, | ||
}, | ||
}, | ||
}, | ||
Type: schema.TypeList, | ||
}, | ||
Attr_UserTags: { | ||
Computed: true, | ||
Description: "The user tags associated with this resource.", | ||
Elem: &schema.Schema{Type: schema.TypeString}, | ||
Type: schema.TypeList, | ||
}, | ||
}, | ||
} | ||
} | ||
|
||
func dataSourceIBMPINetworkSecurityGroupRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { | ||
sess, err := meta.(conns.ClientSession).IBMPISession() | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
|
||
cloudInstanceID := d.Get(Arg_CloudInstanceID).(string) | ||
nsgClient := instance.NewIBMIPINetworkSecurityGroupClient(ctx, sess, cloudInstanceID) | ||
|
||
networkSecurityGroup, err := nsgClient.Get(d.Get(Arg_NetworkSecurityGroupID).(string)) | ||
if err != nil { | ||
return diag.FromErr(err) | ||
} | ||
|
||
d.SetId(*networkSecurityGroup.ID) | ||
d.Set(Attr_CRN, networkSecurityGroup.Crn) | ||
|
||
if networkSecurityGroup.Members != nil { | ||
members := []map[string]interface{}{} | ||
for _, mbr := range networkSecurityGroup.Members { | ||
mbrMap := networkSecurityGroupMemberToMap(mbr) | ||
members = append(members, mbrMap) | ||
} | ||
d.Set(Attr_Members, members) | ||
} | ||
|
||
d.Set(Attr_Name, networkSecurityGroup.Name) | ||
|
||
if networkSecurityGroup.Rules != nil { | ||
rules := []map[string]interface{}{} | ||
for _, rule := range networkSecurityGroup.Rules { | ||
ruleMap := networkSecurityGroupRuleToMap(rule) | ||
rules = append(rules, ruleMap) | ||
} | ||
d.Set(Attr_Rules, rules) | ||
} | ||
|
||
if len(networkSecurityGroup.UserTags) > 0 { | ||
d.Set(Attr_UserTags, networkSecurityGroup.UserTags) | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func networkSecurityGroupMemberToMap(mbr *models.NetworkSecurityGroupMember) map[string]interface{} { | ||
mbrMap := make(map[string]interface{}) | ||
mbrMap[Attr_ID] = mbr.ID | ||
if mbr.MacAddress != "" { | ||
mbrMap[Attr_MacAddress] = mbr.MacAddress | ||
} | ||
mbrMap[Attr_Target] = mbr.Target | ||
mbrMap[Attr_Type] = mbr.Type | ||
return mbrMap | ||
} | ||
|
||
func networkSecurityGroupRuleToMap(rule *models.NetworkSecurityGroupRule) map[string]interface{} { | ||
ruleMap := make(map[string]interface{}) | ||
ruleMap[Attr_Action] = rule.Action | ||
if rule.DestinationPort != nil { | ||
destinationPortMap := networkSecurityGroupRulePortToMap(rule.DestinationPort) | ||
ruleMap[Attr_DestinationPort] = []map[string]interface{}{destinationPortMap} | ||
} | ||
|
||
ruleMap[Attr_ID] = rule.ID | ||
ruleMap[Attr_Name] = rule.Name | ||
|
||
protocolMap := networkSecurityGroupRuleProtocolToMap(rule.Protocol) | ||
ruleMap[Attr_Protocol] = []map[string]interface{}{protocolMap} | ||
|
||
remoteMap := networkSecurityGroupRuleRemoteToMap(rule.Remote) | ||
|
||
ruleMap[Attr_Remote] = []map[string]interface{}{remoteMap} | ||
|
||
if rule.SourcePort != nil { | ||
sourcePortMap := networkSecurityGroupRulePortToMap(rule.SourcePort) | ||
ruleMap[Attr_SourcePort] = []map[string]interface{}{sourcePortMap} | ||
} | ||
|
||
return ruleMap | ||
} | ||
|
||
func networkSecurityGroupRulePortToMap(port *models.NetworkSecurityGroupRulePort) map[string]interface{} { | ||
portMap := make(map[string]interface{}) | ||
portMap[Attr_Maximum] = port.Maximum | ||
portMap[Attr_Minimum] = port.Minimum | ||
return portMap | ||
} | ||
|
||
func networkSecurityGroupRuleProtocolToMap(protocol *models.NetworkSecurityGroupRuleProtocol) map[string]interface{} { | ||
protocolMap := make(map[string]interface{}) | ||
if protocol.IcmpTypes != nil { | ||
protocolMap[Attr_ICMTypes] = protocol.IcmpTypes | ||
} | ||
if protocol.TCPFlags != nil { | ||
tcpFlags := []map[string]interface{}{} | ||
for _, tcpFlagsItem := range protocol.TCPFlags { | ||
tcpFlagsItemMap := make(map[string]interface{}) | ||
tcpFlagsItemMap[Attr_Flag] = tcpFlagsItem.Flag | ||
tcpFlags = append(tcpFlags, tcpFlagsItemMap) | ||
} | ||
protocolMap[Attr_TCPFlags] = tcpFlags | ||
} | ||
if protocol.Type != "" { | ||
protocolMap[Attr_Type] = protocol.Type | ||
} | ||
return protocolMap | ||
} | ||
|
||
func networkSecurityGroupRuleRemoteToMap(remote *models.NetworkSecurityGroupRuleRemote) map[string]interface{} { | ||
remoteMap := make(map[string]interface{}) | ||
if remote.ID != "" { | ||
remoteMap[Attr_ID] = remote.ID | ||
} | ||
if remote.Type != "" { | ||
remoteMap[Attr_Type] = remote.Type | ||
} | ||
return remoteMap | ||
} |
Oops, something went wrong.