Skip to content

Commit

Permalink
feat(CLOUDDEV-420): added disable_port_security option to instance re…
Browse files Browse the repository at this point in the history
…source
  • Loading branch information
damir.zinatullin committed Dec 26, 2023
1 parent ed2f012 commit bcc20d6
Show file tree
Hide file tree
Showing 33 changed files with 158 additions and 74 deletions.
2 changes: 0 additions & 2 deletions docs/data-sources/floatingip.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,5 +71,3 @@ Read-Only:
- `key` (String)
- `read_only` (Boolean)
- `value` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/image.md
Original file line number Diff line number Diff line change
Expand Up @@ -71,5 +71,3 @@ Read-Only:
- `key` (String)
- `read_only` (Boolean)
- `value` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/instance.md
Original file line number Diff line number Diff line change
Expand Up @@ -116,5 +116,3 @@ Read-Only:

- `delete_on_termination` (Boolean)
- `volume_id` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/k8s.md
Original file line number Diff line number Diff line change
Expand Up @@ -82,5 +82,3 @@ Read-Only:
- `node_count` (Number)
- `stack_id` (String)
- `uuid` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/k8s_client_config.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,5 +43,3 @@ data "edgecenter_k8s_client_config" "cfg" {
- `client_certificate_data` (String) The client_certificate_data field from k8s config.
- `client_key_data` (String) The client_key_data field from k8s config.
- `id` (String) The ID of this resource.


2 changes: 0 additions & 2 deletions docs/data-sources/k8s_pool.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,5 +55,3 @@ data "edgecenter_k8s_pool" "pool" {
- `node_count` (Number) The current number of nodes in the pool.
- `node_names` (List of String) A list of names of nodes within the pool.
- `stack_id` (String) The identifier of the underlying infrastructure stack used by this pool.


2 changes: 0 additions & 2 deletions docs/data-sources/lblistener.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,5 +61,3 @@ output "view" {
- `protocol` (String) Available values is 'HTTP', 'HTTPS', 'TCP', 'UDP'
- `protocol_port` (Number) The port on which the protocol is bound.
- `provisioning_status` (String) The current provisioning status of the load balancer.


2 changes: 0 additions & 2 deletions docs/data-sources/lbpool.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,5 +87,3 @@ Read-Only:
- `persistence_granularity` (String)
- `persistence_timeout` (Number)
- `type` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/loadbalancer.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,5 +79,3 @@ Read-Only:
- `key` (String)
- `read_only` (Boolean)
- `value` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/loadbalancerv2.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,5 +67,3 @@ Read-Only:
- `key` (String)
- `read_only` (Boolean)
- `value` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/network.md
Original file line number Diff line number Diff line change
Expand Up @@ -96,5 +96,3 @@ Read-Only:

- `destination` (String)
- `nexthop` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/project.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,3 @@ data "edgecenter_project" "pr" {
### Read-Only

- `id` (String) The ID of this resource.


2 changes: 0 additions & 2 deletions docs/data-sources/region.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,3 @@ data "edgecenter_region" "rg" {
### Read-Only

- `id` (String) The ID of this resource.


2 changes: 0 additions & 2 deletions docs/data-sources/reservedfixedip.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,5 +67,3 @@ Read-Only:

- `ip_address` (String)
- `mac_address` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/router.md
Original file line number Diff line number Diff line change
Expand Up @@ -97,5 +97,3 @@ Read-Only:

- `destination` (String)
- `nexthop` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/secret.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,5 +60,3 @@ output "view" {
- `id` (String) The ID of this resource.
- `mode` (String) The mode of the encryption algorithm.
- `status` (String) The current status of the secret.


2 changes: 0 additions & 2 deletions docs/data-sources/securitygroup.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,5 +84,3 @@ Read-Only:
- `protocol` (String)
- `remote_ip_prefix` (String)
- `updated_at` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/servergroup.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,5 +63,3 @@ Read-Only:

- `instance_id` (String)
- `instance_name` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/storage_s3.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,5 +38,3 @@ data "edgecenter_storage_s3" "example_s3" {
- `generated_s3_endpoint` (String) A s3 endpoint for new storage resource.
- `id` (String) The ID of this resource.
- `location` (String) A location of new storage resource. One of (s-dt2)


2 changes: 0 additions & 2 deletions docs/data-sources/storage_s3_bucket.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,5 +34,3 @@ data "edgecenter_storage_s3_bucket" "example_s3_bucket" {
### Read-Only

- `id` (String) The ID of this resource.


2 changes: 0 additions & 2 deletions docs/data-sources/subnet.md
Original file line number Diff line number Diff line change
Expand Up @@ -81,5 +81,3 @@ Read-Only:
- `key` (String)
- `read_only` (Boolean)
- `value` (String)


2 changes: 0 additions & 2 deletions docs/data-sources/volume.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,5 +69,3 @@ Read-Only:
- `key` (String)
- `read_only` (Boolean)
- `value` (String)


2 changes: 0 additions & 2 deletions docs/resources/cdn_origingroup.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,5 +60,3 @@ Optional:
Read-Only:

- `id` (Number) The ID of this resource.


2 changes: 0 additions & 2 deletions docs/resources/cdn_resource.md
Original file line number Diff line number Diff line change
Expand Up @@ -618,5 +618,3 @@ Required:
Optional:

- `enabled` (Boolean)


2 changes: 0 additions & 2 deletions docs/resources/cdn_rule.md
Original file line number Diff line number Diff line change
Expand Up @@ -607,5 +607,3 @@ Required:
Optional:

- `enabled` (Boolean)


2 changes: 0 additions & 2 deletions docs/resources/cdn_sslcert.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,5 +48,3 @@ resource "edgecenter_cdn_sslcert" "cdnopt_cert" {
- `automated` (Boolean) The way SSL certificate was issued.
- `has_related_resources` (Boolean) It shows if the SSL certificate is used by a CDN resource.
- `id` (String) The ID of this resource.


10 changes: 6 additions & 4 deletions docs/resources/instance.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,10 +75,11 @@ resource "edgecenter_instance" "instance" {
}
interface {
type = "subnet"
network_id = edgecenter_network.network.id
subnet_id = edgecenter_subnet.subnet.id
security_groups = ["d75db0b2-58f1-4a11-88c6-a932bb897310"]
type = "subnet"
network_id = edgecenter_network.network.id
subnet_id = edgecenter_subnet.subnet.id
security_groups = ["d75db0b2-58f1-4a11-88c6-a932bb897310"]
port_security_disabled = true
}
metadata_map = {
Expand Down Expand Up @@ -199,6 +200,7 @@ Optional:
- `network_id` (String) Required if type is 'subnet' or 'any_subnet'.
- `order` (Number) Order of attaching interface
- `port_id` (String) required if type is 'reserved_fixed_ip'
- `port_security_disabled` (Boolean)
- `security_groups` (List of String) list of security group IDs
- `subnet_id` (String) Required if type is 'subnet'.
- `type` (String) Available value is 'subnet', 'any_subnet', 'external', 'reserved_fixed_ip'
Expand Down
2 changes: 0 additions & 2 deletions docs/resources/keypair.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,5 +46,3 @@ output "kp" {
- `fingerprint` (String) A fingerprint of the SSH public key, used to verify the integrity of the key.
- `id` (String) The ID of this resource.
- `sshkey_id` (String) The unique identifier assigned by the provider to the SSH key pair.


2 changes: 0 additions & 2 deletions docs/resources/storage_s3.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,5 +44,3 @@ resource "edgecenter_storage_s3" "example_s3" {
### Read-Only

- `id` (String) The ID of this resource.


2 changes: 0 additions & 2 deletions docs/resources/storage_s3_bucket.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,5 +34,3 @@ resource "edgecenter_storage_s3_bucket" "example_s3_bucket" {
### Read-Only

- `id` (String) The ID of this resource.


76 changes: 72 additions & 4 deletions edgecenter/resource_edgecenter_instance.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"encoding/base64"
"errors"
"fmt"
"github.com/Edge-Center/edgecentercloud-go/edgecenter/port/v1/ports"
"log"
"sort"
"strconv"
Expand All @@ -28,6 +29,7 @@ const (
InstanceDeleting int = 1200
InstanceCreatingTimeout int = 1200
InstancePoint = "instances"
PortsPoint = "ports"

InstanceVMStateActive = "active"
InstanceVMStateStopped = "stopped"
Expand Down Expand Up @@ -223,6 +225,11 @@ func resourceInstance() *schema.Resource {
Computed: true,
Optional: true,
},
"port_security_disabled": {
Type: schema.TypeBool,
Optional: true,
Computed: true,
},
},
},
},
Expand Down Expand Up @@ -498,6 +505,62 @@ func resourceInstanceCreate(ctx context.Context, d *schema.ResourceData, m inter
return Instance, nil
},
)
if err != nil {
return diag.FromErr(err)
}
instanceID := InstanceID.(string)
interfacesListAPI, err := instances.ListInterfacesAll(clientV1, instanceID)
if err != nil {
return diag.FromErr(err)
}

portSecurityOptsListExtracted, err := extractPortSecurityOpts(ifs)
if err != nil {
return diag.FromErr(err)
}

var portSecurityOptsList []InstancePortSecurityOpts
for _, iFace := range interfacesListAPI {
if len(iFace.IPAssignments) == 0 {
continue
}

portID := iFace.PortID
for _, assignment := range iFace.IPAssignments {

subnetID := assignment.SubnetID
ipAddress := assignment.IPAddress.String()

var portSecurityDisabled bool
for _, interfaceExtracted := range portSecurityOptsListExtracted {
if interfaceExtracted.SubnetID == subnetID || interfaceExtracted.IPAddress == ipAddress || interfaceExtracted.PortID == portID {
portSecurityDisabled = interfaceExtracted.PortSecurityDisabled
break
}
}

var portSecOpts InstancePortSecurityOpts
portSecOpts.PortID = portID
portSecOpts.PortSecurityDisabled = portSecurityDisabled

portSecurityOptsList = append(portSecurityOptsList, portSecOpts)
}
}

if len(portSecurityOptsList) > 0 {
portsClientV1, err := CreateClient(provider, d, PortsPoint, VersionPointV1)
if err != nil {
return diag.FromErr(err)
}
for _, v := range portSecurityOptsList {
if v.PortSecurityDisabled {
if _, err := ports.DisablePortSecurity(portsClientV1, v.PortID).Extract(); err != nil {
return diag.FromErr(err)
}
}
}
}

log.Printf("[DEBUG] Instance id (%s)", InstanceID)
if err != nil {
return diag.FromErr(err)
Expand Down Expand Up @@ -620,6 +683,7 @@ func resourceInstanceRead(_ context.Context, d *schema.ResourceData, m interface
i["network_id"] = iFace.NetworkID
i["subnet_id"] = subnetID
i["port_id"] = portID
i["port_security_disabled"] = !iFace.PortSecurityEnabled
if interfaceOpts.FloatingIP != nil {
i["fip_source"] = interfaceOpts.FloatingIP.Source.String()
i["existing_fip_id"] = interfaceOpts.FloatingIP.ExistingFloatingID
Expand Down Expand Up @@ -798,6 +862,10 @@ func resourceInstanceUpdate(ctx context.Context, d *schema.ResourceData, m inter
}

if d.HasChange("interface") {
portsClientV1, err := CreateClient(provider, d, PortsPoint, VersionPointV1)
if err != nil {
return diag.FromErr(err)
}
iOldRaw, iNewRaw := d.GetChange("interface")
ifsOldSlice, ifsNewSlice := iOldRaw.([]interface{}), iNewRaw.([]interface{})
sort.Sort(instanceInterfaces(ifsOldSlice))
Expand Down Expand Up @@ -833,7 +901,7 @@ func resourceInstanceUpdate(ctx context.Context, d *schema.ResourceData, m inter
if err := detachInterfaceFromInstance(client, instanceID, iOld); err != nil {
return diag.FromErr(err)
}
if err := attachInterfaceToInstance(client, instanceID, iNew); err != nil {
if err := attachInterfaceToInstance(client, portsClientV1, instanceID, iNew); err != nil {
return diag.FromErr(err)
}
}
Expand Down Expand Up @@ -869,15 +937,15 @@ func resourceInstanceUpdate(ctx context.Context, d *schema.ResourceData, m inter
if err := detachInterfaceFromInstance(client, instanceID, iOld); err != nil {
return diag.FromErr(err)
}
if err := attachInterfaceToInstance(client, instanceID, iNew); err != nil {
if err := attachInterfaceToInstance(client, portsClientV1, instanceID, iNew); err != nil {
return diag.FromErr(err)
}
}
}

for _, item := range ifsNewSlice[len(ifsOldSlice):] {
iNew := item.(map[string]interface{})
if err := attachInterfaceToInstance(client, instanceID, iNew); err != nil {
if err := attachInterfaceToInstance(client, portsClientV1, instanceID, iNew); err != nil {
return diag.FromErr(err)
}
}
Expand Down Expand Up @@ -912,7 +980,7 @@ func resourceInstanceUpdate(ctx context.Context, d *schema.ResourceData, m inter
if err := detachInterfaceFromInstance(client, instanceID, iOld); err != nil {
return diag.FromErr(err)
}
if err := attachInterfaceToInstance(client, instanceID, iNew); err != nil {
if err := attachInterfaceToInstance(client, portsClientV1, instanceID, iNew); err != nil {
return diag.FromErr(err)
}
}
Expand Down
Loading

0 comments on commit bcc20d6

Please sign in to comment.