feat(CLOUDDEV-374): lb allowed cidrs

docs/data-sources/lblistener.md

@@ -54,6 +54,7 @@ output "view" {
 
 ### Read-Only
 
+- `allowed_cidrs` (List of String) The allowed CIDRs for listener.
 - `id` (String) The ID of this resource.
 - `operating_status` (String) The current operational status of the load balancer.
 - `pool_count` (Number) Number of pools associated with the load balancer.

docs/data-sources/loadbalancerv2.md

@@ -56,7 +56,6 @@ output "view" {
 
 - `id` (String) The ID of this resource.
 - `metadata_read_only` (List of Object) A list of read-only metadata items, e.g. tags. (see [below for nested schema](#nestedatt--metadata_read_only))
-- `security_group_id` (String) Load balancer security group ID
 - `vip_address` (String) Load balancer IP address
 - `vip_port_id` (String) Attached reserved IP.
 

docs/resources/lblistener.md

@@ -30,6 +30,7 @@ resource "edgecenter_lblistener" "listener" {
   name            = "test"
   protocol        = "TCP"
   protocol_port   = 36621
+  allowed_cidrs   = ["127.0.0.0/24", "192.168.0.0/24"]
   loadbalancer_id = edgecenter_loadbalancerv2.lb.id
 }
 ```
@@ -46,6 +47,7 @@ resource "edgecenter_lblistener" "listener" {
 
 ### Optional
 
+- `allowed_cidrs` (List of String) The allowed CIDRs for listener.
 - `insert_x_forwarded` (Boolean) Insert *-forwarded headers
 - `last_updated` (String) The timestamp of the last update (use with update context).
 - `project_id` (Number) The uuid of the project. Either 'project_id' or 'project_name' must be specified.

docs/resources/loadbalancerv2.md

@@ -44,7 +44,6 @@ resource "edgecenter_loadbalancerv2" "lb" {
 - `project_name` (String) The name of the project. Either 'project_id' or 'project_name' must be specified.
 - `region_id` (Number) The uuid of the region. Either 'region_id' or 'region_name' must be specified.
 - `region_name` (String) The name of the region. Either 'region_id' or 'region_name' must be specified.
-- `security_group` (String) Creates a new security group with the specified name
 - `timeouts` (Block, Optional) (see [below for nested schema](#nestedblock--timeouts))
 - `vip_network_id` (String) Attaches the created network.
 - `vip_port_id` (String) Attaches the created reserved IP.
@@ -54,7 +53,6 @@ resource "edgecenter_loadbalancerv2" "lb" {
 
 - `id` (String) The ID of this resource.
 - `metadata_read_only` (List of Object) A list of read-only metadata items, e.g. tags. (see [below for nested schema](#nestedatt--metadata_read_only))
-- `security_group_id` (String) Load balancer security group ID
 - `vip_address` (String) Load balancer IP address
 
 <a id="nestedblock--timeouts"></a>

edgecenter/data_source_edgecenter_lblistener.go

@@ -74,6 +74,12 @@ func dataSourceLBListener() *schema.Resource {
 				Computed:    true,
 				Description: "The current provisioning status of the load balancer.",
 			},
+			"allowed_cidrs": {
+				Type:        schema.TypeList,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Computed:    true,
+				Description: "The allowed CIDRs for listener.",
+			},
 		},
 	}
 }
@@ -102,10 +108,10 @@ func dataSourceLBListenerRead(_ context.Context, d *schema.ResourceData, m inter
 	}
 
 	var found bool
-	var lb listeners.Listener
+	var listener listeners.Listener
 	for _, l := range ls {
 		if l.Name == name {
-			lb = l
+			listener = l
 			found = true
 			break
 		}
@@ -115,16 +121,17 @@ func dataSourceLBListenerRead(_ context.Context, d *schema.ResourceData, m inter
 		return diag.Errorf("lb listener with name %s not found", name)
 	}
 
-	d.SetId(lb.ID)
-	d.Set("name", lb.Name)
-	d.Set("protocol", lb.Protocol.String())
-	d.Set("protocol_port", lb.ProtocolPort)
-	d.Set("pool_count", lb.PoolCount)
-	d.Set("operating_status", lb.OperationStatus.String())
-	d.Set("provisioning_status", lb.ProvisioningStatus.String())
+	d.SetId(listener.ID)
+	d.Set("name", listener.Name)
+	d.Set("protocol", listener.Protocol.String())
+	d.Set("protocol_port", listener.ProtocolPort)
+	d.Set("pool_count", listener.PoolCount)
+	d.Set("operating_status", listener.OperationStatus.String())
+	d.Set("provisioning_status", listener.ProvisioningStatus.String())
 	d.Set("loadbalancer_id", lbID)
 	d.Set("project_id", d.Get("project_id").(int))
 	d.Set("region_id", d.Get("region_id").(int))
+	d.Set("allowed_cidrs", listener.AllowedCIDRs)
 
 	log.Println("[DEBUG] Finish LBListener reading")
 

edgecenter/data_source_edgecenter_loadbalancerv2.go

@@ -68,11 +68,6 @@ func dataSourceLoadBalancerV2() *schema.Resource {
 				Computed:    true,
 				Description: "Attached reserved IP.",
 			},
-			"security_group_id": {
-				Type:        schema.TypeString,
-				Computed:    true,
-				Description: "Load balancer security group ID",
-			},
 			"metadata_read_only": {
 				Type:        schema.TypeList,
 				Computed:    true,
@@ -171,14 +166,6 @@ func dataSourceLoadBalancerV2Read(_ context.Context, d *schema.ResourceData, m i
 		return diag.FromErr(err)
 	}
 
-	sgInfo, err := loadbalancers.ListCustomSecurityGroup(client, d.Id()).Extract()
-	if err != nil {
-		return diag.FromErr(err)
-	}
-	if len(sgInfo) > 0 {
-		d.Set("security_group_id", sgInfo[0].ID)
-	}
-
 	log.Println("[DEBUG] Finish LoadBalancer reading")
 
 	return diags

edgecenter/resource_edgecenter_lblistener.go

@@ -141,6 +141,12 @@ func resourceLbListener() *schema.Resource {
 				Optional:    true,
 				Description: "List of secret identifiers used for Server Name Indication (SNI).",
 			},
+			"allowed_cidrs": {
+				Type:        schema.TypeList,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Optional:    true,
+				Description: "The allowed CIDRs for listener.",
+			},
 			"last_updated": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -203,6 +209,14 @@ func resourceLBListenerCreate(ctx context.Context, d *schema.ResourceData, m int
 		return diag.Errorf("wrong protocol")
 	}
 
+	allowedCIRDsRaw := d.Get("allowed_cidrs").([]interface{})
+	if len(allowedCIRDsRaw) > 0 {
+		opts.AllowedCIDRs = make([]string, len(allowedCIRDsRaw))
+		for i, s := range allowedCIRDsRaw {
+			opts.AllowedCIDRs[i] = s.(string)
+		}
+	}
+
 	results, err := listeners.Create(client, opts).Extract()
 	if err != nil {
 		return diag.FromErr(err)
@@ -255,6 +269,7 @@ func resourceLBListenerRead(_ context.Context, d *schema.ResourceData, m interfa
 	d.Set("provisioning_status", lb.ProvisioningStatus.String())
 	d.Set("secret_id", lb.SecretID)
 	d.Set("sni_secret_id", lb.SNISecretID)
+	d.Set("allowed_cidrs", lb.AllowedCIDRs)
 
 	fields := []string{"project_id", "region_id", "loadbalancer_id", "insert_x_forwarded"}
 	revertState(d, &fields)
@@ -304,6 +319,16 @@ func resourceLBListenerUpdate(ctx context.Context, d *schema.ResourceData, m int
 		changed = true
 	}
 
+	if d.HasChange("allowed_cidrs") {
+		allowedCIDRsRaw := d.Get("allowed_cidrs").([]interface{})
+		allowedCIDRs := make([]string, len(allowedCIDRsRaw))
+		for i, s := range allowedCIDRsRaw {
+			allowedCIDRs[i] = s.(string)
+		}
+		opts.AllowedCIDRs = allowedCIDRs
+		changed = true
+	}
+
 	if changed {
 		_, err = listeners.Update(client, d.Id(), opts).Extract()
 		if err != nil {

edgecenter/resource_edgecenter_loadbalancerv2.go

@@ -10,7 +10,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 
 	"github.com/Edge-Center/edgecentercloud-go/edgecenter/loadbalancer/v1/loadbalancers"
-	"github.com/Edge-Center/edgecentercloud-go/edgecenter/securitygroup/v1/securitygroups"
 	"github.com/Edge-Center/edgecentercloud-go/edgecenter/task/v1/tasks"
 	"github.com/Edge-Center/edgecentercloud-go/edgecenter/utils"
 	"github.com/Edge-Center/edgecentercloud-go/edgecenter/utils/metadata"
@@ -113,16 +112,6 @@ func resourceLoadBalancerV2() *schema.Resource {
 				Computed:    true,
 				Description: "The timestamp of the last update (use with update context).",
 			},
-			"security_group": {
-				Type:        schema.TypeString,
-				Optional:    true,
-				Description: "Creates a new security group with the specified name",
-			},
-			"security_group_id": {
-				Type:        schema.TypeString,
-				Description: "Load balancer security group ID",
-				Computed:    true,
-			},
 			"metadata_map": {
 				Type:        schema.TypeMap,
 				Optional:    true,
@@ -210,31 +199,6 @@ func resourceLoadBalancerV2Create(ctx context.Context, d *schema.ResourceData, m
 
 	d.SetId(lbID.(string))
 
-	securityGroup := d.Get("security_group").(string)
-	if securityGroup != "" {
-		if err := loadbalancers.CreateCustomSecurityGroup(client, d.Id()).ExtractErr(); err != nil {
-			return diag.FromErr(err)
-		}
-
-		sgInfo, err := loadbalancers.ListCustomSecurityGroup(client, d.Id()).Extract()
-		if err != nil {
-			return diag.FromErr(err)
-		}
-
-		if len(sgInfo) > 0 {
-			sgID := sgInfo[0].ID
-			d.Set("security_group_id", sgID)
-			clientSG, err := CreateClient(provider, d, SecurityGroupPoint, VersionPointV1)
-			if err != nil {
-				return diag.FromErr(err)
-			}
-			_, err = securitygroups.Update(clientSG, sgID, securitygroups.UpdateOpts{Name: securityGroup}).Extract()
-			if err != nil {
-				return diag.FromErr(err)
-			}
-		}
-	}
-
 	resourceLoadBalancerV2Read(ctx, d, m)
 
 	log.Printf("[DEBUG] Finish LoadBalancer creating (%s)", lbID)

edgecenter/test/data_source_edgecenter_lblistener_test.go

@@ -36,6 +36,7 @@ func TestAccLBListenerDataSource(t *testing.T) {
 			Name:         lbListenerTestName,
 			ProtocolPort: 80,
 			Protocol:     types.ProtocolTypeHTTP,
+			AllowedCIDRs: []string{"127.0.0.0/24"},
 		}},
 	}
 

examples/resources/edgecenter_lblistener/resource.tf

@@ -15,5 +15,6 @@ resource "edgecenter_lblistener" "listener" {
   name            = "test"
   protocol        = "TCP"
   protocol_port   = 36621
+  allowed_cidrs   = ["127.0.0.0/24", "192.168.0.0/24"]
   loadbalancer_id = edgecenter_loadbalancerv2.lb.id
 }

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/Edge-Center/edgecenter-dns-sdk-go v0.1.0
 	github.com/Edge-Center/edgecenter-storage-sdk-go v0.2.0
 	github.com/Edge-Center/edgecentercdn-go v0.1.4
-	github.com/Edge-Center/edgecentercloud-go v0.1.10
+	github.com/Edge-Center/edgecentercloud-go v0.1.11
 	github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.29.0
 	github.com/mitchellh/mapstructure v1.5.0

go.sum

@@ -8,8 +8,8 @@ github.com/Edge-Center/edgecenter-storage-sdk-go v0.2.0 h1:1aPDpywWbaF7VEjP/GjVo
 github.com/Edge-Center/edgecenter-storage-sdk-go v0.2.0/go.mod h1:TcWO0BPvDsE6AGlPBqpKCZhoQ70rRlqmm85J32qcL8I=
 github.com/Edge-Center/edgecentercdn-go v0.1.4 h1:Jt8f+CSriwVQ/KAb+a+v1dDNChtHjlpilgJOX8mOSx0=
 github.com/Edge-Center/edgecentercdn-go v0.1.4/go.mod h1:RwEyxwPAmxor1mZKUTa2bIU2p5qM6kcAofUkaE4O1V4=
-github.com/Edge-Center/edgecentercloud-go v0.1.10 h1:+mtt9/n4RBTKZwF0N5xlvCNTE74R+Qk29Na+zZgy/Vk=
-github.com/Edge-Center/edgecentercloud-go v0.1.10/go.mod h1:kmXGtx0lL1ib+SPfJe/uIAyDHamquAvqiftoLSyhxF8=
+github.com/Edge-Center/edgecentercloud-go v0.1.11 h1:00h5o/71lEoSdU1B4AWmviuOfO28P6nsRP+afjIsW80=
+github.com/Edge-Center/edgecentercloud-go v0.1.11/go.mod h1:kmXGtx0lL1ib+SPfJe/uIAyDHamquAvqiftoLSyhxF8=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs=
 github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=