stackit-dev-tools/terraform-provider-stackitprivatepreview
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

IaaS Release (#543)

Browse source 
* IaaS Volume (#541)

* Onboard IaaS Volume

* Labels mapping

* Add acceptance test

* Remove source field

* Fix lint

* Add examples and docs

* Fix lint

* Fix lint

* Fix lint

* Volume source field (#542)

* Onboard IaaS Volume

* Labels mapping

* Add acceptance test

* Remove source field

* Fix lint

* Add examples and docs

* Fix lint

* Fix lint

* Fix lint

* Add source field supoort

* Fix labels and source mapping

* Remove unecessary source mapping

* Move methods to conversion pkg

* Revert change

* Update stackit/internal/services/iaas/volume/datasource.go

Co-authored-by: João Palet <joao.palet@outlook.com>

* Update stackit/internal/services/iaas/volume/resource.go

Co-authored-by: João Palet <joao.palet@outlook.com>

* Update stackit/internal/services/iaas/volume/resource.go

Co-authored-by: João Palet <joao.palet@outlook.com>

* Update stackit/internal/services/iaas/volume/resource.go

Co-authored-by: João Palet <joao.palet@outlook.com>

* Changes after review

* Change after revie

---------

Co-authored-by: João Palet <joao.palet@outlook.com>

* Onboard IaaS security groups (#545)

* onboard iaas security group

* add examples and generate docs

* fix linter issues

* fix deletion

* Update stackit/internal/services/iaas/securitygroup/resource.go

Co-authored-by: Vicente Pinto <vicente.pinto@freiheit.com>

* rename data source example file

* update docs

* remove field

* remove field

* remove plan modifier from the name field

* refactor labels in mapFields

* change function from utils to conversion

* remove rules from the security group

* update docs

* add security group acceptance test

* add plan modifiers to stateful field

* sort imports

* change stateful description

---------

Co-authored-by: Gökçe Gök Klingel <goekce.goek_klingel@stackit.cloud>
Co-authored-by: Vicente Pinto <vicente.pinto@freiheit.com>

* IaaS Server baseline configuration (#546)

* Server resource schema

* Implemente CRUD methods and unit testsg

* Bug fixes

* Bug fix

* Make variable private

* Remove delete_on_termination and update descriptions

* Add security_group field to initial networking

* Add examples and acc test

* Generate docs

* Fix lint

* Fix lint issue

* Fix unit test

* Update desc

* Gen docs

* Onboard IaaS network interface (#544)

* implement network interface

* handle labels

* add CIDR validation

* fix linter issues and generate docs

* remove computed from the allowed addresses and fix the conditions

* Update stackit/internal/services/iaas/networkinterface/resource.go

Co-authored-by: Vicente Pinto <vicente.pinto@freiheit.com>

* Update stackit/internal/services/iaas/networkinterface/datasource.go

Co-authored-by: Vicente Pinto <vicente.pinto@freiheit.com>

* apply code review changes

* remove status from schema

* remove unnecessary GET call

* Update stackit/internal/services/iaas/networkinterface/resource.go

Co-authored-by: Vicente Pinto <vicente.pinto@freiheit.com>

* Update stackit/internal/services/iaas/networkinterface/resource.go

Co-authored-by: Vicente Pinto <vicente.pinto@freiheit.com>

* rename nic_security to security

* add beta markdown description

* use existing validateIP function

* use utils function for the options listing

* refactor labels

* change function from utils to conversion

* make allowed addresses a list of strings

* add acceptance test for network interfaces

* fix acceptance test

* rename security_groups as security_group_ids

* extend descriptions

* fix acc test

---------

Co-authored-by: Gökçe Gök Klingel <goekce.goek_klingel@stackit.cloud>
Co-authored-by: Vicente Pinto <vicente.pinto@freiheit.com>

* rename volume data source example (#552)

Co-authored-by: Gökçe Gök Klingel <goekce.goek_klingel@stackit.cloud>

* add requires replace to ipv4 and ipv6 fields (#549)

Co-authored-by: Gökçe Gök Klingel <goekce.goek_klingel@stackit.cloud>
Co-authored-by: Vicente Pinto <vicente.pinto@freiheit.com>

* Server resource improvements (#548)

* Improvements to server resource

* Fix example

* Remove useStateForUnknown

* Update SDK modules

* Update iaasalpha moduel (#555)

* Remove initial networking field (#556)

* Server attachment resources (#557)

* Server attachemnt resources

* Add examples

* Update volume datasource example

* Fix linting issues

* Fix linting

* Fix examples formatting

* Update go.mod

* Revert iaas to v0.11

* Onboard iaas public ip (#551)

* onboard public ip

* onboard public ip

* add public ip acceptance test

* Update examples/data-sources/stackit_public_ip/data-source.tf

Co-authored-by: Vicente Pinto <vicente.pinto@freiheit.com>

* add plan modifier to IP

* change type in the volume data source

* add network_interface field to public ip resource

* rename network_interface to network_interface_id

* remove obsolete checks

* extend unit tests

* add network_interface_id in example

* extend unit test

* extend acceptance test

* sort imports

---------

Co-authored-by: Vicente Pinto <vicente.pinto@freiheit.com>

* Add labels to network, network are and network area route resources (#559)

* Fix network_interface example

* Extend network, network area and network area route with labels

* Revert iaas to v0.11.0

---------

Co-authored-by: GokceGK <161626272+GokceGK@users.noreply.github.com>

* Onboard iaas security group rule (#553)

* onboard security group rule

* add security group rule to acceptance test

* change type in examples

* fix acc test issues

* extend example with objects

* remove obsolete field from acceptance test

* remove unnecessary plan modifier

* adapt schema fields

* adapt schema fields

* add requires replace to all fields

* extend descriptions with protocol limitations

* rename subfield protocol to number

* add requires replace to objects

* make icmp_parameters fields required

* add empty field checks for nested objects

* make max and min fields required in the port_range object

* make number field computed in the protocol object

* add UseStateForUnknown in protocol number

* remove obsolete unit test

* add checks for empty protocol and adapt unit test

* add atLeastOneOf validation in protocol fields

* fix linter issues

* Add project existence check before deleting SNA (#561)

* add project list check and error in network area deletion

* Update stackit/internal/services/iaas/networkarea/resource.go

Co-authored-by: Vicente Pinto <vicente.pinto@freiheit.com>

---------

Co-authored-by: Vicente Pinto <vicente.pinto@freiheit.com>

* Example server use cases and other fixes (#560)

* Add example usage to server resource

* Update examples

* Fix beta warning

* Update docs and examples

* Remove size from example

* Fix server description, fix security group rule error message

* Other fixes

* remove field from datasource

---------

Co-authored-by: GokceGK <161626272+GokceGK@users.noreply.github.com>

* Security group rule fixes (#562)

* Add example usage to server resource

* Update examples

* Fix beta warning

* Update docs and examples

* Remove size from example

* Fix server description, fix security group rule error message

* Other fixes

* Fixes to sec group rule

* Fix lint

* Change after review

---------

Co-authored-by: GokceGK <161626272+GokceGK@users.noreply.github.com>

* Fix server example (#565)

* Fix server example

* Fixes to examples, add CIDR validation to nic

* Migrate iaasalpha to iaas (#568)

* Migrate iaasalpha to iaas

* Fix lint

* Update example

* Improvements to security group rule (#569)

* Improvements to security group rule

* Fix lint

* Fix example and remove computed from description

* Fix formatting

* Update description

---------

Co-authored-by: João Palet <joao.palet@outlook.com>
Co-authored-by: GokceGK <161626272+GokceGK@users.noreply.github.com>
Co-authored-by: Gökçe Gök Klingel <goekce.goek_klingel@stackit.cloud>
This commit is contained in:
Vicente Pinto 2024-10-18 16:37:41 +01:00 committed by GitHub
parent 89dbf777fc
commit 93fe2fe89f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
80 changed files with 10148 additions and 161 deletions
Download patch file Download diff file Expand all files Collapse all files

171
stackit/internal/services/iaas/securitygroup/datasource.go Normal file
View file

@ -0,0 +1,171 @@
package securitygroup
import (
"context"
"fmt"
"net/http"
"github.com/hashicorp/terraform-plugin-framework/datasource"
"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
"github.com/hashicorp/terraform-plugin-framework/schema/validator"
"github.com/hashicorp/terraform-plugin-framework/types"
"github.com/hashicorp/terraform-plugin-log/tflog"
"github.com/stackitcloud/stackit-sdk-go/core/config"
"github.com/stackitcloud/stackit-sdk-go/core/oapierror"
"github.com/stackitcloud/stackit-sdk-go/services/iaas"
"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/core"
"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/features"
"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/validate"
)
// securityGroupDataSourceBetaCheckDone is used to prevent multiple checks for beta resources.
// This is a workaround for the lack of a global state in the provider and
// needs to exist because the Configure method is called twice.
var securityGroupDataSourceBetaCheckDone bool
// Ensure the implementation satisfies the expected interfaces.
var (
_ datasource.DataSource = &securityGroupDataSource{}
)
// NewSecurityGroupDataSource is a helper function to simplify the provider implementation.
func NewSecurityGroupDataSource() datasource.DataSource {
return &securityGroupDataSource{}
}
// securityGroupDataSource is the data source implementation.
type securityGroupDataSource struct {
client *iaas.APIClient
}
// Metadata returns the data source type name.
func (d *securityGroupDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
resp.TypeName = req.ProviderTypeName + "_security_group"
}
func (d *securityGroupDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
// Prevent panic if the provider has not been configured.
if req.ProviderData == nil {
return
}
var apiClient *iaas.APIClient
var err error
providerData, ok := req.ProviderData.(core.ProviderData)
if !ok {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error configuring API client", fmt.Sprintf("Expected configure type stackit.ProviderData, got %T", req.ProviderData))
return
}
if !securityGroupDataSourceBetaCheckDone {
features.CheckBetaResourcesEnabled(ctx, &providerData, &resp.Diagnostics, "stackit_security_group", "data source")
if resp.Diagnostics.HasError() {
return
}
securityGroupDataSourceBetaCheckDone = true
}
if providerData.IaaSCustomEndpoint != "" {
apiClient, err = iaas.NewAPIClient(
config.WithCustomAuth(providerData.RoundTripper),
config.WithEndpoint(providerData.IaaSCustomEndpoint),
)
} else {
apiClient, err = iaas.NewAPIClient(
config.WithCustomAuth(providerData.RoundTripper),
config.WithRegion(providerData.Region),
)
}
if err != nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error configuring API client", fmt.Sprintf("Configuring client: %v. This is an error related to the provider configuration, not to the data source configuration", err))
return
}
d.client = apiClient
tflog.Info(ctx, "iaas client configured")
}
// Schema defines the schema for the resource.
func (r *securityGroupDataSource) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
resp.Schema = schema.Schema{
MarkdownDescription: features.AddBetaDescription("Security group datasource schema. Must have a `region` specified in the provider configuration."),
Description: "Security group datasource schema. Must have a `region` specified in the provider configuration.",
Attributes: map[string]schema.Attribute{
"id": schema.StringAttribute{
Description: "Terraform's internal resource ID. It is structured as \"`project_id`,`security_group_id`\".",
Computed: true,
},
"project_id": schema.StringAttribute{
Description: "STACKIT project ID to which the security group is associated.",
Required: true,
Validators: []validator.String{
validate.UUID(),
validate.NoSeparator(),
},
},
"security_group_id": schema.StringAttribute{
Description: "The security group ID.",
Required: true,
Validators: []validator.String{
validate.UUID(),
validate.NoSeparator(),
},
},
"name": schema.StringAttribute{
Description: "The name of the security group.",
Computed: true,
},
"description": schema.StringAttribute{
Description: "The description of the security group.",
Computed: true,
},
"labels": schema.MapAttribute{
Description: "Labels are key-value string pairs which can be attached to a resource container",
ElementType: types.StringType,
Computed: true,
},
"stateful": schema.BoolAttribute{
Description: "Configures if a security group is stateful or stateless. There can only be one type of security groups per network interface/server.",
Computed: true,
},
},
}
}
// Read refreshes the Terraform state with the latest data.
func (d *securityGroupDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { // nolint:gocritic // function signature required by Terraform
var model Model
diags := req.Config.Get(ctx, &model)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
projectId := model.ProjectId.ValueString()
securityGroupId := model.SecurityGroupId.ValueString()
ctx = tflog.SetField(ctx, "project_id", projectId)
ctx = tflog.SetField(ctx, "security_group_id", securityGroupId)
securityGroupResp, err := d.client.GetSecurityGroup(ctx, projectId, securityGroupId).Execute()
if err != nil {
oapiErr, ok := err.(*oapierror.GenericOpenAPIError) //nolint:errorlint //complaining that error.As should be used to catch wrapped errors, but this error should not be wrapped
if ok && oapiErr.StatusCode == http.StatusNotFound {
resp.State.RemoveResource(ctx)
return
}
core.LogAndAddError(ctx, &resp.Diagnostics, "Error reading security group", fmt.Sprintf("Calling API: %v", err))
return
}
err = mapFields(ctx, securityGroupResp, &model)
if err != nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error reading security group", fmt.Sprintf("Processing API payload: %v", err))
return
}
diags = resp.State.Set(ctx, model)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
tflog.Info(ctx, "security group read")
}

451
stackit/internal/services/iaas/securitygroup/resource.go Normal file
View file

@ -0,0 +1,451 @@
package securitygroup
import (
"context"
"fmt"
"net/http"
"regexp"
"strings"
"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
"github.com/hashicorp/terraform-plugin-framework/diag"
"github.com/hashicorp/terraform-plugin-framework/path"
"github.com/hashicorp/terraform-plugin-framework/resource"
"github.com/hashicorp/terraform-plugin-framework/resource/schema"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/boolplanmodifier"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
"github.com/hashicorp/terraform-plugin-framework/schema/validator"
"github.com/hashicorp/terraform-plugin-framework/types"
"github.com/hashicorp/terraform-plugin-log/tflog"
"github.com/stackitcloud/stackit-sdk-go/core/config"
"github.com/stackitcloud/stackit-sdk-go/core/oapierror"
"github.com/stackitcloud/stackit-sdk-go/services/iaas"
"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/conversion"
"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/core"
"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/features"
"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/validate"
)
// resourceBetaCheckDone is used to prevent multiple checks for beta resources.
// This is a workaround for the lack of a global state in the provider and
// needs to exist because the Configure method is called twice.
var resourceBetaCheckDone bool
// Ensure the implementation satisfies the expected interfaces.
var (
_ resource.Resource = &securityGroupResource{}
_ resource.ResourceWithConfigure = &securityGroupResource{}
_ resource.ResourceWithImportState = &securityGroupResource{}
)
type Model struct {
Id types.String `tfsdk:"id"` // needed by TF
ProjectId types.String `tfsdk:"project_id"`
SecurityGroupId types.String `tfsdk:"security_group_id"`
Name types.String `tfsdk:"name"`
Description types.String `tfsdk:"description"`
Labels types.Map `tfsdk:"labels"`
Stateful types.Bool `tfsdk:"stateful"`
}
// NewSecurityGroupResource is a helper function to simplify the provider implementation.
func NewSecurityGroupResource() resource.Resource {
return &securityGroupResource{}
}
// securityGroupResource is the resource implementation.
type securityGroupResource struct {
client *iaas.APIClient
}
// Metadata returns the resource type name.
func (r *securityGroupResource) Metadata(_ context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
resp.TypeName = req.ProviderTypeName + "_security_group"
}
// Configure adds the provider configured client to the resource.
func (r *securityGroupResource) Configure(ctx context.Context, req resource.ConfigureRequest, resp *resource.ConfigureResponse) {
// Prevent panic if the provider has not been configured.
if req.ProviderData == nil {
return
}
providerData, ok := req.ProviderData.(core.ProviderData)
if !ok {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error configuring API client", fmt.Sprintf("Expected configure type stackit.ProviderData, got %T", req.ProviderData))
return
}
if !resourceBetaCheckDone {
features.CheckBetaResourcesEnabled(ctx, &providerData, &resp.Diagnostics, "stackit_security_group", "resource")
if resp.Diagnostics.HasError() {
return
}
resourceBetaCheckDone = true
}
var apiClient *iaas.APIClient
var err error
if providerData.IaaSCustomEndpoint != "" {
ctx = tflog.SetField(ctx, "iaas_custom_endpoint", providerData.IaaSCustomEndpoint)
apiClient, err = iaas.NewAPIClient(
config.WithCustomAuth(providerData.RoundTripper),
config.WithEndpoint(providerData.IaaSCustomEndpoint),
)
} else {
apiClient, err = iaas.NewAPIClient(
config.WithCustomAuth(providerData.RoundTripper),
config.WithRegion(providerData.Region),
)
}
if err != nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error configuring API client", fmt.Sprintf("Configuring client: %v. This is an error related to the provider configuration, not to the resource configuration", err))
return
}
r.client = apiClient
tflog.Info(ctx, "iaas client configured")
}
// Schema defines the schema for the resource.
func (r *securityGroupResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) {
resp.Schema = schema.Schema{
MarkdownDescription: features.AddBetaDescription("Security group resource schema. Must have a `region` specified in the provider configuration."),
Description: "Security group resource schema. Must have a `region` specified in the provider configuration.",
Attributes: map[string]schema.Attribute{
"id": schema.StringAttribute{
Description: "Terraform's internal resource ID. It is structured as \"`project_id`,`security_group_id`\".",
Computed: true,
PlanModifiers: []planmodifier.String{
stringplanmodifier.UseStateForUnknown(),
},
},
"project_id": schema.StringAttribute{
Description: "STACKIT project ID to which the security group is associated.",
Required: true,
PlanModifiers: []planmodifier.String{
stringplanmodifier.RequiresReplace(),
},
Validators: []validator.String{
validate.UUID(),
validate.NoSeparator(),
},
},
"security_group_id": schema.StringAttribute{
Description: "The security group ID.",
Computed: true,
PlanModifiers: []planmodifier.String{
stringplanmodifier.UseStateForUnknown(),
},
Validators: []validator.String{
validate.UUID(),
validate.NoSeparator(),
},
},
"name": schema.StringAttribute{
Description: "The name of the security group.",
Required: true,
Validators: []validator.String{
stringvalidator.LengthAtLeast(1),
stringvalidator.LengthAtMost(63),
stringvalidator.RegexMatches(
regexp.MustCompile(`^[A-Za-z0-9]+((-|_|\s|\.)[A-Za-z0-9]+)*$`),
"must match expression"),
},
},
"description": schema.StringAttribute{
Description: "The description of the security group.",
Optional: true,
Computed: true,
PlanModifiers: []planmodifier.String{
stringplanmodifier.UseStateForUnknown(),
},
Validators: []validator.String{
stringvalidator.LengthAtLeast(1),
stringvalidator.LengthAtMost(127),
},
},
"labels": schema.MapAttribute{
Description: "Labels are key-value string pairs which can be attached to a resource container",
ElementType: types.StringType,
Optional: true,
},
"stateful": schema.BoolAttribute{
Description: "Configures if a security group is stateful or stateless. There can only be one type of security groups per network interface/server.",
Optional: true,
Computed: true,
PlanModifiers: []planmodifier.Bool{
boolplanmodifier.RequiresReplace(),
boolplanmodifier.UseStateForUnknown(),
},
},
},
}
}
// Create creates the resource and sets the initial Terraform state.
func (r *securityGroupResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { // nolint:gocritic // function signature required by Terraform
// Retrieve values from plan
var model Model
diags := req.Plan.Get(ctx, &model)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
projectId := model.ProjectId.ValueString()
ctx = tflog.SetField(ctx, "project_id", projectId)
// Generate API request body from model
payload, err := toCreatePayload(ctx, &model)
if err != nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating security group", fmt.Sprintf("Creating API payload: %v", err))
return
}
// Create new security group
securityGroup, err := r.client.CreateSecurityGroup(ctx, projectId).CreateSecurityGroupPayload(*payload).Execute()
if err != nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating security group", fmt.Sprintf("Calling API: %v", err))
return
}
securityGroupId := *securityGroup.Id
ctx = tflog.SetField(ctx, "security_group_id", securityGroupId)
// Map response body to schema
err = mapFields(ctx, securityGroup, &model)
if err != nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating security group", fmt.Sprintf("Processing API payload: %v", err))
return
}
// Set state to fully populated data
diags = resp.State.Set(ctx, model)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
tflog.Info(ctx, "Security group created")
}
// Read refreshes the Terraform state with the latest data.
func (r *securityGroupResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { // nolint:gocritic // function signature required by Terraform
var model Model
diags := req.State.Get(ctx, &model)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
projectId := model.ProjectId.ValueString()
securityGroupId := model.SecurityGroupId.ValueString()
ctx = tflog.SetField(ctx, "project_id", projectId)
ctx = tflog.SetField(ctx, "security_id", securityGroupId)
securityGroupResp, err := r.client.GetSecurityGroup(ctx, projectId, securityGroupId).Execute()
if err != nil {
oapiErr, ok := err.(*oapierror.GenericOpenAPIError) //nolint:errorlint //complaining that error.As should be used to catch wrapped errors, but this error should not be wrapped
if ok && oapiErr.StatusCode == http.StatusNotFound {
resp.State.RemoveResource(ctx)
return
}
core.LogAndAddError(ctx, &resp.Diagnostics, "Error reading security group", fmt.Sprintf("Calling API: %v", err))
return
}
// Map response body to schema
err = mapFields(ctx, securityGroupResp, &model)
if err != nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error reading security group", fmt.Sprintf("Processing API payload: %v", err))
return
}
// Set refreshed state
diags = resp.State.Set(ctx, model)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
tflog.Info(ctx, "security group read")
}
// Update updates the resource and sets the updated Terraform state on success.
func (r *securityGroupResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { // nolint:gocritic // function signature required by Terraform
// Retrieve values from plan
var model Model
diags := req.Plan.Get(ctx, &model)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
projectId := model.ProjectId.ValueString()
securityGroupId := model.SecurityGroupId.ValueString()
ctx = tflog.SetField(ctx, "project_id", projectId)
ctx = tflog.SetField(ctx, "security_group_id", securityGroupId)
// Retrieve values from state
var stateModel Model
diags = req.State.Get(ctx, &stateModel)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
// Generate API request body from model
payload, err := toUpdatePayload(ctx, &model, stateModel.Labels)
if err != nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error updating security group", fmt.Sprintf("Creating API payload: %v", err))
return
}
// Update existing security group
updatedSecurityGroup, err := r.client.UpdateSecurityGroup(ctx, projectId, securityGroupId).UpdateSecurityGroupPayload(*payload).Execute()
if err != nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error updating security group", fmt.Sprintf("Calling API: %v", err))
return
}
err = mapFields(ctx, updatedSecurityGroup, &model)
if err != nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error updating security group", fmt.Sprintf("Processing API payload: %v", err))
return
}
diags = resp.State.Set(ctx, model)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
tflog.Info(ctx, "security group updated")
}
// Delete deletes the resource and removes the Terraform state on success.
func (r *securityGroupResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { // nolint:gocritic // function signature required by Terraform
// Retrieve values from state
var model Model
diags := req.State.Get(ctx, &model)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
projectId := model.ProjectId.ValueString()
securityGroupId := model.SecurityGroupId.ValueString()
ctx = tflog.SetField(ctx, "project_id", projectId)
ctx = tflog.SetField(ctx, "security_group_id", securityGroupId)
// Delete existing security group
err := r.client.DeleteSecurityGroup(ctx, projectId, securityGroupId).Execute()
if err != nil {
core.LogAndAddError(ctx, &resp.Diagnostics, "Error deleting security group", fmt.Sprintf("Calling API: %v", err))
return
}
tflog.Info(ctx, "security group deleted")
}
// ImportState imports a resource into the Terraform state on success.
// The expected format of the resource import identifier is: project_id,security_group_id
func (r *securityGroupResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
idParts := strings.Split(req.ID, core.Separator)
if len(idParts) != 2 || idParts[0] == "" || idParts[1] == "" {
core.LogAndAddError(ctx, &resp.Diagnostics,
"Error importing security group",
fmt.Sprintf("Expected import identifier with format: [project_id],[security_group_id] Got: %q", req.ID),
)
return
}
projectId := idParts[0]
securityGroupId := idParts[1]
ctx = tflog.SetField(ctx, "project_id", projectId)
ctx = tflog.SetField(ctx, "security_group_id", securityGroupId)
resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("project_id"), projectId)...)
resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("security_group_id"), securityGroupId)...)
tflog.Info(ctx, "security group state imported")
}
func mapFields(ctx context.Context, securityGroupResp *iaas.SecurityGroup, model *Model) error {
if securityGroupResp == nil {
return fmt.Errorf("response input is nil")
}
if model == nil {
return fmt.Errorf("model input is nil")
}
var securityGroupId string
if model.SecurityGroupId.ValueString() != "" {
securityGroupId = model.SecurityGroupId.ValueString()
} else if securityGroupResp.Id != nil {
securityGroupId = *securityGroupResp.Id
} else {
return fmt.Errorf("security group id not present")
}
idParts := []string{
model.ProjectId.ValueString(),
securityGroupId,
}
model.Id = types.StringValue(
strings.Join(idParts, core.Separator),
)
labels, diags := types.MapValueFrom(ctx, types.StringType, map[string]interface{}{})
if diags.HasError() {
return fmt.Errorf("converting labels to StringValue map: %w", core.DiagsToError(diags))
}
if securityGroupResp.Labels != nil && len(*securityGroupResp.Labels) != 0 {
var diags diag.Diagnostics
labels, diags = types.MapValueFrom(ctx, types.StringType, *securityGroupResp.Labels)
if diags.HasError() {
return fmt.Errorf("converting labels to StringValue map: %w", core.DiagsToError(diags))
}
} else if model.Labels.IsNull() {
labels = types.MapNull(types.StringType)
}
model.SecurityGroupId = types.StringValue(securityGroupId)
model.Name = types.StringPointerValue(securityGroupResp.Name)
model.Description = types.StringPointerValue(securityGroupResp.Description)
model.Stateful = types.BoolPointerValue(securityGroupResp.Stateful)
model.Labels = labels
return nil
}
func toCreatePayload(ctx context.Context, model *Model) (*iaas.CreateSecurityGroupPayload, error) {
if model == nil {
return nil, fmt.Errorf("nil model")
}
labels, err := conversion.ToStringInterfaceMap(ctx, model.Labels)
if err != nil {
return nil, fmt.Errorf("converting to Go map: %w", err)
}
return &iaas.CreateSecurityGroupPayload{
Stateful: conversion.BoolValueToPointer(model.Stateful),
Description: conversion.StringValueToPointer(model.Description),
Labels: &labels,
Name: conversion.StringValueToPointer(model.Name),
}, nil
}
func toUpdatePayload(ctx context.Context, model *Model, currentLabels types.Map) (*iaas.UpdateSecurityGroupPayload, error) {
if model == nil {
return nil, fmt.Errorf("nil model")
}
labels, err := conversion.ToJSONMapPartialUpdatePayload(ctx, currentLabels, model.Labels)
if err != nil {
return nil, fmt.Errorf("converting to Go map: %w", err)
}
return &iaas.UpdateSecurityGroupPayload{
Description: conversion.StringValueToPointer(model.Description),
Name: conversion.StringValueToPointer(model.Name),
Labels: &labels,
}, nil
}

218
stackit/internal/services/iaas/securitygroup/resource_test.go Normal file
View file

@ -0,0 +1,218 @@
package securitygroup
import (
"context"
"testing"
"github.com/google/go-cmp/cmp"
"github.com/hashicorp/terraform-plugin-framework/attr"
"github.com/hashicorp/terraform-plugin-framework/types"
"github.com/stackitcloud/stackit-sdk-go/core/utils"
"github.com/stackitcloud/stackit-sdk-go/services/iaas"
)
func TestMapFields(t *testing.T) {
tests := []struct {
description string
state Model
input *iaas.SecurityGroup
expected Model
isValid bool
}{
{
"default_values",
Model{
ProjectId: types.StringValue("pid"),
SecurityGroupId: types.StringValue("sgid"),
},
&iaas.SecurityGroup{
Id: utils.Ptr("sgid"),
},
Model{
Id: types.StringValue("pid,sgid"),
ProjectId: types.StringValue("pid"),
SecurityGroupId: types.StringValue("sgid"),
Name: types.StringNull(),
Labels: types.MapNull(types.StringType),
Description: types.StringNull(),
Stateful: types.BoolNull(),
},
true,
},
{
"simple_values",
Model{
ProjectId: types.StringValue("pid"),
SecurityGroupId: types.StringValue("sgid"),
},
// &sourceModel{},
&iaas.SecurityGroup{
Id: utils.Ptr("sgid"),
Name: utils.Ptr("name"),
Stateful: utils.Ptr(true),
Labels: &map[string]interface{}{
"key": "value",
},
Description: utils.Ptr("desc"),
},
Model{
Id: types.StringValue("pid,sgid"),
ProjectId: types.StringValue("pid"),
SecurityGroupId: types.StringValue("sgid"),
Name: types.StringValue("name"),
Labels: types.MapValueMust(types.StringType, map[string]attr.Value{
"key": types.StringValue("value"),
}),
Description: types.StringValue("desc"),
Stateful: types.BoolValue(true),
},
true,
},
{
"empty_labels",
Model{
ProjectId: types.StringValue("pid"),
SecurityGroupId: types.StringValue("sgid"),
},
&iaas.SecurityGroup{
Id: utils.Ptr("sgid"),
Labels: &map[string]interface{}{},
},
Model{
Id: types.StringValue("pid,sgid"),
ProjectId: types.StringValue("pid"),
SecurityGroupId: types.StringValue("sgid"),
Name: types.StringNull(),
Labels: types.MapNull(types.StringType),
Description: types.StringNull(),
Stateful: types.BoolNull(),
},
true,
},
{
"response_nil_fail",
Model{},
nil,
Model{},
false,
},
{
"no_resource_id",
Model{
ProjectId: types.StringValue("pid"),
},
&iaas.SecurityGroup{},
Model{},
false,
},
}
for _, tt := range tests {
t.Run(tt.description, func(t *testing.T) {
err := mapFields(context.Background(), tt.input, &tt.state)
if !tt.isValid && err == nil {
t.Fatalf("Should have failed")
}
if tt.isValid && err != nil {
t.Fatalf("Should not have failed: %v", err)
}
if tt.isValid {
diff := cmp.Diff(tt.state, tt.expected)
if diff != "" {
t.Fatalf("Data does not match: %s", diff)
}
}
})
}
}
func TestToCreatePayload(t *testing.T) {
tests := []struct {
description string
input *Model
expected *iaas.CreateSecurityGroupPayload
isValid bool
}{
{
"default_ok",
&Model{
Name: types.StringValue("name"),
Stateful: types.BoolValue(true),
Labels: types.MapValueMust(types.StringType, map[string]attr.Value{
"key": types.StringValue("value"),
}),
Description: types.StringValue("desc"),
},
&iaas.CreateSecurityGroupPayload{
Name: utils.Ptr("name"),
Stateful: utils.Ptr(true),
Labels: &map[string]interface{}{
"key": "value",
},
Description: utils.Ptr("desc"),
},
true,
},
}
for _, tt := range tests {
t.Run(tt.description, func(t *testing.T) {
output, err := toCreatePayload(context.Background(), tt.input)
if !tt.isValid && err == nil {
t.Fatalf("Should have failed")
}
if tt.isValid && err != nil {
t.Fatalf("Should not have failed: %v", err)
}
if tt.isValid {
diff := cmp.Diff(output, tt.expected)
if diff != "" {
t.Fatalf("Data does not match: %s", diff)
}
}
})
}
}
func TestToUpdatePayload(t *testing.T) {
tests := []struct {
description string
input *Model
expected *iaas.UpdateSecurityGroupPayload
isValid bool
}{
{
"default_ok",
&Model{
Name: types.StringValue("name"),
Labels: types.MapValueMust(types.StringType, map[string]attr.Value{
"key": types.StringValue("value"),
}),
Description: types.StringValue("desc"),
},
&iaas.UpdateSecurityGroupPayload{
Name: utils.Ptr("name"),
Labels: &map[string]interface{}{
"key": "value",
},
Description: utils.Ptr("desc"),
},
true,
},
}
for _, tt := range tests {
t.Run(tt.description, func(t *testing.T) {
output, err := toUpdatePayload(context.Background(), tt.input, types.MapNull(types.StringType))
if !tt.isValid && err == nil {
t.Fatalf("Should have failed")
}
if tt.isValid && err != nil {
t.Fatalf("Should not have failed: %v", err)
}
if tt.isValid {
diff := cmp.Diff(output, tt.expected)
if diff != "" {
t.Fatalf("Data does not match: %s", diff)
}
}
})
}
}