diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index e470519..61b5d77 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -23,6 +23,6 @@ jobs: cache: true - name: golangci-lint - uses: golangci/golangci-lint-action@v5 + uses: golangci/golangci-lint-action@v6.0.1 with: - version: latest + version: v1.55.2 diff --git a/.golangci.yml b/.golangci.yml index d06cc4d..a389ef4 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -3,3 +3,6 @@ issues: - linters: - errcheck text: "Error return value of `d.Set` is not checked" +output: + formats: + - format: colored-line-number \ No newline at end of file diff --git a/Makefile b/Makefile index 937057a..b9b8722 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ NAMESPACE=openvpn NAME=cloudconnexa VERSION=0.0.12 BINARY=terraform-provider-${NAME} -OS_ARCH=darwin_arm64 +OS_ARCH=$(shell go env GOHOSTOS)_$(shell go env GOHOSTARCH) default: install diff --git a/cloudconnexa/data_source_application.go b/cloudconnexa/data_source_application.go new file mode 100644 index 0000000..3614589 --- /dev/null +++ b/cloudconnexa/data_source_application.go @@ -0,0 +1,58 @@ +package cloudconnexa + +import ( + "context" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/openvpn/cloudconnexa-go-client/v2/cloudconnexa" +) + +func dataSourceApplication() *schema.Resource { + return &schema.Resource{ + ReadContext: dataSourceApplicationRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + }, + "description": { + Type: schema.TypeString, + Computed: true, + }, + "routes": { + Type: schema.TypeList, + Computed: true, + Elem: resourceApplicationRoute(), + }, + "config": { + Type: schema.TypeList, + Computed: true, + Elem: resourceApplicationConfig(), + }, + "network_item_type": { + Type: schema.TypeString, + Computed: true, + }, + "network_item_id": { + Type: schema.TypeString, + Computed: true, + }, + }, + } +} + +func dataSourceApplicationRead(ctx context.Context, data *schema.ResourceData, i interface{}) diag.Diagnostics { + c := i.(*cloudconnexa.Client) + var diags diag.Diagnostics + var name = data.Get("name").(string) + application, err := c.Applications.GetByName(name) + + if err != nil { + return diag.FromErr(err) + } + if application == nil { + return append(diags, diag.Errorf("Application with name %s was not found", name)...) + } + setApplicationData(data, application) + return nil +} diff --git a/cloudconnexa/data_source_host.go b/cloudconnexa/data_source_host.go index 54d2d65..f095c89 100644 --- a/cloudconnexa/data_source_host.go +++ b/cloudconnexa/data_source_host.go @@ -15,6 +15,11 @@ func dataSourceHost() *schema.Resource { Description: "Use an `cloudconnexa_host` data source to read an existing CloudConnexa connector.", ReadContext: dataSourceHostRead, Schema: map[string]*schema.Schema{ + "host_id": { + Type: schema.TypeString, + Computed: true, + Description: "The host ID.", + }, "name": { Type: schema.TypeString, Required: true, @@ -88,6 +93,7 @@ func dataSourceHostRead(ctx context.Context, d *schema.ResourceData, m interface if err != nil { return append(diags, diag.FromErr(err)...) } + d.Set("host_id", host.Id) d.Set("name", host.Name) d.Set("internet_access", host.InternetAccess) d.Set("system_subnets", host.SystemSubnets) diff --git a/cloudconnexa/provider.go b/cloudconnexa/provider.go index 4f9237b..2f80469 100644 --- a/cloudconnexa/provider.go +++ b/cloudconnexa/provider.go @@ -45,14 +45,15 @@ func Provider() *schema.Provider { }, }, ResourcesMap: map[string]*schema.Resource{ - "cloudconnexa_network": resourceNetwork(), - "cloudconnexa_connector": resourceConnector(), - "cloudconnexa_route": resourceRoute(), - "cloudconnexa_dns_record": resourceDnsRecord(), - "cloudconnexa_user": resourceUser(), - "cloudconnexa_host": resourceHost(), - "cloudconnexa_user_group": resourceUserGroup(), - "cloudconnexa_ip_service": resourceIPService(), + "cloudconnexa_network": resourceNetwork(), + "cloudconnexa_connector": resourceConnector(), + "cloudconnexa_route": resourceRoute(), + "cloudconnexa_dns_record": resourceDnsRecord(), + "cloudconnexa_user": resourceUser(), + "cloudconnexa_host": resourceHost(), + "cloudconnexa_user_group": resourceUserGroup(), + "cloudconnexa_ip_service": resourceIPService(), + "cloudconnexa_application": resourceApplication(), }, DataSourcesMap: map[string]*schema.Resource{ @@ -64,6 +65,7 @@ func Provider() *schema.Provider { "cloudconnexa_network_routes": dataSourceNetworkRoutes(), "cloudconnexa_host": dataSourceHost(), "cloudconnexa_ip_service": dataSourceIPService(), + "cloudconnexa_application": dataSourceApplication(), }, ConfigureContextFunc: providerConfigure, } diff --git a/cloudconnexa/resource_application.go b/cloudconnexa/resource_application.go new file mode 100644 index 0000000..4e36d05 --- /dev/null +++ b/cloudconnexa/resource_application.go @@ -0,0 +1,299 @@ +package cloudconnexa + +import ( + "context" + "github.com/hashicorp/go-cty/cty" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/openvpn/cloudconnexa-go-client/v2/cloudconnexa" +) + +func resourceApplication() *schema.Resource { + return &schema.Resource{ + CreateContext: resourceApplicationCreate, + ReadContext: resourceApplicationRead, + DeleteContext: resourceApplicationDelete, + UpdateContext: resourceApplicationUpdate, + Importer: &schema.ResourceImporter{ + StateContext: schema.ImportStatePassthroughContext, + }, + Schema: map[string]*schema.Schema{ + "id": { + Type: schema.TypeString, + Computed: true, + }, + "name": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringLenBetween(1, 40), + }, + "description": { + Type: schema.TypeString, + Default: "Managed by Terraform", + Optional: true, + ValidateFunc: validation.StringLenBetween(1, 120), + }, + "routes": { + Type: schema.TypeList, + Required: true, + MinItems: 1, + Elem: resourceApplicationRoute(), + }, + "config": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Elem: resourceApplicationConfig(), + }, + "network_item_type": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{"NETWORK", "HOST"}, false), + }, + "network_item_id": { + Type: schema.TypeString, + Required: true, + }, + }, + } +} + +func resourceApplicationUpdate(ctx context.Context, data *schema.ResourceData, i interface{}) diag.Diagnostics { + c := i.(*cloudconnexa.Client) + + s, err := c.Applications.Update(data.Id(), resourceDataToApplication(data)) + if err != nil { + return diag.FromErr(err) + } + setApplicationData(data, s) + return nil +} + +func resourceApplicationRoute() *schema.Resource { + return &schema.Resource{ + Schema: map[string]*schema.Schema{ + "domain": { + Type: schema.TypeString, + Required: true, + }, + "allow_embedded_ip": { + Type: schema.TypeBool, + Optional: true, + }, + }, + } +} + +func resourceApplicationConfig() *schema.Resource { + return &schema.Resource{ + Schema: map[string]*schema.Schema{ + "custom_service_types": { + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: customServiceTypesConfig(), + }, + }, + "service_types": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateDiagFunc: func(i interface{}, path cty.Path) diag.Diagnostics { + + val := i.(string) + for _, validValue := range validValues { + if val == validValue { + return nil + } + } + return diag.Errorf("service type must be one of %s", validValues) + }, + }, + }, + }, + } +} + +func customServiceTypesConfig() map[string]*schema.Schema { + return map[string]*schema.Schema{ + "protocol": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{"TCP", "UDP", "ICMP"}, false), + }, + "from_port": { + Type: schema.TypeInt, + Optional: true, + }, + "to_port": { + Type: schema.TypeInt, + Optional: true, + }, + } +} + +func resourceApplicationRead(ctx context.Context, data *schema.ResourceData, i interface{}) diag.Diagnostics { + c := i.(*cloudconnexa.Client) + var diags diag.Diagnostics + application, err := c.Applications.Get(data.Id()) + if err != nil { + return append(diags, diag.FromErr(err)...) + } + if application == nil { + data.SetId("") + return diags + } + setApplicationData(data, application) + return diags +} + +func setApplicationData(data *schema.ResourceData, application *cloudconnexa.ApplicationResponse) { + data.SetId(application.Id) + _ = data.Set("name", application.Name) + _ = data.Set("description", application.Description) + _ = data.Set("routes", flattenApplicationRoutes(application.Routes)) + _ = data.Set("config", flattenApplicationConfig(application.Config)) + _ = data.Set("network_item_type", application.NetworkItemType) + _ = data.Set("network_item_id", application.NetworkItemId) +} + +func resourceApplicationDelete(ctx context.Context, data *schema.ResourceData, i interface{}) diag.Diagnostics { + c := i.(*cloudconnexa.Client) + var diags diag.Diagnostics + err := c.Applications.Delete(data.Id()) + if err != nil { + return append(diags, diag.FromErr(err)...) + } + return diags +} + +func flattenApplicationConfig(config *cloudconnexa.ApplicationConfig) interface{} { + var data = map[string]interface{}{ + "custom_service_types": flattenApplicationCustomTypes(config.CustomServiceTypes), + "service_types": config.ServiceTypes, + } + return []interface{}{data} +} + +func flattenApplicationCustomTypes(types []*cloudconnexa.CustomApplicationType) interface{} { + var cst []interface{} + for _, t := range types { + var ports = append(t.Port, t.IcmpType...) + if len(ports) > 0 { + for _, port := range ports { + cst = append(cst, map[string]interface{}{ + "protocol": t.Protocol, + "from_port": port.LowerValue, + "to_port": port.UpperValue, + }) + } + } else { + cst = append(cst, map[string]interface{}{ + "protocol": t.Protocol, + }) + } + } + return cst +} + +func flattenApplicationRoutes(routes []*cloudconnexa.Route) []map[string]interface{} { + var data []map[string]interface{} + for _, route := range routes { + data = append(data, map[string]interface{}{ + "domain": route.Domain, + "allow_embedded_ip": route.AllowEmbeddedIp, + }) + } + return data +} + +func resourceApplicationCreate(ctx context.Context, data *schema.ResourceData, m interface{}) diag.Diagnostics { + client := m.(*cloudconnexa.Client) + + application := resourceDataToApplication(data) + createdApplication, err := client.Applications.Create(application) + if err != nil { + return diag.FromErr(err) + } + setApplicationData(data, createdApplication) + return nil +} + +func resourceDataToApplication(data *schema.ResourceData) *cloudconnexa.Application { + routes := data.Get("routes").([]interface{}) + var configRoutes []*cloudconnexa.ApplicationRoute + for _, r := range routes { + var route = r.(map[string]interface{}) + configRoutes = append( + configRoutes, + &cloudconnexa.ApplicationRoute{ + Value: route["domain"].(string), + AllowEmbeddedIp: route["allow_embedded_ip"].(bool), + }, + ) + } + + config := cloudconnexa.ApplicationConfig{} + configList := data.Get("config").([]interface{}) + if len(configList) > 0 && configList[0] != nil { + + config.CustomServiceTypes = []*cloudconnexa.CustomApplicationType{} + config.ServiceTypes = []string{} + + mainConfig := configList[0].(map[string]interface{}) + var cst = mainConfig["custom_service_types"].(*schema.Set) + var groupedCst = make(map[string][]cloudconnexa.Range) + for _, item := range cst.List() { + var cstItem = item.(map[string]interface{}) + var protocol = cstItem["protocol"].(string) + var fromPort = cstItem["from_port"].(int) + var toPort = cstItem["to_port"].(int) + + if groupedCst[protocol] == nil { + groupedCst[protocol] = make([]cloudconnexa.Range, 0) + } + if fromPort > 0 || toPort > 0 { + groupedCst[protocol] = append(groupedCst[protocol], cloudconnexa.Range{ + LowerValue: fromPort, + UpperValue: toPort, + }) + } + } + + for protocol, ports := range groupedCst { + if protocol == "ICMP" { + config.CustomServiceTypes = append( + config.CustomServiceTypes, + &cloudconnexa.CustomApplicationType{ + Protocol: protocol, + IcmpType: ports, + }, + ) + } else { + config.CustomServiceTypes = append( + config.CustomServiceTypes, + &cloudconnexa.CustomApplicationType{ + Protocol: protocol, + Port: ports, + }, + ) + } + } + + for _, r := range mainConfig["service_types"].([]interface{}) { + config.ServiceTypes = append(config.ServiceTypes, r.(string)) + } + } + + s := &cloudconnexa.Application{ + Name: data.Get("name").(string), + Description: data.Get("description").(string), + NetworkItemId: data.Get("network_item_id").(string), + NetworkItemType: data.Get("network_item_type").(string), + Routes: configRoutes, + Config: &config, + } + return s +} diff --git a/docs/data-sources/application.md b/docs/data-sources/application.md new file mode 100644 index 0000000..d9094d1 --- /dev/null +++ b/docs/data-sources/application.md @@ -0,0 +1,46 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "cloudconnexa_application Data Source - terraform-provider-cloudconnexa" +subcategory: "" +description: |- + +--- + +# cloudconnexa_application (Data Source) + + + + + + +## Schema + +### Required + +- `name` (String) + +### Read-Only + +- `config` (List of Object) (see [below for nested schema](#nestedatt--config)) +- `description` (String) +- `id` (String) The ID of this resource. +- `network_item_id` (String) +- `network_item_type` (String) +- `routes` (List of String) + + +### Nested Schema for `config` + +Read-Only: + +- `custom_service_types` (Set of Object) (see [below for nested schema](#nestedobjatt--config--custom_service_types)) +- `service_types` (List of String) + + +### Nested Schema for `config.custom_service_types` + +Read-Only: + +- `from_port` (Number) +- `protocol` (String) +- `to_port` (Number) diff --git a/docs/resources/application.md b/docs/resources/application.md new file mode 100644 index 0000000..2696dda --- /dev/null +++ b/docs/resources/application.md @@ -0,0 +1,64 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "cloudconnexa_application Resource - terraform-provider-cloudconnexa" +subcategory: "" +description: |- + +--- + +# cloudconnexa_application (Resource) + + + + + + +## Schema + +### Required + +- `name` (String) +- `network_item_id` (String) +- `network_item_type` (String) +- `routes` (Block List, Min: 1) (see [below for nested schema](#nestedblock--routes)) + +### Optional + +- `config` (Block List, Max: 1) (see [below for nested schema](#nestedblock--config)) +- `description` (String) + +### Read-Only + +- `id` (String) The ID of this resource. + + +### Nested Schema for `routes` + +Required: + +- `domain` (String) + +Optional: + +- `allow_embedded_ip` (Boolean) + + + +### Nested Schema for `config` + +Optional: + +- `custom_service_types` (Block Set) (see [below for nested schema](#nestedblock--config--custom_service_types)) +- `service_types` (List of String) + + +### Nested Schema for `config.custom_service_types` + +Required: + +- `protocol` (String) + +Optional: + +- `from_port` (Number) +- `to_port` (Number) diff --git a/example/applications.tf b/example/applications.tf new file mode 100644 index 0000000..ea4bf03 --- /dev/null +++ b/example/applications.tf @@ -0,0 +1,88 @@ +data "cloudconnexa_network" "test-net" { + name = "test-net" +} + +resource "cloudconnexa_application" "application_full_access" { + name = "example-application-1" + network_item_type = "NETWORK" + network_item_id = data.cloudconnexa_network.test-net.network_id + routes { + domain = "example-application-1.com" + allow_embedded_ip = false + } + + config { + service_types = ["ANY"] + } +} + +resource "cloudconnexa_application" "application_custom_access" { + name = "example-application-2" + network_item_type = "NETWORK" + network_item_id = data.cloudconnexa_network.test-net.network_id + + routes { + domain = "example-application-2.com" + allow_embedded_ip = false + } + + config { + service_types = ["HTTP", "HTTPS", "CUSTOM"] + custom_service_types { + protocol = "TCP" //all tcp ports + } + custom_service_types { + protocol = "UDP" + from_port = 1194 + to_port = 1194 + } + custom_service_types { + protocol = "UDP" + from_port = 5000 + to_port = 5010 + } + custom_service_types { + protocol = "ICMP" + from_port = 8 + to_port = 8 + } + custom_service_types { + protocol = "ICMP" + from_port = 20 + to_port = 22 + } + } +} + +locals { + created_by = "managed by terraform" +} + +variable "application_custom_access_advanced" { + description = "xxx" + type = any + default = { + "example-application-3" = { route = [{ domain = "example-application-3.com", allow_embedded_ip = true }, { domain = "example-application-33.com", allow_embedded_ip = false }] } + "example-application-4" = { route = [{ domain = "example-application-4.com", allow_embedded_ip = false }] } + } +} + +resource "cloudconnexa_application" "application_custom_access_advanced" { + for_each = var.application_custom_access_advanced + name = each.key + description = try(each.value.description, local.created_by) + network_item_type = "NETWORK" + network_item_id = data.cloudconnexa_network.test-net.network_id + config { + service_types = ["ANY"] + } + + dynamic "routes" { + for_each = each.value.route + + content { + domain = routes.value.domain + allow_embedded_ip = routes.value.allow_embedded_ip + } + } +} diff --git a/go.mod b/go.mod index 44cb4b0..3b33588 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/gruntwork-io/terratest v0.46.1 github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 - github.com/openvpn/cloudconnexa-go-client/v2 v2.0.4 + github.com/openvpn/cloudconnexa-go-client/v2 v2.0.8 github.com/stretchr/testify v1.9.0 ) diff --git a/go.sum b/go.sum index 0dba60f..546fc20 100644 --- a/go.sum +++ b/go.sum @@ -485,8 +485,8 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= -github.com/openvpn/cloudconnexa-go-client/v2 v2.0.4 h1:0Z8eTHPDYUFH3kCA1DTemiUnlPK9FhEuJhZB3bG1usE= -github.com/openvpn/cloudconnexa-go-client/v2 v2.0.4/go.mod h1:udq5IDkgXvMO6mQUEFsLHzEyGGAduhO0jJvlb9f4JkE= +github.com/openvpn/cloudconnexa-go-client/v2 v2.0.8 h1:67NXu2WqNnE05fhrq1HXbQKFMidhnd7ts6SFeuZSkLo= +github.com/openvpn/cloudconnexa-go-client/v2 v2.0.8/go.mod h1:udq5IDkgXvMO6mQUEFsLHzEyGGAduhO0jJvlb9f4JkE= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=