From 417005107844cad461e66f00d0cecf3680790cc3 Mon Sep 17 00:00:00 2001 From: Thiery Ouattara Date: Mon, 4 Dec 2023 14:25:15 +0000 Subject: [PATCH 1/2] Enable using Security Group Names in VPC to add Security Group Rules --- .../resource_outscale_security_group_rule.go | 57 ++++++++++++++++--- 1 file changed, 49 insertions(+), 8 deletions(-) diff --git a/outscale/resource_outscale_security_group_rule.go b/outscale/resource_outscale_security_group_rule.go index 51d683106..20463c54c 100644 --- a/outscale/resource_outscale_security_group_rule.go +++ b/outscale/resource_outscale_security_group_rule.go @@ -4,6 +4,7 @@ import ( "context" "errors" "fmt" + "log" "strconv" "strings" "time" @@ -93,7 +94,7 @@ func resourceOutscaleOAPIOutboundRuleCreate(d *schema.ResourceData, meta interfa req := oscgo.CreateSecurityGroupRuleRequest{ Flow: d.Get("flow").(string), SecurityGroupId: d.Get("security_group_id").(string), - Rules: expandRules(d), + Rules: expandRules(d, conn), } if v, ok := d.GetOkExists("from_port_range"); ok { @@ -165,7 +166,7 @@ func resourceOutscaleOAPIOutboundRuleDelete(d *schema.ResourceData, meta interfa req := oscgo.DeleteSecurityGroupRuleRequest{ Flow: d.Get("flow").(string), SecurityGroupId: d.Get("security_group_id").(string), - Rules: expandRules(d), + Rules: expandRules(d, conn), } if v, ok := d.GetOkExists("from_port_range"); ok { @@ -196,7 +197,7 @@ func resourceOutscaleOAPIOutboundRuleDelete(d *schema.ResourceData, meta interfa return nil } -func expandRules(d *schema.ResourceData) *[]oscgo.SecurityGroupRule { +func expandRules(d *schema.ResourceData, conn *oscgo.APIClient) *[]oscgo.SecurityGroupRule { if len(d.Get("rules").([]interface{})) > 0 { rules := make([]oscgo.SecurityGroupRule, len(d.Get("rules").([]interface{}))) @@ -204,7 +205,7 @@ func expandRules(d *schema.ResourceData) *[]oscgo.SecurityGroupRule { r := rule.(map[string]interface{}) rules[i] = oscgo.SecurityGroupRule{ - SecurityGroupsMembers: expandSecurityGroupsMembers(r["security_groups_members"].([]interface{})), + SecurityGroupsMembers: expandSecurityGroupsMembers(r["security_groups_members"].([]interface{}), conn), } if ipRanges := utils.InterfaceSliceToStringSlicePtr(r["ip_ranges"].([]interface{})); len(*ipRanges) > 0 { @@ -257,7 +258,7 @@ func flattenSecurityGroupsMembers(securityGroupMembers []oscgo.SecurityGroupsMem return sgms } -func expandSecurityGroupsMembers(gps []interface{}) *[]oscgo.SecurityGroupsMember { +func expandSecurityGroupsMembers(gps []interface{}, conn *oscgo.APIClient) *[]oscgo.SecurityGroupsMember { groups := make([]oscgo.SecurityGroupsMember, len(gps)) for i, group := range gps { @@ -267,16 +268,56 @@ func expandSecurityGroupsMembers(gps []interface{}) *[]oscgo.SecurityGroupsMembe if v, ok := g["account_id"]; ok && v != "" { groups[i].AccountId = pointy.String(cast.ToString(v)) } - if v, ok := g["security_group_id"]; ok && v != "" { - groups[i].SecurityGroupId = pointy.String(cast.ToString(v)) - } if v, ok := g["security_group_name"]; ok && v != "" { groups[i].SecurityGroupName = pointy.String(cast.ToString(v)) + if sgID := getSgIdinVPC(conn, cast.ToString(v)); sgID != "" { + groups[i].SecurityGroupId = pointy.String(cast.ToString(sgID)) + } + } + if v, ok := g["security_group_id"]; ok && v != "" { + groups[i].SecurityGroupId = pointy.String(cast.ToString(v)) } } return &groups } +func getSgIdinVPC(client *oscgo.APIClient, sgName string) string { + + filters := oscgo.ReadSecurityGroupsRequest{ + Filters: &oscgo.FiltersSecurityGroup{ + SecurityGroupNames: &[]string{sgName}, + }, + } + + var err error + var resp oscgo.ReadSecurityGroupsResponse + err = resource.Retry(5*time.Minute, func() *resource.RetryError { + rp, httpResp, err := client.SecurityGroupApi.ReadSecurityGroups(context.Background()).ReadSecurityGroupsRequest(filters).Execute() + if err != nil { + return utils.CheckThrottling(httpResp, err) + } + resp = rp + return nil + }) + if err != nil { + log.Printf("[DEBUG]: error reading the Outscale Security Group(%s): %s\n", sgName, err) + return "" + } + if resp.GetSecurityGroups() == nil || len(resp.GetSecurityGroups()) == 0 { + log.Printf("[DEBUG]: Unable to find Security Group: %s\n", sgName) + return "" + } + + if len(resp.GetSecurityGroups()) > 1 { + log.Printf("[DEBUG]: Multiple results returned with '%v', please use Security Group ID\n", sgName) + return "" + } + if resp.GetSecurityGroups()[0].GetNetId() != "" { + return resp.GetSecurityGroups()[0].GetSecurityGroupId() + } + return "" +} + func getRulesSchema(isForAttr bool) *schema.Schema { return &schema.Schema{ Type: schema.TypeList, From d96e802bf10f51dcf5418dd2693349310ba2857d Mon Sep 17 00:00:00 2001 From: Thiery Ouattara Date: Mon, 4 Dec 2023 14:28:32 +0000 Subject: [PATCH 2/2] Update tests --- ...ource_outscale_security_group_rule_test.go | 44 +++++++++++++++++++ .../step2.nic_resource_attributes_update.ref | 1 + .../step2.security_group_datasource_ok.ref | 1 + .../step3.security_group_datasource_ok.ref | 1 + .../step4.security_group_datasource_ok.ref | 1 + ...tep1.security_group_rule_resource_2_ok.ref | 4 +- ...step1.security_group_rule_resource_2_ok.tf | 2 +- ...tep2.security_group_rule_resource_2_ok.ref | 2 +- .../step2.security_groups_datasource_ok.ref | 1 + .../step3.security_groups_datasource_ok.ref | 1 + .../step4.security_groups_datasource_ok.ref | 1 + ...vate_load_balancer_Add_security_groups.ref | 1 + 12 files changed, 56 insertions(+), 4 deletions(-) diff --git a/outscale/resource_outscale_security_group_rule_test.go b/outscale/resource_outscale_security_group_rule_test.go index c2d94f975..cad29646b 100644 --- a/outscale/resource_outscale_security_group_rule_test.go +++ b/outscale/resource_outscale_security_group_rule_test.go @@ -50,6 +50,22 @@ func TestAccOthers_SecurityGroupRule_basic(t *testing.T) { } } +func TestAccNet_AddSecurityGroupRuleMembersWithSgName(t *testing.T) { + + rInt := acctest.RandInt() + accountID := os.Getenv("OUTSCALE_ACCOUNT") + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccAddSecurityGroupRuleMembersWithSgName(rInt, accountID), + }, + }, + }) +} + func TestAccOthers_SecurityGroupRule_withSecurityGroupMember(t *testing.T) { t.Parallel() rInt := acctest.RandInt() @@ -296,3 +312,31 @@ func testAccOutscaleOAPISecurityGroupRuleWithGroupMembers(rInt int, accountID st } `, accountID, rInt) } + +func testAccAddSecurityGroupRuleMembersWithSgName(rInt int, accountID string) string { + return fmt.Sprintf(` + +resource "outscale_net" "netSgtest" { + ip_range = "10.0.0.0/16" +} + +resource "outscale_security_group" "security_group" { + description = "testing security group" + security_group_name = "terraform-test_%[2]d" + net_id = outscale_net.netSgtest.net_id +} +resource "outscale_security_group_rule" "rule_group" { + security_group_id = outscale_security_group.security_group.security_group_id + flow = "Inbound" + rules { + from_port_range = 22 + to_port_range = 22 + ip_protocol = "tcp" + security_groups_members { + account_id = "%[1]s" + security_group_name = outscale_security_group.security_group.security_group_name + } + } +} + `, accountID, rInt) +} diff --git a/tests/qa_provider_oapi/data/nets/TF-110_nic_resource_attributes_ok/step2.nic_resource_attributes_update.ref b/tests/qa_provider_oapi/data/nets/TF-110_nic_resource_attributes_ok/step2.nic_resource_attributes_update.ref index cd87ab545..7570e4524 100644 --- a/tests/qa_provider_oapi/data/nets/TF-110_nic_resource_attributes_ok/step2.nic_resource_attributes_update.ref +++ b/tests/qa_provider_oapi/data/nets/TF-110_nic_resource_attributes_ok/step2.nic_resource_attributes_update.ref @@ -95,6 +95,7 @@ "sensitive_attributes": [], "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwfX0=", "dependencies": [ + "outscale_net.outscale_net", "outscale_security_group.outscale_sg", "outscale_subnet.outscale_subnet" ] diff --git a/tests/qa_provider_oapi/data/nets/TF-125_security_group_datasource_attributes_ok/step2.security_group_datasource_ok.ref b/tests/qa_provider_oapi/data/nets/TF-125_security_group_datasource_attributes_ok/step2.security_group_datasource_ok.ref index fd69c758e..d8805b5cc 100644 --- a/tests/qa_provider_oapi/data/nets/TF-125_security_group_datasource_attributes_ok/step2.security_group_datasource_ok.ref +++ b/tests/qa_provider_oapi/data/nets/TF-125_security_group_datasource_attributes_ok/step2.security_group_datasource_ok.ref @@ -212,6 +212,7 @@ "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ + "outscale_net.outscale_net", "outscale_security_group.outscale_security_group" ] } diff --git a/tests/qa_provider_oapi/data/nets/TF-125_security_group_datasource_attributes_ok/step3.security_group_datasource_ok.ref b/tests/qa_provider_oapi/data/nets/TF-125_security_group_datasource_attributes_ok/step3.security_group_datasource_ok.ref index dfc6ee62f..3753d3266 100644 --- a/tests/qa_provider_oapi/data/nets/TF-125_security_group_datasource_attributes_ok/step3.security_group_datasource_ok.ref +++ b/tests/qa_provider_oapi/data/nets/TF-125_security_group_datasource_attributes_ok/step3.security_group_datasource_ok.ref @@ -224,6 +224,7 @@ "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ + "outscale_net.outscale_net", "outscale_security_group.outscale_security_group", "outscale_security_group.outscale_security_group2" ] diff --git a/tests/qa_provider_oapi/data/nets/TF-125_security_group_datasource_attributes_ok/step4.security_group_datasource_ok.ref b/tests/qa_provider_oapi/data/nets/TF-125_security_group_datasource_attributes_ok/step4.security_group_datasource_ok.ref index d5b0eb14c..34663ffde 100644 --- a/tests/qa_provider_oapi/data/nets/TF-125_security_group_datasource_attributes_ok/step4.security_group_datasource_ok.ref +++ b/tests/qa_provider_oapi/data/nets/TF-125_security_group_datasource_attributes_ok/step4.security_group_datasource_ok.ref @@ -230,6 +230,7 @@ "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ + "outscale_net.outscale_net", "outscale_security_group.outscale_security_group", "outscale_security_group.outscale_security_group2" ] diff --git a/tests/qa_provider_oapi/data/nets/TF-128_security_group_rule_resource_attributes_2_ok/step1.security_group_rule_resource_2_ok.ref b/tests/qa_provider_oapi/data/nets/TF-128_security_group_rule_resource_attributes_2_ok/step1.security_group_rule_resource_2_ok.ref index 68b1dcf4b..87ea94f47 100644 --- a/tests/qa_provider_oapi/data/nets/TF-128_security_group_rule_resource_attributes_2_ok/step1.security_group_rule_resource_2_ok.ref +++ b/tests/qa_provider_oapi/data/nets/TF-128_security_group_rule_resource_attributes_2_ok/step1.security_group_rule_resource_2_ok.ref @@ -191,8 +191,8 @@ "security_groups_members": [ { "account_id": "##id-2##", - "security_group_id": "##id-4##", - "security_group_name": "" + "security_group_id": "", + "security_group_name": "sg2-terraform-test" } ], "service_ids": null, diff --git a/tests/qa_provider_oapi/data/nets/TF-128_security_group_rule_resource_attributes_2_ok/step1.security_group_rule_resource_2_ok.tf b/tests/qa_provider_oapi/data/nets/TF-128_security_group_rule_resource_attributes_2_ok/step1.security_group_rule_resource_2_ok.tf index 72b3ed99d..e49c06b83 100644 --- a/tests/qa_provider_oapi/data/nets/TF-128_security_group_rule_resource_attributes_2_ok/step1.security_group_rule_resource_2_ok.tf +++ b/tests/qa_provider_oapi/data/nets/TF-128_security_group_rule_resource_attributes_2_ok/step1.security_group_rule_resource_2_ok.tf @@ -50,7 +50,7 @@ resource "outscale_security_group_rule" "outscale_security_group_rule-3_2" { ip_protocol = "tcp" security_groups_members { account_id = outscale_security_group.outscale_security_group2.account_id - security_group_id = outscale_security_group.outscale_security_group2.id + security_group_name = outscale_security_group.outscale_security_group2.security_group_name } } depends_on = [outscale_security_group.outscale_security_group2, outscale_security_group_rule.outscale_security_group_rule-3] diff --git a/tests/qa_provider_oapi/data/nets/TF-128_security_group_rule_resource_attributes_2_ok/step2.security_group_rule_resource_2_ok.ref b/tests/qa_provider_oapi/data/nets/TF-128_security_group_rule_resource_attributes_2_ok/step2.security_group_rule_resource_2_ok.ref index 05854839c..bff3f417e 100644 --- a/tests/qa_provider_oapi/data/nets/TF-128_security_group_rule_resource_attributes_2_ok/step2.security_group_rule_resource_2_ok.ref +++ b/tests/qa_provider_oapi/data/nets/TF-128_security_group_rule_resource_attributes_2_ok/step2.security_group_rule_resource_2_ok.ref @@ -222,7 +222,7 @@ "security_group_name": "" } ], - "service_ids": [], + "service_ids": null, "to_port_range": 22 } ], diff --git a/tests/qa_provider_oapi/data/nets/TF-129_security_groups_datasource_attributes_ok/step2.security_groups_datasource_ok.ref b/tests/qa_provider_oapi/data/nets/TF-129_security_groups_datasource_attributes_ok/step2.security_groups_datasource_ok.ref index fd69c758e..d8805b5cc 100644 --- a/tests/qa_provider_oapi/data/nets/TF-129_security_groups_datasource_attributes_ok/step2.security_groups_datasource_ok.ref +++ b/tests/qa_provider_oapi/data/nets/TF-129_security_groups_datasource_attributes_ok/step2.security_groups_datasource_ok.ref @@ -212,6 +212,7 @@ "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ + "outscale_net.outscale_net", "outscale_security_group.outscale_security_group" ] } diff --git a/tests/qa_provider_oapi/data/nets/TF-129_security_groups_datasource_attributes_ok/step3.security_groups_datasource_ok.ref b/tests/qa_provider_oapi/data/nets/TF-129_security_groups_datasource_attributes_ok/step3.security_groups_datasource_ok.ref index dfc6ee62f..3753d3266 100644 --- a/tests/qa_provider_oapi/data/nets/TF-129_security_groups_datasource_attributes_ok/step3.security_groups_datasource_ok.ref +++ b/tests/qa_provider_oapi/data/nets/TF-129_security_groups_datasource_attributes_ok/step3.security_groups_datasource_ok.ref @@ -224,6 +224,7 @@ "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ + "outscale_net.outscale_net", "outscale_security_group.outscale_security_group", "outscale_security_group.outscale_security_group2" ] diff --git a/tests/qa_provider_oapi/data/nets/TF-129_security_groups_datasource_attributes_ok/step4.security_groups_datasource_ok.ref b/tests/qa_provider_oapi/data/nets/TF-129_security_groups_datasource_attributes_ok/step4.security_groups_datasource_ok.ref index d5b0eb14c..34663ffde 100644 --- a/tests/qa_provider_oapi/data/nets/TF-129_security_groups_datasource_attributes_ok/step4.security_groups_datasource_ok.ref +++ b/tests/qa_provider_oapi/data/nets/TF-129_security_groups_datasource_attributes_ok/step4.security_groups_datasource_ok.ref @@ -230,6 +230,7 @@ "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ + "outscale_net.outscale_net", "outscale_security_group.outscale_security_group", "outscale_security_group.outscale_security_group2" ] diff --git a/tests/qa_provider_oapi/data/nets/TF-181_private_load_balancer_update_security_groups/step2.private_load_balancer_Add_security_groups.ref b/tests/qa_provider_oapi/data/nets/TF-181_private_load_balancer_update_security_groups/step2.private_load_balancer_Add_security_groups.ref index c6216caf9..35b409cb2 100644 --- a/tests/qa_provider_oapi/data/nets/TF-181_private_load_balancer_update_security_groups/step2.private_load_balancer_Add_security_groups.ref +++ b/tests/qa_provider_oapi/data/nets/TF-181_private_load_balancer_update_security_groups/step2.private_load_balancer_Add_security_groups.ref @@ -74,6 +74,7 @@ "sensitive_attributes": [], "private": "bnVsbA==", "dependencies": [ + "outscale_net.outscale_net", "outscale_security_group.outscale_security_group", "outscale_security_group.outscale_security_group-2", "outscale_subnet.subnet-1"