Merge pull request #24 from arangodb-managed/removewhitelist

OAS-2041 | BREAKING | Changed IPWhitelist into IPAllowlist

README.md

@@ -67,7 +67,7 @@ resource "oasis_deployment" "my_oneshard_deployment" {
 
   security { // this section is optional
     ca_certificate = "" // If not set, uses default certificate from project
-    ip_whitelist = "" // If not set, no whitelist is configured
+    ip_allowlist = "" // If not set, no allowlist is configured
   }
 
   configuration {
@@ -90,7 +90,7 @@ resource "oasis_deployment" "my_oneshard_deployment" {
 
   security { // this section is optional
     ca_certificate = "" // If not set, uses default certificate from project
-    ip_whitelist = "" // If not set, no whitelist is configured
+    ip_allowlist = "" // If not set, no allowlist is configured
   }
 
   configuration {
@@ -111,7 +111,7 @@ resource "oasis_deployment" "my_sharded_deployment" {
 
   security { // this section is optional
     ca_certificate = "" // If not set, uses default certificate from project
-    ip_whitelist = "" // If not set, no whitelist is configured
+    ip_allowlist = "" // If not set, no allowlist is configured
   }
 
   configuration {

examples/using_data_sources.tf

@@ -46,8 +46,8 @@ resource "oasis_backup_policy" "my_backup_policy" {
   }
 }
 
-// IP whitelist. This needs a project field.
-resource "oasis_ipwhitelist" "my_iplist" {
+// IP allowlist. This needs a project field.
+resource "oasis_ipallowlist" "my_iplist" {
   name        = "terraform-ip-list"
   description = "Important ip list."
   cidr_ranges = ["1.2.3.4/32", "111.11.0.0/16", "0.0.0.0/0"]
@@ -72,7 +72,7 @@ resource "oasis_deployment" "my_oneshard_deployment" {
     node_count = 3
   }
   security {
-    ip_whitelist   = oasis_ipwhitelist.my_iplist.id
+    ip_allowlist   = oasis_ipallowlist.my_iplist.id
     ca_certificate = oasis_certificate.my_oasis_cert.id
   }
 }

examples/using_resources.tf

@@ -15,19 +15,19 @@ resource "oasis_project" "my_project" {
   description = "Project description"
 }
 
-// Terraform created ip whitelist. This resource uses the computed ID value of the
+// Terraform created ip allowlist. This resource uses the computed ID value of the
 // previously defined project resource.
-resource "oasis_ipwhitelist" "my_iplist" {
-  name        = "Terraform IP Whitelist"
-  description = "IP Whitelist description"
+resource "oasis_ipallowlist" "my_iplist" {
+  name        = "Terraform IP Allowlist"
+  description = "IP Allowlist description"
   cidr_ranges = ["1.2.3.4/32", "111.11.0.0/16", "0.0.0.0/0"]
   project     = oasis_project.my_project.id
 }
 
 // Terraform created deployment. For all fields, please consult `terraform providers schema`
 // or the code.
 // This resource uses the computed project ID of the previously defined project resource,
-// and two other resources, ip whitelist and the certificate.
+// and two other resources, ip allowlist and the certificate.
 resource "oasis_deployment" "my_oneshard_deployment" {
   name        = "Terraform Deployment"
   description = "Deployment description"
@@ -43,7 +43,7 @@ resource "oasis_deployment" "my_oneshard_deployment" {
     node_count = 3
   }
   security {
-    ip_whitelist   = oasis_ipwhitelist.my_iplist.id
+    ip_allowlist   = oasis_ipallowlist.my_iplist.id
     ca_certificate = oasis_certificate.my_oasis_cert.id
   }
 }

go.mod

@@ -1,7 +1,7 @@
 module github.com/arangodb-managed/terraform-provider-oasis
 
 require (
-	github.com/arangodb-managed/apis v0.45.2
+	github.com/arangodb-managed/apis v0.53.0
 	github.com/arangodb-managed/log-helper v0.1.4
 	github.com/gogo/protobuf v1.3.0
 	github.com/hashicorp/hcl v1.0.0 // indirect
@@ -15,11 +15,11 @@ go 1.13
 
 replace github.com/Azure/go-autorest => github.com/Azure/go-autorest v14.0.1+incompatible
 
-replace github.com/arangodb/kube-arangodb => github.com/arangodb/kube-arangodb v0.0.0-20200525105428-e506978cb648
+replace github.com/arangodb/kube-arangodb => github.com/arangodb/kube-arangodb v0.0.0-20201104155747-ca02a3a4c884
 
 replace github.com/coreos/go-systemd => github.com/coreos/go-systemd v0.0.0-20190620071333-e64a0ec8b42a
 
-replace github.com/coreos/prometheus-operator => github.com/coreos/prometheus-operator v0.31.1
+replace github.com/coreos/prometheus-operator => github.com/coreos/prometheus-operator v0.37.0
 
 replace github.com/golang/lint => golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3
 
@@ -45,27 +45,27 @@ replace google.golang.org/api => google.golang.org/api v0.7.0
 
 replace google.golang.org/grpc => google.golang.org/grpc v1.29.1
 
-replace k8s.io/api => k8s.io/api v0.16.9
+replace k8s.io/api => k8s.io/api v0.16.15
 
-replace k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.16.9
+replace k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.16.15
 
-replace k8s.io/apimachinery => k8s.io/apimachinery v0.16.9
+replace k8s.io/apimachinery => k8s.io/apimachinery v0.16.15
 
-replace k8s.io/apiserver => k8s.io/apiserver v0.16.9
+replace k8s.io/apiserver => k8s.io/apiserver v0.16.15
 
-replace k8s.io/client-go => k8s.io/client-go v0.16.9
+replace k8s.io/client-go => k8s.io/client-go v0.16.15
 
-replace k8s.io/cloud-provider => k8s.io/cloud-provider v0.16.9
+replace k8s.io/cloud-provider => k8s.io/cloud-provider v0.16.15
 
-replace k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.16.9
+replace k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.16.15
 
-replace k8s.io/code-generator => k8s.io/code-generator v0.16.9
+replace k8s.io/code-generator => k8s.io/code-generator v0.16.15
 
-replace k8s.io/component-base => k8s.io/component-base v0.16.9
+replace k8s.io/component-base => k8s.io/component-base v0.16.15
 
-replace k8s.io/kubernetes => k8s.io/kubernetes v1.16.9
+replace k8s.io/kubernetes => k8s.io/kubernetes v1.16.15
 
-replace k8s.io/metrics => k8s.io/metrics v0.16.9
+replace k8s.io/metrics => k8s.io/metrics v0.16.15
 
 replace sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.4.0
 
@@ -77,26 +77,30 @@ replace github.com/cilium/cilium => github.com/cilium/cilium v1.7.2
 
 replace github.com/optiopay/kafka => github.com/optiopay/kafka v2.0.4+incompatible
 
-replace k8s.io/cli-runtime => k8s.io/cli-runtime v0.16.9
+replace k8s.io/cli-runtime => k8s.io/cli-runtime v0.16.15
 
-replace k8s.io/cri-api => k8s.io/cri-api v0.16.9
+replace k8s.io/cri-api => k8s.io/cri-api v0.16.15
 
-replace k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.16.9
+replace k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.16.15
 
-replace k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.16.9
+replace k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.16.15
 
-replace k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.16.9
+replace k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.16.15
 
-replace k8s.io/kube-proxy => k8s.io/kube-proxy v0.16.9
+replace k8s.io/kube-proxy => k8s.io/kube-proxy v0.16.15
 
-replace k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.16.9
+replace k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.16.15
 
-replace k8s.io/kubelet => k8s.io/kubelet v0.16.9
+replace k8s.io/kubelet => k8s.io/kubelet v0.16.15
 
-replace k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.16.9
+replace k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.16.15
 
-replace k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.16.9
+replace k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.16.15
 
 replace google.golang.org/genproto => google.golang.org/genproto v0.0.0-20191206224255-0243a4be9c8f
 
-replace k8s.io/kubectl => k8s.io/kubectl v0.16.9
+replace k8s.io/kubectl => k8s.io/kubectl v0.16.15
+
+replace github.com/nats-io/nats.go => github.com/nats-io/nats.go v1.8.1
+
+replace github.com/nats-io/stan.go => github.com/nats-io/stan.go v0.4.5

go.sum

@@ -19,8 +19,8 @@ github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFU
 github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
 github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2wFoYVvnCs0=
 github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
-github.com/arangodb-managed/apis v0.45.2 h1:/wT7e0SyxPJzUmRvApmUhxazTfa1Pi1LmGvRm+qKF2I=
-github.com/arangodb-managed/apis v0.45.2/go.mod h1:dSEV+DTPdZNH06qVqFWA+F0OcaL2ePGEo+odyMaU72Y=
+github.com/arangodb-managed/apis v0.53.0 h1:72QZ7dWK32hbJAYr3AN1nU8m3oSZwlyuqfMat0BpWP8=
+github.com/arangodb-managed/apis v0.53.0/go.mod h1:dSEV+DTPdZNH06qVqFWA+F0OcaL2ePGEo+odyMaU72Y=
 github.com/arangodb-managed/log-helper v0.1.4 h1:xx/kIZ+yvqbFgJ2aMxozuycRErysVrGQmRpH1m+rZy0=
 github.com/arangodb-managed/log-helper v0.1.4/go.mod h1:aASaVrd8OWm+XSaueOKyxYvIpnF2FKfC9KbfRVzhMcA=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=

pkg/provider.go

@@ -69,7 +69,7 @@ func Provider() *schema.Provider {
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"oasis_deployment":                   resourceDeployment(),
-			"oasis_ipwhitelist":                  resourceIPWhitelist(),
+			"oasis_ipallowlist":                  resourceIPAllowlist(),
 			"oasis_certificate":                  resourceCertificate(),
 			"oasis_backup_policy":                resourceBackupPolicy(),
 			"oasis_project":                      resourceProject(),

pkg/resource_deployment.go

@@ -43,7 +43,7 @@ const (
 	deplVersionDbVersionFieldName          = "db_version"
 	deplSecurityFieldName                  = "security"
 	deplSecurityCaCertificateFieldName     = "ca_certificate"
-	deplSecurityIpWhitelistFieldName       = "ip_whitelist"
+	deplSecurityIpAllowlistFieldName       = "ip_allowlist"
 	deplConfigurationFieldName             = "configuration"
 	deplConfigurationModelFieldName        = "model"
 	deplConfigurationNodeSizeIdFieldName   = "node_size_id"
@@ -118,9 +118,9 @@ func resourceDeployment() *schema.Resource {
 								return new == ""
 							},
 						},
-						deplSecurityIpWhitelistFieldName: {
+						deplSecurityIpAllowlistFieldName: {
 							Type:     schema.TypeString,
-							Optional: true, // If not set, no whitelist is configured
+							Optional: true, // If not set, no allowlist is configured
 						},
 					},
 				},
@@ -258,7 +258,7 @@ type version struct {
 // security is a convenient wrapper around the security schema for easy parsing
 type securityFields struct {
 	caCertificate string
-	ipWhitelist   string
+	ipAllowlist   string
 }
 
 // configuration is a convenient wrapper around the configuration schema for easy parsing
@@ -324,7 +324,7 @@ func expandDeploymentResource(d *schema.ResourceData, defaultProject string) (*d
 		RegionId:      loc.region,
 		Version:       ver.dbVersion,
 		Certificates:  &data.Deployment_CertificateSpec{CaCertificateId: sec.caCertificate},
-		IpwhitelistId: sec.ipWhitelist,
+		IpallowlistId: sec.ipAllowlist,
 		Model: &data.Deployment_ModelSpec{
 			Model:        conf.model,
 			NodeCount:    int32(conf.nodeCount),
@@ -367,8 +367,8 @@ func expandSecurity(s []interface{}) (sec securityFields) {
 		if i, ok := item[deplSecurityCaCertificateFieldName]; ok {
 			sec.caCertificate = i.(string)
 		}
-		if i, ok := item[deplSecurityIpWhitelistFieldName]; ok {
-			sec.ipWhitelist = i.(string)
+		if i, ok := item[deplSecurityIpAllowlistFieldName]; ok {
+			sec.ipAllowlist = i.(string)
 		}
 	}
 	return
@@ -452,7 +452,7 @@ func flattenVersion(depl *data.Deployment) []interface{} {
 func flattenSecurity(depl *data.Deployment) []interface{} {
 	return []interface{}{
 		map[string]interface{}{
-			deplSecurityIpWhitelistFieldName:   depl.GetIpwhitelistId(),
+			deplSecurityIpAllowlistFieldName:   depl.GetIpallowlistId(),
 			deplSecurityCaCertificateFieldName: depl.GetCertificates().GetCaCertificateId(),
 		},
 	}
@@ -514,8 +514,8 @@ func resourceDeploymentUpdate(d *schema.ResourceData, m interface{}) error {
 		if sec.caCertificate != "" {
 			depl.Certificates.CaCertificateId = sec.caCertificate
 		}
-		if sec.ipWhitelist != "" {
-			depl.IpwhitelistId = sec.ipWhitelist
+		if sec.ipAllowlist != "" {
+			depl.IpallowlistId = sec.ipAllowlist
 		}
 	}
 	if d.HasChange(deplConfigurationFieldName) {

pkg/resource_deployment_test.go

@@ -41,7 +41,7 @@ func TestFlattenDeploymentResource(t *testing.T) {
 		Certificates: &data.Deployment_CertificateSpec{
 			CaCertificateId: "certificate-id",
 		},
-		IpwhitelistId: "ip-whitelist",
+		IpallowlistId: "ip-allowlist",
 		Model: &data.Deployment_ModelSpec{
 			Model:        "oneshard",
 			NodeSizeId:   "a8",
@@ -67,7 +67,7 @@ func TestFlattenDeploymentResource(t *testing.T) {
 		deplSecurityFieldName: []interface{}{
 			map[string]interface{}{
 				deplSecurityCaCertificateFieldName: "certificate-id",
-				deplSecurityIpWhitelistFieldName:   "ip-whitelist",
+				deplSecurityIpAllowlistFieldName:   "ip-allowlist",
 			},
 		},
 		deplConfigurationFieldName: []interface{}{
@@ -92,7 +92,7 @@ func TestExpandingDeploymentResource(t *testing.T) {
 		Certificates: &data.Deployment_CertificateSpec{
 			CaCertificateId: "certificate-id",
 		},
-		IpwhitelistId: "ip-whitelist",
+		IpallowlistId: "ip-allowlist",
 		Model: &data.Deployment_ModelSpec{
 			Model:        "oneshard",
 			NodeSizeId:   "a8",
@@ -117,7 +117,7 @@ func TestExpandingDeploymentResource(t *testing.T) {
 		deplSecurityFieldName: []interface{}{
 			map[string]interface{}{
 				deplSecurityCaCertificateFieldName: "certificate-id",
-				deplSecurityIpWhitelistFieldName:   "ip-whitelist",
+				deplSecurityIpAllowlistFieldName:   "ip-allowlist",
 			},
 		},
 		deplConfigurationFieldName: []interface{}{
@@ -146,7 +146,7 @@ func TestExpandDeploymentOverrideProjectID(t *testing.T) {
 		Certificates: &data.Deployment_CertificateSpec{
 			CaCertificateId: "certificate-id",
 		},
-		IpwhitelistId: "ip-whitelist",
+		IpallowlistId: "ip-allowlist",
 		Model: &data.Deployment_ModelSpec{
 			Model:        "oneshard",
 			NodeSizeId:   "a8",
@@ -171,7 +171,7 @@ func TestExpandDeploymentOverrideProjectID(t *testing.T) {
 		deplSecurityFieldName: []interface{}{
 			map[string]interface{}{
 				deplSecurityCaCertificateFieldName: "certificate-id",
-				deplSecurityIpWhitelistFieldName:   "ip-whitelist",
+				deplSecurityIpAllowlistFieldName:   "ip-allowlist",
 			},
 		},
 		deplConfigurationFieldName: []interface{}{