Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

iothub IP filters #3173

Merged
merged 8 commits into from
Apr 8, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 78 additions & 0 deletions azurerm/resource_arm_iothub.go
Original file line number Diff line number Diff line change
Expand Up @@ -323,6 +323,33 @@ func resourceArmIotHub() *schema.Resource {
},
},

"ip_filter_rule": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validate.NoEmptyStrings,
},
tombuildsstuff marked this conversation as resolved.
Show resolved Hide resolved
"ip_mask": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validate.CIDR,
},
"action": {
Type: schema.TypeString,
Required: true,
ValidateFunc: validation.StringInSlice([]string{
string(devices.Accept),
string(devices.Reject),
}, false),
},
},
},
},

"tags": tagsSchema(),
},
}
Expand Down Expand Up @@ -375,12 +402,14 @@ func resourceArmIotHubCreateUpdate(d *schema.ResourceData, meta interface{}) err
}

routes := expandIoTHubRoutes(d)
ipFilterRules := expandIPFilterRules(d)

properties := devices.IotHubDescription{
Name: utils.String(name),
Location: utils.String(location),
Sku: skuInfo,
Properties: &devices.IotHubProperties{
IPFilterRules: ipFilterRules,
Routing: &devices.RoutingProperties{
Endpoints: endpoints,
Routes: routes,
Expand Down Expand Up @@ -476,6 +505,12 @@ func resourceArmIotHubRead(d *schema.ResourceData, meta interface{}) error {
if err := d.Set("fallback_route", fallbackRoute); err != nil {
return fmt.Errorf("Error setting `fallbackRoute` in IoTHub %q: %+v", name, err)
}

ipFilterRules := flattenIPFilterRules(properties.IPFilterRules)
if err := d.Set("ip_filter_rule", ipFilterRules); err != nil {
return fmt.Errorf("Error setting `ip_filter_rule` in IoTHub %q: %+v", name, err)
}

}

d.Set("name", name)
Expand Down Expand Up @@ -907,3 +942,46 @@ func validateIoTHubFileNameFormat(v interface{}, k string) (warnings []string, e

return warnings, errors
}
func expandIPFilterRules(d *schema.ResourceData) *[]devices.IPFilterRule {
ipFilterRuleList := d.Get("ip_filter_rule").(*schema.Set).List()
if len(ipFilterRuleList) == 0 {
return nil
}

rules := make([]devices.IPFilterRule, 0)

for _, r := range ipFilterRuleList {
rawRule := r.(map[string]interface{})
rule := &devices.IPFilterRule{
FilterName: utils.String(rawRule["name"].(string)),
Action: devices.IPFilterActionType(rawRule["action"].(string)),
IPMask: utils.String(rawRule["ip_mask"].(string)),
}

rules = append(rules, *rule)
}
return &rules
}

func flattenIPFilterRules(in *[]devices.IPFilterRule) []interface{} {
rules := make([]interface{}, 0)
if in == nil {
return rules
}

for _, r := range *in {
rawRule := make(map[string]interface{})

if r.FilterName != nil {
rawRule["name"] = *r.FilterName
}

rawRule["action"] = string(r.Action)

if r.IPMask != nil {
rawRule["ip_mask"] = *r.IPMask
}
rules = append(rules, rawRule)
}
return rules
}
55 changes: 55 additions & 0 deletions azurerm/resource_arm_iothub_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,30 @@ func TestAccAzureRMIotHub_basic(t *testing.T) {
})
}

func TestAccAzureRMIotHub_ipFilterRules(t *testing.T) {
resourceName := "azurerm_iothub.test"
rInt := tf.AccRandTimeInt()

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testCheckAzureRMIotHubDestroy,
Steps: []resource.TestStep{
{
Config: testAccAzureRMIotHub_ipFilterRules(rInt, testLocation()),
Check: resource.ComposeTestCheckFunc(
testCheckAzureRMIotHubExists(resourceName),
),
},
{
ResourceName: resourceName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccAzureRMIotHub_requiresImport(t *testing.T) {
if !requireResourcesToBeImported {
t.Skip("Skipping since resources aren't required to be imported")
Expand Down Expand Up @@ -271,6 +295,37 @@ resource "azurerm_iothub" "test" {
`, rInt, location, rInt)
}

func testAccAzureRMIotHub_ipFilterRules(rInt int, location string) string {
return fmt.Sprintf(`
resource "azurerm_resource_group" "test" {
name = "acctestRG-%d"
location = "%s"
}

resource "azurerm_iothub" "test" {
name = "acctestIoTHub-%d"
resource_group_name = "${azurerm_resource_group.test.name}"
location = "${azurerm_resource_group.test.location}"

sku {
name = "S1"
tier = "Standard"
capacity = "1"
}

ip_filter_rule {
name = "test"
ip_mask = "10.0.0.0/31"
action = "Accept"
}

tags {
"purpose" = "testing"
}
}
`, rInt, location, rInt)
}

func testAccAzureRMIotHub_customRoutes(rInt int, rStr string, location string) string {
return fmt.Sprintf(`
resource "azurerm_resource_group" "test" {
Expand Down
12 changes: 12 additions & 0 deletions website/docs/r/iothub.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,8 @@ The following arguments are supported:

* `endpoint` - (Optional) An `endpoint` block as defined below.

* `ip_filter_rule` - (Optional) One or more `ip_filter_rule` blocks as defined below.

* `route` - (Optional) A `route` block as defined below.

* `fallback_route` - (Optional) A `fallback_route` block as defined below. If the fallback route is enabled, messages that don't match any of the supplied routes are automatically sent to this route. Defaults to messages/events.
Expand Down Expand Up @@ -127,6 +129,16 @@ An `endpoint` block supports the following:

---

An `ip_filter_rule` block supports the following:

* `name` - (Required) The name of the filter.

* `ip_mask` - (Required) The IP address range in CIDR notation for the rule.

* `action` - (Required) The desired action for requests captured by this rule. Possible values are `Accept`, `Reject`

---

A `route` block supports the following:

* `name` - (Required) The name of the route.
Expand Down