diff --git a/kubernetes/resource_kubernetes_network_policy.go b/kubernetes/resource_kubernetes_network_policy.go index bf4845f5b8..8017ab95df 100644 --- a/kubernetes/resource_kubernetes_network_policy.go +++ b/kubernetes/resource_kubernetes_network_policy.go @@ -215,12 +215,17 @@ func resourceKubernetesNetworkPolicy() *schema.Resource { Schema: labelSelectorFields(), }, }, + // The policy_types property is made required because the default value is only evaluated server side on resource creation. + // During the initial creation, a default value is determined and stored, then PolicyTypes is no longer considered unset, + // it will stick to that value on further updates unless explicitly overridden. + // Leaving the policy_types property optional here would prevent further updates adding egress rules after the initial resource creation + // without egress rules nor policy types from working as expected as PolicyTypes will stick to Ingress server side. "policy_types": { Type: schema.TypeList, Description: networkPolicySpecPolicyTypesDoc, - Optional: true, + Required: true, + MinItems: 1, MaxItems: 2, - Computed: true, Elem: &schema.Schema{Type: schema.TypeString}, }, }, diff --git a/kubernetes/resource_kubernetes_network_policy_test.go b/kubernetes/resource_kubernetes_network_policy_test.go index 165f8e8f38..9f48f80268 100644 --- a/kubernetes/resource_kubernetes_network_policy_test.go +++ b/kubernetes/resource_kubernetes_network_policy_test.go @@ -42,6 +42,8 @@ func TestAccKubernetesNetworkPolicy_basic(t *testing.T) { resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.#", "1"), resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.pod_selector.#", "1"), resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.ingress.#", "0"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.#", "1"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.0", "Ingress"), ), }, { @@ -65,6 +67,8 @@ func TestAccKubernetesNetworkPolicy_basic(t *testing.T) { resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.#", "1"), resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.pod_selector.#", "1"), resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.ingress.#", "0"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.#", "1"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.0", "Ingress"), ), }, { @@ -98,6 +102,8 @@ func TestAccKubernetesNetworkPolicy_basic(t *testing.T) { resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.ingress.0.from.0.namespace_selector.#", "1"), resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.ingress.0.from.0.namespace_selector.0.match_labels.name", "default"), resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.ingress.0.from.0.pod_selector.#", "0"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.#", "1"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.0", "Ingress"), ), }, { @@ -138,6 +144,8 @@ func TestAccKubernetesNetworkPolicy_basic(t *testing.T) { resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.ingress.0.from.1.namespace_selector.#", "0"), resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.ingress.0.from.1.pod_selector.#", "1"), resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.ingress.0.from.1.pod_selector.0.match_labels.app", "myapp"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.#", "1"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.0", "Ingress"), ), }, { @@ -189,6 +197,9 @@ func TestAccKubernetesNetworkPolicy_basic(t *testing.T) { resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.egress.0.to.0.ip_block.0.except.0", "10.0.0.0/24"), resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.egress.0.to.0.ip_block.0.except.1", "10.0.1.0/24"), resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.egress.0.to.0.pod_selector.#", "0"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.#", "2"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.0", "Ingress"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.1", "Egress"), ), }, }, @@ -254,6 +265,9 @@ func TestAccKubernetesNetworkPolicy_withEgressAtCreation(t *testing.T) { resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.egress.0.to.0.ip_block.0.except.0", "10.0.0.0/24"), resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.egress.0.to.0.ip_block.0.except.1", "10.0.1.0/24"), resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.egress.0.to.0.pod_selector.#", "0"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.#", "2"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.0", "Ingress"), + resource.TestCheckResourceAttr("kubernetes_network_policy.test", "spec.0.policy_types.1", "Egress"), ), }, }, @@ -349,6 +363,8 @@ resource "kubernetes_network_policy" "test" { spec { pod_selector {} + + policy_types = [ "Ingress" ] } } `, name) @@ -376,6 +392,7 @@ resource "kubernetes_network_policy" "test" { spec { pod_selector = {} ingress = [] + policy_types = [ "Ingress" ] } } `, name) @@ -421,6 +438,8 @@ resource "kubernetes_network_policy" "test" { ] }, ] + + policy_types = [ "Ingress" ] } } `, name) @@ -476,6 +495,8 @@ resource "kubernetes_network_policy" "test" { ] }, ] + + policy_types = [ "Ingress" ] } } `, name) @@ -554,6 +575,8 @@ resource "kubernetes_network_policy" "test" { ] }, ] + + policy_types = [ "Ingress", "Egress" ] } } `, name) diff --git a/kubernetes/structure_network_policy.go b/kubernetes/structure_network_policy.go index fcb60b3d5e..aee0823d82 100644 --- a/kubernetes/structure_network_policy.go +++ b/kubernetes/structure_network_policy.go @@ -117,6 +117,7 @@ func expandNetworkPolicySpec(l []interface{}) v1.NetworkPolicySpec { if v, ok := in["egress"].([]interface{}); ok && len(v) > 0 { obj.Egress = expandNetworkPolicyEgress(v) } + obj.PolicyTypes = expandNetworkPolicyTypes(in["policy_types"].([]interface{})) } return obj } @@ -140,9 +141,9 @@ func expandNetworkPolicyIngress(l []interface{}) []v1.NetworkPolicyIngressRule { func expandNetworkPolicyEgress(l []interface{}) []v1.NetworkPolicyEgressRule { obj := make([]v1.NetworkPolicyEgressRule, len(l), len(l)) - for i, ingress := range l { - if ingress != nil { - in := ingress.(map[string]interface{}) + for i, egress := range l { + if egress != nil { + in := egress.(map[string]interface{}) obj[i] = v1.NetworkPolicyEgressRule{} if v, ok := in["ports"].([]interface{}); ok && len(v) > 0 { obj[i].Ports = expandNetworkPolicyPorts(v) @@ -210,6 +211,14 @@ func expandIPBlock(l []interface{}) *v1.IPBlock { return obj } +func expandNetworkPolicyTypes(l []interface{}) []v1.PolicyType { + obj := make([]v1.PolicyType, 0, 0) + for _, policyType := range l { + obj = append(obj, v1.PolicyType(policyType.(string))) + } + return obj +} + // Patchers func patchNetworkPolicySpec(keyPrefix, pathPrefix string, d *schema.ResourceData) PatchOperations { @@ -253,7 +262,7 @@ func patchNetworkPolicySpec(keyPrefix, pathPrefix string, d *schema.ResourceData if d.HasChange(keyPrefix + "policy_types") { ops = append(ops, &ReplaceOperation{ Path: pathPrefix + "/policyTypes", - Value: expandStringSlice(d.Get(keyPrefix + "policy_types").([]interface{})), + Value: expandNetworkPolicyTypes(d.Get(keyPrefix + "policy_types").([]interface{})), }) } return ops