Skip to content

Commit

Permalink
add resources and data sources for managing VPC Route and ACL
Browse files Browse the repository at this point in the history
  • Loading branch information
@chengxiangdong
chengxiangdong committed Aug 2, 2024
1 parent 6b5f6ab commit 06bdef1
Show file tree
Hide file tree
Showing 15 changed files with 2,360 additions and 1 deletion.
106 changes: 106 additions & 0 deletions docs/data-sources/vpc_network_acls.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
---
subcategory: "Virtual Private Cloud (VPC)"
---

# hcso_vpc_network_acls

Use this data source to get the list of VPC network ACLs within Huawei Cloud Stack Online.

## Example Usage

```hcl
variable "network_acl_name" {}
variable "enterprise_project_id" {}
data "hcso_vpc_network_acls" "basic" {
name = var.network_acl_name
enterprise_project_id = var.enterprise_project_id
}
```

## Argument Reference

The following arguments are supported:

* `region` - (Optional, String, ForceNew) Specifies the region in which to obtain the network ACLs.
If omitted, the provider-level region will be used.

* `name` - (Optional, String) Specifies the network ACL name. The value can contain no more than 64 characters,
including letters, digits, underscores (_), hyphens (-), and periods (.).

* `network_acl_id` - (Optional, String) Specifies the network ACL ID.

* `enterprise_project_id` - (Optional, String) Specifies the enterprise project ID of the network ACL.

* `enabled` - (Optional, String) Specifies whether the network ACL is enabled. The value can be **true** or **false**.

* `status` - (Optional, String) Specifies the status of the network ACL.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - The data source ID in uuid format.

* `network_acls` - The list of VPC network ACLs.
The [network_acls](#network_acls) structure is documented below.

<a name="network_acls"></a>
The `network_acls` block supports:

* `name` - The network ACL name.

* `id` - The network ACL ID.

* `enterprise_project_id` - The enterprise project ID of the network ACL.

* `description` - The network ACL description.

* `enabled` - Whether the network ACL is enabled.

* `ingress_rules` - The ingress rules of the network ACL.
The [rules](#rules) structure is documented below.

* `egress_rules` - The egress rules of the network ACL.
The [rules](#rules) structure is documented below.

* `associated_subnets` - The associated subnets of the network ACL.
The [associated_subnets](#subnets) structure is documented below.

* `status` - The status of the ACL.

* `created_at` - The created time of the ACL.

* `updated_at` - The updated time of the ACL.

<a name="rules"></a>
The `ingress_rules` and `egress_rules` block supports:

* `rule_id` - The ID of the rule.

* `action` - The rule action.

* `protocol` - The rule protocol.

* `ip_version` - The IP version of a network ACL rule.

* `name` - The network ACL rule name.

* `description` - The network ACL rule description.

* `source_ip_address` - The source IP address or CIDR block of a network ACL rule.

* `source_ip_address_group_id` - The source IP address group ID of a network ACL rule.

* `source_port` - The source ports of a network ACL rule.

* `destination_ip_address` - The destination IP address or CIDR block of a network ACL rule.

* `destination_ip_address_group_id` - The destination IP address group ID of a network ACL rule.

* `destination_port` - The destination ports of a network ACL rule.

<a name="subnets"></a>
The `associated_subnets` block supports:

* `subnet_id` - The ID of the subnet to associate with the network ACL.
57 changes: 57 additions & 0 deletions docs/data-sources/vpc_route_table.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
---
subcategory: "Virtual Private Cloud (VPC)"
---

# hcso_vpc_route_table

Provides details about a specific VPC route table within Huawei Cloud Stack Online.

## Example Usage

```hcl
variable "vpc_id" {}
# get the default route table
data "hcso_vpc_route_table" "default" {
vpc_id = var.vpc_id
}
# get a custom route table
data "hcso_vpc_route_table" "custom" {
vpc_id = var.vpc_id
name = "demo"
}
```

## Argument Reference

The following arguments are supported:

* `region` - (Optional, String) The region in which to query the vpc route table.
If omitted, the provider-level region will be used.

* `vpc_id` - (Required, String) Specifies the VPC ID where the route table resides.

* `name` - (Optional, String) Specifies the name of the route table.

* `id` - (Optional, String) Specifies the ID of the route table.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `default` - Whether the route table is default or not.

* `description` - The supplementary information about the route table.

* `subnets` - An array of one or more subnets associating with the route table.

* `route` - The route object list. The [route object](#route_object) is documented below.

<a name="route_object"></a>
The `route` block supports:

* `type` - The route type.
* `destination` - The destination address in the CIDR notation format
* `nexthop` - The next hop.
* `description` - The description about the route.
51 changes: 51 additions & 0 deletions docs/data-sources/vpc_routes.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
---
subcategory: "Virtual Private Cloud (VPC)"
---

# hcso_vpc_routes

Use this data source to get the list of VPC routes.

## Example Usage

```hcl
data "hcso_vpc_routes" "test" {
type = "peering"
}
```

## Argument Reference

The following arguments are supported:

* `region` - (Optional, String) Specifies the region in which to query the resource.
If omitted, the provider-level region will be used.

* `type` - (Optional, String) Specifies the route type.

* `vpc_id` - (Optional, String) Specifies the ID of the VPC to which the route belongs.

* `destination` - (Optional, String) Specifies the route destination.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - The data source ID.

* `routes` - The list of routes.

The [routes](#routes_struct) structure is documented below.

<a name="routes_struct"></a>
The `routes` block supports:

* `id` - The route ID.

* `type` - The route type.

* `vpc_id` - The ID of the VPC to which the route belongs.

* `destination` - The route destination.

* `nexthop` - The next hop of the route.
166 changes: 166 additions & 0 deletions docs/resources/vpc_network_acl.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
---
subcategory: "Virtual Private Cloud (VPC)"
---

# hcso_vpc_network_acl

Manages a VPC network ACL resource within Huawei Cloud Stack Online.

## Example Usage

```hcl
variable "name" {}
variable "subnet_id_1" {}
variable "subnet_id_2" {}
resource "hcso_vpc_network_acl" "test" {
name = var.name
description = "created by terraform"
enterprise_project_id = 0
enabled = true
ingress_rules {
action = "allow"
ip_version = 4
protocol = "tcp"
source_ip_address = "192.168.0.0/24"
source_port = "22-30,33"
destination_ip_address = "0.0.0.0/0"
destination_port = "8001-8010"
}
ingress_rules {
action = "deny"
ip_version = 4
protocol = "icmp"
source_ip_address = "192.168.0.0/24"
destination_ip_address = "0.0.0.0/0"
}
egress_rules {
action = "allow"
ip_version = 4
protocol = "tcp"
source_ip_address = "172.16.0.0/24"
source_port = "22-30,33"
destination_ip_address = "0.0.0.0/0"
destination_port = "8001-8010"
}
egress_rules {
action = "deny"
ip_version = 4
protocol = "icmp"
source_ip_address = "172.16.0.0/24"
destination_ip_address = "0.0.0.0/0"
}
associated_subnets {
subnet_id = var.subnet_id_1
}
associated_subnets {
subnet_id = var.subnet_id_2
}
}
```

## Argument Reference

The following arguments are supported:

* `region` - (Optional, String, ForceNew) Specifies the region in which to create the resource.
If omitted, the provider-level region will be used.
Changing this creates a new resource.

* `name` - (Required, String) Specifies the network ACL name. The value can contain no more than 64 characters,
including letters, digits, underscores (_), hyphens (-), and periods (.).

* `enterprise_project_id` - (Required, String) Specifies the enterprise project ID of the network ACL.

* `description` - (Optional, String) Specifies the network ACL description. The value can contain no more
than 255 characters and cannot contain angle brackets (< or >).

* `enabled` - (Optional, Bool) Specifies whether the network ACL is enabled. The default value is **true**.

* `ingress_rules` - (Optional, List) Specifies the ingress rules of the network ACL.
The [rules](#rules) structure is documented below.

* `egress_rules` - (Optional, List) Specifies the egress rules of the network ACL.
The [rules](#rules) structure is documented below.

* `associated_subnets` - (Optional, List) Specifies the associated subnets of the network ACL.
The [associated_subnets](#subnets) structure is documented below.

* `tags` - (Optional, Map) Specifies the key/value pairs to associate with the network ACL.

<a name="rules"></a>
The `ingress_rules` and `egress_rules` block supports:

* `action` - (Required, String) Specifies the rule action. The value can be: **allow** and **deny**.

* `protocol` - (Required, String) Specifies the rule protocol The value can be **tcp**, **udp**, **icmp**, **icmpv6**,
or an IP protocol number (0–255). The value **any** indicates all protocols.

* `ip_version` - (Required, Int) Specifies the IP version of a network ACL rule.
The value can be **4** (IPv4) and **6** (IPv6).

* `name` - (Optional, String) Specifies the network ACL rule name. The value can contain no more than 64 characters,
including letters, digits, underscores (_), hyphens (-), and periods (.).

* `description` - (Optional, String) Specifies the network ACL rule description. The value can contain no more
than 255 characters. The value cannot contain angle brackets (< or >).

* `source_ip_address` - (Optional, String) Specifies the source IP address or CIDR block of a network ACL rule.
The `source_ip_address` and `source_address_group_id` cannot be configured at the same time.

* `source_ip_address_group_id` - (Optional, String) Specifies the source IP address group ID of a network ACL rule.
`source_ip_address` and `source_address_group_id` cannot be configured at the same time.

* `source_port` - (Optional, String) Specifies the source ports of a network ACL rule.
You can specify a single port or a port range. Separate every two entries with a comma.

* `destination_ip_address` - (Optional, String) Specifies the destination IP address or CIDR block of a network ACL rule.
The `destination_ip_address` and `destination_address_group_id` cannot be configured at the same time.

* `destination_ip_address_group_id` - (Optional, String) Specifies the destination IP address group ID of a network ACL rule.
The `destination_ip_address` and `destination_address_group_id` cannot be configured at the same time.

* `destination_port` - (Optional, String) Specifies the destination ports of a network ACL rule.
You can specify a single port or a port range. Separate every two entries with a comma.

<a name="subnets"></a>
The `associated_subnets` block supports:

* `subnet_id` - (Required, String) Specifies the ID of the subnet to associate with the network ACL.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - The resource ID in uuid format.

* `status` - The status of the ACL.

* `created_at` - The created time of the ACL.

* `updated_at` - The updated time of the ACL.

* `ingress_rules` - The ingress rules of the network ACL.
The [rules](#rules_resp) structure is documented below.

* `egress_rules` - The egress rules of the network ACL.
The [rules](#rules_resp) structure is documented below.

<a name="rules_resp"></a>
The `ingress_rules` and `egress_rules` block supports:

* `rule_id` - The ID of the rule.

## Import

The network ACL can be imported using `id`, e.g.

```bash
$ terraform import hcso_vpc_network_acl.test <id>
```
Loading

0 comments on commit 06bdef1

Please sign in to comment.