Add huaweicloud_lb_whitelist_v2 resource

Signed-off-by: ShiChangkuo <[email protected]>
huaweicloud · Jan 20, 2020 · c6a95fb · c6a95fb
1 parent b4a7fcc
commit c6a95fb
Show file tree

Hide file tree

Showing 6 changed files with 340 additions and 0 deletions.
diff --git a/huaweicloud/diff_suppress_funcs.go b/huaweicloud/diff_suppress_funcs.go
@@ -1,6 +1,10 @@
 package huaweicloud
 
 import (
+	"reflect"
+	"sort"
+	"strings"
+
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/jen20/awspolicyequivalence"
 )
@@ -31,3 +35,15 @@ func suppressComputedFixedWhenFloatingIp(k, old, new string, d *schema.ResourceD
 	}
 	return false
 }
+
+func suppressLBWhitelistDiffs(k, old, new string, d *schema.ResourceData) bool {
+	if len(old) != len(new) {
+		return false
+	}
+	old_array := strings.Split(old, ",")
+	new_array := strings.Split(new, ",")
+	sort.Strings(old_array)
+	sort.Strings(new_array)
+
+	return reflect.DeepEqual(old_array, new_array)
+}
diff --git a/huaweicloud/provider.go b/huaweicloud/provider.go
@@ -267,6 +267,7 @@ func Provider() terraform.ResourceProvider {
 			"huaweicloud_lb_monitor_v2":                      resourceMonitorV2(),
 			"huaweicloud_lb_l7policy_v2":                     resourceL7PolicyV2(),
 			"huaweicloud_lb_l7rule_v2":                       resourceL7RuleV2(),
+			"huaweicloud_lb_whitelist_v2":                    resourceWhitelistV2(),
 			"huaweicloud_mrs_cluster_v1":                     resourceMRSClusterV1(),
 			"huaweicloud_mrs_job_v1":                         resourceMRSJobV1(),
 			"huaweicloud_networking_network_v2":              resourceNetworkingNetworkV2(),

diff --git a/huaweicloud/resource_huaweicloud_lb_whitelist_v2.go b/huaweicloud/resource_huaweicloud_lb_whitelist_v2.go
@@ -0,0 +1,140 @@
+package huaweicloud
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"github.com/huaweicloud/golangsdk/openstack/networking/v2/extensions/lbaas_v2/whitelists"
+)
+
+func resourceWhitelistV2() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceWhitelistV2Create,
+		Read:   resourceWhitelistV2Read,
+		Update: resourceWhitelistV2Update,
+		Delete: resourceWhitelistV2Delete,
+
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(10 * time.Minute),
+			Update: schema.DefaultTimeout(10 * time.Minute),
+			Delete: schema.DefaultTimeout(10 * time.Minute),
+		},
+
+		Schema: map[string]*schema.Schema{
+			"tenant_id": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+
+			"listener_id": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"enable_whitelist": {
+				Type:     schema.TypeBool,
+				Optional: true,
+			},
+
+			"whitelist": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				DiffSuppressFunc: suppressLBWhitelistDiffs,
+			},
+		},
+	}
+}
+
+func resourceWhitelistV2Create(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	networkingClient, err := config.networkingV2Client(GetRegion(d, config))
+	if err != nil {
+		return fmt.Errorf("Error creating HuaweiCloud networking client: %s", err)
+	}
+
+	enableWhitelist := d.Get("enable_whitelist").(bool)
+	createOpts := whitelists.CreateOpts{
+		TenantId:        d.Get("tenant_id").(string),
+		ListenerId:      d.Get("listener_id").(string),
+		EnableWhitelist: &enableWhitelist,
+		Whitelist:       d.Get("whitelist").(string),
+	}
+
+	log.Printf("[DEBUG] Create Options: %#v", createOpts)
+	wl, err := whitelists.Create(networkingClient, createOpts).Extract()
+	if err != nil {
+		return fmt.Errorf("Error creating HuaweiCloud Whitelist: %s", err)
+	}
+
+	d.SetId(wl.ID)
+	return resourceWhitelistV2Read(d, meta)
+}
+
+func resourceWhitelistV2Read(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	networkingClient, err := config.networkingV2Client(GetRegion(d, config))
+	if err != nil {
+		return fmt.Errorf("Error creating HuaweiCloud networking client: %s", err)
+	}
+
+	wl, err := whitelists.Get(networkingClient, d.Id()).Extract()
+	if err != nil {
+		return CheckDeleted(d, err, "whitelist")
+	}
+
+	log.Printf("[DEBUG] Retrieved whitelist %s: %#v", d.Id(), wl)
+
+	d.SetId(wl.ID)
+	d.Set("tenant_id", wl.TenantId)
+	d.Set("listener_id", wl.ListenerId)
+	d.Set("enable_whitelist", wl.EnableWhitelist)
+	d.Set("whitelist", wl.Whitelist)
+
+	return nil
+}
+
+func resourceWhitelistV2Update(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	networkingClient, err := config.networkingV2Client(GetRegion(d, config))
+	if err != nil {
+		return fmt.Errorf("Error creating HuaweiCloud networking client: %s", err)
+	}
+
+	var updateOpts whitelists.UpdateOpts
+	if d.HasChange("enable_whitelist") {
+		ew := d.Get("enable_whitelist").(bool)
+		updateOpts.EnableWhitelist = &ew
+	}
+	if d.HasChange("whitelist") {
+		updateOpts.Whitelist = d.Get("whitelist").(string)
+	}
+
+	log.Printf("[DEBUG] Updating whitelist %s with options: %#v", d.Id(), updateOpts)
+	_, err = whitelists.Update(networkingClient, d.Id(), updateOpts).Extract()
+	if err != nil {
+		return fmt.Errorf("Unable to update whitelist %s: %s", d.Id(), err)
+	}
+
+	return resourceWhitelistV2Read(d, meta)
+}
+
+func resourceWhitelistV2Delete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	networkingClient, err := config.networkingV2Client(GetRegion(d, config))
+	if err != nil {
+		return fmt.Errorf("Error creating HuaweiCloud networking client: %s", err)
+	}
+
+	log.Printf("[DEBUG] Attempting to delete whitelist %s", d.Id())
+	err = whitelists.Delete(networkingClient, d.Id()).ExtractErr()
+	if err != nil {
+		return fmt.Errorf("Error deleting HuaweiCloud whitelist: %s", err)
+	}
+	d.SetId("")
+	return nil
+}
diff --git a/huaweicloud/resource_huaweicloud_lb_whitelist_v2_test.go b/huaweicloud/resource_huaweicloud_lb_whitelist_v2_test.go
@@ -0,0 +1,127 @@
+package huaweicloud
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/terraform"
+	"github.com/huaweicloud/golangsdk/openstack/networking/v2/extensions/lbaas_v2/whitelists"
+)
+
+func TestAccLBV2Whitelist_basic(t *testing.T) {
+	var whitelist whitelists.Whitelist
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckLBV2WhitelistDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: TestAccLBV2WhitelistConfig_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckLBV2WhitelistExists("huaweicloud_lb_whitelist_v2.whitelist_1", &whitelist),
+				),
+			},
+			{
+				Config: TestAccLBV2WhitelistConfig_update,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("huaweicloud_lb_whitelist_v2.whitelist_1", "enable_whitelist", "true"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCheckLBV2WhitelistDestroy(s *terraform.State) error {
+	config := testAccProvider.Meta().(*Config)
+	networkingClient, err := config.networkingV2Client(OS_REGION_NAME)
+	if err != nil {
+		return fmt.Errorf("Error creating HuaweiCloud networking client: %s", err)
+	}
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "huaweicloud_lb_whitelist_v2" {
+			continue
+		}
+
+		_, err := whitelists.Get(networkingClient, rs.Primary.ID).Extract()
+		if err == nil {
+			return fmt.Errorf("Whitelist still exists: %s", rs.Primary.ID)
+		}
+	}
+
+	return nil
+}
+
+func testAccCheckLBV2WhitelistExists(n string, whitelist *whitelists.Whitelist) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := testAccProvider.Meta().(*Config)
+		networkingClient, err := config.networkingV2Client(OS_REGION_NAME)
+		if err != nil {
+			return fmt.Errorf("Error creating HuaweiCloud networking client: %s", err)
+		}
+
+		found, err := whitelists.Get(networkingClient, rs.Primary.ID).Extract()
+		if err != nil {
+			return err
+		}
+
+		if found.ID != rs.Primary.ID {
+			return fmt.Errorf("Whitelist not found")
+		}
+
+		*whitelist = *found
+
+		return nil
+	}
+}
+
+var TestAccLBV2WhitelistConfig_basic = fmt.Sprintf(`
+resource "huaweicloud_lb_loadbalancer_v2" "loadbalancer_1" {
+  name = "loadbalancer_1"
+  vip_subnet_id = "%s"
+}
+
+resource "huaweicloud_lb_listener_v2" "listener_1" {
+  name = "listener_1"
+  protocol = "HTTP"
+  protocol_port = 8080
+  loadbalancer_id = "${huaweicloud_lb_loadbalancer_v2.loadbalancer_1.id}"
+}
+
+resource "huaweicloud_lb_whitelist_v2" "whitelist_1" {
+  enable_whitelist = true
+  whitelist = "192.168.11.1,192.168.0.1/24"
+  listener_id = "${huaweicloud_lb_listener_v2.listener_1.id}"
+}
+`, OS_SUBNET_ID)
+
+var TestAccLBV2WhitelistConfig_update = fmt.Sprintf(`
+resource "huaweicloud_lb_loadbalancer_v2" "loadbalancer_1" {
+  name = "loadbalancer_1"
+  vip_subnet_id = "%s"
+}
+
+resource "huaweicloud_lb_listener_v2" "listener_1" {
+  name = "listener_1"
+  protocol = "HTTP"
+  protocol_port = 8080
+  loadbalancer_id = "${huaweicloud_lb_loadbalancer_v2.loadbalancer_1.id}"
+}
+
+resource "huaweicloud_lb_whitelist_v2" "whitelist_1" {
+  enable_whitelist = true
+  whitelist = "192.168.11.1,192.168.0.1/24,192.168.201.18/8"
+  listener_id = "${huaweicloud_lb_listener_v2.listener_1.id}"
+}
+`, OS_SUBNET_ID)
diff --git a/website/docs/r/lb_whitelist_v2.html.markdown b/website/docs/r/lb_whitelist_v2.html.markdown
@@ -0,0 +1,53 @@
+---
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_lb_whitelist_v2"
+sidebar_current: "docs-huaweicloud-resource-lb-whitelist-v2"
+description: |-
+  Manages a Load Balancer whitelist resource within HuaweiCloud.
+---
+
+# huaweicloud\_lb\_whitelist\_v2
+
+Manages a Load Balancer whitelist resource within HuaweiCloud.
+
+## Example Usage
+
+```hcl
+resource "huaweicloud_lb_listener_v2" "listener_1" {
+  name            = "listener_1"
+  protocol        = "HTTP"
+  protocol_port   = 8080
+  loadbalancer_id = var.loadbalancer_id
+}
+
+resource "huaweicloud_lb_whitelist_v2" "whitelist_1" {
+  enable_whitelist = true
+  whitelist        = "192.168.11.1,192.168.0.1/24,192.168.201.18/8"
+  listener_id      = huaweicloud_lb_listener_v2.listener_1.id
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `tenant_id` - (Optional) Required for admins. The UUID of the tenant who owns
+    the whitelist. Only administrative users can specify a tenant UUID
+    other than their own. Changing this creates a new whitelist.
+
+* `listener_id` - (Required) The Listener ID that the whitelist will be associated with. Changing this creates a new whitelist.
+
+* `enable_whitelist` - (Optional) Specify whether to enable access control.
+
+* `whitelist` - (Optional) Specifies the IP addresses in the whitelist. Use commas(,) to separate
+    the multiple IP addresses.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `id` - The unique ID for the whitelist.
+* `tenant_id` - See Argument Reference above.
+* `listener_id` - See Argument Reference above.
+* `enable_whitelist` - See Argument Reference above.
+* `whitelist` - See Argument Reference above.
diff --git a/website/huaweicloud.erb b/website/huaweicloud.erb
@@ -389,6 +389,9 @@
             <li<%= sidebar_current("docs-huaweicloud-resource-lb-l7rule-v2") %>>
               <a href="/docs/providers/huaweicloud/r/lb_l7rule_v2.html">huaweicloud_lb_l7rule_v2</a>
             </li>
+            <li<%= sidebar_current("docs-huaweicloud-resource-lb-whitelist-v2") %>>
+              <a href="/docs/providers/huaweicloud/r/lb_whitelist_v2.html">huaweicloud_lb_whitelist_v2</a>
+            </li>
           </ul>
         </li>