0
0
mirror of https://github.com/bpg/terraform-provider-proxmox.git synced 2025-07-05 05:24:01 +00:00
terraform-provider-proxmox/proxmoxtf/datasource/firewall/security_group.go
Pavel Boldyrev 98e1cff7fe
feat: Add firewall resources (#246)
* refactoring existing cluster / firewall API for better composition

* add basic security groups API
fix linter errors

* add rules API

* fix after renaming resourceVirtualEnvironmentClusterIPSet

* fix linter errors

* make linter happy

* even more refactoring

* tidy up datasources

* in refactoring spree

* update examples

* fix firewall resource/datasource & client error handling

* add ipset(s) datasource

* update docs

* add security group resource with rules

* docs

* fix security group update, TODO: rule update

* fix after rebase

* add rule update, extract common rule schema, refactor group

* fix linter  errors

* bump linter for ci

* make alias and ipset reusable

* make security group reusable

* refactor datasources

* add security group datasources

* fix linter errors

* update docs

TODO: documentation for group datasources

* add sg docs, update doc index

* minor cleanup

* fix examples & tests

* stub for firewall-level options and rules

* extract firewall interface

* add firewall options and rules on the cluster level

TODO: issues with rule list management

* refactor all resources format AGAIN, now more flat, without complex subresources

* sort out hierarchy of APIs and remove duplication in API wrappers

* bring back security group

* finally, working rules

* restore cluster firewall option

* add containers support

* add options

* move rules back under security group, update docs

* fix vm_id / container_id attrs

* add examples

* cleanup

* more cleanup


Release-As: 0.17.0-rc1
2023-04-02 18:01:10 -04:00

120 lines
2.8 KiB
Go

/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*/
package firewall
import (
"context"
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/bpg/terraform-provider-proxmox/proxmox/cluster/firewall"
)
const (
mkSecurityGroupName = "name"
mkSecurityGroupComment = "comment"
mkRules = "rules"
)
func SecurityGroupSchema() map[string]*schema.Schema {
return map[string]*schema.Schema{
mkSecurityGroupName: {
Type: schema.TypeString,
Description: "Security group name",
Required: true,
},
mkSecurityGroupComment: {
Type: schema.TypeString,
Description: "Security group comment",
Computed: true,
},
mkRules: {
Type: schema.TypeList,
Description: "List of rules",
Computed: true,
Elem: &schema.Resource{Schema: RuleSchema()},
},
}
}
func SecurityGroupRead(ctx context.Context, api firewall.SecurityGroup, d *schema.ResourceData) diag.Diagnostics {
var diags diag.Diagnostics
name := d.Get(mkSecurityGroupName).(string)
allGroups, err := api.ListGroups(ctx)
if err != nil {
return diag.FromErr(err)
}
for _, v := range allGroups {
if v.Group == name {
err = d.Set(mkSecurityGroupName, v.Group)
diags = append(diags, diag.FromErr(err)...)
err = d.Set(mkSecurityGroupComment, v.Comment)
diags = append(diags, diag.FromErr(err)...)
break
}
}
// rules := d.Get(mkRules).([]interface{})
// ruleIDs, err := fw.ListGroupRules(ctx, name)
// if err != nil {
// if strings.Contains(err.Error(), "no such security group") {
// d.SetId("")
// return nil
// }
// return diag.FromErr(err)
// }
// for _, id := range ruleIDs {
// ruleMap := map[string]interface{}{}
// err = readGroupRule(ctx, fw, name, id.Pos, ruleMap)
// if err != nil {
// diags = append(diags, diag.FromErr(err)...)
// } else {
// rules = append(rules, ruleMap)
// }
// }
// if diags.HasError() {
// return diags
// }
// err = d.Set(mkRules, rules)
// diags = append(diags, diag.FromErr(err)...)
d.SetId(name)
return diags
}
// func readGroupRule(
// ctx context.Context,
// fw firewall.API,
// group string,
// pos int,
// ruleMap map[string]interface{},
// ) error {
// rule, err := fw.GetGroupRule(ctx, group, pos)
// if err != nil {
// if strings.Contains(err.Error(), "no such security group") {
// return nil
// }
// return fmt.Errorf("error reading rule %d for group %s: %w", pos, group, err)
// }
//
// baseRuleToMap(&rule.BaseRule, ruleMap)
//
// // pos in the map should be int!
// ruleMap[mkRulePos] = pos
// ruleMap[mkRuleAction] = rule.Action
// ruleMap[mkRuleType] = rule.Type
//
// return nil
// }