mirror of
https://github.com/bpg/terraform-provider-proxmox.git
synced 2025-07-05 05:24:01 +00:00
98e1cff7fe
* refactoring existing cluster / firewall API for better composition * add basic security groups API fix linter errors * add rules API * fix after renaming resourceVirtualEnvironmentClusterIPSet * fix linter errors * make linter happy * even more refactoring * tidy up datasources * in refactoring spree * update examples * fix firewall resource/datasource & client error handling * add ipset(s) datasource * update docs * add security group resource with rules * docs * fix security group update, TODO: rule update * fix after rebase * add rule update, extract common rule schema, refactor group * fix linter errors * bump linter for ci * make alias and ipset reusable * make security group reusable * refactor datasources * add security group datasources * fix linter errors * update docs TODO: documentation for group datasources * add sg docs, update doc index * minor cleanup * fix examples & tests * stub for firewall-level options and rules * extract firewall interface * add firewall options and rules on the cluster level TODO: issues with rule list management * refactor all resources format AGAIN, now more flat, without complex subresources * sort out hierarchy of APIs and remove duplication in API wrappers * bring back security group * finally, working rules * restore cluster firewall option * add containers support * add options * move rules back under security group, update docs * fix vm_id / container_id attrs * add examples * cleanup * more cleanup Release-As: 0.17.0-rc1
153 lines
3.6 KiB
Go
153 lines
3.6 KiB
Go
/*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*/
|
|
|
|
package firewall
|
|
|
|
import (
|
|
"context"
|
|
"strings"
|
|
|
|
"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
|
|
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
|
|
|
|
clusterfirewall "github.com/bpg/terraform-provider-proxmox/proxmox/cluster/firewall"
|
|
"github.com/bpg/terraform-provider-proxmox/proxmoxtf/resource/firewall"
|
|
"github.com/bpg/terraform-provider-proxmox/proxmoxtf/structure"
|
|
)
|
|
|
|
const (
|
|
dvSecurityGroupComment = ""
|
|
|
|
mkSecurityGroupName = "name"
|
|
mkSecurityGroupComment = "comment"
|
|
)
|
|
|
|
func SecurityGroup() *schema.Resource {
|
|
s := map[string]*schema.Schema{
|
|
mkSecurityGroupName: {
|
|
Type: schema.TypeString,
|
|
Description: "Security group name",
|
|
Required: true,
|
|
ForceNew: false,
|
|
},
|
|
mkSecurityGroupComment: {
|
|
Type: schema.TypeString,
|
|
Description: "Security group comment",
|
|
Optional: true,
|
|
Default: dvSecurityGroupComment,
|
|
},
|
|
}
|
|
|
|
structure.MergeSchema(s, firewall.Rules().Schema)
|
|
|
|
return &schema.Resource{
|
|
Schema: s,
|
|
CreateContext: selectFirewallAPI(SecurityGroupCreate),
|
|
ReadContext: selectFirewallAPI(SecurityGroupRead),
|
|
UpdateContext: selectFirewallAPI(SecurityGroupUpdate),
|
|
DeleteContext: selectFirewallAPI(SecurityGroupDelete),
|
|
}
|
|
}
|
|
|
|
func SecurityGroupCreate(ctx context.Context, api clusterfirewall.API, d *schema.ResourceData) diag.Diagnostics {
|
|
comment := d.Get(mkSecurityGroupComment).(string)
|
|
name := d.Get(mkSecurityGroupName).(string)
|
|
|
|
body := &clusterfirewall.GroupCreateRequestBody{
|
|
Comment: &comment,
|
|
Group: name,
|
|
}
|
|
|
|
err := api.CreateGroup(ctx, body)
|
|
if err != nil {
|
|
return diag.FromErr(err)
|
|
}
|
|
|
|
diags := firewall.RulesCreate(ctx, api.SecurityGroup(name), d)
|
|
if diags.HasError() {
|
|
return diags
|
|
}
|
|
|
|
d.SetId(name)
|
|
|
|
return SecurityGroupRead(ctx, api, d)
|
|
}
|
|
|
|
func SecurityGroupRead(ctx context.Context, api clusterfirewall.API, d *schema.ResourceData) diag.Diagnostics {
|
|
var diags diag.Diagnostics
|
|
|
|
name := d.Id()
|
|
|
|
allGroups, err := api.ListGroups(ctx)
|
|
if err != nil {
|
|
return diag.FromErr(err)
|
|
}
|
|
|
|
for _, v := range allGroups {
|
|
if v.Group == name {
|
|
err = d.Set(mkSecurityGroupName, v.Group)
|
|
diags = append(diags, diag.FromErr(err)...)
|
|
err = d.Set(mkSecurityGroupComment, v.Comment)
|
|
diags = append(diags, diag.FromErr(err)...)
|
|
break
|
|
}
|
|
}
|
|
|
|
if diags.HasError() {
|
|
return diags
|
|
}
|
|
|
|
return firewall.RulesRead(ctx, api.SecurityGroup(name), d)
|
|
}
|
|
|
|
func SecurityGroupUpdate(ctx context.Context, api clusterfirewall.API, d *schema.ResourceData) diag.Diagnostics {
|
|
comment := d.Get(mkSecurityGroupComment).(string)
|
|
newName := d.Get(mkSecurityGroupName).(string)
|
|
previousName := d.Id()
|
|
|
|
body := &clusterfirewall.GroupUpdateRequestBody{
|
|
Group: newName,
|
|
ReName: &previousName,
|
|
Comment: &comment,
|
|
}
|
|
|
|
err := api.UpdateGroup(ctx, body)
|
|
if err != nil {
|
|
return diag.FromErr(err)
|
|
}
|
|
|
|
diags := firewall.RulesUpdate(ctx, api.SecurityGroup(previousName), d)
|
|
if diags.HasError() {
|
|
return diags
|
|
}
|
|
|
|
d.SetId(newName)
|
|
|
|
return SecurityGroupRead(ctx, api, d)
|
|
}
|
|
|
|
func SecurityGroupDelete(ctx context.Context, api clusterfirewall.API, d *schema.ResourceData) diag.Diagnostics {
|
|
group := d.Id()
|
|
|
|
diags := firewall.RulesDelete(ctx, api.SecurityGroup(group), d)
|
|
if diags.HasError() {
|
|
return diags
|
|
}
|
|
|
|
err := api.DeleteGroup(ctx, group)
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "no such security group") {
|
|
d.SetId("")
|
|
return nil
|
|
}
|
|
return diag.FromErr(err)
|
|
}
|
|
|
|
d.SetId("")
|
|
|
|
return nil
|
|
}
|