From f3e67d4f257f6c4da11486fcb718a801c3397a26 Mon Sep 17 00:00:00 2001 From: Ujjwal Kumar Date: Thu, 11 Mar 2021 17:06:06 +0530 Subject: [PATCH] enhancement : added tag support for network ACL --- ibm/resource_ibm_is_networkacls.go | 51 ++++++++++++++++++++- ibm/resource_ibm_is_networkacls_test.go | 8 ++++ website/docs/r/is_network_acl.html.markdown | 2 + 3 files changed, 60 insertions(+), 1 deletion(-) diff --git a/ibm/resource_ibm_is_networkacls.go b/ibm/resource_ibm_is_networkacls.go index 69636c1e2d..83b9fac2de 100644 --- a/ibm/resource_ibm_is_networkacls.go +++ b/ibm/resource_ibm_is_networkacls.go @@ -5,12 +5,16 @@ package ibm import ( "container/list" + "context" "fmt" "log" + "os" "reflect" "strings" "time" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" + "github.com/IBM/vpc-go-sdk/vpcclassicv1" "github.com/IBM/vpc-go-sdk/vpcv1" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -39,6 +43,8 @@ const ( isNetworkACLRuleSourcePortMin = "source_port_min" isNetworkACLVPC = "vpc" isNetworkACLResourceGroup = "resource_group" + isNetworkACLTags = "tags" + isNetworkACLCRN = "crn" ) func resourceIBMISNetworkACL() *schema.Resource { @@ -55,6 +61,12 @@ func resourceIBMISNetworkACL() *schema.Resource { Delete: schema.DefaultTimeout(10 * time.Minute), }, + CustomizeDiff: customdiff.Sequence( + func(_ context.Context, diff *schema.ResourceDiff, v interface{}) error { + return resourceTagsCustomizeDiff(diff) + }, + ), + Schema: map[string]*schema.Schema{ isNetworkACLName: { Type: schema.TypeString, @@ -76,6 +88,20 @@ func resourceIBMISNetworkACL() *schema.Resource { Computed: true, Description: "Resource group ID for the network ACL", }, + isNetworkACLTags: { + Type: schema.TypeSet, + Optional: true, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Set: resourceIBMVPCHash, + Description: "List of tags", + }, + + isNetworkACLCRN: { + Type: schema.TypeString, + Computed: true, + Description: "The crn of the resource", + }, ResourceControllerURL: { Type: schema.TypeString, Computed: true, @@ -464,6 +490,15 @@ func nwaclCreate(d *schema.ResourceData, meta interface{}, name string) error { if err != nil { return err } + v := os.Getenv("IC_ENV_TAGS") + if _, ok := d.GetOk(isNetworkACLTags); ok || v != "" { + oldList, newList := d.GetChange(isNetworkACLTags) + err = UpdateTagsUsingCRN(oldList, newList, meta, *nwacl.CRN) + if err != nil { + log.Printf( + "Error on create of resource network acl (%s) tags: %s", d.Id(), err) + } + } return nil } @@ -619,7 +654,13 @@ func nwaclGet(d *schema.ResourceData, meta interface{}, id string) error { d.Set(isNetworkACLResourceGroup, *nwacl.ResourceGroup.ID) d.Set(ResourceGroupName, *nwacl.ResourceGroup.Name) } - + tags, err := GetTagsUsingCRN(meta, *nwacl.CRN) + if err != nil { + log.Printf( + "Error on get of resource network acl (%s) tags: %s", d.Id(), err) + } + d.Set(isNetworkACLTags, tags) + d.Set(isNetworkACLCRN, *nwacl.CRN) rules := make([]interface{}, 0) if len(nwacl.Rules) > 0 { for _, rulex := range nwacl.Rules { @@ -806,6 +847,14 @@ func nwaclUpdate(d *schema.ResourceData, meta interface{}, id, name string, hasC return fmt.Errorf("Error Updating Network ACL(%s) : %s\n%s", id, err, response) } } + if d.HasChange(isNetworkACLTags) { + oldList, newList := d.GetChange(isNetworkACLTags) + err = UpdateTagsUsingCRN(oldList, newList, meta, d.Get(isNetworkACLCRN).(string)) + if err != nil { + log.Printf( + "Error on update of resource network acl (%s) tags: %s", d.Id(), err) + } + } if d.HasChange(isNetworkACLRules) { err := validateInlineRules(rules) if err != nil { diff --git a/ibm/resource_ibm_is_networkacls_test.go b/ibm/resource_ibm_is_networkacls_test.go index 878d7cb92d..d16f61519a 100644 --- a/ibm/resource_ibm_is_networkacls_test.go +++ b/ibm/resource_ibm_is_networkacls_test.go @@ -50,6 +50,8 @@ func TestNetworkACLGen2(t *testing.T) { "ibm_is_network_acl.isExampleACL", "name", "is-example-acl"), resource.TestCheckResourceAttr( "ibm_is_network_acl.isExampleACL", "rules.#", "2"), + resource.TestCheckResourceAttr( + "ibm_is_network_acl.isExampleACL", "tags.#", "2"), ), }, }, @@ -133,8 +135,13 @@ func testAccCheckIBMISNetworkACLExists(n, nwACL string) resource.TestCheckFunc { func testAccCheckIBMISNetworkACLConfig() string { return fmt.Sprintf(` + resource "ibm_is_vpc" "testacc_vpc" { + name = "tf-nwacl-vpc" + } + resource "ibm_is_network_acl" "isExampleACL" { name = "is-example-acl" + vpc = ibm_is_vpc.testacc_vpc.id rules { name = "outbound" action = "allow" @@ -175,6 +182,7 @@ func testAccCheckIBMISNetworkACLConfig1() string { resource "ibm_is_network_acl" "isExampleACL" { name = "is-example-acl" + tags = ["Tag1", "tag2"] vpc = ibm_is_vpc.testacc_vpc.id rules { name = "outbound" diff --git a/website/docs/r/is_network_acl.html.markdown b/website/docs/r/is_network_acl.html.markdown index f2592529a1..c9503fe249 100644 --- a/website/docs/r/is_network_acl.html.markdown +++ b/website/docs/r/is_network_acl.html.markdown @@ -144,6 +144,7 @@ Nested `rules` blocks have the following structure: * `port_min` - (Optional, int) The lowest port in the range of ports to be matched; if unspecified, 1 is used. * `source_port_max` - (Optional, int) The highest port in the range of ports to be matched; if unspecified, 65535 is used. * `source_port_min` - (Optional, int) The lowest port in the range of ports to be matched; if unspecified, 1 is used. +* `tags` - (Optional, list(string)) Tags associated with the network ACL. ## Attribute Reference @@ -156,6 +157,7 @@ Nested `rules` blocks have the following structure: * `id` - The rule id. * `ip_version` - The IP version of the rule. * `subnets` - The subnets for the ACL rule. +* `crn` - The CRN of the network ACL. ## Import