add CBR rule API type support

examples/ibm-context-based-restrictions/README.md

@@ -40,7 +40,6 @@ resource "cbr_rule" "cbr_rule_instance" {
   description = var.cbr_rule_description
   contexts = var.cbr_rule_contexts
   resources = var.cbr_rule_resources
-  enforcement_mode = var.cbr_rule_enforcement_mode
 }
 ```
 
@@ -86,6 +85,7 @@ data "cbr_rule" "cbr_rule_instance" {
 | description | The description of the rule. | `string` | false |
 | contexts | The contexts this rule applies to. | `list()` | false |
 | resources | The resources this rule apply to. | `list()` | false |
+| operations | The operations this rule applies to. | `` | false |
 | enforcement_mode | The rule enforcement mode: * `enabled` - The restrictions are enforced and reported. This is the default. * `disabled` - The restrictions are disabled. Nothing is enforced or reported. * `report` - The restrictions are evaluated and reported, but not enforced. | `string` | false |
 | zone_id | The ID of a zone. | `string` | true |
 | rule_id | The ID of a rule. | `string` | true |

examples/ibm-context-based-restrictions/main.tf

@@ -37,13 +37,18 @@ resource "ibm_cbr_rule" "cbr_rule_instance" {
     }
     attributes {
       name = "serviceName"
-      value = "network-policy-enabled"
+      value = "containers-kubernetes"
     }
     tags {
       name     = "tag_name"
       value    = "tag_value"
     }
   }
+  operations {
+    api_types {
+      api_type_id = "crn:v1:bluemix:public:containers-kubernetes::::api-type:management"
+    }
+  }
   enforcement_mode = "disabled"
 }
 

go.mod

@@ -22,9 +22,8 @@ require (
 	github.com/IBM/ibm-hpcs-uko-sdk v0.0.4
 	github.com/IBM/keyprotect-go-client v0.7.0
 	github.com/IBM/networking-go-sdk v0.32.0
-	github.com/IBM/platform-services-go-sdk v0.28.1
+	github.com/IBM/platform-services-go-sdk v0.28.2
 	github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5
-	github.com/IBM/scc-go-sdk v1.3.4
 	github.com/IBM/scc-go-sdk/v3 v3.1.6
 	github.com/IBM/schematics-go-sdk v0.2.1
 	github.com/IBM/secrets-manager-go-sdk v0.1.19

go.sum

@@ -58,14 +58,10 @@ github.com/IBM/keyprotect-go-client v0.7.0 h1:JstSHD14Lp6ihwQseyPuGcs1AjOBjAmcis
 github.com/IBM/keyprotect-go-client v0.7.0/go.mod h1:SVr2ylV/fhSQPDiUjWirN9fsyWFCNNbt8GIT8hPJVjE=
 github.com/IBM/networking-go-sdk v0.32.0 h1:QWd7CxC+Wzap+zWFfXMjbqB5LpvrB1KvNtIbKrWIkhA=
 github.com/IBM/networking-go-sdk v0.32.0/go.mod h1:tVxXclpQs8nQJYPTr9ZPNC1voaPNQLy8iy/72oVfFtM=
-github.com/IBM/platform-services-go-sdk v0.27.0 h1:f32yicOrrQigzoOUNeNbr2lhwoB6mRK0izdQOQDg9Vk=
-github.com/IBM/platform-services-go-sdk v0.27.0/go.mod h1:ZFuISyKu+qekMfvFebzqJ8AIpNlRqI7a6WuieGfjGuA=
-github.com/IBM/platform-services-go-sdk v0.28.1 h1:0f/Av3Ub+udL28PSEmYN98YtpH9jK+wrCKeQaejB5Qg=
-github.com/IBM/platform-services-go-sdk v0.28.1/go.mod h1:ZFuISyKu+qekMfvFebzqJ8AIpNlRqI7a6WuieGfjGuA=
+github.com/IBM/platform-services-go-sdk v0.28.2 h1:T5qT3XI7f3cGaMLU4v1RLsuL373K2VYfPQQeGCUauj0=
+github.com/IBM/platform-services-go-sdk v0.28.2/go.mod h1:jy0Ahvj5Gkkua3Gd7t22bo0GfmHRQaPZcaqwfVgEY7k=
 github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5 h1:NPUhkoOCRuv3OFWt19PmwjXGGTKlvmbuPg9fUrBUNe4=
 github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5/go.mod h1:b07XHUVh0XYnQE9s2mqgjYST1h9buaQNqN4EcKhOsX0=
-github.com/IBM/scc-go-sdk v1.3.4 h1:nvSsyA2GfwjX3Aloty/LStkrY0e2rV2r+CM+YYg3zR4=
-github.com/IBM/scc-go-sdk v1.3.4/go.mod h1:YhdeD5NcEM266w33vj+lfoxDroIWQNjUzU9FJPq3XC0=
 github.com/IBM/scc-go-sdk/v3 v3.1.6 h1:wg7yujuJJ1O1pcGrIn8ITq6i6GeXb7GRBPNq6kLrkMU=
 github.com/IBM/scc-go-sdk/v3 v3.1.6/go.mod h1:cBxkth9AIOcKQx4Gy9bWgyGYa7vYwHAalUBvY+O8xAE=
 github.com/IBM/schematics-go-sdk v0.2.1 h1:byATysGD+Z1k/wdtNqQmKALcAPjgSLuSyzcabh1jRAw=

ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule.go

@@ -8,17 +8,17 @@ import (
 	"fmt"
 	"log"
 
-	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
-	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/conns"
+	"github.com/IBM-Cloud/terraform-provider-ibm/ibm/flex"
 	"github.com/IBM/platform-services-go-sdk/contextbasedrestrictionsv1"
 )
 
 func DataSourceIBMCbrRule() *schema.Resource {
 	return &schema.Resource{
-		ReadContext: DataSourceIBMCbrRuleRead,
+		ReadContext: dataSourceIBMCbrRuleRead,
 
 		Schema: map[string]*schema.Schema{
 			"rule_id": &schema.Schema{
@@ -121,6 +121,28 @@ func DataSourceIBMCbrRule() *schema.Resource {
 					},
 				},
 			},
+			"operations": &schema.Schema{
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "The operations this rule applies to.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"api_types": &schema.Schema{
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "The API types this rule applies to.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"api_type_id": &schema.Schema{
+										Type:     schema.TypeString,
+										Computed: true,
+									},
+								},
+							},
+						},
+					},
+				},
+			},
 			"enforcement_mode": &schema.Schema{
 				Type:        schema.TypeString,
 				Computed:    true,
@@ -155,7 +177,7 @@ func DataSourceIBMCbrRule() *schema.Resource {
 	}
 }
 
-func DataSourceIBMCbrRuleRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+func dataSourceIBMCbrRuleRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
 	contextBasedRestrictionsClient, err := meta.(conns.ClientSession).ContextBasedRestrictionsV1()
 	if err != nil {
 		return diag.FromErr(err)
@@ -184,7 +206,7 @@ func DataSourceIBMCbrRuleRead(context context.Context, d *schema.ResourceData, m
 	contexts := []map[string]interface{}{}
 	if rule.Contexts != nil {
 		for _, modelItem := range rule.Contexts {
-			modelMap, err := DataSourceIBMCbrRuleRuleContextToMap(&modelItem)
+			modelMap, err := dataSourceIBMCbrRuleRuleContextToMap(&modelItem)
 			if err != nil {
 				return diag.FromErr(err)
 			}
@@ -198,7 +220,7 @@ func DataSourceIBMCbrRuleRead(context context.Context, d *schema.ResourceData, m
 	resources := []map[string]interface{}{}
 	if rule.Resources != nil {
 		for _, modelItem := range rule.Resources {
-			modelMap, err := DataSourceIBMCbrRuleResourceToMap(&modelItem)
+			modelMap, err := dataSourceIBMCbrRuleResourceToMap(&modelItem)
 			if err != nil {
 				return diag.FromErr(err)
 			}
@@ -209,6 +231,18 @@ func DataSourceIBMCbrRuleRead(context context.Context, d *schema.ResourceData, m
 		return diag.FromErr(fmt.Errorf("Error setting resources %s", err))
 	}
 
+	operations := []map[string]interface{}{}
+	if rule.Operations != nil {
+		modelMap, err := dataSourceIBMCbrRuleNewRuleOperationsToMap(rule.Operations)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+		operations = append(operations, modelMap)
+	}
+	if err = d.Set("operations", operations); err != nil {
+		return diag.FromErr(fmt.Errorf("Error setting operations %s", err))
+	}
+
 	if err = d.Set("enforcement_mode", rule.EnforcementMode); err != nil {
 		return diag.FromErr(fmt.Errorf("Error setting enforcement_mode: %s", err))
 	}
@@ -236,12 +270,12 @@ func DataSourceIBMCbrRuleRead(context context.Context, d *schema.ResourceData, m
 	return nil
 }
 
-func DataSourceIBMCbrRuleRuleContextToMap(model *contextbasedrestrictionsv1.RuleContext) (map[string]interface{}, error) {
+func dataSourceIBMCbrRuleRuleContextToMap(model *contextbasedrestrictionsv1.RuleContext) (map[string]interface{}, error) {
 	modelMap := make(map[string]interface{})
 	if model.Attributes != nil {
 		attributes := []map[string]interface{}{}
 		for _, attributesItem := range model.Attributes {
-			attributesItemMap, err := DataSourceIBMCbrRuleRuleContextAttributeToMap(&attributesItem)
+			attributesItemMap, err := dataSourceIBMCbrRuleRuleContextAttributeToMap(&attributesItem)
 			if err != nil {
 				return modelMap, err
 			}
@@ -252,7 +286,7 @@ func DataSourceIBMCbrRuleRuleContextToMap(model *contextbasedrestrictionsv1.Rule
 	return modelMap, nil
 }
 
-func DataSourceIBMCbrRuleRuleContextAttributeToMap(model *contextbasedrestrictionsv1.RuleContextAttribute) (map[string]interface{}, error) {
+func dataSourceIBMCbrRuleRuleContextAttributeToMap(model *contextbasedrestrictionsv1.RuleContextAttribute) (map[string]interface{}, error) {
 	modelMap := make(map[string]interface{})
 	if model.Name != nil {
 		modelMap["name"] = *model.Name
@@ -263,12 +297,12 @@ func DataSourceIBMCbrRuleRuleContextAttributeToMap(model *contextbasedrestrictio
 	return modelMap, nil
 }
 
-func DataSourceIBMCbrRuleResourceToMap(model *contextbasedrestrictionsv1.Resource) (map[string]interface{}, error) {
+func dataSourceIBMCbrRuleResourceToMap(model *contextbasedrestrictionsv1.Resource) (map[string]interface{}, error) {
 	modelMap := make(map[string]interface{})
 	if model.Attributes != nil {
 		attributes := []map[string]interface{}{}
 		for _, attributesItem := range model.Attributes {
-			attributesItemMap, err := DataSourceIBMCbrRuleResourceAttributeToMap(&attributesItem)
+			attributesItemMap, err := dataSourceIBMCbrRuleResourceAttributeToMap(&attributesItem)
 			if err != nil {
 				return modelMap, err
 			}
@@ -279,7 +313,7 @@ func DataSourceIBMCbrRuleResourceToMap(model *contextbasedrestrictionsv1.Resourc
 	if model.Tags != nil {
 		tags := []map[string]interface{}{}
 		for _, tagsItem := range model.Tags {
-			tagsItemMap, err := DataSourceIBMCbrRuleResourceTagAttributeToMap(&tagsItem)
+			tagsItemMap, err := dataSourceIBMCbrRuleResourceTagAttributeToMap(&tagsItem)
 			if err != nil {
 				return modelMap, err
 			}
@@ -290,7 +324,7 @@ func DataSourceIBMCbrRuleResourceToMap(model *contextbasedrestrictionsv1.Resourc
 	return modelMap, nil
 }
 
-func DataSourceIBMCbrRuleResourceAttributeToMap(model *contextbasedrestrictionsv1.ResourceAttribute) (map[string]interface{}, error) {
+func dataSourceIBMCbrRuleResourceAttributeToMap(model *contextbasedrestrictionsv1.ResourceAttribute) (map[string]interface{}, error) {
 	modelMap := make(map[string]interface{})
 	if model.Name != nil {
 		modelMap["name"] = *model.Name
@@ -304,7 +338,7 @@ func DataSourceIBMCbrRuleResourceAttributeToMap(model *contextbasedrestrictionsv
 	return modelMap, nil
 }
 
-func DataSourceIBMCbrRuleResourceTagAttributeToMap(model *contextbasedrestrictionsv1.ResourceTagAttribute) (map[string]interface{}, error) {
+func dataSourceIBMCbrRuleResourceTagAttributeToMap(model *contextbasedrestrictionsv1.ResourceTagAttribute) (map[string]interface{}, error) {
 	modelMap := make(map[string]interface{})
 	if model.Name != nil {
 		modelMap["name"] = *model.Name
@@ -317,3 +351,27 @@ func DataSourceIBMCbrRuleResourceTagAttributeToMap(model *contextbasedrestrictio
 	}
 	return modelMap, nil
 }
+
+func dataSourceIBMCbrRuleNewRuleOperationsToMap(model *contextbasedrestrictionsv1.NewRuleOperations) (map[string]interface{}, error) {
+	modelMap := make(map[string]interface{})
+	if model.APITypes != nil {
+		apiTypes := []map[string]interface{}{}
+		for _, apiTypesItem := range model.APITypes {
+			apiTypesItemMap, err := dataSourceIBMCbrRuleNewRuleOperationsAPITypesItemToMap(&apiTypesItem)
+			if err != nil {
+				return modelMap, err
+			}
+			apiTypes = append(apiTypes, apiTypesItemMap)
+		}
+		modelMap["api_types"] = apiTypes
+	}
+	return modelMap, nil
+}
+
+func dataSourceIBMCbrRuleNewRuleOperationsAPITypesItemToMap(model *contextbasedrestrictionsv1.NewRuleOperationsAPITypesItem) (map[string]interface{}, error) {
+	modelMap := make(map[string]interface{})
+	if model.APITypeID != nil {
+		modelMap["api_type_id"] = *model.APITypeID
+	}
+	return modelMap, nil
+}

ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule_test.go

@@ -7,10 +7,10 @@ import (
 	"fmt"
 	"testing"
 
-	acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest"
-
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	acc "github.com/IBM-Cloud/terraform-provider-ibm/ibm/acctest"
 )
 
 func TestAccIBMCbrRuleDataSourceBasic(t *testing.T) {
@@ -57,6 +57,7 @@ func TestAccIBMCbrRuleDataSourceAllArgs(t *testing.T) {
 					resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "description"),
 					resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "contexts.#"),
 					resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "resources.#"),
+					resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "operations.#"),
 					resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "enforcement_mode"),
 					resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "href"),
 					resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "created_at"),
@@ -113,14 +114,19 @@ func testAccCheckIBMCbrRuleDataSourceConfig(ruleDescription string, ruleEnforcem
     			}
     			attributes {
       				name = "serviceName"
-      				value = "iam-groups"
+      				value = "containers-kubernetes"
     			}
 				tags {
 					name = "name"
 					value = "tag_name"
 					operator = "stringEquals"
 				}
 			}
+			operations {
+				api_types {
+					api_type_id = "crn:v1:bluemix:public:containers-kubernetes::::api-type:management"
+				}
+			}
 			enforcement_mode = "%s"
 		}