diff --git a/.changelog/2494.txt b/.changelog/2494.txt new file mode 100644 index 0000000000..3add9250d6 --- /dev/null +++ b/.changelog/2494.txt @@ -0,0 +1,3 @@ +```release-note:improvement +`resource/resource_kubernetes_network_policy_v1`: add support for `end_port` +``` diff --git a/.github/workflows/acceptance_test_dfa.yaml b/.github/workflows/acceptance_test_dfa.yaml index e0c7bb5321..d5fb96213f 100644 --- a/.github/workflows/acceptance_test_dfa.yaml +++ b/.github/workflows/acceptance_test_dfa.yaml @@ -16,6 +16,7 @@ on: jobs: acceptance_tests: + if: ${{ github.repository_owner == 'hashicorp' }} runs-on: custom-linux-medium steps: - name: Checkout repository @@ -27,6 +28,6 @@ jobs: - name: Run Tests env: TF_ACC: 1 - TF_ACC_TERRAFORM_VERSION: ${{ github.event.inputs.terraformVersion || vars.TERRAFORM_VERSION_EXP }} + TF_ACC_TERRAFORM_VERSION: ${{ github.event.inputs.terraformVersion || '1.9.0-alpha20240516' }} run: | go test -v -run '^TestAccKubernetesDeferredActions' ./kubernetes/test-dfa diff --git a/.github/workflows/acceptance_tests_aks.yaml b/.github/workflows/acceptance_tests_aks.yaml index 53f9f39232..2408f6fa14 100644 --- a/.github/workflows/acceptance_tests_aks.yaml +++ b/.github/workflows/acceptance_tests_aks.yaml @@ -38,6 +38,7 @@ env: jobs: acceptance_tests_aks: + if: ${{ github.repository_owner == 'hashicorp' }} runs-on: custom-linux-medium steps: - name: Checkout repository diff --git a/.github/workflows/acceptance_tests_eks.yaml b/.github/workflows/acceptance_tests_eks.yaml index 3d1934271d..7c9c9dd0e9 100644 --- a/.github/workflows/acceptance_tests_eks.yaml +++ b/.github/workflows/acceptance_tests_eks.yaml @@ -43,6 +43,7 @@ env: jobs: acceptance_tests_eks: + if: ${{ github.repository_owner == 'hashicorp' }} runs-on: custom-linux-medium steps: - name: Checkout repository diff --git a/.github/workflows/acceptance_tests_gke.yaml b/.github/workflows/acceptance_tests_gke.yaml index 6f0cac5851..53dcce3fe6 100644 --- a/.github/workflows/acceptance_tests_gke.yaml +++ b/.github/workflows/acceptance_tests_gke.yaml @@ -44,6 +44,7 @@ env: jobs: acceptance_tests_gke: + if: ${{ github.repository_owner == 'hashicorp' }} runs-on: custom-linux-medium steps: - name: Checkout repository diff --git a/.github/workflows/acceptance_tests_kind.yaml b/.github/workflows/acceptance_tests_kind.yaml index efc259ebb8..dcc318708d 100644 --- a/.github/workflows/acceptance_tests_kind.yaml +++ b/.github/workflows/acceptance_tests_kind.yaml @@ -26,12 +26,13 @@ on: env: KUBECONFIG: ${{ github.workspace }}/.kube/config - KIND_VERSION: ${{ github.event.inputs.kindVersion || vars.KIND_VERSION }} - PARALLEL_RUNS: ${{ github.event.inputs.parallelRuns || vars.PARALLEL_RUNS }} - TERRAFORM_VERSION: ${{ github.event.inputs.terraformVersion || vars.TERRAFORM_VERSION }} + KIND_VERSION: ${{ github.event.inputs.kindVersion || vars.KIND_VERSION || '0.23.0' }} + PARALLEL_RUNS: ${{ github.event.inputs.parallelRuns || vars.PARALLEL_RUNS || '8' }} + TERRAFORM_VERSION: ${{ github.event.inputs.terraformVersion || vars.TERRAFORM_VERSION || '1.9.2' }} jobs: acceptance_tests_kind: + if: ${{ github.repository_owner == 'hashicorp' }} runs-on: custom-linux-medium steps: - name: Checkout repository diff --git a/.github/workflows/documentation-check.yaml b/.github/workflows/documentation-check.yaml new file mode 100644 index 0000000000..bdc29395f1 --- /dev/null +++ b/.github/workflows/documentation-check.yaml @@ -0,0 +1,42 @@ +name: "Documentation Updates" + +on: + pull_request: + paths: + - 'docs/**' + types: [opened, synchronize, labeled] + + push: + branches: + - main + +jobs: + check-docs: + runs-on: ubuntu-latest + + if: ${{ !contains(github.event.pull_request.labels.*.name, 'no-documentation') }} + + steps: + - name: Checkout repository + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + + - name: Set up Go + uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version-file: 'go.mod' + + - name: Install tfplugindocs command + run: go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@latest + + - name: Run tfplugindocs command + run: tfplugindocs generate + + - name: Check for changes + run: | + git diff --exit-code + + - name: Undocumented changes + run: | + echo "Documentation is not up to date. Please refer to the `Making Changes` in the Contribution Guide on how to properly update documentation." + exit 1 + if: failure() \ No newline at end of file diff --git a/.github/workflows/issue-opened.yml b/.github/workflows/issue-opened.yml index 5a1daba150..53e5cf61b4 100644 --- a/.github/workflows/issue-opened.yml +++ b/.github/workflows/issue-opened.yml @@ -33,7 +33,7 @@ jobs: ["Alex Somesan", "alexsomesan"], ["Alex Pilon", "appilon"], ["John Houston", "jrhouston"], - ["Aleksandr Rybolovlev", "arybolovlev"], + ["Sacha Rybolovlev", "arybolovlev"], ]); let resp = await pd.get('oncalls?escalation_policy_ids%5B%5D=PH8IF3M') diff --git a/.github/workflows/manifest_acc.yaml b/.github/workflows/manifest_acc.yaml index 7b0e289924..bb9e5d8ba6 100644 --- a/.github/workflows/manifest_acc.yaml +++ b/.github/workflows/manifest_acc.yaml @@ -28,6 +28,8 @@ jobs: matrix: kubernetes_version: # kind images: https://github.com/kubernetes-sigs/kind/releases + - v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e + - v1.28.9@sha256:dca54bc6a6079dd34699d53d7d4ffa2e853e46a20cd12d619a09207e35300bd0 - v1.26.6@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1 - v1.25.11@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315 - v1.23.15@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61 diff --git a/_about/CONTRIBUTING.md b/_about/CONTRIBUTING.md index d1a7dd45f9..75cff8d701 100644 --- a/_about/CONTRIBUTING.md +++ b/_about/CONTRIBUTING.md @@ -1,71 +1,122 @@ -## Developing the provider +# Contributor Guide -Thank you for your interest in contributing to the Kubernetes provider. We welcome your contributions. Here you'll find information to help you get started with provider development. +Thank you for your interest in contributing to the Kubernetes provider. We welcome your contributions. Here, you'll find information to help you get started with provider development. -## Documentation +If you want to learn more about developing a Terraform provider, please refer to the [Plugin Development documentation](https://developer.hashicorp.com/terraform/plugin). -Our [provider development documentation](https://www.terraform.io/docs/extend/) provides a good start into developing an understanding of provider development. It's the best entry point if you are new to contributing to this provider. +## Configuring Environment -To learn more about how to create issues and pull requests in this repository, and what happens after they are created, you may refer to the resources below: -- [Issue creation and lifecycle](ISSUES.md) -- [Pull Request creation and lifecycle](PULL_REQUESTS.md) +1. Install Golang + [Install](https://go.dev/doc/install) the version of Golang as indicated in the [go.mod](../go.mod) file. -## Building the provider +1. Fork this repo -Clone repository to: `$GOPATH/src/github.com/hashicorp/terraform-provider-kubernetes` + [Fork](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/fork-a-repo) the provider repository and clone it on your computer. -```sh -$ mkdir -p $GOPATH/src/github.com/hashicorp; cd $GOPATH/src/github.com/hashicorp -$ git clone git@github.com:hashicorp/terraform-provider-kubernetes -``` + Here is an example of how to clone this repository and switch to the directory: -Enter the provider directory and build the provider + ```console + $ git clone https://github.com//terraform-provider-kubernetes.git + $ cd terraform-provider-kubernetes + ``` -```sh -$ cd $GOPATH/src/github.com/hashicorp/terraform-provider-kubernetes -$ make build -``` + From now on, we are going to assume that you have a copy of the repository on your computer and work within the `terraform-provider-kubernetes` directory. -Statically linking binaries can be required for testing development builds in containers not providing all dependencies, e.g.: +1. Prepare a Kubernetes Cluster -``` -# CGO_ENABLED=0 go build -a -ldflags '-extldflags "-static"' -``` + While our preference is to use [KinD](https://kind.sigs.k8s.io/) for setting up a Kubernetes cluster for development and test purposes, feel free to opt for the solution that best suits your preferences. Please bear in mind that some acceptance tests might require specific cluster settings, which we maintain in the KinD [configuration file](../.github/config/acceptance_tests_kind_config.yaml). + + Here is an example of how to provision a Kubernetes cluster using the configuration file: + + ```console + $ kind create cluster --config=./.github/config/acceptance_tests_kind_config.yaml + ``` + + KinD comes with a default Node image version that depends on the KinD version and thus might not be always the one you want to use. The above command can be extended with the `--image` option to spin up a particular Kubernetes version: + + ```console + $ kind create cluster \ + --config=./.github/config/acceptance_tests_kind_config.yaml \ + --image kindest/node:v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31 + ``` + + Refer to the KinD [releases](https://github.com/kubernetes-sigs/kind/releases) to get the right image. + + From now on, we are going to assume that the Kubernetes configuration is stored in the `$HOME/.kube/config` file, and the current context is set to a newly created KinD cluster. + + Once the Kubernetes cluster is up and running, we strongly advise you to run acceptance tests before making any changes to ensure they work with your setup. Please refer to the [Testing](#testing) section for more details. -## Contributing to the provider -### Contributing Resources +## Making Changes -In order to prevent breaking changes and migration of user-created resources, resources included in this provider will be limited to stable (aka `v1`) and beta APIs (with beta resources, readiness for inclusion will be assessed individually). You can find `v1` resources in the Kubernetes [API documentation](https://kubernetes.io/docs/reference/#api-reference) for the appropriate version of Kubernetes. +### Adding a New Resource -### Development Environment +This quick guide covers best practices for adding a new Resource. -If you wish to work on the provider, you'll first need [Go](http://www.golang.org) installed on your machine (version 1.9+ is *required*). You'll also need to correctly setup a [GOPATH](http://golang.org/doc/code.html#GOPATH), as well as adding `$GOPATH/bin` to your `$PATH`. +1. Ensure all dependncies are installed. +1. Add an SDK Client. +1. Add Resource Schema and define attributes [see Kubernetes Documentation](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs). A best and recommended practice is reuse constants from the Kuberentes packages as a default value in an attribute or within a validation function. +1. Scaffold an empty/new resource. +1. Add Acceptance Tests(s) for the resource. +1. Run Acceptance Tests(s) for this resource. +1. Add Documentation for this resource by editing the `.md.tmpl` file to include the appropriate [Data Fields](https://pkg.go.dev/text/template) and executing `tfplugindocs generate` command [see Terraform PluginDocs](https://github.com/hashicorp/terraform-plugin-docs#data-fields) then inspecting the corresponding `.md` file in the `/docs` to see all changes. The Data Fields that are currently apart of the templates are those for the Schema ({{ .SchemaMarkdown }}), Name ({{ .Name }}) and ({{ .Description }}). +1. Execute `make docs-lint` and `make tests-lint` commands +1. Create a Pull Request for your changes. -To compile the provider, run `make build`. This will build the provider and put the provider binary in the `$GOPATH/bin` directory. +### Adding a New Data Source -```sh -$ make build -... -$ $GOPATH/bin/terraform-provider-kubernetes -... +1. Ensure all dependncies are installed. +1. Add an SDK Client. +1. Add Data Source Schema and define attributes [see Kubernetes Documentation](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs). +A best and recommended practice is reuse constants from the Kuberentes packages as a default value in an attribute or within a validation function. +1. Scaffold an empty/new resource. +1. Add Acceptance Tests(s) for the data source. +1. Run Acceptance Tests(s) for this data source. +1. Add Documentation for this data source by editing the `.md.tmpl` file to include the appropriate [Data Fields](https://pkg.go.dev/text/template) and executing `tfplugindocs generate` command [see Terraform PluginDocs](https://github.com/hashicorp/terraform-plugin-docs#data-fields) then inspecting the corresponding `.md` file in the `/docs` to see all changes. The Data Fields that are currently apart of the templates are those for the Schema ({{ .SchemaMarkdown }}), Name ({{ .Name }}) and ({{ .Description }}). +1. Execute `make docs-lint` and `make tests-lint` commands +1. Create a Pull Request for your changes. + +### Adding/Editing Documentation +All Documentation is edited in the `.md.tmpl` file. Please note that the `tfplugindocs generate` command should be executed to ensure it is updated and reflected in the `.md` files. + +## Testing + +The Kubernetes provider includes two types of tests: [unit](https://developer.hashicorp.com/terraform/plugin/sdkv2/testing/unit-testing) tests and [acceptance](https://developer.hashicorp.com/terraform/plugin/sdkv2/testing/acceptance-tests) tests. + +Before running any tests, make sure that the `KUBE_CONFIG_PATH` environment variable points to the Kubernetes configuration file: + +```console +$ export KUBE_CONFIG_PATH=$HOME/.kube/config ``` -In order to test the provider, you can simply run `make test`. +The following commands demonstrate how to run unit and acceptance tests respectively. -```sh -$ make test +```console +$ make test # unit tests +$ make testacc TESTARGS="-run ^TestAcc" # acceptance tests ``` -In order to run the full suite of Acceptance tests, run `make testacc`. +1. Run existing tests +1. Write/Update tests +1. Run tests with new changes -*Note:* Acceptance tests create real resources, and often cost money to run. +## Updating changelog -```sh -$ make testacc -``` +A PR that is merged may or may not be added to the changelog. Not every change should be in the changelog since they don't affect users directly. Some instances of PRs that could be excluded are: + +- unit and acceptance tests fixes +- minor documentation changes + +However, PRs of the following categories should be added to the appropriate section: + +* `FEATURES` +* `ENHANCEMENTS` +* `MAJOR BUG FIXES` + +Please refer to our [ChangeLog Guide](../CHANGELOG_GUIDE.md). + +## Creating & Submiting a PR -### Tests +Please refer to this [guide](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork). -In general, adding test coverage (unit tests and acceptance tests) to new features or bug fixes in your PRs, and sharing the logs of a successful test run on your branch will greatly speed up the acceptance of your PR. Most of our tests can be run against a `kind` cluster, so no additional infrastructure is required. diff --git a/docs/resources/network_policy.md b/docs/resources/network_policy.md index 4dee14a332..a87d5f0d5b 100644 --- a/docs/resources/network_policy.md +++ b/docs/resources/network_policy.md @@ -227,6 +227,7 @@ Optional: - `port` (String) port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched. - `protocol` (String) protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. +- `end_port` - (Optional) The end_port indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. Cannot be defined if port is undefined or if port is defined as a named (string) port. diff --git a/docs/resources/network_policy_v1.md b/docs/resources/network_policy_v1.md index bbc79682cb..3d54e7c5e0 100644 --- a/docs/resources/network_policy_v1.md +++ b/docs/resources/network_policy_v1.md @@ -227,6 +227,7 @@ Optional: - `port` (String) port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched. - `protocol` (String) protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. +- `end_port` - (Optional) The end_port indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. Cannot be defined if port is undefined or if port is defined as a named (string) port. @@ -287,6 +288,7 @@ resource "kubernetes_network_policy_v1" "example" { } ``` + ## Import Network policies can be imported using their identifier consisting of `/`, e.g.: diff --git a/kubernetes/resource_kubernetes_network_policy_v1.go b/kubernetes/resource_kubernetes_network_policy_v1.go index caa62d58ac..188fcb1b3d 100644 --- a/kubernetes/resource_kubernetes_network_policy_v1.go +++ b/kubernetes/resource_kubernetes_network_policy_v1.go @@ -25,6 +25,7 @@ var ( networkPolicyV1EgressRulePortsDoc = networking.NetworkPolicyEgressRule{}.SwaggerDoc()["ports"] networkPolicyV1EgressRuleToDoc = networking.NetworkPolicyEgressRule{}.SwaggerDoc()["to"] networkPolicyV1PortPortDoc = networking.NetworkPolicyPort{}.SwaggerDoc()["port"] + networkPolicyV1PortEndPortDoc = networking.NetworkPolicyPort{}.SwaggerDoc()["endPort"] networkPolicyV1PortProtocolDoc = networking.NetworkPolicyPort{}.SwaggerDoc()["protocol"] networkPolicyV1PeerIpBlockDoc = networking.NetworkPolicyPeer{}.SwaggerDoc()["ipBlock"] ipBlockCidrDoc = networking.IPBlock{}.SwaggerDoc()["cidr"] @@ -72,6 +73,11 @@ func resourceKubernetesNetworkPolicyV1() *schema.Resource { Description: networkPolicyV1PortPortDoc, Optional: true, }, + "end_port": { + Type: schema.TypeInt, + Description: networkPolicyV1PortEndPortDoc, + Optional: true, + }, "protocol": { Type: schema.TypeString, Description: networkPolicyV1PortProtocolDoc, @@ -149,6 +155,11 @@ func resourceKubernetesNetworkPolicyV1() *schema.Resource { Description: networkPolicyV1PortPortDoc, Optional: true, }, + "end_port": { + Type: schema.TypeInt, + Description: networkPolicyV1PortEndPortDoc, + Optional: true, + }, "protocol": { Type: schema.TypeString, Description: networkPolicyV1PortProtocolDoc, diff --git a/kubernetes/resource_kubernetes_network_policy_v1_test.go b/kubernetes/resource_kubernetes_network_policy_v1_test.go index ba30ebfc1a..d54fdba1a0 100644 --- a/kubernetes/resource_kubernetes_network_policy_v1_test.go +++ b/kubernetes/resource_kubernetes_network_policy_v1_test.go @@ -108,6 +108,41 @@ func TestAccKubernetesNetworkPolicyV1_basic(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "spec.0.policy_types.0", "Ingress"), ), }, + { + Config: testAccKubernetesNetworkPolicyV1Config_endPorts(name), + Check: resource.ComposeAggregateTestCheckFunc( + testAccCheckKubernetesNetworkPolicyV1Exists(resourceName, &conf), + resource.TestCheckResourceAttr(resourceName, "metadata.0.annotations.%", "0"), + resource.TestCheckResourceAttr(resourceName, "metadata.0.labels.%", "0"), + resource.TestCheckResourceAttr(resourceName, "metadata.0.name", name), + resource.TestCheckResourceAttrSet(resourceName, "metadata.0.generation"), + resource.TestCheckResourceAttrSet(resourceName, "metadata.0.resource_version"), + resource.TestCheckResourceAttrSet(resourceName, "metadata.0.uid"), + resource.TestCheckResourceAttr(resourceName, "spec.#", "1"), + resource.TestCheckResourceAttr(resourceName, "spec.0.pod_selector.#", "1"), + resource.TestCheckResourceAttr(resourceName, "spec.0.pod_selector.0.match_expressions.#", "1"), + resource.TestCheckResourceAttr(resourceName, "spec.0.pod_selector.0.match_expressions.0.key", "name"), + resource.TestCheckResourceAttr(resourceName, "spec.0.pod_selector.0.match_expressions.0.operator", "In"), + resource.TestCheckResourceAttr(resourceName, "spec.0.pod_selector.0.match_expressions.0.values.#", "2"), + resource.TestCheckResourceAttr(resourceName, "spec.0.pod_selector.0.match_expressions.0.values.1", "webfront"), + resource.TestCheckResourceAttr(resourceName, "spec.0.pod_selector.0.match_expressions.0.values.0", "api"), + resource.TestCheckResourceAttr(resourceName, "spec.0.ingress.#", "1"), + resource.TestCheckResourceAttr(resourceName, "spec.0.ingress.0.ports.#", "1"), + resource.TestCheckResourceAttr(resourceName, "spec.0.ingress.0.ports.0.port", "8126"), + resource.TestCheckResourceAttr(resourceName, "spec.0.ingress.0.ports.0.protocol", "TCP"), + resource.TestCheckResourceAttr(resourceName, "spec.0.ingress.0.ports.0.end_port", "9000"), + resource.TestCheckResourceAttr(resourceName, "spec.0.ingress.0.from.#", "1"), + resource.TestCheckResourceAttr(resourceName, "spec.0.ingress.0.from.0.namespace_selector.#", "1"), + resource.TestCheckResourceAttr(resourceName, "spec.0.ingress.0.from.0.namespace_selector.0.match_labels.name", "default"), + resource.TestCheckResourceAttr(resourceName, "spec.0.ingress.0.from.0.pod_selector.#", "0"), + resource.TestCheckResourceAttr(resourceName, "spec.0.egress.0.ports.#", "1"), + resource.TestCheckResourceAttr(resourceName, "spec.0.egress.0.ports.0.port", "10000"), + resource.TestCheckResourceAttr(resourceName, "spec.0.egress.0.ports.0.protocol", "TCP"), + resource.TestCheckResourceAttr(resourceName, "spec.0.egress.0.ports.0.end_port", "65535"), + resource.TestCheckResourceAttr(resourceName, "spec.0.policy_types.#", "1"), + resource.TestCheckResourceAttr(resourceName, "spec.0.policy_types.0", "Ingress"), + ), + }, { Config: testAccKubernetesNetworkPolicyV1Config_specModified_allow_all_namespaces(name), Check: resource.ComposeAggregateTestCheckFunc( @@ -482,6 +517,50 @@ func testAccKubernetesNetworkPolicyV1Config_specModified(name string) string { `, name) } +func testAccKubernetesNetworkPolicyV1Config_endPorts(name string) string { + return fmt.Sprintf(`resource "kubernetes_network_policy_v1" "test" { + metadata { + name = "%s" + namespace = "default" + } + + spec { + pod_selector { + match_expressions { + key = "name" + operator = "In" + values = ["webfront", "api"] + } + } + + ingress { + ports { + port = "8126" + protocol = "TCP" + end_port = "9000" + } + + from { + namespace_selector { + match_labels = { + name = "default" + } + } + } + } + egress { + ports { + port = "10000" + protocol = "TCP" + end_port = "65535" + } + } + policy_types = ["Ingress"] + } +} +`, name) +} + func testAccKubernetesNetworkPolicyV1Config_specModified_allow_all_namespaces(name string) string { return fmt.Sprintf(`resource "kubernetes_network_policy_v1" "test" { metadata { diff --git a/kubernetes/structure_network_policy.go b/kubernetes/structure_network_policy.go index ee8577f76d..c7e89eb345 100644 --- a/kubernetes/structure_network_policy.go +++ b/kubernetes/structure_network_policy.go @@ -10,6 +10,7 @@ import ( corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" ) // Flatteners @@ -66,6 +67,9 @@ func flattenNetworkPolicyV1Ports(in []networkingv1.NetworkPolicyPort) []interfac if port.Port != nil { m["port"] = port.Port.String() } + if port.EndPort != nil && *port.EndPort != 0 { + m["end_port"] = int(*port.EndPort) + } if port.Protocol != nil { m["protocol"] = string(*port.Protocol) } @@ -198,6 +202,9 @@ func expandNetworkPolicyV1Ports(l []interface{}) *[]networkingv1.NetworkPolicyPo val := intstr.Parse(v) policyPorts[i].Port = &val } + if v, ok := in["end_port"].(int); ok && v != 0 { + policyPorts[i].EndPort = ptr.To(int32(v)) + } if in["protocol"] != nil && in["protocol"] != "" { v := corev1.Protocol(in["protocol"].(string)) policyPorts[i].Protocol = &v