Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for linking service and address groups to network security rules #345

Merged
merged 2 commits into from
Mar 7, 2022
Merged

Add support for linking service and address groups to network security rules #345

merged 2 commits into from
Mar 7, 2022

Conversation

jan-walther
Copy link

Expansion of #322 to support linking the newly created resourced with a network security rule

@siddharth-nutanix
Copy link
Collaborator

siddharth-nutanix commented Feb 17, 2022
edited
Loading

Hi @jan-walther ,
Can you pull nutanix master?

@jan-walther
Copy link
Author

Done :)

@siddharth-nutanix siddharth-nutanix mentioned this pull request Feb 18, 2022
Closed
@siddharth-nutanix siddharth-nutanix linked an issue Feb 18, 2022 that may be closed by this pull request
Allow usage of service and address groups in network_security_rules #170
Closed
@siddharth-nutanix
Copy link
Collaborator

/ok-to-test

@siddharth-nutanix
Copy link
Collaborator

Hi @jan-walther
I see that we are passing service group property in security rules resource type.
Can you also add datasource for service group (both singular and plural) ?

@jan-walther
Copy link
Author

Hi @siddharth-nutanix,
yes but my time atm is very limited and data sources aren't strictly necessary for my purposes :/

@Chup4Chups
Copy link

Hi guys,
I tested the PR locally and it worked almost fine.
However, I had to make small changes to be able to create a network security rule with address_groups and service_groups

  1. field "ip_subnet" is assigned an empty struct by default which lead to an error from the APIv3.
    I just moved the assignment elsewhere where struct is not empty, but there is probably a better solution.

  2. need to put fields uuid / kind as Required to match APIv3 for address_groups and service_groups

$ git diff
diff --git a/nutanix/resource_nutanix_network_security_rule.go b/nutanix/resource_nutanix_network_security_rule.go
index e990310d..26743471 100644
--- a/nutanix/resource_nutanix_network_security_rule.go
+++ b/nutanix/resource_nutanix_network_security_rule.go
@@ -1153,6 +1153,7 @@ func expandNetworkRule(prefix string, d *schema.ResourceData) *v3.NetworkSecurit
                        if ippl, ipok := nr["ip_subnet_prefix_length"]; ipok && ippl.(string) != "" {
                                if i, err := strconv.Atoi(ippl.(string)); err == nil {
                                        iPSubnet.PrefixLength = utils.Int64Ptr(int64(i))
+                                       nrItem.IPSubnet = iPSubnet
                                }
                        }

@@ -1220,8 +1221,6 @@ func expandNetworkRule(prefix string, d *schema.ResourceData) *v3.NetworkSecurit
                        if icmp, icmpok := nr["icmp_type_code_list"]; icmpok {
                                nrItem.IcmpTypeCodeList = expandIcmpTypeCodeList(icmp)
                        }
-
-                       nrItem.IPSubnet = iPSubnet
                        if !reflect.DeepEqual(*filter, v3.CategoryFilter{}) {
                                nrItem.Filter = filter
                        }
@@ -1560,11 +1559,11 @@ func referenceListSchema() *schema.Schema {
                        Schema: map[string]*schema.Schema{
                                "kind": {
                                        Type:     schema.TypeString,
-                                       Computed: true,
+                                       Required: true,
                                },
                                "uuid": {
                                        Type:     schema.TypeString,
-                                       Computed: true,
+                                       Required: true,
                                },
                                "name": {
                                        Type:     schema.TypeString,

@siddharth-nutanix
Copy link
Collaborator

siddharth-nutanix commented Feb 21, 2022
edited by github-actions bot
Loading

/ok-to-test

Acceptance test run status: success
Line code coverage is 59.4

siddharth-nutanix
siddharth-nutanix requested changes Feb 21, 2022
View reviewed changes
nutanix/resource_nutanix_network_security_rule.go
Type: schema.TypeString,
Computed: true,
},
"uuid": {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't UUID be marked as optional & computed as it will be an input to API.

@jan-walther thoughts?

Can you also attach a working example in the PR?

@siddharth-nutanix siddharth-nutanix mentioned this pull request Feb 22, 2022
Closed
@siddharth-nutanix siddharth-nutanix changed the base branch from master to feat/m-network-security-rules March 7, 2022 06:56
@siddharth-nutanix siddharth-nutanix merged commit 5b1226a into nutanix:feat/m-network-security-rules Mar 7, 2022
@jan-walther jan-walther mentioned this pull request Mar 16, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@siddharth-nutanix siddharth-nutanix siddharth-nutanix requested changes

Assignees
No one assigned
Labels
1.4 enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow usage of service and address groups in network_security_rules
3 participants
@jan-walther @siddharth-nutanix @Chup4Chups