apigw acl associate

opentelekomcloud · May 2, 2024 · 3a156ca · 3a156ca
1 parent 1c47cb0
commit 3a156ca
Show file tree

Hide file tree

Showing 5 changed files with 439 additions and 2 deletions.
diff --git a/docs/resources/apigw_acl_policy_associate_v2.md b/docs/resources/apigw_acl_policy_associate_v2.md
@@ -0,0 +1,53 @@
+---
+subcategory: "APIGW"
+---
+
+# opentelekomcloud_apigw_acl_policy_associate_v2
+
+Use this resource to bind the APIs to the ACL policy within OpenTelekomCloud.
+
+-> An ACL policy can only create one `opentelekomcloud_apigw_acl_policy_associate_v2` resource.
+
+## Example Usage
+
+```hcl
+variable "gateway_id" {}
+variable "policy_id" {}
+variable "api_publish_ids" {
+ type = list(string)
+}
+
+resource "opentelekomcloud_apigw_acl_policy_associate_v2" "test" {
+ gateway_id = var.gateway_id
+ policy_id = var.policy_id
+ publish_ids = var.api_publish_ids
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+* `gateway_id` - (Required, String, ForceNew) Specifies the ID of the dedicated gateway instance to which the APIs and the
+ ACL policy belong. Changing this will create a new resource.
+
+* `policy_id` - (Required, String, ForceNew) Specifies the ACL Policy ID for APIs binding.
+ Changing this will create a new resource.
+
+* `publish_ids` - (Required, List) Specifies the publishing IDs corresponding to the APIs bound by the ACL policy.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - Resource ID. The format is `<gateway_id>/<policy_id>`.
+
+* `region` - Specifies the region where the dedicated instance and the throttling policy are located.
+
+## Import
+
+Associate resources can be imported using their `policy_id` and the APIG gateway instance ID to which the policy
+belongs, separated by a slash, e.g.
+
+```bash
+$ terraform import huaweicloud_apig_acl_policy_associate.test <gateway_id>/<policy_id>
+```
diff --git a/docs/resources/apigw_throttling_policy_associate_v2.md b/docs/resources/apigw_throttling_policy_associate_v2.md
@@ -40,7 +40,7 @@ The following arguments are supported:
 
 In addition to all arguments above, the following attributes are exported:
 
-* `id` - Resource ID. The format is `<instance_id>/<policy_id>`.
+* `id` - Resource ID. The format is `<gateway_id>/<policy_id>`.
 
 * `region` - Specifies the region where the dedicated instance and the throttling policy are located.
 
@@ -50,5 +50,5 @@ Resources can be imported using their `policy_id` and the APIGW dedicated gatewa
 belongs, separated by a slash, e.g.
 
 ```shell
-$ terraform import opentelekomcloud_apigw_throttling_policy_associate_v2.tpa <instance_id>/<policy_id>
+$ terraform import opentelekomcloud_apigw_throttling_policy_associate_v2.tpa <gateway_id>/<policy_id>
 ```
diff --git a/...komcloud/acceptance/apigw/resource_opentelekomcloud_apigw_acl_policy_associate_v2_test.go b/...komcloud/acceptance/apigw/resource_opentelekomcloud_apigw_acl_policy_associate_v2_test.go
@@ -0,0 +1,175 @@
+package acceptance
+
+import (
+ "fmt"
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+ golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+ acls "github.com/opentelekomcloud/gophertelekomcloud/openstack/apigw/v2/acl"
+ "github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/common"
+ "github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/env"
+ "github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/cfg"
+)
+
+const resourceApigwAssociateAclName = "opentelekomcloud_apigw_acl_policy_associate_v2.associate"
+
+func getAclPolicyAssociateFunc(config *cfg.Config, state *terraform.ResourceState) (interface{}, error) {
+ client, err := config.APIGWV2Client(env.OS_REGION_NAME)
+ if err != nil {
+ return nil, fmt.Errorf("error creating APIG v2 client: %s", err)
+ }
+ opt := acls.ListBoundOpts{
+ GatewayID: state.Primary.Attributes["gateway_id"],
+ ID: state.Primary.Attributes["policy_id"],
+ }
+ resp, err := acls.ListAPIBoundPolicy(client, opt)
+ if len(resp) < 1 {
+ return nil, golangsdk.ErrDefault404{}
+ }
+ return resp, err
+}
+
+func TestAccAclPolicyAssociate_basic(t *testing.T) {
+ var apiDetails []acls.ApiAcl
+ name := fmt.Sprintf("apigw_acc_acl%s", acctest.RandString(10))
+ rc := common.InitResourceCheck(
+ resourceApigwAssociateAclName,
+ &apiDetails,
+ getAclPolicyAssociateFunc,
+ )
+
+ resource.ParallelTest(t, resource.TestCase{
+ PreCheck: func() {
+ common.TestAccPreCheck(t)
+ },
+ ProviderFactories: common.TestAccProviderFactories,
+ CheckDestroy: rc.CheckResourceDestroy(),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccAclPolicyAssociate_basic(name),
+ Check: resource.ComposeTestCheckFunc(
+ rc.CheckResourceExists(),
+ resource.TestCheckResourceAttrSet(resourceApigwAssociateAclName, "gateway_id"),
+ resource.TestCheckResourceAttrSet(resourceApigwAssociateAclName, "policy_id"),
+ resource.TestCheckResourceAttr(resourceApigwAssociateAclName, "publish_ids.#", "1"),
+ ),
+ },
+ {
+ Config: testAccAclPolicyAssociate_update(name),
+ Check: resource.ComposeTestCheckFunc(
+ rc.CheckResourceExists(),
+ resource.TestCheckResourceAttrSet(resourceApigwAssociateAclName, "gateway_id"),
+ resource.TestCheckResourceAttrSet(resourceApigwAssociateAclName, "policy_id"),
+ resource.TestCheckResourceAttr(resourceApigwAssociateAclName, "publish_ids.#", "1"),
+ ),
+ },
+ {
+ ResourceName: resourceApigwAssociateAclName,
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateIdFunc: testAccAclPolicyAssociateImportStateFunc(resourceApigwAssociateAclName),
+ },
+ },
+ })
+}
+
+func testAccAclPolicyAssociateImportStateFunc(rName string) resource.ImportStateIdFunc {
+ return func(s *terraform.State) (string, error) {
+ rs, ok := s.RootModule().Resources[rName]
+ if !ok {
+ return "", fmt.Errorf("resource (%s) not found: %s", rName, rs)
+ }
+ if rs.Primary.Attributes["gateway_id"] == "" || rs.Primary.Attributes["policy_id"] == "" {
+ return "", fmt.Errorf("invalid format specified for import ID, want '<gateway_id>/<policy_id>', but got '%s/%s'",
+ rs.Primary.Attributes["gateway_id"], rs.Primary.Attributes["policy_id"])
+ }
+ return fmt.Sprintf("%s/%s", rs.Primary.Attributes["gateway_id"], rs.Primary.Attributes["policy_id"]), nil
+ }
+}
+
+func testAccAclPolicyAssociate_basic(name string) string {
+ relatedConfig := testAccApigwApi_basic(testAccApigwApi_base(name), name)
+ return fmt.Sprintf(`
+%[1]s
+
+resource "opentelekomcloud_apigw_api_publishment_v2" "pub_one" {
+ gateway_id = opentelekomcloud_apigw_gateway_v2.gateway.id
+ environment_id = opentelekomcloud_apigw_environment_v2.env.id
+ api_id = opentelekomcloud_apigw_api_v2.api.id
+}
+
+resource "opentelekomcloud_apigw_environment_v2" "env_two" {
+ name = "second_env_%[2]s"
+ instance_id = opentelekomcloud_apigw_gateway_v2.gateway.id
+ description = "test description"
+}
+
+resource "opentelekomcloud_apigw_api_publishment_v2" "pub_two" {
+ gateway_id = opentelekomcloud_apigw_gateway_v2.gateway.id
+ environment_id = opentelekomcloud_apigw_environment_v2.env_two.id
+ api_id = opentelekomcloud_apigw_api_v2.api.id
+}
+
+resource "opentelekomcloud_apigw_acl_policy_v2" "ip_rule" {
+ gateway_id = opentelekomcloud_apigw_gateway_v2.gateway.id
+ name = "%[2]s_rule_ip"
+ type = "PERMIT"
+ entity_type = "IP"
+ value = "10.201.33.4,10.30.2.15"
+}
+
+resource "opentelekomcloud_apigw_acl_policy_associate_v2" "associate" {
+ gateway_id = opentelekomcloud_apigw_gateway_v2.gateway.id
+ policy_id = opentelekomcloud_apigw_acl_policy_v2.ip_rule.id
+
+ publish_ids = [
+ opentelekomcloud_apigw_api_publishment_v2.pub_one.publish_id
+ ]
+}
+`, relatedConfig, name)
+}
+
+func testAccAclPolicyAssociate_update(name string) string {
+ relatedConfig := testAccApigwApi_basic(testAccApigwApi_base(name), name)
+ return fmt.Sprintf(`
+%[1]s
+
+resource "opentelekomcloud_apigw_api_publishment_v2" "pub_one" {
+ gateway_id = opentelekomcloud_apigw_gateway_v2.gateway.id
+ environment_id = opentelekomcloud_apigw_environment_v2.env.id
+ api_id = opentelekomcloud_apigw_api_v2.api.id
+}
+
+resource "opentelekomcloud_apigw_environment_v2" "env_two" {
+ name = "second_env_%[2]s"
+ instance_id = opentelekomcloud_apigw_gateway_v2.gateway.id
+ description = "test description"
+}
+
+resource "opentelekomcloud_apigw_api_publishment_v2" "pub_two" {
+ gateway_id = opentelekomcloud_apigw_gateway_v2.gateway.id
+ environment_id = opentelekomcloud_apigw_environment_v2.env_two.id
+ api_id = opentelekomcloud_apigw_api_v2.api.id
+}
+
+resource "opentelekomcloud_apigw_acl_policy_v2" "ip_rule" {
+ gateway_id = opentelekomcloud_apigw_gateway_v2.gateway.id
+ name = "%[2]s_rule_ip"
+ type = "PERMIT"
+ entity_type = "IP"
+ value = "10.201.33.4,10.30.2.15"
+}
+
+resource "opentelekomcloud_apigw_acl_policy_associate_v2" "associate" {
+ gateway_id = opentelekomcloud_apigw_gateway_v2.gateway.id
+ policy_id = opentelekomcloud_apigw_acl_policy_v2.ip_rule.id
+
+ publish_ids = [
+ opentelekomcloud_apigw_api_publishment_v2.pub_two.publish_id
+ ]
+}
+`, relatedConfig, name)
+}
diff --git a/opentelekomcloud/provider.go b/opentelekomcloud/provider.go
@@ -351,6 +351,7 @@ func Provider() *schema.Provider {
  ResourcesMap: map[string]*schema.Resource{
  "opentelekomcloud_antiddos_v1": antiddos.ResourceAntiDdosV1(),
  "opentelekomcloud_apigw_acl_policy_v2": apigw.ResourceAPIAclPolicyV2(),
+ "opentelekomcloud_apigw_acl_policy_associate_v2": apigw.ResourceAclPolicyAssociateV2(),
  "opentelekomcloud_apigw_api_v2": apigw.ResourceAPIApiV2(),
  "opentelekomcloud_apigw_api_publishment_v2": apigw.ResourceAPIApiPublishmentV2(),
  "opentelekomcloud_apigw_environment_v2": apigw.ResourceAPIEnvironmentv2(),