[NETWORK] port association resource and ids data source

docs/data-sources/networking_port_ids_v2.md

@@ -0,0 +1,51 @@
+---
+subcategory: "Virtual Private Cloud (VPC)"
+---
+
+# opentelekomcloud_networking_port_ids_v2
+
+Use this data source to get a list of OpenTelekomCloud Port IDs matching the
+specified criteria.
+
+## Example Usage
+
+```hcl
+data "opentelekomcloud_networking_port_ids_v2" "ports" {
+ name = "port"
+}
+```
+
+## Argument Reference
+
+* `region` - (Optional, String) The region in which to obtain the V2 Neutron client.
+ A Neutron client is needed to retrieve port ids. If omitted, the
+ `region` argument of the provider is used.
+
+* `project_id` - (Optional, String) The owner of the port.
+
+* `name` - (Optional, String) The name of the port.
+
+* `admin_state_up` - (Optional, Bool) The administrative state of the port.
+
+* `network_id` - (Optional, String) The ID of the network the port belongs to.
+
+* `device_owner` - (Optional, String) The device owner of the port.
+
+* `mac_address` - (Optional, String) The MAC address of the port.
+
+* `device_id` - (Optional, String) The ID of the device the port belongs to.
+
+* `fixed_ip` - (Optional, String) The port IP address filter.
+
+* `status` - (Optional, String) The status of the port.
+
+* `security_group_ids` - (Optional, List) The list of port security group IDs to filter.
+
+* `sort_key` - (Optional) Sort ports based on a certain key. Defaults to none.
+
+* `sort_direction` - (Optional) Order the results in either `asc` or `desc`.
+ Defaults to none.
+
+## Attributes Reference
+
+`ids` is set to the list of OpenTelekomCloud Port IDs.

docs/resources/networking_port_secgroup_associate_v2.md

@@ -0,0 +1,71 @@
+---
+subcategory: "Virtual Private Cloud (VPC)"
+---
+
+# opentelekomcloud_networking_port_secgroup_associate_v2
+
+Manages a V2 port's security groups within OpenTelekomCloud. Useful, when the port was
+created not by Terraform (e.g. Manila or LBaaS). It should not be used, when the
+port was created directly within Terraform.
+
+When the resource is deleted, Terraform doesn't delete the port, but unsets the
+list of user defined security group IDs. However, if `force` is set to `true`
+and the resource is deleted, Terraform will remove all assigned security group
+IDs.
+
+## Example Usage
+
+```hcl
+data "opentelekomcloud_networking_port_v2" "system_port" {
+ fixed_ip = "10.0.0.10"
+}
+
+data "opentelekomcloud_networking_secgroup_v2" "secgroup" {
+ name = "secgroup"
+}
+
+resource "opentelekomcloud_networking_port_secgroup_associate_v2" "port_1" {
+ port_id = data.opentelekomcloud_networking_port_v2.system_port.id
+ security_group_ids = [
+ data.opentelekomcloud_networking_secgroup_v2.secgroup.id,
+ ]
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional) The region in which to obtain the V2 networking client.
+ A networking client is needed to manage a port. If omitted, the
+ `region` argument of the provider is used. Changing this creates a new
+ resource.
+
+* `port_id` - (Required) An UUID of the port to apply security groups to.
+
+* `security_group_ids` - (Required) A list of security group IDs to apply to
+ the port. The security groups must be specified by ID and not name (as
+ opposed to how they are configured with the Compute Instance).
+
+* `force` - (Optional) Whether to replace or append the list of security
+ groups, specified in the `security_group_ids`. Defaults to `false`.
+
+## Attributes Reference
+
+The following attributes are exported:
+
+* `all_security_group_ids` - The collection of Security Group IDs on the port
+ which have been explicitly and implicitly added.
+
+## Import
+
+Port security group association can be imported using the `id` of the port, e.g.
+
+```
+$ terraform import opentelekomcloud_networking_port_secgroup_associate_v2.port_1 eae26a3e-1c33-4cc1-9c31-5ght78rdf12
+ lifecycle {
+ ignore_changes = [
+ force,
+ security_group_ids,
+ ]
+ }

opentelekomcloud/acceptance/vpc/data_source_opentelekomcloud_networking_port_ids_v2_test.go

@@ -0,0 +1,74 @@
+package acceptance
+
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/common"
+ "github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/common/quotas"
+)
+
+func TestAccNetworkingV2PortIDsDataSource_basic(t *testing.T) {
+ dataSourceName := "data.opentelekomcloud_networking_port_ids_v2.ports"
+ port1Name := "opentelekomcloud_networking_port_v2.port_1"
+ port2Name := "opentelekomcloud_networking_port_v2.port_2"
+ t.Parallel()
+ quotas.BookOne(t, quotas.SecurityGroup)
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { common.TestAccPreCheck(t) },
+ ProviderFactories: common.TestAccProviderFactories,
+ Steps: []resource.TestStep{
+ {
+ Config: testAccNetworkingV2PortIDsDataSourceBasic,
+ Check: resource.ComposeTestCheckFunc(
+ resource.TestCheckResourceAttr(dataSourceName, "ids.#", "2"),
+ resource.TestCheckResourceAttrPair(dataSourceName, "ids.0", port1Name, "id"),
+ resource.TestCheckResourceAttrPair(dataSourceName, "ids.1", port2Name, "id"),
+ ),
+ },
+ },
+ })
+}
+
+const testAccNetworkingV2PortIDsDataSourceBasic = `
+resource "opentelekomcloud_networking_network_v2" "network_1" {
+ name = "acc_network_1"
+ admin_state_up = "true"
+}
+
+resource "opentelekomcloud_networking_secgroup_v2" "sg_1" {
+ name = "acc_secgroup_1"
+ description = "acc_secgroup_1"
+}
+
+resource "opentelekomcloud_networking_port_v2" "port_1" {
+ name = "port_1"
+ network_id = opentelekomcloud_networking_network_v2.network_1.id
+ admin_state_up = "true"
+
+ security_group_ids = [
+ opentelekomcloud_networking_secgroup_v2.sg_1.id
+ ]
+}
+
+resource "opentelekomcloud_networking_port_v2" "port_2" {
+ name = "port_2"
+ network_id = opentelekomcloud_networking_network_v2.network_1.id
+ admin_state_up = "true"
+
+ security_group_ids = [
+ opentelekomcloud_networking_secgroup_v2.sg_1.id
+ ]
+}
+
+data "opentelekomcloud_networking_port_ids_v2" "ports" {
+ sort_direction = "asc"
+ sort_key = "name"
+
+ network_id = opentelekomcloud_networking_network_v2.network_1.id
+ depends_on = [
+ opentelekomcloud_networking_port_v2.port_1,
+ opentelekomcloud_networking_port_v2.port_2,
+ ]
+}
+`

opentelekomcloud/acceptance/vpc/resource_opentelekomcloud_networking_port_secgroup_associate_test.go

@@ -0,0 +1,102 @@
+package acceptance
+
+import (
+ "fmt"
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+ "github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+ "github.com/opentelekomcloud/gophertelekomcloud/openstack/networking/v2/ports"
+ "github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/common"
+ "github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/acceptance/env"
+ "github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/cfg"
+)
+
+const resourcePortAssociateName = "opentelekomcloud_networking_port_secgroup_associate_v2.associate"
+
+func getPortResourceFunc(cfg *cfg.Config, state *terraform.ResourceState) (interface{}, error) {
+ client, err := cfg.NetworkingV2Client(env.OS_REGION_NAME)
+ if err != nil {
+ return nil, fmt.Errorf("error creating Networking v2 client: %s", err)
+ }
+ return ports.Get(client, state.Primary.Attributes["port_id"]).Extract()
+}
+
+func TestAccNetworkingV2PortAssociate_basic(t *testing.T) {
+ var port ports.Port
+ rc := common.InitResourceCheck(
+ resourcePortAssociateName,
+ &port,
+ getPortResourceFunc,
+ )
+
+ resource.ParallelTest(t, resource.TestCase{
+ PreCheck: func() {
+ common.TestAccPreCheck(t)
+ },
+ ProviderFactories: common.TestAccProviderFactories,
+ CheckDestroy: rc.CheckResourceDestroy(),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccPortAssociate_basic(),
+ Check: resource.ComposeTestCheckFunc(
+ rc.CheckResourceExists(),
+ testAccCheckNetworkingV2PortSecGroupAssociateCountSecurityGroups(&port, 2),
+ ),
+ },
+ {
+ ResourceName: resourcePortAssociateName,
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"force", "security_group_ids"},
+ },
+ },
+ })
+}
+
+func testAccCheckNetworkingV2PortSecGroupAssociateCountSecurityGroups(port *ports.Port, expected int) resource.TestCheckFunc {
+ return func(s *terraform.State) error {
+ if len(port.SecurityGroups) != expected {
+ return fmt.Errorf("expected %d Security Groups, got %d", expected, len(port.SecurityGroups))
+ }
+
+ return nil
+ }
+}
+
+const testAccNetworkingV2PortSecGroupAssociate = `
+resource "opentelekomcloud_networking_network_v2" "network_1" {
+ name = "acc_network_1"
+ admin_state_up = "true"
+}
+
+resource "opentelekomcloud_networking_secgroup_v2" "secgroup_1" {
+ name = "secgroup_1"
+ description = "terraform security group acceptance test"
+}
+
+resource "opentelekomcloud_networking_secgroup_v2" "secgroup_2" {
+ name = "secgroup_2"
+ description = "terraform security group acceptance test"
+}
+
+resource "opentelekomcloud_networking_port_v2" "port" {
+ name = "port_1"
+ network_id = opentelekomcloud_networking_network_v2.network_1.id
+ admin_state_up = "true"
+}
+`
+
+func testAccPortAssociate_basic() string {
+ return fmt.Sprintf(`
+%s
+
+resource "opentelekomcloud_networking_port_secgroup_associate_v2" "associate" {
+ port_id = opentelekomcloud_networking_port_v2.port.id
+ force = "false"
+ security_group_ids = [
+ opentelekomcloud_networking_secgroup_v2.secgroup_1.id,
+ ]
+}
+`, testAccNetworkingV2PortSecGroupAssociate)
+}

opentelekomcloud/common/utils.go

@@ -391,3 +391,20 @@ func ExpandToStringListBySet(v *schema.Set) []string {
 
  return s
 }
+
+// SliceUnion returns a new slice containing the union of elements from both slices,
+// without any duplicates.
+func SliceUnion(a, b []string) []string {
+ var res []string
+ for _, i := range a {
+ if !StrSliceContains(res, i) {
+ res = append(res, i)
+ }
+ }
+ for _, k := range b {
+ if !StrSliceContains(res, k) {
+ res = append(res, k)
+ }
+ }
+ return res
+}

opentelekomcloud/provider.go

@@ -313,6 +313,7 @@ func Provider() *schema.Provider {
  "opentelekomcloud_nat_gateway_v2": nat.DataSourceNatGatewayV2(),
  "opentelekomcloud_networking_network_v2": vpc.DataSourceNetworkingNetworkV2(),
  "opentelekomcloud_networking_port_v2": vpc.DataSourceNetworkingPortV2(),
+ "opentelekomcloud_networking_port_ids_v2": vpc.DataSourceNetworkingPortIDsV2(),
  "opentelekomcloud_networking_secgroup_v2": vpc.DataSourceNetworkingSecGroupV2(),
  "opentelekomcloud_networking_secgroup_rule_ids_v2": vpc.DataSourceNetworkingSecGroupRuleIdsV2(),
  "opentelekomcloud_obs_bucket": obs.DataSourceObsBucket(),
@@ -348,7 +349,8 @@ func Provider() *schema.Provider {
  },
 
  ResourcesMap: map[string]*schema.Resource{
- "opentelekomcloud_antiddos_v1": antiddos.ResourceAntiDdosV1(),
+ "opentelekomcloud_antiddos_v1": antiddos.ResourceAntiDdosV1(),
+ // "opentelekomcloud_apigw_acl_policy_v2": apigw.ResourceAPIAclPolicyV2(),
  "opentelekomcloud_apigw_api_v2": apigw.ResourceAPIApiV2(),
  "opentelekomcloud_apigw_api_publishment_v2": apigw.ResourceAPIApiPublishmentV2(),
  "opentelekomcloud_apigw_environment_v2": apigw.ResourceAPIEnvironmentv2(),
@@ -466,6 +468,7 @@ func Provider() *schema.Provider {
  "opentelekomcloud_networking_floatingip_associate_v2": vpc.ResourceNetworkingFloatingIPAssociateV2(),
  "opentelekomcloud_networking_network_v2": vpc.ResourceNetworkingNetworkV2(),
  "opentelekomcloud_networking_port_v2": vpc.ResourceNetworkingPortV2(),
+ "opentelekomcloud_networking_port_secgroup_associate_v2": vpc.ResourceNetworkingPortSecGroupAssociateV2(),
  "opentelekomcloud_networking_router_v2": vpc.ResourceNetworkingRouterV2(),
  "opentelekomcloud_networking_router_interface_v2": vpc.ResourceNetworkingRouterInterfaceV2(),
  "opentelekomcloud_networking_router_route_v2": vpc.ResourceNetworkingRouterRouteV2(),