resilien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
terraform/builtin/providers/scaleway/resource_scaleway_security_...

159 lines
4.2 KiB
Go
Raw Normal View History

Add scaleway provider (#7331) * Add scaleway provider this PR allows the entire scaleway stack to be managed with terraform example usage looks like this: ``` provider "scaleway" { api_key = "snap" organization = "snip" } resource "scaleway_ip" "base" { server = "${scaleway_server.base.id}" } resource "scaleway_server" "base" { name = "test" # ubuntu 14.04 image = "aecaed73-51a5-4439-a127-6d8229847145" type = "C2S" } resource "scaleway_volume" "test" { name = "test" size_in_gb = 20 type = "l_ssd" } resource "scaleway_volume_attachment" "test" { server = "${scaleway_server.base.id}" volume = "${scaleway_volume.test.id}" } resource "scaleway_security_group" "base" { name = "public" description = "public gateway" } resource "scaleway_security_group_rule" "http-ingress" { security_group = "${scaleway_security_group.base.id}" action = "accept" direction = "inbound" ip_range = "0.0.0.0/0" protocol = "TCP" port = 80 } resource "scaleway_security_group_rule" "http-egress" { security_group = "${scaleway_security_group.base.id}" action = "accept" direction = "outbound" ip_range = "0.0.0.0/0" protocol = "TCP" port = 80 } ``` Note that volume attachments require the server to be stopped, which can lead to downtimes of you attach new volumes to already used servers * Update IP read to handle 404 gracefully * Read back resource on update * Ensure IP detachment works as expected Sadly this is not part of the official scaleway api just yet * Adjust detachIP helper based on feedback from @QuentinPerez in https://github.com/scaleway/scaleway-cli/pull/378 * Cleanup documentation * Rename api_key to access_key following @stack72 suggestion and rename the provider api_key for more clarity * Make tests less chatty by using custom logger
2016-07-13 22:03:41 +02:00
package scaleway
import (
"fmt"
"testing"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
"github.com/scaleway/scaleway-cli/pkg/api"
)
func TestAccScalewaySecurityGroupRule_Basic(t *testing.T) {
var group api.ScalewaySecurityGroups
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckScalewaySecurityGroupRuleDestroy(&group),
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccCheckScalewaySecurityGroupRuleConfig,
Check: resource.ComposeTestCheckFunc(
testAccCheckScalewaySecurityGroupsExists("scaleway_security_group.base", &group),
resource.TestCheckResourceAttr("scaleway_security_group_rule.http", "action", "drop"),
resource.TestCheckResourceAttr("scaleway_security_group_rule.http", "direction", "inbound"),
resource.TestCheckResourceAttr("scaleway_security_group_rule.http", "ip_range", "0.0.0.0/0"),
resource.TestCheckResourceAttr("scaleway_security_group_rule.http", "protocol", "TCP"),
testAccCheckScalewaySecurityGroupRuleExists("scaleway_security_group_rule.http", &group),
testAccCheckScalewaySecurityGroupRuleAttributes("scaleway_security_group_rule.http", &group),
),
},
},
})
}
func testAccCheckScalewaySecurityGroupsExists(n string, group *api.ScalewaySecurityGroups) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Security Group Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No Security Group is set")
}
conn := testAccProvider.Meta().(*Client).scaleway
resp, err := conn.GetASecurityGroup(rs.Primary.ID)
if err != nil {
return err
}
if resp.SecurityGroups.ID == rs.Primary.ID {
*group = resp.SecurityGroups
return nil
}
return fmt.Errorf("Security Group not found")
}
}
func testAccCheckScalewaySecurityGroupRuleDestroy(group *api.ScalewaySecurityGroups) func(*terraform.State) error {
return func(s *terraform.State) error {
client := testAccProvider.Meta().(*Client).scaleway
for _, rs := range s.RootModule().Resources {
if rs.Type != "scaleway" {
continue
}
_, err := client.GetASecurityGroupRule(group.ID, rs.Primary.ID)
if err == nil {
return fmt.Errorf("Security Group still exists")
}
}
return nil
}
}
func testAccCheckScalewaySecurityGroupRuleAttributes(n string, group *api.ScalewaySecurityGroups) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Unknown resource: %s", n)
}
client := testAccProvider.Meta().(*Client).scaleway
rule, err := client.GetASecurityGroupRule(group.ID, rs.Primary.ID)
if err != nil {
return err
}
if rule.Rules.Action != "drop" {
return fmt.Errorf("Wrong rule action")
}
if rule.Rules.Direction != "inbound" {
return fmt.Errorf("wrong rule direction")
}
if rule.Rules.IPRange != "0.0.0.0/0" {
return fmt.Errorf("wrong rule IP Range")
}
if rule.Rules.Protocol != "TCP" {
return fmt.Errorf("wrong rule protocol")
}
if rule.Rules.DestPortFrom != 80 {
return fmt.Errorf("Wrong port")
}
return nil
}
}
func testAccCheckScalewaySecurityGroupRuleExists(n string, group *api.ScalewaySecurityGroups) resource.TestCheckFunc {
return func(s *terraform.State) error {
rs, ok := s.RootModule().Resources[n]
if !ok {
return fmt.Errorf("Security Group Rule Not found: %s", n)
}
if rs.Primary.ID == "" {
return fmt.Errorf("No Security Group Rule ID is set")
}
client := testAccProvider.Meta().(*Client).scaleway
rule, err := client.GetASecurityGroupRule(group.ID, rs.Primary.ID)
if err != nil {
return err
}
if rule.Rules.ID != rs.Primary.ID {
return fmt.Errorf("Record not found")
}
return nil
}
}
var testAccCheckScalewaySecurityGroupRuleConfig = `
resource "scaleway_security_group" "base" {
name = "public"
description = "public gateway"
}
resource "scaleway_security_group_rule" "http" {
security_group = "${scaleway_security_group.base.id}"
action = "drop"
direction = "inbound"
ip_range = "0.0.0.0/0"
protocol = "TCP"
port = 80
}
`