From 9abc5d7ecfdc29da4670c7eac865dbce7d59c9b7 Mon Sep 17 00:00:00 2001
From: Adrian Huber <adrian.huber@hetzner-cloud.de>
Date: Thu, 5 Aug 2021 12:47:04 +0200
Subject: [PATCH] Fix firewall rule description

---
 go.mod                                      |  2 +-
 go.sum                                      |  4 +-
 internal/e2etests/firewall/resource_test.go | 53 ++++++++++++---------
 internal/testdata/r/hcloud_firewall.tf.tmpl |  3 ++
 4 files changed, 36 insertions(+), 26 deletions(-)

diff --git a/go.mod b/go.mod
index 48480fae3..259b70f3d 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ require (
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.7.0
-	github.com/hetznercloud/hcloud-go v1.29.0
+	github.com/hetznercloud/hcloud-go v1.29.1
 	github.com/stretchr/testify v1.7.0
 	golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e
 )
diff --git a/go.sum b/go.sum
index 67e4adee9..15de4846c 100644
--- a/go.sum
+++ b/go.sum
@@ -201,8 +201,8 @@ github.com/hashicorp/terraform-plugin-sdk/v2 v2.7.0/go.mod h1:grseeRo9g3yNkYW09i
 github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
 github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ=
 github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
-github.com/hetznercloud/hcloud-go v1.29.0 h1:GVUj/VM3wFG6bnVGbIbTyUBr1MgcJI30pH6lus/UfpY=
-github.com/hetznercloud/hcloud-go v1.29.0/go.mod h1:2C5uMtBiMoFr3m7lBFPf7wXTdh33CevmZpQIIDPGYJI=
+github.com/hetznercloud/hcloud-go v1.29.1 h1:UiV+GZVEOFramb49ASbXfpJGjXa6FmJe3Hh+Ns3RUJ4=
+github.com/hetznercloud/hcloud-go v1.29.1/go.mod h1:2C5uMtBiMoFr3m7lBFPf7wXTdh33CevmZpQIIDPGYJI=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
diff --git a/internal/e2etests/firewall/resource_test.go b/internal/e2etests/firewall/resource_test.go
index 165c8b62e..b3da4ce34 100644
--- a/internal/e2etests/firewall/resource_test.go
+++ b/internal/e2etests/firewall/resource_test.go
@@ -20,43 +20,49 @@ func TestFirewallResource_Basic(t *testing.T) {
 
 	res := firewall.NewRData(t, "basic-firewall", []firewall.RDataRule{
 		{
-			Direction: "in",
-			Protocol:  "tcp",
-			SourceIPs: []string{"0.0.0.0/0", "::/0"},
-			Port:      "80",
+			Direction:   "in",
+			Protocol:    "tcp",
+			SourceIPs:   []string{"0.0.0.0/0", "::/0"},
+			Port:        "80",
+			Description: "allow http in",
 		},
 		{
 			Direction:      "out",
 			Protocol:       "tcp",
 			DestinationIPs: []string{"0.0.0.0/0", "::/0"},
 			Port:           "80",
+			Description:    "allow http out",
 		},
 		{
-			Direction: "in",
-			Protocol:  "udp",
-			SourceIPs: []string{"0.0.0.0/0", "::/0"},
-			Port:      "any",
+			Direction:   "in",
+			Protocol:    "udp",
+			SourceIPs:   []string{"0.0.0.0/0", "::/0"},
+			Port:        "any",
+			Description: "allow udp in all ports",
 		},
 	})
 
 	updated := firewall.NewRData(t, "basic-firewall", []firewall.RDataRule{
 		{
-			Direction: "in",
-			Protocol:  "tcp",
-			SourceIPs: []string{"0.0.0.0/0", "::/0"},
-			Port:      "443",
+			Direction:   "in",
+			Protocol:    "tcp",
+			SourceIPs:   []string{"0.0.0.0/0", "::/0"},
+			Port:        "443",
+			Description: "allow https in",
 		},
 		{
 			Direction:      "out",
 			Protocol:       "tcp",
 			DestinationIPs: []string{"0.0.0.0/0", "::/0"},
 			Port:           "443",
+			Description:    "allow https out",
 		},
 		{
-			Direction: "in",
-			Protocol:  "udp",
-			SourceIPs: []string{"0.0.0.0/0", "::/0"},
-			Port:      "any",
+			Direction:   "in",
+			Protocol:    "udp",
+			SourceIPs:   []string{"0.0.0.0/0", "::/0"},
+			Port:        "any",
+			Description: "allow udp in all ports",
 		},
 	})
 	updated.SetRName(res.RName())
@@ -75,9 +81,9 @@ func TestFirewallResource_Basic(t *testing.T) {
 					resource.TestCheckResourceAttr(res.TFID(), "name",
 						fmt.Sprintf("basic-firewall--%d", tmplMan.RandInt)),
 					resource.TestCheckResourceAttr(res.TFID(), "rule.#", "3"),
-					testsupport.LiftTCF(hasFirewallRule(t, &f, "in", "80", "tcp", []string{"0.0.0.0/0", "::/0"}, []string{})),
-					testsupport.LiftTCF(hasFirewallRule(t, &f, "in", "any", "udp", []string{"0.0.0.0/0", "::/0"}, []string{})),
-					testsupport.LiftTCF(hasFirewallRule(t, &f, "out", "80", "tcp", []string{}, []string{"0.0.0.0/0", "::/0"})),
+					testsupport.LiftTCF(hasFirewallRule(t, &f, "in", "80", "tcp", []string{"0.0.0.0/0", "::/0"}, []string{}, "allow http in")),
+					testsupport.LiftTCF(hasFirewallRule(t, &f, "in", "any", "udp", []string{"0.0.0.0/0", "::/0"}, []string{}, "allow udp in all ports")),
+					testsupport.LiftTCF(hasFirewallRule(t, &f, "out", "80", "tcp", []string{}, []string{"0.0.0.0/0", "::/0"}, "allow http out")),
 				),
 			},
 			{
@@ -95,9 +101,9 @@ func TestFirewallResource_Basic(t *testing.T) {
 					resource.TestCheckResourceAttr(res.TFID(), "name",
 						fmt.Sprintf("basic-firewall--%d", tmplMan.RandInt)),
 					resource.TestCheckResourceAttr(res.TFID(), "rule.#", "3"),
-					testsupport.LiftTCF(hasFirewallRule(t, &f, "in", "443", "tcp", []string{"0.0.0.0/0", "::/0"}, []string{})),
-					testsupport.LiftTCF(hasFirewallRule(t, &f, "in", "any", "udp", []string{"0.0.0.0/0", "::/0"}, []string{})),
-					testsupport.LiftTCF(hasFirewallRule(t, &f, "out", "443", "tcp", []string{}, []string{"0.0.0.0/0", "::/0"})),
+					testsupport.LiftTCF(hasFirewallRule(t, &f, "in", "443", "tcp", []string{"0.0.0.0/0", "::/0"}, []string{}, "allow https in")),
+					testsupport.LiftTCF(hasFirewallRule(t, &f, "in", "any", "udp", []string{"0.0.0.0/0", "::/0"}, []string{}, "allow udp in all ports")),
+					testsupport.LiftTCF(hasFirewallRule(t, &f, "out", "443", "tcp", []string{}, []string{"0.0.0.0/0", "::/0"}, "allow https out")),
 				),
 			},
 		},
@@ -112,11 +118,12 @@ func hasFirewallRule(
 	protocol string, // nolint:unparam
 	expectedSourceIps []string,
 	expectedDestinationIps []string,
+	description string,
 ) func() error {
 	return func() error {
 		var firewallRule *hcloud.FirewallRule
 		for _, r := range f.Rules {
-			if string(r.Direction) == direction && *r.Port == port && string(r.Protocol) == protocol {
+			if string(r.Direction) == direction && *r.Port == port && string(r.Protocol) == protocol && *r.Description == description {
 				firewallRule = &r
 				break
 			}
diff --git a/internal/testdata/r/hcloud_firewall.tf.tmpl b/internal/testdata/r/hcloud_firewall.tf.tmpl
index 3c15ae7f1..897eb5138 100644
--- a/internal/testdata/r/hcloud_firewall.tf.tmpl
+++ b/internal/testdata/r/hcloud_firewall.tf.tmpl
@@ -24,6 +24,9 @@ resource "hcloud_firewall" "{{ .RName }}" {
 {{- end }}
         ]
 {{ end }}
+{{ if $v.Description -}}
+        description = "{{ $v.Description }}"
+{{ end}}
     }
 {{- end }}
 {{- end }}