Add support for GRE and ESP protocols in firewalls

Signed-off-by: Lukas Kämmerling <lukas.kaemmerling@hetzner-cloud.de>
hetznercloud · Jun 17, 2021 · b766eb2 · b766eb2
1 parent c3a6593
commit b766eb2
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 8 deletions.
diff --git a/go.mod b/go.mod
@@ -4,7 +4,7 @@ require (
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.5.0
-	github.com/hetznercloud/hcloud-go v1.26.2
+	github.com/hetznercloud/hcloud-go v1.27.0
 	github.com/stretchr/testify v1.7.0
 	golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
 )

diff --git a/go.sum b/go.sum
@@ -189,8 +189,8 @@ github.com/hashicorp/terraform-plugin-sdk/v2 v2.5.0/go.mod h1:z+cMZ0iswzZOahBJ3X
 github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
 github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ=
 github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
-github.com/hetznercloud/hcloud-go v1.26.2 h1:fI8BXAGJI4EFeCDd2a/I4EhqyK32cDdxGeWfYMGUi50=
-github.com/hetznercloud/hcloud-go v1.26.2/go.mod h1:2C5uMtBiMoFr3m7lBFPf7wXTdh33CevmZpQIIDPGYJI=
+github.com/hetznercloud/hcloud-go v1.27.0 h1:dQ0k3VGHL2rKicOfWHQvKw//B9pXcVTgFGvLqjy8Ujw=
+github.com/hetznercloud/hcloud-go v1.27.0/go.mod h1:2C5uMtBiMoFr3m7lBFPf7wXTdh33CevmZpQIIDPGYJI=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.9 h1:UauaLniWCFHWd+Jp9oCEkTBj8VO/9DKg3PV3VCNMDIg=
 github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=

diff --git a/internal/firewall/resource.go b/internal/firewall/resource.go
@@ -49,12 +49,12 @@ func Resource() *schema.Resource {
 								direction := i.(string)
 								switch hcloud.FirewallRuleDirection(direction) {
 								case hcloud.FirewallRuleDirectionIn:
-									return nil
 								case hcloud.FirewallRuleDirectionOut:
 									return nil
 								default:
 									return diag.Errorf("%s is not a valid direction", direction)
 								}
+								return nil
 							},
 						},
 						"protocol": {
@@ -66,6 +66,8 @@ func Resource() *schema.Resource {
 								case hcloud.FirewallRuleProtocolICMP:
 								case hcloud.FirewallRuleProtocolTCP:
 								case hcloud.FirewallRuleProtocolUDP:
+								case hcloud.FirewallRuleProtocolESP:
+								case hcloud.FirewallRuleProtocolGRE:
 									return nil
 								default:
 									return diag.Errorf("%s is not a valid protocol", protocol)
@@ -85,7 +87,7 @@ func Resource() *schema.Resource {
 							},
 							Optional: true,
 						},
-						"destination_ips": &schema.Schema{
+						"destination_ips": {
 							Type: schema.TypeSet,
 							Elem: &schema.Schema{
 								Type:             schema.TypeString,

diff --git a/website/docs/d/firewall.html.md b/website/docs/d/firewall.html.md
@@ -35,7 +35,7 @@ data "hcloud_firewall" "sample_firewall_2" {
 
 `rule` support the following fields:
 - `direction` - (Required, string) Direction of the Firewall Rule. `in`, `out`
-- `protocol` - (Required, string) Protocol of the Firewall Rule. `tcp`, `icmp`, `udp`
+- `protocol` - (Required, string) Protocol of the Firewall Rule. `tcp`, `icmp`, `udp`, `gre`, `esp`
 - `port` - (Required, string) Port of the Firewall Rule. Required when `protocol` is `tcp` or `udp`
 - `source_ips` - (Required, List) List of CIDRs that are allowed within this Firewall Rule (when `direction` is `in`)
 - `destination_ips` - (Required, List) List of CIDRs that are allowed within this Firewall Rule (when `direction` is `out`)
diff --git a/website/docs/r/firewall.html.md b/website/docs/r/firewall.html.md
@@ -41,7 +41,7 @@ resource "hcloud_server" "node1" {
 
 `rule` support the following fields:
 - `direction` - (Required, string) Direction of the Firewall Rule. `in`
-- `protocol` - (Required, string) Protocol of the Firewall Rule. `tcp`, `icmp`, `udp`
+- `protocol` - (Required, string) Protocol of the Firewall Rule. `tcp`, `icmp`, `udp`, `gre`, `esp`
 - `port` - (Required, string) Port of the Firewall Rule. Required when `protocol` is `tcp` or `udp`
 - `source_ips` - (Required, List) List of CIDRs that are allowed within this Firewall Rule
 
@@ -54,7 +54,7 @@ resource "hcloud_server" "node1" {
 
 `rule` support the following fields:
 - `direction` - (Required, string) Direction of the Firewall Rule. `in`, `out`
-- `protocol` - (Required, string) Protocol of the Firewall Rule. `tcp`, `icmp`, `udp`
+- `protocol` - (Required, string) Protocol of the Firewall Rule. `tcp`, `icmp`, `udp`, `gre`, `esp`
 - `port` - (Required, string) Port of the Firewall Rule. Required when `protocol` is `tcp` or `udp`
 - `source_ips` - (Required, List) List of CIDRs that are allowed within this Firewall Rule (when `direction` is `in`)
 - `destination_ips` - (Required, List) List of CIDRs that are allowed within this Firewall Rule (when `direction` is `out`)