[VPC]: fix port ranges for `opentelekomcloud_networking_secgroup_rul…

…e_v2` (#2175) [VPC]: fix port ranges for `opentelekomcloud_networking_secgroup_rule_v2` Summary of the Pull Request Port ranges were set every time even if they weren't provided by the user. This happened due to terraform being unable to differentiate empty parameter from zero value provided in config. PR Checklist Refers to: #2162 Tests added/passed. Schema updated. Release notes added. Acceptance Steps Performed === RUN TestAccNetworkingV2SecGroupRule_basic === PAUSE TestAccNetworkingV2SecGroupRule_basic === CONT TestAccNetworkingV2SecGroupRule_basic --- PASS: TestAccNetworkingV2SecGroupRule_basic (42.93s) === RUN TestAccNetworkingV2SecGroupRule_importBasic === PAUSE TestAccNetworkingV2SecGroupRule_importBasic === CONT TestAccNetworkingV2SecGroupRule_importBasic --- PASS: TestAccNetworkingV2SecGroupRule_importBasic (47.87s) === RUN TestAccNetworkingV2SecGroupRule_timeout === PAUSE TestAccNetworkingV2SecGroupRule_timeout === CONT TestAccNetworkingV2SecGroupRule_timeout --- PASS: TestAccNetworkingV2SecGroupRule_timeout (42.56s) === RUN TestAccNetworkingV2SecGroupRule_numericProtocol === PAUSE TestAccNetworkingV2SecGroupRule_numericProtocol === CONT TestAccNetworkingV2SecGroupRule_numericProtocol --- PASS: TestAccNetworkingV2SecGroupRule_numericProtocol (42.87s) === RUN TestAccNetworkingV2SecGroupRule_noPorts === PAUSE TestAccNetworkingV2SecGroupRule_noPorts === CONT TestAccNetworkingV2SecGroupRule_noPorts --- PASS: TestAccNetworkingV2SecGroupRule_noPorts (42.17s) === RUN TestAccNetworkingV2SecGroupRule_ICMP === PAUSE TestAccNetworkingV2SecGroupRule_ICMP === CONT TestAccNetworkingV2SecGroupRule_ICMP --- PASS: TestAccNetworkingV2SecGroupRule_ICMP (42.92s) === RUN TestAccNetworkingV2SecGroupRule_noProtocolError --- PASS: TestAccNetworkingV2SecGroupRule_noProtocolError (3.65s) PASS Process finished with the exit code 0 Reviewed-by: Anton Sidelnikov Reviewed-by: Aloento Reviewed-by: Vladimir Vshivkov
opentelekomcloud · May 16, 2023 · 0a17c34 · 0a17c34
1 parent af00a79
commit 0a17c34
Show file tree

Hide file tree

Showing 3 changed files with 130 additions and 20 deletions.
diff --git a/...telekomcloud/acceptance/vpc/resource_opentelekomcloud_networking_secgroup_rule_v2_test.go b/...telekomcloud/acceptance/vpc/resource_opentelekomcloud_networking_secgroup_rule_v2_test.go
@@ -2,6 +2,7 @@ package acceptance
 
 import (
 	"fmt"
+	"regexp"
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
@@ -120,6 +121,68 @@ func TestAccNetworkingV2SecGroupRule_numericProtocol(t *testing.T) {
 	})
 }
 
+func TestAccNetworkingV2SecGroupRule_noPorts(t *testing.T) {
+	var secgroup1 groups.SecGroup
+	var secgroupRule1 rules.SecGroupRule
+	t.Parallel()
+	quotas.BookOne(t, quotas.SecurityGroup)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { common.TestAccPreCheck(t) },
+		ProviderFactories: common.TestAccProviderFactories,
+		CheckDestroy:      testAccCheckNetworkingV2SecGroupRuleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetworkingV2SecGroupRuleNoPorts,
+				Check: resource.ComposeTestCheckFunc(
+					TestAccCheckNetworkingV2SecGroupExists(resourceNwSecGroupName, &secgroup1),
+					testAccCheckNetworkingV2SecGroupRuleExists(resourceNwSGRuleName, &secgroupRule1),
+					resource.TestCheckResourceAttr(resourceNwSGRuleName, "direction", "egress"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccNetworkingV2SecGroupRule_ICMP(t *testing.T) {
+	var secgroup1 groups.SecGroup
+	var secgroupRule1 rules.SecGroupRule
+	t.Parallel()
+	quotas.BookOne(t, quotas.SecurityGroup)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { common.TestAccPreCheck(t) },
+		ProviderFactories: common.TestAccProviderFactories,
+		CheckDestroy:      testAccCheckNetworkingV2SecGroupRuleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetworkingV2SecGroupRuleICMP,
+				Check: resource.ComposeTestCheckFunc(
+					TestAccCheckNetworkingV2SecGroupExists(resourceNwSecGroupName, &secgroup1),
+					testAccCheckNetworkingV2SecGroupRuleExists(resourceNwSGRuleName, &secgroupRule1),
+					resource.TestCheckResourceAttr(resourceNwSGRuleName, "direction", "ingress"),
+					resource.TestCheckResourceAttr(resourceNwSGRuleName, "port_range_min", "8"),
+					resource.TestCheckResourceAttr(resourceNwSGRuleName, "port_range_max", "0"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccNetworkingV2SecGroupRule_noProtocolError(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { common.TestAccPreCheck(t) },
+		ProviderFactories: common.TestAccProviderFactories,
+		CheckDestroy:      testAccCheckNetworkingV2SecGroupRuleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config:      testAccNetworkingV2SecGroupRuleError,
+				ExpectError: regexp.MustCompile(`"port_range_min": all of .+`),
+			},
+		},
+	})
+}
+
 func testAccCheckNetworkingV2SecGroupRuleDestroy(s *terraform.State) error {
 	config := common.TestAccProvider.Meta().(*cfg.Config)
 	networkingClient, err := config.NetworkingV2Client(env.OS_REGION_NAME)
@@ -262,3 +325,50 @@ resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_1" {
   security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id
 }
 `
+
+const testAccNetworkingV2SecGroupRuleNoPorts = `
+resource "opentelekomcloud_networking_secgroup_v2" "secgroup_1" {
+  name        = "secgroup_1"
+  description = "terraform security group rule acceptance test"
+}
+
+resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_1" {
+  direction         = "egress"
+  ethertype         = "IPv4"
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id
+}
+`
+
+const testAccNetworkingV2SecGroupRuleICMP = `
+resource "opentelekomcloud_networking_secgroup_v2" "secgroup_1" {
+  name        = "secgroup_1"
+  description = "terraform security group rule acceptance test"
+}
+
+resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_1" {
+  direction         = "ingress"
+  ethertype         = "IPv4"
+  protocol          = "icmp"
+  port_range_min    = 8
+  port_range_max    = 0
+  remote_ip_prefix  = "0.0.0.0/0"
+  security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id
+}
+`
+
+const testAccNetworkingV2SecGroupRuleError = `
+resource "opentelekomcloud_networking_secgroup_v2" "secgroup_1" {
+  name        = "secgroup_1"
+  description = "terraform security group rule acceptance test"
+}
+
+resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_1" {
+  direction         = "egress"
+  ethertype         = "IPv4"
+  remote_ip_prefix  = "0.0.0.0/0"
+  port_range_min    = 0
+  port_range_max    = 22
+  security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id
+}
+`
diff --git a/opentelekomcloud/services/vpc/resource_opentelekomcloud_networking_secgroup_rule_v2.go b/opentelekomcloud/services/vpc/resource_opentelekomcloud_networking_secgroup_rule_v2.go
@@ -57,16 +57,18 @@ func ResourceNetworkingSecGroupRuleV2() *schema.Resource {
 				ForceNew: true,
 			},
 			"port_range_min": {
-				Type:     schema.TypeInt,
-				Optional: true,
-				ForceNew: true,
-				Computed: true,
+				Type:         schema.TypeInt,
+				Optional:     true,
+				ForceNew:     true,
+				Computed:     true,
+				RequiredWith: []string{"protocol"},
 			},
 			"port_range_max": {
-				Type:     schema.TypeInt,
-				Optional: true,
-				ForceNew: true,
-				Computed: true,
+				Type:         schema.TypeInt,
+				Optional:     true,
+				ForceNew:     true,
+				Computed:     true,
+				RequiredWith: []string{"port_range_min"},
 			},
 			"protocol": {
 				Type:     schema.TypeString,
@@ -113,21 +115,9 @@ func resourceNetworkingSecGroupRuleV2Create(ctx context.Context, d *schema.Resou
 		return fmterr.Errorf(errCreationV2Client, err)
 	}
 
-	portRangeMin := d.Get("port_range_min").(int)
-	portRangeMax := d.Get("port_range_max").(int)
-	protocol := d.Get("protocol").(string)
-
-	if protocol == "" {
-		if portRangeMin != 0 || portRangeMax != 0 {
-			return fmterr.Errorf("A protocol must be specified when using port_range_min and port_range_max")
-		}
-	}
-
 	opts := rules.CreateOpts{
 		Description:    d.Get("description").(string),
 		SecGroupID:     d.Get("security_group_id").(string),
-		PortRangeMin:   &portRangeMin,
-		PortRangeMax:   &portRangeMax,
 		RemoteGroupID:  d.Get("remote_group_id").(string),
 		RemoteIPPrefix: d.Get("remote_ip_prefix").(string),
 		TenantID:       d.Get("tenant_id").(string),
@@ -146,6 +136,12 @@ func resourceNetworkingSecGroupRuleV2Create(ctx context.Context, d *schema.Resou
 	if v, ok := d.GetOk("protocol"); ok {
 		protocol := resourceNetworkingSecGroupRuleV2DetermineProtocol(v.(string))
 		opts.Protocol = protocol
+
+		portRangeMin := d.Get("port_range_min").(int)
+		opts.PortRangeMin = &portRangeMin
+
+		portRangeMax := d.Get("port_range_max").(int)
+		opts.PortRangeMax = &portRangeMax
 	}
 
 	log.Printf("[DEBUG] Create OpenTelekomCloud Neutron security group: %#v", opts)

diff --git a/releasenotes/notes/vpc_sg_fix-21d0ecfcbc4a3948.yaml b/releasenotes/notes/vpc_sg_fix-21d0ecfcbc4a3948.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    **[VPC]** Fix secgroup rule creation ``resource/opentelekomcloud_networking_secgroup_rule_v2`` (`#2175 <https://github.com/opentelekomcloud/terraform-provider-opentelekomcloud/pull/2175>`_)