resource(vpc_firewall_rules): add schema upgrade (#501)

Author: lgfa29

internal/provider/resource_vpc_firewall_rules.go

@@ -29,8 +29,9 @@ import (
 
 // Ensure the implementation satisfies the expected interfaces.
 var (
-	_ resource.Resource              = (*vpcFirewallRulesResource)(nil)
-	_ resource.ResourceWithConfigure = (*vpcFirewallRulesResource)(nil)
+	_ resource.Resource                 = (*vpcFirewallRulesResource)(nil)
+	_ resource.ResourceWithConfigure    = (*vpcFirewallRulesResource)(nil)
+	_ resource.ResourceWithUpgradeState = (*vpcFirewallRulesResource)(nil)
 )
 
 // NewVPCFirewallRulesResource is a helper function to simplify the provider implementation.
@@ -112,10 +113,24 @@ func (r *vpcFirewallRulesResource) ImportState(ctx context.Context, req resource
 	resource.ImportStatePassthroughID(ctx, path.Root("vpc_id"), req, resp)
 }
 
+// UpgradeState upgrades the Terraform state for the oxide_vpc_firewall_rules
+// resource from a previous schema version to the current version.
+//
+// Schema upgrades are not expected to be applied sequentially, since users are
+// allowed to jump to whatever new version they choose. When adding a new
+// version, you must ensure that each of the existing StateUpgrader functions
+// are also updated to handle the new schema.
+func (r *vpcFirewallRulesResource) UpgradeState(ctx context.Context) map[int64]resource.StateUpgrader {
+	return map[int64]resource.StateUpgrader{
+		0: {StateUpgrader: r.stateUpgraderV0},
+	}
+}
+
 // Schema defines the schema for the resource.
 func (r *vpcFirewallRulesResource) Schema(ctx context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) {
 	// TODO: Make sure users can define a single block per VPC ID, not many, is this even possible?
 	resp.Schema = schema.Schema{
+		Version: 1,
 		Attributes: map[string]schema.Attribute{
 			"vpc_id": schema.StringAttribute{
 				Required:    true,

internal/provider/resource_vpc_firewall_rules_test.go

@@ -7,6 +7,10 @@ package provider
 import (
 	"context"
 	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"path/filepath"
+	"sync/atomic"
 	"testing"
 	"time"
 
@@ -611,3 +615,225 @@ func testAccFirewallRulesDestroy(s *terraform.State) error {
 
 	return nil
 }
+
+func TestFirewallRules_v0_upgrade(t *testing.T) {
+	var version atomic.Int32
+	version.Store(15)
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		var respFile string
+		switch version.Load() {
+		case 15:
+			respFile = "r15_get_vpc_firewall_rules.json"
+		case 16:
+			respFile = "r16_get_vpc_firewall_rules.json"
+		}
+
+		respPath := filepath.Join("test-fixtures", "resource_vpc_firewall_rules", respFile)
+		f, err := testFixtures.ReadFile(respPath)
+		if err != nil {
+			t.Errorf("failed to read file %q: %v", respPath, err)
+			http.Error(w, "failed to read file", http.StatusInternalServerError)
+			return
+		}
+
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write(f)
+	}))
+	t.Cleanup(func() {
+		ts.Close()
+	})
+
+	//lintignore:AT004 // Provider must connect to test server.
+	configV0 := fmt.Sprintf(`
+provider "oxide" {
+  host  = "%s"
+  token = "fake"
+}
+
+resource "oxide_vpc_firewall_rules" "test" {
+  vpc_id = "3fa85f64-5717-4562-b3fc-2c963f66afa6"
+  rules = [
+    {
+      action      = "allow"
+      name        = "single-protocol"
+      description = "Single protocol"
+      direction   = "inbound"
+      priority    = 65535
+      status      = "enabled"
+      filters = {
+        ports     = ["22"]
+        protocols = ["TCP"]
+      }
+      targets = [
+        {
+          type  = "subnet"
+          value = "default"
+        }
+      ]
+    },
+    {
+      action      = "allow"
+      name        = "multiple-protocols"
+      description = "Multiple protocols"
+      direction   = "inbound"
+      priority    = 65535
+      status      = "enabled"
+      filters = {
+        ports     = ["22"]
+        protocols = ["TCP", "UDP"]
+      }
+      targets = [
+        {
+          type  = "subnet"
+          value = "default"
+        }
+      ]
+    },
+    {
+      action      = "allow"
+      name        = "no-protocol"
+      description = "No protocol"
+      direction   = "inbound"
+      priority    = 65535
+      status      = "enabled"
+      filters = {
+        ports = ["22"]
+      }
+      targets = [
+        {
+          type  = "subnet"
+          value = "default"
+        }
+      ]
+    }
+  ]
+}
+`, ts.URL)
+
+	//lintignore:AT004 // Provider must connect to test server.
+	configV1 := fmt.Sprintf(`
+provider "oxide" {
+  host  = "%s"
+  token = "fake"
+}
+
+resource "oxide_vpc_firewall_rules" "test" {
+  vpc_id = "3fa85f64-5717-4562-b3fc-2c963f66afa6"
+  rules = [
+    {
+      action      = "allow"
+      name        = "single-protocol"
+      description = "Single protocol"
+      direction   = "inbound"
+      priority    = 65535
+      status      = "enabled"
+      filters = {
+        ports = ["22"]
+        protocols = [
+          { type : "tcp" }
+        ]
+      }
+      targets = [
+        {
+          type  = "subnet"
+          value = "default"
+        }
+      ]
+    },
+    {
+      action      = "allow"
+      name        = "multiple-protocols"
+      description = "Multiple protocols"
+      direction   = "inbound"
+      priority    = 65535
+      status      = "enabled"
+      filters = {
+        ports = ["22"]
+        protocols = [
+          { type : "tcp" },
+          { type : "udp" }
+        ]
+      }
+      targets = [
+        {
+          type  = "subnet"
+          value = "default"
+        }
+      ]
+    },
+    {
+      action      = "allow"
+      name        = "no-protocol"
+      description = "No protocol"
+      direction   = "inbound"
+      priority    = 65535
+      status      = "enabled"
+      filters = {
+        ports = ["22"]
+      }
+      targets = [
+        {
+          type  = "subnet"
+          value = "default"
+        }
+      ]
+    }
+  ]
+}
+`, ts.URL)
+
+	resource.UnitTest(t, resource.TestCase{
+		Steps: []resource.TestStep{
+			// Initial state with v0.12.0 and R15.
+			{
+				ExternalProviders: map[string]resource.ExternalProvider{
+					"oxide": {
+						Source:            "oxidecomputer/oxide",
+						VersionConstraint: "0.12.0",
+					},
+				},
+				PreConfig: func() {
+					version.Store(15)
+				},
+				Config: configV0,
+			},
+			// Upgrade to current version and R16.
+			{
+				ExternalProviders:        map[string]resource.ExternalProvider{},
+				ProtoV6ProviderFactories: testAccProtoV6ProviderFactories(),
+				PreConfig: func() {
+					version.Store(16)
+				},
+				Config: configV1,
+			},
+		},
+	})
+
+	resource.UnitTest(t, resource.TestCase{
+		Steps: []resource.TestStep{
+			// Initial state with v0.13.0 and R16.
+			{
+				ExternalProviders: map[string]resource.ExternalProvider{
+					"oxide": {
+						Source:            "oxidecomputer/oxide",
+						VersionConstraint: "0.13.0",
+					},
+				},
+				PreConfig: func() {
+					version.Store(16)
+				},
+				Config: configV1,
+			},
+			// Upgrade to current version.
+			{
+				ExternalProviders:        map[string]resource.ExternalProvider{},
+				ProtoV6ProviderFactories: testAccProtoV6ProviderFactories(),
+				PreConfig: func() {
+					version.Store(16)
+				},
+				Config: configV1,
+			},
+		},
+	})
+}