Feature is sg rule local ip (IBM-Cloud#5244)

* SDK Changes * Development and Documentation * Added test and maturity param * SDK update * SDK update * Go Version Update * REview comments incorporated
powervs-ibm · Apr 11, 2024 · 978137f · 978137f
1 parent 237da3c
commit 978137f
Show file tree

Hide file tree

Showing 17 changed files with 365 additions and 13 deletions.
diff --git a/go.mod b/go.mod
@@ -31,7 +31,7 @@ require (
 	github.com/IBM/schematics-go-sdk v0.2.3
 	github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4
 	github.com/IBM/vpc-beta-go-sdk v0.6.0
-	github.com/IBM/vpc-go-sdk v0.49.1
+	github.com/IBM/vpc-go-sdk v0.50.0
 	github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v5 v5.0.0
@@ -243,4 +243,4 @@ exclude (
 	github.com/kubernetes-incubator/external-storage v0.20.4-openstorage-rc2
 	k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible
 	k8s.io/client-go v12.0.0+incompatible
-)
+)
diff --git a/go.sum b/go.sum
@@ -178,6 +178,8 @@ github.com/IBM/vpc-beta-go-sdk v0.6.0 h1:wfM3AcW3zOM3xsRtZ+EA6+sESlGUjQ6Yf4n5QQy
 github.com/IBM/vpc-beta-go-sdk v0.6.0/go.mod h1:fzHDAQIqH/5yJmYsKodKHLcqxMDT+yfH6vZjdiw8CQA=
 github.com/IBM/vpc-go-sdk v0.49.1 h1:VIkZ8iJMBHqBulUXcPtN0ifxsa0xwlBtaLslU2V9HsY=
 github.com/IBM/vpc-go-sdk v0.49.1/go.mod h1:iBg9UJY1y/XpkweyP6YH7G6guzKPV8BYDoBMTdPupH4=
+github.com/IBM/vpc-go-sdk v0.50.0 h1:+vnXYK0FXFXYqaS/5/X1XEqH0bbRotkzkerRk21ZEjE=
+github.com/IBM/vpc-go-sdk v0.50.0/go.mod h1:iBg9UJY1y/XpkweyP6YH7G6guzKPV8BYDoBMTdPupH4=
 github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E=
 github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=
 github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56 h1:vuquMR410psHNax14XKNWa0Ae/kYgWJcXi0IFuX60N0=
@@ -1267,6 +1269,7 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl
 github.com/onsi/gomega v1.18.0/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
 github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
+github.com/onsi/gomega v1.20.0/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
 github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
 github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc=
 github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM=

diff --git a/ibm/service/vpc/data_source_ibm_is_security_group.go b/ibm/service/vpc/data_source_ibm_is_security_group.go
@@ -20,6 +20,7 @@ const (
 	isSgRuleDirection = "direction"
 	isSgRuleIPVersion = "ip_version"
 	isSgRuleRemote    = "remote"
+	isSgRuleLocal     = "local"
 	isSgRuleType      = "type"
 	isSgRuleCode      = "code"
 	isSgRulePortMax   = "port_max"
@@ -81,6 +82,26 @@ func DataSourceIBMISSecurityGroup() *schema.Resource {
 							Description: "Security group id: an IP address, a CIDR block, or a single security group identifier",
 						},
 
+						"local": &schema.Schema{
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules).",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"address": &schema.Schema{
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered.",
+									},
+									"cidr_block": &schema.Schema{
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered.",
+									},
+								},
+							},
+						},
+
 						isSgRuleType: {
 							Type:     schema.TypeInt,
 							Computed: true,
@@ -248,6 +269,15 @@ func securityGroupGet(d *schema.ResourceData, meta interface{}, name string) err
 								}
 							}
 						}
+						local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal)
+						if ok {
+							if local != nil && !reflect.ValueOf(local).IsNil() {
+								localList := []map[string]interface{}{}
+								localMap := dataSourceSecurityGroupRuleLocalToMap(local)
+								localList = append(localList, localMap)
+								r["local"] = localList
+							}
+						}
 						rules = append(rules, r)
 					}
 
@@ -273,6 +303,15 @@ func securityGroupGet(d *schema.ResourceData, meta interface{}, name string) err
 								}
 							}
 						}
+						local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal)
+						if ok {
+							if local != nil && !reflect.ValueOf(local).IsNil() {
+								localList := []map[string]interface{}{}
+								localMap := dataSourceSecurityGroupRuleLocalToMap(local)
+								localList = append(localList, localMap)
+								r["local"] = localList
+							}
+						}
 						rules = append(rules, r)
 					}
 
@@ -303,6 +342,15 @@ func securityGroupGet(d *schema.ResourceData, meta interface{}, name string) err
 								}
 							}
 						}
+						local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal)
+						if ok {
+							if local != nil && !reflect.ValueOf(local).IsNil() {
+								localList := []map[string]interface{}{}
+								localMap := dataSourceSecurityGroupRuleLocalToMap(local)
+								localList = append(localList, localMap)
+								r["local"] = localList
+							}
+						}
 						rules = append(rules, r)
 					}
 				}

diff --git a/ibm/service/vpc/data_source_ibm_is_security_group_rule.go b/ibm/service/vpc/data_source_ibm_is_security_group_rule.go
@@ -104,6 +104,25 @@ func DataSourceIBMIsSecurityGroupRule() *schema.Resource {
 					},
 				},
 			},
+			"local": &schema.Schema{
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules).",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"address": &schema.Schema{
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered.",
+						},
+						"cidr_block": &schema.Schema{
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered.",
+						},
+					},
+				},
+			},
 			"code": &schema.Schema{
 				Type:        schema.TypeInt,
 				Computed:    true,
@@ -173,6 +192,16 @@ func dataSourceIBMIsSecurityGroupRuleRead(context context.Context, d *schema.Res
 					return diag.FromErr(fmt.Errorf("Error setting remote %s", err))
 				}
 			}
+			if securityGroupRule.Local != nil {
+				securityGroupRuleLocal, err := dataSourceSecurityGroupRuleFlattenLocal(securityGroupRule.Local)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf("Error flattening securityGroupRule.Local %s", err))
+				}
+				err = d.Set("local", securityGroupRuleLocal)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf("Error setting local %s", err))
+				}
+			}
 
 		}
 	case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolIcmp":
@@ -202,6 +231,16 @@ func dataSourceIBMIsSecurityGroupRuleRead(context context.Context, d *schema.Res
 					return diag.FromErr(fmt.Errorf("Error setting remote %s", err))
 				}
 			}
+			if securityGroupRule.Local != nil {
+				securityGroupRuleLocal, err := dataSourceSecurityGroupRuleFlattenLocal(securityGroupRule.Local)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf("Error flattening securityGroupRule.Local %s", err))
+				}
+				err = d.Set("local", securityGroupRuleLocal)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf("Error setting local %s", err))
+				}
+			}
 
 			if err = d.Set("code", flex.IntValue(securityGroupRule.Code)); err != nil {
 				return diag.FromErr(fmt.Errorf("Error setting code: %s", err))
@@ -237,6 +276,16 @@ func dataSourceIBMIsSecurityGroupRuleRead(context context.Context, d *schema.Res
 					return diag.FromErr(fmt.Errorf("Error setting remote %s", err))
 				}
 			}
+			if securityGroupRule.Local != nil {
+				securityGroupRuleLocal, err := dataSourceSecurityGroupRuleFlattenLocal(securityGroupRule.Local)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf("Error flattening securityGroupRule.Local %s", err))
+				}
+				err = d.Set("local", securityGroupRuleLocal)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf("Error setting local %s", err))
+				}
+			}
 			if err = d.Set("port_max", flex.IntValue(securityGroupRule.PortMax)); err != nil {
 				return diag.FromErr(fmt.Errorf("Error setting port_max: %s", err))
 			}
@@ -289,6 +338,24 @@ func dataSourceSecurityGroupRuleRemoteToMap(remoteItem *vpcv1.SecurityGroupRuleR
 	return remoteMap
 }
 
+func dataSourceSecurityGroupRuleFlattenLocal(m vpcv1.SecurityGroupRuleLocalIntf) ([]map[string]interface{}, error) {
+	var ruleList []map[string]interface{}
+	ruleMap := dataSourceSecurityGroupRuleLocalToMap(m.(*vpcv1.SecurityGroupRuleLocal))
+	ruleList = append(ruleList, ruleMap)
+	return ruleList, nil
+}
+
+func dataSourceSecurityGroupRuleLocalToMap(localItem *vpcv1.SecurityGroupRuleLocal) (localMap map[string]interface{}) {
+	localMap = map[string]interface{}{}
+	if localItem.Address != nil {
+		localMap["address"] = *localItem.Address
+	}
+	if localItem.CIDRBlock != nil {
+		localMap["cidr_block"] = *localItem.CIDRBlock
+	}
+	return localMap
+}
+
 func dataSourceSecurityGroupRuleRemoteDeletedToMap(deletedItem *vpcv1.SecurityGroupReferenceDeleted) (resultMap map[string]interface{}) {
 	resultMap = map[string]interface{}{}
 

diff --git a/ibm/service/vpc/data_source_ibm_is_security_group_rules.go b/ibm/service/vpc/data_source_ibm_is_security_group_rules.go
@@ -106,6 +106,25 @@ func DataSourceIBMIsSecurityGroupRules() *schema.Resource {
 								},
 							},
 						},
+						"local": &schema.Schema{
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules).",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"address": &schema.Schema{
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered.",
+									},
+									"cidr_block": &schema.Schema{
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered.",
+									},
+								},
+							},
+						},
 						"code": &schema.Schema{
 							Type:        schema.TypeInt,
 							Computed:    true,
@@ -168,6 +187,13 @@ func dataSourceIBMIsSecurityGroupRulesRead(d *schema.ResourceData, meta interfac
 					remoteList = append(remoteList, remoteMap)
 					l["remote"] = remoteList
 				}
+				// nested map for local.
+				if rulex.Local != nil {
+					localList := []map[string]interface{}{}
+					localMap := dataSourceSecurityGroupRuleLocalToMap(rulex.Local.(*vpcv1.SecurityGroupRuleLocal))
+					localList = append(localList, localMap)
+					l["local"] = localList
+				}
 
 			}
 		case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolIcmp":
@@ -177,16 +203,27 @@ func dataSourceIBMIsSecurityGroupRulesRead(d *schema.ResourceData, meta interfac
 				l["href"] = *rulex.Href
 				l["id"] = *rulex.ID
 				l["ip_version"] = *rulex.IPVersion
-				l["code"] = *rulex.Code
+				if rulex.Code != nil {
+					l["code"] = *rulex.Code
+				}
 				l["protocol"] = *rulex.Protocol
-				l["type"] = *rulex.Type
+				if rulex.Type != nil {
+					l["type"] = *rulex.Type
+				}
 				// remote
 				if rulex.Remote != nil {
 					remoteList := []map[string]interface{}{}
 					remoteMap := dataSourceSecurityGroupRuleRemoteToMap(rulex.Remote.(*vpcv1.SecurityGroupRuleRemote))
 					remoteList = append(remoteList, remoteMap)
 					l["remote"] = remoteList
 				}
+				// nested map for local.
+				if rulex.Local != nil {
+					localList := []map[string]interface{}{}
+					localMap := dataSourceSecurityGroupRuleLocalToMap(rulex.Local.(*vpcv1.SecurityGroupRuleLocal))
+					localList = append(localList, localMap)
+					l["local"] = localList
+				}
 			}
 		case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolTcpudp":
 			{
@@ -205,6 +242,13 @@ func dataSourceIBMIsSecurityGroupRulesRead(d *schema.ResourceData, meta interfac
 					remoteList = append(remoteList, remoteMap)
 					l["remote"] = remoteList
 				}
+				// nested map for local.
+				if rulex.Local != nil {
+					localList := []map[string]interface{}{}
+					localMap := dataSourceSecurityGroupRuleLocalToMap(rulex.Local.(*vpcv1.SecurityGroupRuleLocal))
+					localList = append(localList, localMap)
+					l["local"] = localList
+				}
 			}
 		}
 		rulesInfo = append(rulesInfo, l)

diff --git a/ibm/service/vpc/data_source_ibm_is_security_groups.go b/ibm/service/vpc/data_source_ibm_is_security_groups.go
@@ -128,6 +128,25 @@ func DataSourceIBMIsSecurityGroups() *schema.Resource {
 										Computed:    true,
 										Description: "The protocol to enforce.",
 									},
+									"local": &schema.Schema{
+										Type:        schema.TypeList,
+										Computed:    true,
+										Description: "The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules).",
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"address": &schema.Schema{
+													Type:        schema.TypeString,
+													Computed:    true,
+													Description: "The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered.",
+												},
+												"cidr_block": &schema.Schema{
+													Type:        schema.TypeString,
+													Computed:    true,
+													Description: "The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered.",
+												},
+											},
+										},
+									},
 									"remote": &schema.Schema{
 										Type:        schema.TypeList,
 										Computed:    true,
@@ -476,6 +495,12 @@ func dataSourceSecurityGroupCollectionSecurityGroupsRulesToMap(rulesItem vpcv1.S
 				remoteList = append(remoteList, remoteMap)
 				resultMap["remote"] = remoteList
 			}
+			if securityGroupRule.Local != nil {
+				localList := []map[string]interface{}{}
+				localMap := dataSourceSecurityGroupsLocalToMap(*securityGroupRule.Local.(*vpcv1.SecurityGroupRuleLocal))
+				localList = append(localList, localMap)
+				resultMap["local"] = localList
+			}
 		}
 	case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolIcmp":
 		{
@@ -511,6 +536,12 @@ func dataSourceSecurityGroupCollectionSecurityGroupsRulesToMap(rulesItem vpcv1.S
 				remoteList = append(remoteList, remoteMap)
 				resultMap["remote"] = remoteList
 			}
+			if securityGroupRule.Local != nil {
+				localList := []map[string]interface{}{}
+				localMap := dataSourceSecurityGroupsLocalToMap(*securityGroupRule.Local.(*vpcv1.SecurityGroupRuleLocal))
+				localList = append(localList, localMap)
+				resultMap["local"] = localList
+			}
 		}
 	case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolTcpudp":
 		{
@@ -546,6 +577,12 @@ func dataSourceSecurityGroupCollectionSecurityGroupsRulesToMap(rulesItem vpcv1.S
 				remoteList = append(remoteList, remoteMap)
 				resultMap["remote"] = remoteList
 			}
+			if securityGroupRule.Local != nil {
+				localList := []map[string]interface{}{}
+				localMap := dataSourceSecurityGroupsLocalToMap(*securityGroupRule.Local.(*vpcv1.SecurityGroupRuleLocal))
+				localList = append(localList, localMap)
+				resultMap["local"] = localList
+			}
 		}
 	}
 
@@ -703,3 +740,16 @@ func dataSourceSecurityGroupsRemoteToMap(remoteItem vpcv1.SecurityGroupRuleRemot
 	}
 	return remoteMap
 }
+
+func dataSourceSecurityGroupsLocalToMap(localItem vpcv1.SecurityGroupRuleLocal) (localMap map[string]interface{}) {
+	localMap = map[string]interface{}{}
+
+	if localItem.Address != nil {
+		localMap["address"] = *localItem.Address
+	}
+
+	if localItem.CIDRBlock != nil {
+		localMap["cidr_block"] = *localItem.CIDRBlock
+	}
+	return localMap
+}
diff --git a/ibm/service/vpc/resource_ibm_is_lb_listener.go b/ibm/service/vpc/resource_ibm_is_lb_listener.go
@@ -619,7 +619,7 @@ func lbListenerUpdate(d *schema.ResourceData, meta interface{}, lbID, lbListener
 			diag.FromErr(err)
 		}
 		defPool = lbpool
-		loadBalancerListenerPatchModel.DefaultPool = &vpcv1.LoadBalancerPoolIdentity{
+		loadBalancerListenerPatchModel.DefaultPool = &vpcv1.LoadBalancerListenerDefaultPoolPatch{
 			ID: &defPool,
 		}
 		hasChanged = true