Merge pull request #180 in CLOUD/terraform-provider-yandex-mirror fro…

…m CLOUD-53362 to master Squashed commit of the following: commit b8c8bd200ee12b8f8ad6a0021c80139061ae0e9b Author: Alexander Lavrukov <lavrukov@yandex-team.ru> Date: Fri Sep 11 21:14:11 2020 +0300 CLOUD-53362: new security group proto spec
yandex-cloud · Sep 15, 2020 · 92370af · 92370af
1 parent b330409
commit 92370af
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 79 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,7 @@
 ## 0.44.0 (Unreleased)
+ENHANCEMENTS:
+* some changes in security group resource
+
 ## 0.43.0 (August 20, 2020)
 
 FEATURES:

diff --git a/website/docs/d/datasource_vpc_security_group.html.markdown b/website/docs/d/datasource_vpc_security_group.html.markdown
@@ -49,7 +49,7 @@ The `ingress` and `egress` block supports:
 * `id` - Id of the rule.
 * `description` - Description of the rule.
 * `labels` - Labels to assign to this rule.
-* `protocol` - One of `ANY`, `TCP`, `UDP`, `ICMP`, `IPV6_ICMP` or protocol number.
+* `protocol` - One of `ANY`, `TCP`, `UDP`, `ICMP`, `IPV6_ICMP`.
 * `from_port` - Minimum port number.
 * `to_port` - Maximum port number.
 * `port` - Port number (if applied to a single port).

diff --git a/website/docs/r/vpc_security_group.html.markdown b/website/docs/r/vpc_security_group.html.markdown
@@ -46,7 +46,7 @@ resource "yandex_vpc_security_group" "group1" {
   }
 
   egress {
-    protocol       = "27"
+    protocol       = "UDP"
     description    = "rule3 description"
     v4_cidr_blocks = ["10.0.1.0/24"]
     from_port      = 8090
@@ -81,18 +81,16 @@ In addition to the arguments listed above, the following computed attributes are
 
 The `ingress` and `egress` block supports:
 
-* `protocol` (Required) - One of `ANY`, `TCP`, `UDP`, `ICMP`, `IPV6_ICMP` or protocol number..
+* `protocol` (Required) - One of `ANY`, `TCP`, `UDP`, `ICMP`, `IPV6_ICMP`.
 * `description` (Optional) - Description of the rule.
 * `labels` (Optional) - Labels to assign to this rule.
-* `protocol_number` (Optional) - Number of the protocol defined by [IANA](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Values are `0`,`6`,`17`.
 * `from_port` (Optional) - Minimum port number.
 * `to_port` (Optional) - Maximum port number.
 * `port` (Optional) - Port number (if applied to a single port).
 * `v4_cidr_blocks` (Optional) - The blocks of IPv4 addresses for this rule.
 * `v6_cidr_blocks` (Optional) - The blocks of IPv6 addresses for this rule. `v6_cidr_blocks` argument is currently not supported. It will be available in the future.
 
 
-~> **NOTE:** Only one of `protocol_name` or `protocol_number` can be specified. If none of them is set, all protocols are allowed.
 ~> **NOTE:** Either one `port` argument or both `from_port` and `to_port` arguments can be specified.
 
 ## Attributes Reference

diff --git a/yandex/resource_yandex_vpc_security_group.go b/yandex/resource_yandex_vpc_security_group.go
@@ -6,8 +6,6 @@ import (
 	"fmt"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/hashcode"
 	"reflect"
-	"strconv"
-	"strings"
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
@@ -20,8 +18,6 @@ import (
 
 const yandexVPCSecurityGroupDefaultTimeout = 3 * time.Minute
 
-var validProtocols = []string{"ANY", "TCP", "UDP", "ICMP", "IPV6_ICMP"}
-
 func resourceYandexVPCSecurityGroup() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceYandexVPCSecurityGroupCreate,
@@ -103,9 +99,8 @@ func resourceYandexSecurityGroupRule() *schema.Resource {
 	return &schema.Resource{
 		Schema: map[string]*schema.Schema{
 			"protocol": {
-				Type:         schema.TypeString,
-				Required:     true,
-				ValidateFunc: protocolMatch(),
+				Type:     schema.TypeString,
+				Required: true,
 			},
 			"description": {
 				Type:     schema.TypeString,
@@ -496,37 +491,3 @@ func resourceYandexVPCSecurityGroupRuleHash(v interface{}) int {
 
 	return hashcode.String(buf.String())
 }
-
-func getProtocol(i interface{}) (string, int64, error) {
-	v, ok := i.(string)
-	if !ok {
-		return "", -1, fmt.Errorf("expected type to be string")
-	}
-
-	for _, s := range validProtocols {
-		if v == s {
-			if s == "ANY" {
-				return "", 0, nil
-			}
-			return s, -1, nil
-		}
-	}
-
-	if i, err := strconv.ParseInt(v, 10, 64); err == nil {
-		if i < 0 || i > 255 {
-			return "", -1, fmt.Errorf("invalid protocol number: %s", v)
-		}
-		return "", i, nil
-	}
-
-	return "", -1, fmt.Errorf("protocol must be one of %s or number", strings.Join(validProtocols, ","))
-}
-
-func protocolMatch() schema.SchemaValidateFunc {
-	return func(i interface{}, k string) ([]string, []error) {
-		if _, _, err := getProtocol(i); err != nil {
-			return nil, []error{err}
-		}
-		return nil, nil
-	}
-}
diff --git a/yandex/structures.go b/yandex/structures.go
@@ -1504,14 +1504,8 @@ func securityRuleDescriptionToRuleSpec(dir string, v interface{}) (*vpc.Security
 		sr.Description = v
 	}
 
-	if protoName, protoNum, err := getProtocol(res["protocol"]); err == nil {
-		if protoName != "" {
-			sr.SetProtocolName(protoName)
-		} else {
-			sr.SetProtocolNumber(protoNum)
-		}
-	} else {
-		return nil, err
+	if p, ok := res["protocol"].(string); ok {
+		sr.SetProtocolName(p)
 	}
 
 	if v, ok := res["labels"]; ok {
@@ -1867,26 +1861,11 @@ func flattenSecurityGroupRulesSpec(sg []*vpc.SecurityGroupRule) (*schema.Set, *s
 
 	for _, g := range sg {
 		r := make(map[string]interface{})
+
+		r["id"] = g.Id
 		r["description"] = g.GetDescription()
 		r["labels"] = g.GetLabels()
-
-		if g.GetProtocolNumber() == 0 {
-			r["protocol"] = "ANY"
-		} else {
-			found := false
-
-			for _, s := range validProtocols {
-				if g.GetProtocolName() == s {
-					r["protocol"] = s
-					found = true
-					break
-				}
-			}
-
-			if !found {
-				r["protocol"] = fmt.Sprintf("%d", g.GetProtocolNumber())
-			}
-		}
+		r["protocol"] = g.GetProtocolName()
 
 		if g.GetPorts() != nil {
 			if g.GetPorts().FromPort == g.GetPorts().ToPort {
@@ -1908,8 +1887,6 @@ func flattenSecurityGroupRulesSpec(sg []*vpc.SecurityGroupRule) (*schema.Set, *s
 			r["v6_cidr_blocks"] = convertStringArrToInterface(g.GetCidrBlocks().V6CidrBlocks)
 		}
 
-		r["id"] = g.Id
-
 		switch g.GetDirection().String() {
 		case "INGRESS":
 			ingress.Add(r)

diff --git a/yandex/structures_test.go b/yandex/structures_test.go
@@ -1191,8 +1191,8 @@ func TestFlattenRules(t *testing.T) {
 						FromPort: 25,
 						ToPort:   25,
 					},
-					ProtocolName:   "",
-					ProtocolNumber: 0,
+					ProtocolName:   "ANY",
+					ProtocolNumber: -1,
 					Target: &vpc.SecurityGroupRule_CidrBlocks{
 						CidrBlocks: &vpc.CidrBlocks{
 							V4CidrBlocks: []string{"10.0.3.0/24"},
@@ -1211,8 +1211,7 @@ func TestFlattenRules(t *testing.T) {
 						FromPort: 1,
 						ToPort:   65535,
 					},
-					ProtocolName:   "IGP",
-					ProtocolNumber: 9,
+					ProtocolName: "ICMP",
 					Target: &vpc.SecurityGroupRule_CidrBlocks{
 						CidrBlocks: &vpc.CidrBlocks{
 							V4CidrBlocks: []string{"10.0.0.0/24", "10.0.1.0/24"},
@@ -1242,7 +1241,7 @@ func TestFlattenRules(t *testing.T) {
 						"key2": "value2",
 					},
 					"v4_cidr_blocks": []interface{}{"10.0.0.0/24", "10.0.1.0/24"},
-					"protocol":       "9",
+					"protocol":       "ICMP",
 					"port":           int64(-1),
 					"from_port":      int64(1),
 					"to_port":        int64(65535),