Skip to content

Commit

Permalink
feat(elb): import elb resource and add unit test and docs (#1045)
Browse files Browse the repository at this point in the history
  • Loading branch information
Zhukun-Huawei authored Dec 25, 2023
1 parent 1be36a6 commit 51799d6
Showing 3 changed files with 202 additions and 1 deletion.
74 changes: 74 additions & 0 deletions docs/resources/lb_security_policy_v3.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
---
subcategory: "Dedicated Load Balance (Dedicated ELB)"
---

# flexibleengine_lb_security_policy_v3

Manages an ELB security policy resource within Flexibleengine.

## Example Usage

```hcl
resource "flexibleengine_lb_security_policy_v3" "test" {
name = "security_policy_test"
description = "this is a security policy"
protocols = ["TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"]
ciphers = ["ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES128-SHA", "TLS_AES_128_CCM_8_SHA256"]
}
```

## Argument Reference

The following arguments are supported:

* `region` - (Optional, String, ForceNew) Specifies the region in which to create the resource.
If omitted, the provider-level region will be used. Changing this parameter will create a new resource.

* `protocols` - (Required, List) Specifies the TSL protocol list which the security policy select.
Value options: **TLSv1**, **TLSv1.1**, **TLSv1.2**, and **TLSv1.3**.

* `ciphers` - (Required, List) Specifies the cipher suite list of the security policy.
The protocol and cipher suite must match. That is to say, there must be at least one cipher suite in
ciphers that matches the protocol. The following cipher suites are supported:
**ECDHE-RSA-AES256-GCM-SHA384**, **ECDHE-RSA-AES128-GCM-SHA256**, **ECDHE-ECDSA-AES256-GCM-SHA384**,
**ECDHE-ECDSA-AES128-GCM-SHA256**, **AES128-GCM-SHA256**, **AES256-GCM-SHA384**, **ECDHE-ECDSA-AES128-SHA256**,
**ECDHE-RSA-AES128-SHA256**, **AES128-SHA256**, **AES256-SHA256**, **ECDHE-ECDSA-AES256-SHA384**,
**ECDHE-RSA-AES256-SHA384**, **ECDHE-ECDSA-AES128-SHA**, **ECDHE-RSA-AES128-SHA**, **ECDHE-RSA-AES256-SHA**,
**ECDHE-ECDSA-AES256-SHA**, **AES128-SHA**, **AES256-SHA**, **CAMELLIA128-SHA**, **DES-CBC3-SHA**,
**CAMELLIA256-SHA**, **ECDHE-RSA-CHACHA20-POLY1305**, **ECDHE-ECDSA-CHACHA20-POLY1305**, **TLS_AES_128_GCM_SHA256**,
**TLS_AES_256_GCM_SHA384**, **TLS_CHACHA20_POLY1305_SHA256**, **TLS_AES_128_CCM_SHA256**,
**TLS_AES_128_CCM_8_SHA256**.

* `name` - (Optional, String) Specifies the ELB security policy name.
The name contains only Chinese characters, letters, digits, underscores (_), and hyphens (-),
and cannot exceed 255 characters.

* `description` - (Optional, String) Specifies the description of the ELB security policy.
The value can contain 0 to 255 characters.

* `enterprise_project_id` - (Optional, String, ForceNew) Specifies the enterprise project ID to which the Enterprise
router belongs.

Changing this parameter will create a new resource.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - The resource ID.

* `listeners` - The listener which the security policy associated with.
The [listeners](#elb_listeners) structure is documented below.

<a name="elb_listeners"></a>
The `listeners` block supports:

* `id` - The listener id.

## Import

The elb security policies can be imported using the `id`, e.g.

```bash
terraform import flexibleengine_lb_security_policy_v3.test 0ce123456a00f2591fabc00385ff1234
```
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
package acceptance

import (
"fmt"
"strings"
"testing"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"

"github.com/chnsz/golangsdk"

"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config"
"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/utils"
)

func getSecurityPoliciesV3ResourceFunc(cfg *config.Config, state *terraform.ResourceState) (interface{}, error) {
region := OS_REGION_NAME
// getSecurityPolicy: Query the ELB security policy
var (
getSecurityPolicyHttpUrl = "v3/{project_id}/elb/security-policies/{security_policy_id}"
getSecurityPolicyProduct = "elb"
)
getSecurityPolicyClient, err := cfg.NewServiceClient(getSecurityPolicyProduct, region)
if err != nil {
return nil, fmt.Errorf("error creating SecurityPolicies Client: %s", err)
}

getSecurityPolicyPath := getSecurityPolicyClient.Endpoint + getSecurityPolicyHttpUrl
getSecurityPolicyPath = strings.ReplaceAll(getSecurityPolicyPath, "{project_id}", getSecurityPolicyClient.ProjectID)
getSecurityPolicyPath = strings.ReplaceAll(getSecurityPolicyPath, "{security_policy_id}", fmt.Sprintf("%v", state.Primary.ID))

getSecurityPolicyOpt := golangsdk.RequestOpts{
KeepResponseBody: true,
OkCodes: []int{
200,
},
}
getSecurityPolicyResp, err := getSecurityPolicyClient.Request("GET", getSecurityPolicyPath, &getSecurityPolicyOpt)
if err != nil {
return nil, fmt.Errorf("error retrieving SecurityPolicies: %s", err)
}
return utils.FlattenResponse(getSecurityPolicyResp)
}

func TestAccSecurityPoliciesV3_basic(t *testing.T) {
var obj interface{}

name := acceptance.RandomAccResourceName()
rName := "flexibleengine_lb_security_policy_v3.test"

rc := acceptance.InitResourceCheck(
rName,
&obj,
getSecurityPoliciesV3ResourceFunc,
)

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
ProviderFactories: TestAccProviderFactories,
CheckDestroy: rc.CheckResourceDestroy(),
Steps: []resource.TestStep{
{
Config: testSecurityPoliciesV3_basic(name),
Check: resource.ComposeTestCheckFunc(
rc.CheckResourceExists(),
resource.TestCheckResourceAttr(rName, "protocols.0", "TLSv1"),
resource.TestCheckResourceAttr(rName, "protocols.1", "TLSv1.1"),
resource.TestCheckResourceAttr(rName, "ciphers.0", "ECDHE-RSA-AES256-GCM-SHA384"),
resource.TestCheckResourceAttr(rName, "ciphers.1", "ECDHE-ECDSA-AES128-SHA"),
),
},
{
Config: testSecurityPoliciesV3_basic_update(name),
Check: resource.ComposeTestCheckFunc(
rc.CheckResourceExists(),
resource.TestCheckResourceAttr(rName, "protocols.0", "TLSv1.2"),
resource.TestCheckResourceAttr(rName, "ciphers.0", "ECDHE-ECDSA-AES128-SHA"),
resource.TestCheckResourceAttr(rName, "name", name),
),
},
{
ResourceName: rName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func testSecurityPoliciesV3_basic(name string) string {
return fmt.Sprintf(`
resource "flexibleengine_lb_security_policy_v3" "test" {
protocols = [
"TLSv1",
"TLSv1.1",
"TLSv1.2",
"TLSv1.3",
]
ciphers = [
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES128-SHA",
"TLS_AES_128_CCM_8_SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
]
name = "%s"
}
`, name)
}

func testSecurityPoliciesV3_basic_update(name string) string {
return fmt.Sprintf(`
resource "flexibleengine_lb_security_policy_v3" "test" {
protocols = [
"TLSv1.2",
]
ciphers = [
"ECDHE-ECDSA-AES128-SHA"
]
name = "%s"
}
`, name)
}
5 changes: 4 additions & 1 deletion flexibleengine/provider.go
Original file line number Diff line number Diff line change
@@ -555,7 +555,8 @@ func Provider() *schema.Provider {
"flexibleengine_dli_table": dli.ResourceDliTable(),
"flexibleengine_dli_template_flink": dli.ResourceFlinkTemplate(),

"flexibleengine_drs_job": drs.ResourceDrsJob(),
"flexibleengine_drs_job": drs.ResourceDrsJob(),

"flexibleengine_fgs_dependency": fgs.ResourceFgsDependency(),
"flexibleengine_fgs_function": fgs.ResourceFgsFunctionV2(),
"flexibleengine_fgs_trigger": fgs.ResourceFunctionGraphTrigger(),
@@ -572,6 +573,8 @@ func Provider() *schema.Provider {

"flexibleengine_kms_grant": dew.ResourceKmsGrant(),

"flexibleengine_lb_security_policy_v3": elb.ResourceSecurityPolicy(),

"flexibleengine_nat_private_dnat_rule": nat.ResourcePrivateDnatRule(),
"flexibleengine_nat_private_gateway": nat.ResourcePrivateGateway(),
"flexibleengine_nat_private_snat_rule": nat.ResourcePrivateSnatRule(),

0 comments on commit 51799d6

Please sign in to comment.