-
Notifications
You must be signed in to change notification settings - Fork 53
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(elb): import elb resource and add unit test and docs
- Loading branch information
1 parent
b2fa237
commit 52df6be
Showing
4 changed files
with
200 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
--- | ||
subcategory: "Dedicated Load Balance (Dedicated ELB)" | ||
--- | ||
|
||
# flexibleengine_lb_security_policy_v3 | ||
|
||
Manages an ELB security policy resource within Flexibleengine. | ||
|
||
## Example Usage | ||
|
||
```hcl | ||
resource "flexibleengine_lb_security_policy_v3" "test" { | ||
name = "security_policy_test" | ||
description = "this is a security policy" | ||
protocols = ["TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"] | ||
ciphers = ["ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256"] | ||
} | ||
``` | ||
|
||
## Argument Reference | ||
|
||
The following arguments are supported: | ||
|
||
* `region` - (Optional, String, ForceNew) Specifies the region in which to create the resource. | ||
If omitted, the provider-level region will be used. Changing this parameter will create a new resource. | ||
|
||
* `protocols` - (Required, List) Specifies the TSL protocol list which the security policy select. | ||
Value options: **TLSv1**, **TLSv1.1**, **TLSv1.2**, and **TLSv1.3**. | ||
|
||
* `ciphers` - (Required, List) Specifies the cipher suite list of the security policy. | ||
The protocol and cipher suite must match. That is to say, there must be at least one cipher suite in | ||
ciphers that matches the protocol. The following cipher suites are supported: | ||
**ECDHE-RSA-AES256-GCM-SHA384**, **ECDHE-RSA-AES128-GCM-SHA256**, **ECDHE-ECDSA-AES256-GCM-SHA384**, | ||
**ECDHE-ECDSA-AES128-GCM-SHA256**, **AES128-GCM-SHA256**, **AES256-GCM-SHA384**, **ECDHE-ECDSA-AES128-SHA256**, | ||
**ECDHE-RSA-AES128-SHA256**, **AES128-SHA256**, **AES256-SHA256**, **ECDHE-ECDSA-AES256-SHA384**, | ||
**ECDHE-RSA-AES256-SHA384**, **ECDHE-ECDSA-AES128-SHA**, **ECDHE-RSA-AES128-SHA**, **ECDHE-RSA-AES256-SHA**, | ||
**ECDHE-ECDSA-AES256-SHA**, **AES128-SHA**, **AES256-SHA**, **CAMELLIA128-SHA**, **DES-CBC3-SHA**, | ||
**CAMELLIA256-SHA**, **ECDHE-RSA-CHACHA20-POLY1305**, **ECDHE-ECDSA-CHACHA20-POLY1305**, **TLS_AES_128_GCM_SHA256**, | ||
**TLS_AES_256_GCM_SHA384**, **TLS_CHACHA20_POLY1305_SHA256**, **TLS_AES_128_CCM_SHA256**, | ||
**TLS_AES_128_CCM_8_SHA256**. | ||
|
||
* `name` - (Optional, String) Specifies the ELB security policy name. | ||
The name contains only Chinese characters, letters, digits, underscores (_), and hyphens (-), | ||
and cannot exceed 255 characters. | ||
|
||
* `description` - (Optional, String) Specifies the description of the ELB security policy. | ||
The value can contain 0 to 255 characters. | ||
|
||
* `enterprise_project_id` - (Optional, String, ForceNew) Specifies the enterprise project ID to which the Enterprise | ||
router belongs. | ||
|
||
Changing this parameter will create a new resource. | ||
|
||
## Attribute Reference | ||
|
||
In addition to all arguments above, the following attributes are exported: | ||
|
||
* `id` - The resource ID. | ||
|
||
* `listeners` - The listener which the security policy associated with. | ||
The [listeners](#elb_listeners) structure is documented below. | ||
|
||
<a name="elb_listeners"></a> | ||
The `listeners` block supports: | ||
|
||
* `id` - The listener id. | ||
|
||
## Import | ||
|
||
The elb security policies can be imported using the `id`, e.g. | ||
|
||
```bash | ||
terraform import flexibleengine_lb_security_policy_v3.test 0ce123456a00f2591fabc00385ff1234 | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
122 changes: 122 additions & 0 deletions
122
flexibleengine/acceptance/resource_flexibleengine_lb_security_policy_v3_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
package acceptance | ||
|
||
import ( | ||
"fmt" | ||
"strings" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform" | ||
|
||
"github.com/chnsz/golangsdk" | ||
|
||
"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config" | ||
"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance" | ||
"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/utils" | ||
) | ||
|
||
func getSecurityPoliciesV3ResourceFunc(cfg *config.Config, state *terraform.ResourceState) (interface{}, error) { | ||
region := OS_REGION_NAME | ||
// getSecurityPolicy: Query the ELB security policy | ||
var ( | ||
getSecurityPolicyHttpUrl = "v3/{project_id}/elb/security-policies/{security_policy_id}" | ||
getSecurityPolicyProduct = "elb" | ||
) | ||
getSecurityPolicyClient, err := cfg.NewServiceClient(getSecurityPolicyProduct, region) | ||
if err != nil { | ||
return nil, fmt.Errorf("error creating SecurityPolicies Client: %s", err) | ||
} | ||
|
||
getSecurityPolicyPath := getSecurityPolicyClient.Endpoint + getSecurityPolicyHttpUrl | ||
getSecurityPolicyPath = strings.ReplaceAll(getSecurityPolicyPath, "{project_id}", getSecurityPolicyClient.ProjectID) | ||
getSecurityPolicyPath = strings.ReplaceAll(getSecurityPolicyPath, "{security_policy_id}", fmt.Sprintf("%v", state.Primary.ID)) | ||
|
||
getSecurityPolicyOpt := golangsdk.RequestOpts{ | ||
KeepResponseBody: true, | ||
OkCodes: []int{ | ||
200, | ||
}, | ||
} | ||
getSecurityPolicyResp, err := getSecurityPolicyClient.Request("GET", getSecurityPolicyPath, &getSecurityPolicyOpt) | ||
if err != nil { | ||
return nil, fmt.Errorf("error retrieving SecurityPolicies: %s", err) | ||
} | ||
return utils.FlattenResponse(getSecurityPolicyResp) | ||
} | ||
|
||
func TestAccSecurityPoliciesV3_basic(t *testing.T) { | ||
var obj interface{} | ||
|
||
name := acceptance.RandomAccResourceName() | ||
rName := "flexibleengine_lb_security_policy_v3.test" | ||
|
||
rc := acceptance.InitResourceCheck( | ||
rName, | ||
&obj, | ||
getSecurityPoliciesV3ResourceFunc, | ||
) | ||
|
||
resource.ParallelTest(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
ProviderFactories: TestAccProviderFactories, | ||
CheckDestroy: rc.CheckResourceDestroy(), | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testSecurityPoliciesV3_basic(name), | ||
Check: resource.ComposeTestCheckFunc( | ||
rc.CheckResourceExists(), | ||
resource.TestCheckResourceAttr(rName, "protocols.0", "TLSv1.1"), | ||
resource.TestCheckResourceAttr(rName, "protocols.1", "TLSv1.2"), | ||
resource.TestCheckResourceAttr(rName, "ciphers.0", "ECDHE-RSA-AES256-GCM-SHA384"), | ||
resource.TestCheckResourceAttr(rName, "ciphers.1", "ECDHE-ECDSA-AES128-SHA"), | ||
), | ||
}, | ||
{ | ||
Config: testSecurityPoliciesV3_basic_update(name), | ||
Check: resource.ComposeTestCheckFunc( | ||
rc.CheckResourceExists(), | ||
resource.TestCheckResourceAttr(rName, "protocols.0", "TLSv1.2"), | ||
resource.TestCheckResourceAttr(rName, "ciphers.0", "ECDHE-ECDSA-AES128-SHA"), | ||
resource.TestCheckResourceAttr(rName, "name", name), | ||
), | ||
}, | ||
{ | ||
ResourceName: rName, | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testSecurityPoliciesV3_basic(name string) string { | ||
return fmt.Sprintf(` | ||
resource "flexibleengine_lb_security_policy_v3" "test" { | ||
protocols = [ | ||
"TLSv1.1", | ||
"TLSv1.2", | ||
"TLSv1.3", | ||
] | ||
ciphers = [ | ||
"ECDHE-RSA-AES256-GCM-SHA384", | ||
"ECDHE-ECDSA-AES128-SHA", | ||
"TLS_AES_128_CCM_8_SHA256", | ||
] | ||
name = "%s" | ||
} | ||
`, name) | ||
} | ||
|
||
func testSecurityPoliciesV3_basic_update(name string) string { | ||
return fmt.Sprintf(` | ||
resource "flexibleengine_lb_security_policy_v3" "test" { | ||
protocols = [ | ||
"TLSv1.2", | ||
] | ||
ciphers = [ | ||
"ECDHE-ECDSA-AES128-SHA" | ||
] | ||
name = "%s" | ||
} | ||
`, name) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters