Merge pull request #31 from arangodb-managed/oas-3355

oas-3355 | Added remote-inspection-allowed field to IPAllowList

Author: ewoutp

go.mod

@@ -1,7 +1,7 @@
 module github.com/arangodb-managed/terraform-provider-oasis
 
 require (
-	github.com/arangodb-managed/apis v0.69.3
+	github.com/arangodb-managed/apis v0.70.8
 	github.com/arangodb-managed/log-helper v0.2.0
 	github.com/gogo/protobuf v1.3.0
 	github.com/hashicorp/hcl v1.0.0 // indirect

go.sum

@@ -45,8 +45,8 @@ github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFU
 github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
 github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2wFoYVvnCs0=
 github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
-github.com/arangodb-managed/apis v0.69.3 h1:xgY3wtjzuMp9HDwXgmVkc6pA8f8mqpf3uYEqtrbUCUc=
-github.com/arangodb-managed/apis v0.69.3/go.mod h1:dSEV+DTPdZNH06qVqFWA+F0OcaL2ePGEo+odyMaU72Y=
+github.com/arangodb-managed/apis v0.70.8 h1:d6NqlgBdmt3l30kFc5NxyAJULD8wRtZGcrhcuqYFJiI=
+github.com/arangodb-managed/apis v0.70.8/go.mod h1:dSEV+DTPdZNH06qVqFWA+F0OcaL2ePGEo+odyMaU72Y=
 github.com/arangodb-managed/log-helper v0.2.0 h1:QK85i0a+mGM++wK625Oe1z4HuXhvaN3vR/Nunwa1qAA=
 github.com/arangodb-managed/log-helper v0.2.0/go.mod h1:WJogNCCXWM5OQx/ZYvtRo/1zwm/IpKj+f4QVtM8hNJw=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=

pkg/resource_ip_allowlist.go

@@ -1,7 +1,7 @@
 //
 // DISCLAIMER
 //
-// Copyright 2020 ArangoDB GmbH, Cologne, Germany
+// Copyright 2020-2021 ArangoDB GmbH, Cologne, Germany
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@
 // Copyright holder is ArangoDB GmbH, Cologne, Germany
 //
 // Author Gergely Brautigam
+// Author Ewout Prangsma
 //
 
 package pkg
@@ -33,12 +34,13 @@ import (
 
 const (
 	// IP Allowlist fields
-	ipNameFieldName        = "name"
-	ipProjectFieldName     = "project"
-	ipDescriptionFieldName = "description"
-	ipCIDRRangeFieldName   = "cidr_ranges"
-	ipIsDeletedFieldName   = "is_deleted"
-	ipCreatedAtFieldName   = "created_at"
+	ipNameFieldName                    = "name"
+	ipProjectFieldName                 = "project"
+	ipDescriptionFieldName             = "description"
+	ipCIDRRangeFieldName               = "cidr_ranges"
+	ipIsDeletedFieldName               = "is_deleted"
+	ipCreatedAtFieldName               = "created_at"
+	ipRemoteInspectionAllowedFieldName = "remote_inspection_allowed"
 )
 
 // resourceIPAllowlist defines the IPAllowlist terraform resource Schema.
@@ -72,6 +74,11 @@ func resourceIPAllowlist() *schema.Resource {
 				Elem:     &schema.Schema{Type: schema.TypeString},
 			},
 
+			ipRemoteInspectionAllowedFieldName: {
+				Type:     schema.TypeBool,
+				Optional: true,
+			},
+
 			ipIsDeletedFieldName: {
 				Type:     schema.TypeBool,
 				Computed: true,
@@ -112,10 +119,11 @@ func resourceIPAllowlistCreate(d *schema.ResourceData, m interface{}) error {
 // expandToIPAllowlist creates an ip allowlist oasis structure out of a terraform schema.
 func expandToIPAllowlist(d *schema.ResourceData, defaultProject string) (*security.IPAllowlist, error) {
 	var (
-		name        string
-		description string
-		cidrRange   []string
-		err         error
+		name                    string
+		description             string
+		cidrRange               []string
+		remoteInspectionAllowed bool
+		err                     error
 	)
 	if v, ok := d.GetOk(ipNameFieldName); ok {
 		name = v.(string)
@@ -130,6 +138,11 @@ func expandToIPAllowlist(d *schema.ResourceData, defaultProject string) (*securi
 	} else {
 		return nil, fmt.Errorf("failed to parse field %s", ipNameFieldName)
 	}
+	if v, ok := d.GetOk(ipRemoteInspectionAllowedFieldName); ok {
+		remoteInspectionAllowed = v.(bool)
+	} else {
+		return nil, fmt.Errorf("failed to parse field %s", ipRemoteInspectionAllowedFieldName)
+	}
 	project := defaultProject
 	if v, ok := d.GetOk(ipDescriptionFieldName); ok {
 		description = v.(string)
@@ -140,10 +153,11 @@ func expandToIPAllowlist(d *schema.ResourceData, defaultProject string) (*securi
 	}
 
 	return &security.IPAllowlist{
-		Name:        name,
-		Description: description,
-		ProjectId:   project,
-		CidrRanges:  cidrRange,
+		Name:                    name,
+		Description:             description,
+		ProjectId:               project,
+		CidrRanges:              cidrRange,
+		RemoteInspectionAllowed: remoteInspectionAllowed,
 	}, nil
 }
 
@@ -165,12 +179,13 @@ func expandStringList(list []interface{}) ([]string, error) {
 // flattenIPAllowlistResource flattens the ip allowlist data into a map interface for easy storage.
 func flattenIPAllowlistResource(ip *security.IPAllowlist) map[string]interface{} {
 	return map[string]interface{}{
-		ipNameFieldName:        ip.GetName(),
-		ipProjectFieldName:     ip.GetProjectId(),
-		ipDescriptionFieldName: ip.GetDescription(),
-		ipCIDRRangeFieldName:   ip.GetCidrRanges(),
-		ipCreatedAtFieldName:   ip.GetCreatedAt().String(),
-		ipIsDeletedFieldName:   ip.GetIsDeleted(),
+		ipNameFieldName:                    ip.GetName(),
+		ipProjectFieldName:                 ip.GetProjectId(),
+		ipDescriptionFieldName:             ip.GetDescription(),
+		ipCIDRRangeFieldName:               ip.GetCidrRanges(),
+		ipRemoteInspectionAllowedFieldName: ip.GetRemoteInspectionAllowed(),
+		ipCreatedAtFieldName:               ip.GetCreatedAt().String(),
+		ipIsDeletedFieldName:               ip.GetIsDeleted(),
 	}
 }
 
@@ -254,6 +269,9 @@ func resourceIPAllowlistUpdate(d *schema.ResourceData, m interface{}) error {
 		}
 		ipAllowlist.CidrRanges = cidrRange
 	}
+	if d.HasChange(ipRemoteInspectionAllowedFieldName) {
+		ipAllowlist.RemoteInspectionAllowed = d.Get(ipRemoteInspectionAllowedFieldName).(bool)
+	}
 	res, err := securityc.UpdateIPAllowlist(client.ctxWithToken, ipAllowlist)
 	if err != nil {
 		client.log.Error().Err(err).Str("ipallowlist-id", d.Id()).Msg("Failed to update ip allowlist")

pkg/resource_ip_allowlist_test.go

@@ -74,34 +74,37 @@ func TestResourceIPAllowlist(t *testing.T) {
 
 func TestFlattenIPAllowlistResource(t *testing.T) {
 	expected := map[string]interface{}{
-		ipNameFieldName:        "test-name",
-		ipDescriptionFieldName: "test-description",
-		ipCreatedAtFieldName:   "1980-03-03T01:01:01Z",
-		ipProjectFieldName:     "123456789",
-		ipCIDRRangeFieldName:   []string{"1.2.3.4/32", "88.11.0.0/16", "0.0.0.0/0"},
-		ipIsDeletedFieldName:   false,
+		ipNameFieldName:                    "test-name",
+		ipDescriptionFieldName:             "test-description",
+		ipCreatedAtFieldName:               "1980-03-03T01:01:01Z",
+		ipProjectFieldName:                 "123456789",
+		ipCIDRRangeFieldName:               []string{"1.2.3.4/32", "88.11.0.0/16", "0.0.0.0/0"},
+		ipRemoteInspectionAllowedFieldName: true,
+		ipIsDeletedFieldName:               false,
 	}
 
 	created, _ := types.TimestampProto(time.Date(1980, 03, 03, 1, 1, 1, 0, time.UTC))
 	cert := security.IPAllowlist{
-		Name:        "test-name",
-		Description: "test-description",
-		ProjectId:   "123456789",
-		CidrRanges:  []string{"1.2.3.4/32", "88.11.0.0/16", "0.0.0.0/0"},
-		CreatedAt:   created,
-		IsDeleted:   false,
+		Name:                    "test-name",
+		Description:             "test-description",
+		ProjectId:               "123456789",
+		CidrRanges:              []string{"1.2.3.4/32", "88.11.0.0/16", "0.0.0.0/0"},
+		RemoteInspectionAllowed: true,
+		CreatedAt:               created,
+		IsDeleted:               false,
 	}
 	got := flattenIPAllowlistResource(&cert)
 	assert.Equal(t, expected, got)
 }
 
 func TestExpandingIPAllowlistResource(t *testing.T) {
 	raw := map[string]interface{}{
-		ipNameFieldName:        "test-name",
-		ipDescriptionFieldName: "test-description",
-		ipProjectFieldName:     "123456789",
-		ipCIDRRangeFieldName:   []interface{}{"1.2.3.4/32", "88.11.0.0/16", "0.0.0.0/0"},
-		ipIsDeletedFieldName:   false,
+		ipNameFieldName:                    "test-name",
+		ipDescriptionFieldName:             "test-description",
+		ipProjectFieldName:                 "123456789",
+		ipCIDRRangeFieldName:               []interface{}{"1.2.3.4/32", "88.11.0.0/16", "0.0.0.0/0"},
+		ipRemoteInspectionAllowedFieldName: true,
+		ipIsDeletedFieldName:               false,
 	}
 	cidrRange, err := expandStringList(raw[ipCIDRRangeFieldName].([]interface{}))
 	assert.NoError(t, err)
@@ -113,6 +116,7 @@ func TestExpandingIPAllowlistResource(t *testing.T) {
 	assert.Equal(t, raw[ipDescriptionFieldName], allowlist.GetDescription())
 	assert.Equal(t, raw[ipIsDeletedFieldName], allowlist.GetIsDeleted())
 	assert.Equal(t, raw[ipProjectFieldName], allowlist.GetProjectId())
+	assert.Equal(t, raw[ipRemoteInspectionAllowedFieldName], allowlist.GetRemoteInspectionAllowed())
 	assert.Equal(t, cidrRange, allowlist.GetCidrRanges())
 }