From 9dc7606e55f96e6176a66da3ac51d552dc59c610 Mon Sep 17 00:00:00 2001 From: zhenwan Date: Fri, 17 Jun 2022 22:03:08 -0500 Subject: [PATCH 1/8] CBR: Terraform Provider update for rule Enforcement-mode support Terraform: Rule Enforcement Mode Support https://github.ibm.com/IAM/cbr-issues/issues/113 --- .../ibm-context-based-restrictions/README.md | 14 +- .../ibm-context-based-restrictions/main.tf | 6 + .../variables.tf | 8 + ibm/conns/config.go | 6 +- .../data_source_ibm_cbr_rule.go | 245 ++++--- .../data_source_ibm_cbr_rule_test.go | 43 +- .../data_source_ibm_cbr_zone.go | 276 ++++---- .../data_source_ibm_cbr_zone_test.go | 21 +- .../resource_ibm_cbr_rule.go | 515 +++++++------- .../resource_ibm_cbr_rule_test.go | 57 +- .../resource_ibm_cbr_zone.go | 628 +++++++++--------- .../resource_ibm_cbr_zone_test.go | 42 +- website/docs/d/cbr_rule.html.markdown | 109 +-- website/docs/d/cbr_zone.html.markdown | 108 +-- website/docs/r/cbr_rule.html.markdown | 149 +++-- website/docs/r/cbr_zone.html.markdown | 156 +++-- 16 files changed, 1342 insertions(+), 1041 deletions(-) diff --git a/examples/ibm-context-based-restrictions/README.md b/examples/ibm-context-based-restrictions/README.md index 24b51669502..5d41545e093 100644 --- a/examples/ibm-context-based-restrictions/README.md +++ b/examples/ibm-context-based-restrictions/README.md @@ -27,6 +27,7 @@ cbr_zone resource: ```hcl resource "cbr_zone" "cbr_zone_instance" { name = var.cbr_zone_name + account_id = var.cbr_zone_account_id description = var.cbr_zone_description addresses = var.cbr_zone_addresses excluded = var.cbr_zone_excluded @@ -39,6 +40,7 @@ resource "cbr_rule" "cbr_rule_instance" { description = var.cbr_rule_description contexts = var.cbr_rule_contexts resources = var.cbr_rule_resources + enforcement_mode = var.cbr_rule_enforcement_mode } ``` @@ -59,14 +61,6 @@ data "cbr_rule" "cbr_rule_instance" { } ``` -## Assumptions - -1. TODO - -## Notes - -1. TODO - ## Requirements | Name | Version | @@ -85,12 +79,14 @@ data "cbr_rule" "cbr_rule_instance" { |------|-------------|------|---------| | ibmcloud\_api\_key | IBM Cloud API key | `string` | true | | name | The name of the zone. | `string` | false | +| account_id | The id of the account owning this zone. | `string` | false | | description | The description of the zone. | `string` | false | | addresses | The list of addresses in the zone. | `list()` | false | -| excluded | The list of excluded addresses in the zone. | `list()` | false | +| excluded | The list of excluded addresses in the zone. Only addresses of type `ipAddress`, `ipRange`, and `subnet` can be excluded. | `list()` | false | | description | The description of the rule. | `string` | false | | contexts | The contexts this rule applies to. | `list()` | false | | resources | The resources this rule apply to. | `list()` | false | +| enforcement_mode | The rule enforcement mode: * `enabled` - The restrictions are enforced and reported. This is the default. * `disabled` - The restrictions are disabled. Nothing is enforced or reported. * `report` - The restrictions are evaluated and reported, but not enforced. | `string` | false | | zone_id | The ID of a zone. | `string` | true | | rule_id | The ID of a rule. | `string` | true | diff --git a/examples/ibm-context-based-restrictions/main.tf b/examples/ibm-context-based-restrictions/main.tf index cd4ec585ea9..a5873fbd78b 100644 --- a/examples/ibm-context-based-restrictions/main.tf +++ b/examples/ibm-context-based-restrictions/main.tf @@ -5,6 +5,7 @@ provider "ibm" { // Provision cbr_zone resource instance resource "ibm_cbr_zone" "cbr_zone_instance" { name = "A terraform example of network zone" + account_id = var.ibmcloud_account_id description = "A terraform example of network zone" addresses { type = "ipAddress" @@ -30,6 +31,10 @@ resource "ibm_cbr_rule" "cbr_rule_instance" { } } resources { + attributes { + name = "accountId" + value = var.ibmcloud_account_id + } attributes { name = "serviceName" value = "network-policy-enabled" @@ -39,6 +44,7 @@ resource "ibm_cbr_rule" "cbr_rule_instance" { value = "tag_value" } } + enforcement_mode = "disabled" } // Create cbr_zone data source diff --git a/examples/ibm-context-based-restrictions/variables.tf b/examples/ibm-context-based-restrictions/variables.tf index c745e3c35fa..c19bacbc1dd 100644 --- a/examples/ibm-context-based-restrictions/variables.tf +++ b/examples/ibm-context-based-restrictions/variables.tf @@ -36,3 +36,11 @@ variable "cbr_rule_rule_id" { type = string default = "07bca38c06db1a6e125d9738c701f2c1" } + + +// IBM cloud account ID +variable "ibmcloud_account_id" { + description = "Account ID for rule / zone" + type = string + default = "82cbc8dcd1ab4112b7272b410ac9965c" +} \ No newline at end of file diff --git a/ibm/conns/config.go b/ibm/conns/config.go index dffb5d0e3f8..0bd2b657911 100644 --- a/ibm/conns/config.go +++ b/ibm/conns/config.go @@ -62,7 +62,9 @@ import ( "github.com/IBM/platform-services-go-sdk/atrackerv1" "github.com/IBM/platform-services-go-sdk/atrackerv2" "github.com/IBM/platform-services-go-sdk/catalogmanagementv1" - "github.com/IBM/platform-services-go-sdk/contextbasedrestrictionsv1" + //"github.com/IBM/platform-services-go-sdk/contextbasedrestrictionsv1" + "github.com/IBM-Cloud/terraform-provider-ibm/contextbasedrestrictionsv1" + "github.com/IBM/platform-services-go-sdk/enterprisemanagementv1" "github.com/IBM/platform-services-go-sdk/globaltaggingv1" iamaccessgroups "github.com/IBM/platform-services-go-sdk/iamaccessgroupsv2" @@ -1454,7 +1456,7 @@ func (c *Config) ClientSession() (interface{}, error) { if fileMap != nil && c.Visibility != "public-and-private" { cbrURL = fileFallBack(fileMap, c.Visibility, "IBMCLOUD_CONTEXT_BASED_RESTRICTIONS_ENDPOINT", c.Region, cbrURL) } - contextBasedRestrictionsClientOptions := &contextbasedrestrictionsv1.Options{ + contextBasedRestrictionsClientOptions := &contextbasedrestrictionsv1.ContextBasedRestrictionsV1Options{ Authenticator: authenticator, URL: EnvFallBack([]string{"IBMCLOUD_CONTEXT_BASED_RESTRICTIONS_ENDPOINT"}, cbrURL), } diff --git a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule.go b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule.go index fe73b8316ce..93bb712b5f6 100644 --- a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule.go +++ b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule.go @@ -1,4 +1,4 @@ -// Copyright IBM Corp. 2021 All Rights Reserved. +// Copyright IBM Corp. 2022 All Rights Reserved. // Licensed under the Mozilla Public License v2.0 package contextbasedrestrictions @@ -18,42 +18,47 @@ import ( func DataSourceIBMCbrRule() *schema.Resource { return &schema.Resource{ - ReadContext: dataSourceIBMCbrRuleRead, + ReadContext: DataSourceIBMCbrRuleRead, Schema: map[string]*schema.Schema{ - "rule_id": { + "rule_id": &schema.Schema{ Type: schema.TypeString, Required: true, Description: "The ID of a rule.", }, - "crn": { + "id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The globally unique ID of the rule.", + }, + "crn": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The rule CRN.", }, - "description": { + "description": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The description of the rule.", }, - "contexts": { + "contexts": &schema.Schema{ Type: schema.TypeList, Computed: true, Description: "The contexts this rule applies to.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "attributes": { + "attributes": &schema.Schema{ Type: schema.TypeList, Computed: true, Description: "The attributes.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "name": { + "name": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The attribute name.", }, - "value": { + "value": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The attribute value.", @@ -64,29 +69,29 @@ func DataSourceIBMCbrRule() *schema.Resource { }, }, }, - "resources": { + "resources": &schema.Schema{ Type: schema.TypeList, Computed: true, Description: "The resources this rule apply to.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "attributes": { + "attributes": &schema.Schema{ Type: schema.TypeList, Computed: true, Description: "The resource attributes.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "name": { + "name": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The attribute name.", }, - "value": { + "value": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The attribute value.", }, - "operator": { + "operator": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The attribute operator.", @@ -94,23 +99,23 @@ func DataSourceIBMCbrRule() *schema.Resource { }, }, }, - "tags": { + "tags": &schema.Schema{ Type: schema.TypeList, Computed: true, Description: "The optional resource tags.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "name": { + "name": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The tag attribute name.", }, - "value": { + "value": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The tag attribute value.", }, - "operator": { + "operator": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The attribute operator.", @@ -121,27 +126,32 @@ func DataSourceIBMCbrRule() *schema.Resource { }, }, }, - "href": { + "enforcement_mode": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + Description: "The rule enforcement mode: * `enabled` - The restrictions are enforced and reported. This is the default. * `disabled` - The restrictions are disabled. Nothing is enforced or reported. * `report` - The restrictions are evaluated and reported, but not enforced.", + }, + "href": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The href link to the resource.", }, - "created_at": { + "created_at": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The time the resource was created.", }, - "created_by_id": { + "created_by_id": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "IAM ID of the user or service which created the resource.", }, - "last_modified_at": { + "last_modified_at": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The last time the resource was modified.", }, - "last_modified_by_id": { + "last_modified_by_id": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "IAM ID of the user or service which modified the resource.", @@ -150,7 +160,7 @@ func DataSourceIBMCbrRule() *schema.Resource { } } -func dataSourceIBMCbrRuleRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { +func DataSourceIBMCbrRuleRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { contextBasedRestrictionsClient, err := meta.(conns.ClientSession).ContextBasedRestrictionsV1() if err != nil { return diag.FromErr(err) @@ -166,138 +176,153 @@ func dataSourceIBMCbrRuleRead(context context.Context, d *schema.ResourceData, m return diag.FromErr(fmt.Errorf("GetRuleWithContext failed %s\n%s", err, response)) } - d.SetId(*getRuleOptions.RuleID) + d.SetId(fmt.Sprintf("%s", *getRuleOptions.RuleID)) + + if err = d.Set("id", rule.ID); err != nil { + return diag.FromErr(fmt.Errorf("Error setting id: %s", err)) + } + if err = d.Set("crn", rule.CRN); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting crn: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) } + if err = d.Set("description", rule.Description); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting description: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) } + contexts := []map[string]interface{}{} if rule.Contexts != nil { - err = d.Set("contexts", dataSourceRuleFlattenContexts(rule.Contexts)) - if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting contexts %s", err)) + for _, modelItem := range rule.Contexts { + modelMap, err := DataSourceIBMCbrRuleRuleContextToMap(&modelItem) + if err != nil { + return diag.FromErr(err) + } + contexts = append(contexts, modelMap) } } + if err = d.Set("contexts", contexts); err != nil { + return diag.FromErr(fmt.Errorf("Error setting contexts %s", err)) + } + resources := []map[string]interface{}{} if rule.Resources != nil { - err = d.Set("resources", dataSourceRuleFlattenResources(rule.Resources)) - if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting resources %s", err)) + for _, modelItem := range rule.Resources { + modelMap, err := DataSourceIBMCbrRuleResourceToMap(&modelItem) + if err != nil { + return diag.FromErr(err) + } + resources = append(resources, modelMap) } } + if err = d.Set("resources", resources); err != nil { + return diag.FromErr(fmt.Errorf("Error setting resources %s", err)) + } + + if err = d.Set("enforcement_mode", rule.EnforcementMode); err != nil { + return diag.FromErr(fmt.Errorf("Error setting enforcement_mode: %s", err)) + } + if err = d.Set("href", rule.Href); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting href: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting href: %s", err)) } + if err = d.Set("created_at", flex.DateTimeToString(rule.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting created_at: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) } + if err = d.Set("created_by_id", rule.CreatedByID); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting created_by_id: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting created_by_id: %s", err)) } + if err = d.Set("last_modified_at", flex.DateTimeToString(rule.LastModifiedAt)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting last_modified_at: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting last_modified_at: %s", err)) } + if err = d.Set("last_modified_by_id", rule.LastModifiedByID); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting last_modified_by_id: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting last_modified_by_id: %s", err)) } return nil } -func dataSourceRuleFlattenContexts(result []contextbasedrestrictionsv1.RuleContext) (contexts []map[string]interface{}) { - for _, contextsItem := range result { - contexts = append(contexts, dataSourceRuleContextsToMap(contextsItem)) - } - - return contexts -} - -func dataSourceRuleContextsToMap(contextsItem contextbasedrestrictionsv1.RuleContext) (contextsMap map[string]interface{}) { - contextsMap = map[string]interface{}{} - - if contextsItem.Attributes != nil { - attributesList := []map[string]interface{}{} - for _, attributesItem := range contextsItem.Attributes { - attributesList = append(attributesList, dataSourceRuleContextsAttributesToMap(attributesItem)) +func DataSourceIBMCbrRuleRuleContextToMap(model *contextbasedrestrictionsv1.RuleContext) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.Attributes != nil { + attributes := []map[string]interface{}{} + for _, attributesItem := range model.Attributes { + attributesItemMap, err := DataSourceIBMCbrRuleRuleContextAttributeToMap(&attributesItem) + if err != nil { + return modelMap, err + } + attributes = append(attributes, attributesItemMap) } - contextsMap["attributes"] = attributesList + modelMap["attributes"] = attributes } - - return contextsMap + return modelMap, nil } -func dataSourceRuleContextsAttributesToMap(attributesItem contextbasedrestrictionsv1.RuleContextAttribute) (attributesMap map[string]interface{}) { - attributesMap = map[string]interface{}{} - - if attributesItem.Name != nil { - attributesMap["name"] = attributesItem.Name +func DataSourceIBMCbrRuleRuleContextAttributeToMap(model *contextbasedrestrictionsv1.RuleContextAttribute) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.Name != nil { + modelMap["name"] = *model.Name } - if attributesItem.Value != nil { - attributesMap["value"] = attributesItem.Value - } - - return attributesMap -} - -func dataSourceRuleFlattenResources(result []contextbasedrestrictionsv1.Resource) (resources []map[string]interface{}) { - for _, resourcesItem := range result { - resources = append(resources, dataSourceRuleResourcesToMap(resourcesItem)) + if model.Value != nil { + modelMap["value"] = *model.Value } - - return resources + return modelMap, nil } -func dataSourceRuleResourcesToMap(resourcesItem contextbasedrestrictionsv1.Resource) (resourcesMap map[string]interface{}) { - resourcesMap = map[string]interface{}{} - - if resourcesItem.Attributes != nil { - attributesList := []map[string]interface{}{} - for _, attributesItem := range resourcesItem.Attributes { - attributesList = append(attributesList, dataSourceRuleResourcesAttributesToMap(attributesItem)) +func DataSourceIBMCbrRuleResourceToMap(model *contextbasedrestrictionsv1.Resource) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.Attributes != nil { + attributes := []map[string]interface{}{} + for _, attributesItem := range model.Attributes { + attributesItemMap, err := DataSourceIBMCbrRuleResourceAttributeToMap(&attributesItem) + if err != nil { + return modelMap, err + } + attributes = append(attributes, attributesItemMap) } - resourcesMap["attributes"] = attributesList + modelMap["attributes"] = attributes } - if resourcesItem.Tags != nil { - tagsList := []map[string]interface{}{} - for _, tagsItem := range resourcesItem.Tags { - tagsList = append(tagsList, dataSourceRuleResourcesTagsToMap(tagsItem)) + if model.Tags != nil { + tags := []map[string]interface{}{} + for _, tagsItem := range model.Tags { + tagsItemMap, err := DataSourceIBMCbrRuleResourceTagAttributeToMap(&tagsItem) + if err != nil { + return modelMap, err + } + tags = append(tags, tagsItemMap) } - resourcesMap["tags"] = tagsList + modelMap["tags"] = tags } - - return resourcesMap + return modelMap, nil } -func dataSourceRuleResourcesAttributesToMap(attributesItem contextbasedrestrictionsv1.ResourceAttribute) (attributesMap map[string]interface{}) { - attributesMap = map[string]interface{}{} - - if attributesItem.Name != nil { - attributesMap["name"] = attributesItem.Name +func DataSourceIBMCbrRuleResourceAttributeToMap(model *contextbasedrestrictionsv1.ResourceAttribute) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.Name != nil { + modelMap["name"] = *model.Name } - if attributesItem.Value != nil { - attributesMap["value"] = attributesItem.Value + if model.Value != nil { + modelMap["value"] = *model.Value } - if attributesItem.Operator != nil { - attributesMap["operator"] = attributesItem.Operator + if model.Operator != nil { + modelMap["operator"] = *model.Operator } - - return attributesMap + return modelMap, nil } -func dataSourceRuleResourcesTagsToMap(tagsItem contextbasedrestrictionsv1.ResourceTagAttribute) (tagsMap map[string]interface{}) { - tagsMap = map[string]interface{}{} - - if tagsItem.Name != nil { - tagsMap["name"] = tagsItem.Name +func DataSourceIBMCbrRuleResourceTagAttributeToMap(model *contextbasedrestrictionsv1.ResourceTagAttribute) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.Name != nil { + modelMap["name"] = *model.Name } - if tagsItem.Value != nil { - tagsMap["value"] = tagsItem.Value + if model.Value != nil { + modelMap["value"] = *model.Value } - if tagsItem.Operator != nil { - tagsMap["operator"] = tagsItem.Operator + if model.Operator != nil { + modelMap["operator"] = *model.Operator } - - return tagsMap + return modelMap, nil } diff --git a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule_test.go b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule_test.go index 81a4af92eef..f2f08deeec2 100644 --- a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule_test.go +++ b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule_test.go @@ -1,4 +1,4 @@ -// Copyright IBM Corp. 2021 All Rights Reserved. +// Copyright IBM Corp. 2022 All Rights Reserved. // Licensed under the Mozilla Public License v2.0 package contextbasedrestrictions_test @@ -18,7 +18,7 @@ func TestAccIBMCbrRuleDataSourceBasic(t *testing.T) { PreCheck: func() { acc.TestAccPreCheck(t) }, Providers: acc.TestAccProviders, Steps: []resource.TestStep{ - { + resource.TestStep{ Config: testAccCheckIBMCbrRuleDataSourceConfigBasic(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "id"), @@ -41,14 +41,14 @@ func TestAccIBMCbrRuleDataSourceBasic(t *testing.T) { func TestAccIBMCbrRuleDataSourceAllArgs(t *testing.T) { ruleDescription := fmt.Sprintf("tf_description_%d", acctest.RandIntRange(10, 100)) - ruleTransactionID := fmt.Sprintf("tf_transaction_id_%d", acctest.RandIntRange(10, 100)) + ruleEnforcementMode := "enabled" resource.Test(t, resource.TestCase{ PreCheck: func() { acc.TestAccPreCheck(t) }, Providers: acc.TestAccProviders, Steps: []resource.TestStep{ - { - Config: testAccCheckIBMCbrRuleDataSourceConfig(ruleDescription, ruleTransactionID), + resource.TestStep{ + Config: testAccCheckIBMCbrRuleDataSourceConfig(ruleDescription, ruleEnforcementMode), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "id"), resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "rule_id"), @@ -57,6 +57,7 @@ func TestAccIBMCbrRuleDataSourceAllArgs(t *testing.T) { resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "description"), resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "contexts.#"), resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "resources.#"), + resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "enforcement_mode"), resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "href"), resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "created_at"), resource.TestCheckResourceAttrSet("data.ibm_cbr_rule.cbr_rule", "created_by_id"), @@ -69,16 +70,20 @@ func TestAccIBMCbrRuleDataSourceAllArgs(t *testing.T) { } func testAccCheckIBMCbrRuleDataSourceConfigBasic() string { - return ` + return fmt.Sprintf(` resource "ibm_cbr_rule" "cbr_rule" { description = "Test Rule Data Source Config Basic" contexts { attributes { name = "networkZoneId" - value = "322af80e125f6842cded8ba7a1008370" + value = "559052eb8f43302824e7ae490c0281eb" } } resources { + attributes { + name = "accountId" + value = "82cbc8dcd1ab4112b7272b410ac9965c" + } attributes { name = "serviceName" value = "iam-groups" @@ -88,33 +93,39 @@ func testAccCheckIBMCbrRuleDataSourceConfigBasic() string { data "ibm_cbr_rule" "cbr_rule" { rule_id = ibm_cbr_rule.cbr_rule.id } - ` + `) } -func testAccCheckIBMCbrRuleDataSourceConfig(ruleDescription string, ruleTransactionID string) string { +func testAccCheckIBMCbrRuleDataSourceConfig(ruleDescription string, ruleEnforcementMode string) string { return fmt.Sprintf(` resource "ibm_cbr_rule" "cbr_rule" { description = "%s" contexts { - attributes { - name = "networkZoneId" - value = "322af80e125f6842cded8ba7a1008370" - } + attributes { + name = "networkZoneId" + value = "559052eb8f43302824e7ae490c0281eb" + } } resources { + attributes { + name = "accountId" + value = "82cbc8dcd1ab4112b7272b410ac9965c" + } attributes { name = "serviceName" value = "iam-groups" } tags { - name = "tag_name" - value = "tag_value" + name = "name" + value = "tag_name" + operator = "stringEquals" } } + enforcement_mode = "%s" } data "ibm_cbr_rule" "cbr_rule" { rule_id = ibm_cbr_rule.cbr_rule.id } - `, ruleDescription) + `, ruleDescription, ruleEnforcementMode) } diff --git a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone.go b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone.go index db9ba1f726f..09f90795799 100644 --- a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone.go +++ b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone.go @@ -1,11 +1,10 @@ -// Copyright IBM Corp. 2021 All Rights Reserved. +// Copyright IBM Corp. 2022 All Rights Reserved. // Licensed under the Mozilla Public License v2.0 package contextbasedrestrictions import ( "context" - "encoding/json" "fmt" "log" @@ -19,87 +18,87 @@ import ( func DataSourceIBMCbrZone() *schema.Resource { return &schema.Resource{ - ReadContext: dataSourceIBMCbrZoneRead, + ReadContext: DataSourceIBMCbrZoneRead, Schema: map[string]*schema.Schema{ - "zone_id": { + "zone_id": &schema.Schema{ Type: schema.TypeString, Required: true, Description: "The ID of a zone.", }, - "id": { + "id": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The globally unique ID of the zone.", }, - "crn": { + "crn": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The zone CRN.", }, - "address_count": { + "address_count": &schema.Schema{ Type: schema.TypeInt, Computed: true, Description: "The number of addresses in the zone.", }, - "excluded_count": { + "excluded_count": &schema.Schema{ Type: schema.TypeInt, Computed: true, Description: "The number of excluded addresses in the zone.", }, - "name": { + "name": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The name of the zone.", }, - "account_id": { + "account_id": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The id of the account owning this zone.", }, - "description": { + "description": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The description of the zone.", }, - "addresses": { + "addresses": &schema.Schema{ Type: schema.TypeList, Computed: true, Description: "The list of addresses in the zone.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "type": { + "type": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The type of address.", }, - "value": { + "value": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The IP address.", }, - "ref": { + "ref": &schema.Schema{ Type: schema.TypeList, Computed: true, Description: "A service reference value.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "account_id": { + "account_id": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The id of the account owning the service.", }, - "service_type": { + "service_type": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The service type.", }, - "service_name": { + "service_name": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The service name.", }, - "service_instance": { + "service_instance": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The service instance.", @@ -110,44 +109,44 @@ func DataSourceIBMCbrZone() *schema.Resource { }, }, }, - "excluded": { + "excluded": &schema.Schema{ Type: schema.TypeList, Computed: true, - Description: "The list of excluded addresses in the zone.", + Description: "The list of excluded addresses in the zone. Only addresses of type `ipAddress`, `ipRange`, and `subnet` can be excluded.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "type": { + "type": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The type of address.", }, - "value": { + "value": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The IP address.", }, - "ref": { + "ref": &schema.Schema{ Type: schema.TypeList, Computed: true, Description: "A service reference value.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "account_id": { + "account_id": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The id of the account owning the service.", }, - "service_type": { + "service_type": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The service type.", }, - "service_name": { + "service_name": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The service name.", }, - "service_instance": { + "service_instance": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The service instance.", @@ -158,27 +157,27 @@ func DataSourceIBMCbrZone() *schema.Resource { }, }, }, - "href": { + "href": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The href link to the resource.", }, - "created_at": { + "created_at": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The time the resource was created.", }, - "created_by_id": { + "created_by_id": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "IAM ID of the user or service which created the resource.", }, - "last_modified_at": { + "last_modified_at": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The last time the resource was modified.", }, - "last_modified_by_id": { + "last_modified_by_id": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "IAM ID of the user or service which modified the resource.", @@ -187,7 +186,7 @@ func DataSourceIBMCbrZone() *schema.Resource { } } -func dataSourceIBMCbrZoneRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { +func DataSourceIBMCbrZoneRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { contextBasedRestrictionsClient, err := meta.(conns.ClientSession).ContextBasedRestrictionsV1() if err != nil { return diag.FromErr(err) @@ -203,141 +202,192 @@ func dataSourceIBMCbrZoneRead(context context.Context, d *schema.ResourceData, m return diag.FromErr(fmt.Errorf("GetZoneWithContext failed %s\n%s", err, response)) } - d.SetId(*getZoneOptions.ZoneID) + d.SetId(fmt.Sprintf("%s", *getZoneOptions.ZoneID)) + if err = d.Set("id", zone.ID); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting id: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting id: %s", err)) } + if err = d.Set("crn", zone.CRN); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting crn: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) } + if err = d.Set("address_count", flex.IntValue(zone.AddressCount)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting address_count: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting address_count: %s", err)) } + if err = d.Set("excluded_count", flex.IntValue(zone.ExcludedCount)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting excluded_count: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting excluded_count: %s", err)) } + if err = d.Set("name", zone.Name); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting name: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) } + if err = d.Set("account_id", zone.AccountID); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting account_id: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting account_id: %s", err)) } + if err = d.Set("description", zone.Description); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting description: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) } + addresses := []map[string]interface{}{} if zone.Addresses != nil { - err = d.Set("addresses", dataSourceZoneFlattenAddresses(zone.Addresses)) - if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting addresses %s", err)) + for _, modelItem := range zone.Addresses { + modelMap, err := DataSourceIBMCbrZoneAddressToMap(modelItem) + if err != nil { + return diag.FromErr(err) + } + addresses = append(addresses, modelMap) } } + if err = d.Set("addresses", addresses); err != nil { + return diag.FromErr(fmt.Errorf("Error setting addresses %s", err)) + } + excluded := []map[string]interface{}{} if zone.Excluded != nil { - err = d.Set("excluded", dataSourceZoneFlattenExcluded(zone.Excluded)) - if err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting excluded %s", err)) + for _, modelItem := range zone.Excluded { + modelMap, err := DataSourceIBMCbrZoneAddressToMap(modelItem) + if err != nil { + return diag.FromErr(err) + } + excluded = append(excluded, modelMap) } } + if err = d.Set("excluded", excluded); err != nil { + return diag.FromErr(fmt.Errorf("Error setting excluded %s", err)) + } + if err = d.Set("href", zone.Href); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting href: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting href: %s", err)) } + if err = d.Set("created_at", flex.DateTimeToString(zone.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting created_at: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) } + if err = d.Set("created_by_id", zone.CreatedByID); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting created_by_id: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting created_by_id: %s", err)) } + if err = d.Set("last_modified_at", flex.DateTimeToString(zone.LastModifiedAt)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting last_modified_at: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting last_modified_at: %s", err)) } + if err = d.Set("last_modified_by_id", zone.LastModifiedByID); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting last_modified_by_id: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting last_modified_by_id: %s", err)) } return nil } -func dataSourceZoneFlattenAddresses(result []contextbasedrestrictionsv1.AddressIntf) (addresses []map[string]interface{}) { - for _, addressesItem := range result { - addresses = append(addresses, dataSourceZoneAddressesToMap(addressesItem)) +func DataSourceIBMCbrZoneAddressToMap(model contextbasedrestrictionsv1.AddressIntf) (map[string]interface{}, error) { + if _, ok := model.(*contextbasedrestrictionsv1.AddressIPAddress); ok { + return DataSourceIBMCbrZoneAddressIPAddressToMap(model.(*contextbasedrestrictionsv1.AddressIPAddress)) + } else if _, ok := model.(*contextbasedrestrictionsv1.AddressIPAddressRange); ok { + return DataSourceIBMCbrZoneAddressIPAddressRangeToMap(model.(*contextbasedrestrictionsv1.AddressIPAddressRange)) + } else if _, ok := model.(*contextbasedrestrictionsv1.AddressSubnet); ok { + return DataSourceIBMCbrZoneAddressSubnetToMap(model.(*contextbasedrestrictionsv1.AddressSubnet)) + } else if _, ok := model.(*contextbasedrestrictionsv1.AddressVPC); ok { + return DataSourceIBMCbrZoneAddressVPCToMap(model.(*contextbasedrestrictionsv1.AddressVPC)) + } else if _, ok := model.(*contextbasedrestrictionsv1.AddressServiceRef); ok { + return DataSourceIBMCbrZoneAddressServiceRefToMap(model.(*contextbasedrestrictionsv1.AddressServiceRef)) + } else if _, ok := model.(*contextbasedrestrictionsv1.Address); ok { + modelMap := make(map[string]interface{}) + model := model.(*contextbasedrestrictionsv1.Address) + if model.Type != nil { + modelMap["type"] = *model.Type + } + if model.Value != nil { + modelMap["value"] = *model.Value + } + if model.Ref != nil { + refMap, err := DataSourceIBMCbrZoneServiceRefValueToMap(model.Ref) + if err != nil { + return modelMap, err + } + modelMap["ref"] = []map[string]interface{}{refMap} + } + return modelMap, nil + } else { + return nil, fmt.Errorf("Unrecognized contextbasedrestrictionsv1.AddressIntf subtype encountered") } - - return addresses } -func dataSourceZoneAddressesToMap(addressesItem contextbasedrestrictionsv1.AddressIntf) (addressesMap map[string]interface{}) { - - buf, err := json.Marshal(addressesItem) - - if err == nil { - err = json.Unmarshal(buf, &addressesMap) +func DataSourceIBMCbrZoneServiceRefValueToMap(model *contextbasedrestrictionsv1.ServiceRefValue) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.AccountID != nil { + modelMap["account_id"] = *model.AccountID } - - if err != nil { - panic(err) + if model.ServiceType != nil { + modelMap["service_type"] = *model.ServiceType } - - return addressesMap -} - -func dataSourceZoneAddressesRefToMap(refItem contextbasedrestrictionsv1.ServiceRefValue) (refMap map[string]interface{}) { - refMap = map[string]interface{}{} - - if refItem.AccountID != nil { - refMap["account_id"] = refItem.AccountID + if model.ServiceName != nil { + modelMap["service_name"] = *model.ServiceName } - if refItem.ServiceType != nil { - refMap["service_type"] = refItem.ServiceType + if model.ServiceInstance != nil { + modelMap["service_instance"] = *model.ServiceInstance } - if refItem.ServiceName != nil { - refMap["service_name"] = refItem.ServiceName + return modelMap, nil +} + +func DataSourceIBMCbrZoneAddressIPAddressToMap(model *contextbasedrestrictionsv1.AddressIPAddress) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.Type != nil { + modelMap["type"] = *model.Type } - if refItem.ServiceInstance != nil { - refMap["service_instance"] = refItem.ServiceInstance + if model.Value != nil { + modelMap["value"] = *model.Value } - - return refMap + return modelMap, nil } -func dataSourceZoneFlattenExcluded(result []contextbasedrestrictionsv1.AddressIntf) (excluded []map[string]interface{}) { - for _, excludedItem := range result { - excluded = append(excluded, dataSourceZoneExcludedToMap(excludedItem)) +func DataSourceIBMCbrZoneAddressServiceRefToMap(model *contextbasedrestrictionsv1.AddressServiceRef) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.Type != nil { + modelMap["type"] = *model.Type } - - return excluded + if model.Ref != nil { + refMap, err := DataSourceIBMCbrZoneServiceRefValueToMap(model.Ref) + if err != nil { + return modelMap, err + } + modelMap["ref"] = []map[string]interface{}{refMap} + } + return modelMap, nil } -func dataSourceZoneExcludedToMap(excludedItem contextbasedrestrictionsv1.AddressIntf) (excludedMap map[string]interface{}) { - - buf, err := json.Marshal(excludedItem) - - if err == nil { - err = json.Unmarshal(buf, &excludedMap) +func DataSourceIBMCbrZoneAddressSubnetToMap(model *contextbasedrestrictionsv1.AddressSubnet) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.Type != nil { + modelMap["type"] = *model.Type } - - if err != nil { - panic(err) + if model.Value != nil { + modelMap["value"] = *model.Value } - - return excludedMap + return modelMap, nil } -func dataSourceZoneExcludedRefToMap(refItem contextbasedrestrictionsv1.ServiceRefValue) (refMap map[string]interface{}) { - refMap = map[string]interface{}{} - - if refItem.AccountID != nil { - refMap["account_id"] = refItem.AccountID +func DataSourceIBMCbrZoneAddressIPAddressRangeToMap(model *contextbasedrestrictionsv1.AddressIPAddressRange) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.Type != nil { + modelMap["type"] = *model.Type } - if refItem.ServiceType != nil { - refMap["service_type"] = refItem.ServiceType + if model.Value != nil { + modelMap["value"] = *model.Value } - if refItem.ServiceName != nil { - refMap["service_name"] = refItem.ServiceName + return modelMap, nil +} + +func DataSourceIBMCbrZoneAddressVPCToMap(model *contextbasedrestrictionsv1.AddressVPC) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + if model.Type != nil { + modelMap["type"] = *model.Type } - if refItem.ServiceInstance != nil { - refMap["service_instance"] = refItem.ServiceInstance + if model.Value != nil { + modelMap["value"] = *model.Value } - - return refMap + return modelMap, nil } diff --git a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone_test.go b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone_test.go index 22b3896ad6b..c4a6d069fe1 100644 --- a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone_test.go +++ b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone_test.go @@ -1,4 +1,4 @@ -// Copyright IBM Corp. 2021 All Rights Reserved. +// Copyright IBM Corp. 2022 All Rights Reserved. // Licensed under the Mozilla Public License v2.0 package contextbasedrestrictions_test @@ -18,7 +18,7 @@ func TestAccIBMCbrZoneDataSourceBasic(t *testing.T) { PreCheck: func() { acc.TestAccPreCheck(t) }, Providers: acc.TestAccProviders, Steps: []resource.TestStep{ - { + resource.TestStep{ Config: testAccCheckIBMCbrZoneDataSourceConfigBasic(), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "id"), @@ -28,6 +28,7 @@ func TestAccIBMCbrZoneDataSourceBasic(t *testing.T) { resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "address_count"), resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "excluded_count"), resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "name"), + resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "account_id"), resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "description"), resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "addresses.#"), resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "excluded.#"), @@ -44,14 +45,15 @@ func TestAccIBMCbrZoneDataSourceBasic(t *testing.T) { func TestAccIBMCbrZoneDataSourceAllArgs(t *testing.T) { zoneName := fmt.Sprintf("tf_name_%d", acctest.RandIntRange(10, 100)) + zoneAccountID := "82cbc8dcd1ab4112b7272b410ac9965c" zoneDescription := fmt.Sprintf("tf_description_%d", acctest.RandIntRange(10, 100)) resource.Test(t, resource.TestCase{ PreCheck: func() { acc.TestAccPreCheck(t) }, Providers: acc.TestAccProviders, Steps: []resource.TestStep{ - { - Config: testAccCheckIBMCbrZoneDataSourceConfig(zoneName, zoneDescription), + resource.TestStep{ + Config: testAccCheckIBMCbrZoneDataSourceConfig(zoneName, zoneAccountID, zoneDescription), Check: resource.ComposeTestCheckFunc( resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "id"), resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "zone_id"), @@ -60,6 +62,7 @@ func TestAccIBMCbrZoneDataSourceAllArgs(t *testing.T) { resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "address_count"), resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "excluded_count"), resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "name"), + resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "account_id"), resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "description"), resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "addresses.#"), resource.TestCheckResourceAttrSet("data.ibm_cbr_zone.cbr_zone", "addresses.0.type"), @@ -79,10 +82,11 @@ func TestAccIBMCbrZoneDataSourceAllArgs(t *testing.T) { } func testAccCheckIBMCbrZoneDataSourceConfigBasic() string { - return ` + return fmt.Sprintf(` resource "ibm_cbr_zone" "cbr_zone" { name = "Test Zone Data Source Config Basic" description = "Test Zone Data Source Config Basic" + account_id = "82cbc8dcd1ab4112b7272b410ac9965c" addresses { type = "ipRange" value = "169.23.22.0-169.23.22.255" @@ -92,13 +96,14 @@ func testAccCheckIBMCbrZoneDataSourceConfigBasic() string { data "ibm_cbr_zone" "cbr_zone" { zone_id = ibm_cbr_zone.cbr_zone.id } - ` + `) } -func testAccCheckIBMCbrZoneDataSourceConfig(zoneName string, zoneDescription string) string { +func testAccCheckIBMCbrZoneDataSourceConfig(zoneName string, zoneAccountID string, zoneDescription string) string { return fmt.Sprintf(` resource "ibm_cbr_zone" "cbr_zone" { name = "%s" + account_id = "%s" description = "%s" addresses { type = "ipRange" @@ -113,5 +118,5 @@ func testAccCheckIBMCbrZoneDataSourceConfig(zoneName string, zoneDescription str data "ibm_cbr_zone" "cbr_zone" { zone_id = ibm_cbr_zone.cbr_zone.id } - `, zoneName, zoneDescription) + `, zoneName, zoneAccountID, zoneDescription) } diff --git a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule.go b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule.go index 969f4009b81..0855fc8ef63 100644 --- a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule.go +++ b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule.go @@ -1,4 +1,4 @@ -// Copyright IBM Corp. 2021 All Rights Reserved. +// Copyright IBM Corp. 2022 All Rights Reserved. // Licensed under the Mozilla Public License v2.0 package contextbasedrestrictions @@ -20,37 +20,37 @@ import ( func ResourceIBMCbrRule() *schema.Resource { return &schema.Resource{ - CreateContext: resourceIBMCbrRuleCreate, - ReadContext: resourceIBMCbrRuleRead, - UpdateContext: resourceIBMCbrRuleUpdate, - DeleteContext: resourceIBMCbrRuleDelete, + CreateContext: ResourceIBMCbrRuleCreate, + ReadContext: ResourceIBMCbrRuleRead, + UpdateContext: ResourceIBMCbrRuleUpdate, + DeleteContext: ResourceIBMCbrRuleDelete, Importer: &schema.ResourceImporter{}, Schema: map[string]*schema.Schema{ - "description": { + "description": &schema.Schema{ Type: schema.TypeString, Optional: true, ValidateFunc: validate.InvokeValidator("ibm_cbr_rule", "description"), Description: "The description of the rule.", }, - "contexts": { + "contexts": &schema.Schema{ Type: schema.TypeList, - Required: true, + Optional: true, Description: "The contexts this rule applies to.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "attributes": { + "attributes": &schema.Schema{ Type: schema.TypeList, Required: true, Description: "The attributes.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "name": { + "name": &schema.Schema{ Type: schema.TypeString, Required: true, Description: "The attribute name.", }, - "value": { + "value": &schema.Schema{ Type: schema.TypeString, Required: true, Description: "The attribute value.", @@ -61,29 +61,29 @@ func ResourceIBMCbrRule() *schema.Resource { }, }, }, - "resources": { + "resources": &schema.Schema{ Type: schema.TypeList, - Required: true, + Optional: true, Description: "The resources this rule apply to.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "attributes": { + "attributes": &schema.Schema{ Type: schema.TypeList, Required: true, Description: "The resource attributes.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "name": { + "name": &schema.Schema{ Type: schema.TypeString, Required: true, Description: "The attribute name.", }, - "value": { + "value": &schema.Schema{ Type: schema.TypeString, Required: true, Description: "The attribute value.", }, - "operator": { + "operator": &schema.Schema{ Type: schema.TypeString, Optional: true, Description: "The attribute operator.", @@ -91,23 +91,23 @@ func ResourceIBMCbrRule() *schema.Resource { }, }, }, - "tags": { + "tags": &schema.Schema{ Type: schema.TypeList, Optional: true, Description: "The optional resource tags.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "name": { + "name": &schema.Schema{ Type: schema.TypeString, Required: true, Description: "The tag attribute name.", }, - "value": { + "value": &schema.Schema{ Type: schema.TypeString, Required: true, Description: "The tag attribute value.", }, - "operator": { + "operator": &schema.Schema{ Type: schema.TypeString, Optional: true, Description: "The attribute operator.", @@ -118,37 +118,56 @@ func ResourceIBMCbrRule() *schema.Resource { }, }, }, - "crn": { + "enforcement_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "enabled", + ValidateFunc: validate.InvokeValidator("ibm_cbr_rule", "enforcement_mode"), + Description: "The rule enforcement mode: * `enabled` - The restrictions are enforced and reported. This is the default. * `disabled` - The restrictions are disabled. Nothing is enforced or reported. * `report` - The restrictions are evaluated and reported, but not enforced.", + }, + "x_correlation_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ValidateFunc: validate.InvokeValidator("ibm_cbr_rule", "x_correlation_id"), + Description: "The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.", + }, + "transaction_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ValidateFunc: validate.InvokeValidator("ibm_cbr_rule", "transaction_id"), + Description: "The `Transaction-Id` header behaves as the `X-Correlation-Id` header. It is supported for backward compatibility with other IBM platform services that support the `Transaction-Id` header only. If both `X-Correlation-Id` and `Transaction-Id` are provided, `X-Correlation-Id` has the precedence over `Transaction-Id`.", + }, + "crn": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The rule CRN.", }, - "href": { + "href": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The href link to the resource.", }, - "created_at": { + "created_at": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The time the resource was created.", }, - "created_by_id": { + "created_by_id": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "IAM ID of the user or service which created the resource.", }, - "last_modified_at": { + "last_modified_at": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The last time the resource was modified.", }, - "last_modified_by_id": { + "last_modified_by_id": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "IAM ID of the user or service which modified the resource.", }, - "version": { + "version": &schema.Schema{ Type: schema.TypeString, Computed: true, }, @@ -157,7 +176,7 @@ func ResourceIBMCbrRule() *schema.Resource { } func ResourceIBMCbrRuleValidator() *validate.ResourceValidator { - validateSchema := make([]validate.ValidateSchema, 0) + validateSchema := make([]validate.ValidateSchema, 1) validateSchema = append(validateSchema, validate.ValidateSchema{ Identifier: "description", @@ -168,13 +187,38 @@ func ResourceIBMCbrRuleValidator() *validate.ResourceValidator { MinValueLength: 0, MaxValueLength: 300, }, + validate.ValidateSchema{ + Identifier: "enforcement_mode", + ValidateFunctionIdentifier: validate.ValidateAllowedStringValue, + Type: validate.TypeString, + Optional: true, + AllowedValues: "disabled, enabled, report", + }, + validate.ValidateSchema{ + Identifier: "x_correlation_id", + ValidateFunctionIdentifier: validate.ValidateRegexpLen, + Type: validate.TypeString, + Optional: true, + Regexp: `^[a-zA-Z0-9 ,\-_]+$`, + MinValueLength: 1, + MaxValueLength: 1024, + }, + validate.ValidateSchema{ + Identifier: "transaction_id", + ValidateFunctionIdentifier: validate.ValidateRegexpLen, + Type: validate.TypeString, + Optional: true, + Regexp: `^[a-zA-Z0-9 ,\-_]+$`, + MinValueLength: 1, + MaxValueLength: 1024, + }, ) resourceValidator := validate.ResourceValidator{ResourceName: "ibm_cbr_rule", Schema: validateSchema} return &resourceValidator } -func resourceIBMCbrRuleCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { +func ResourceIBMCbrRuleCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { contextBasedRestrictionsClient, err := meta.(conns.ClientSession).ContextBasedRestrictionsV1() if err != nil { return diag.FromErr(err) @@ -182,11 +226,6 @@ func resourceIBMCbrRuleCreate(context context.Context, d *schema.ResourceData, m createRuleOptions := &contextbasedrestrictionsv1.CreateRuleOptions{} - accountID, err := getIBMCbrAccountId(meta) - if err != nil { - return diag.FromErr(err) - } - if _, ok := d.GetOk("description"); ok { createRuleOptions.SetDescription(d.Get("description").(string)) } @@ -194,8 +233,11 @@ func resourceIBMCbrRuleCreate(context context.Context, d *schema.ResourceData, m var contexts []contextbasedrestrictionsv1.RuleContext for _, e := range d.Get("contexts").([]interface{}) { value := e.(map[string]interface{}) - contextsItem := resourceIBMCbrRuleMapToRuleContext(value) - contexts = append(contexts, contextsItem) + contextsItem, err := ResourceIBMCbrRuleMapToRuleContext(value) + if err != nil { + return diag.FromErr(err) + } + contexts = append(contexts, *contextsItem) } createRuleOptions.SetContexts(contexts) } @@ -203,12 +245,23 @@ func resourceIBMCbrRuleCreate(context context.Context, d *schema.ResourceData, m var resources []contextbasedrestrictionsv1.Resource for _, e := range d.Get("resources").([]interface{}) { value := e.(map[string]interface{}) - resourcesItem := resourceIBMCbrRuleMapToResource(value, accountID) - resources = append(resources, resourcesItem) + resourcesItem, err := ResourceIBMCbrRuleMapToResource(value) + if err != nil { + return diag.FromErr(err) + } + resources = append(resources, *resourcesItem) } - createRuleOptions.SetResources(resources) } + if _, ok := d.GetOk("enforcement_mode"); ok { + createRuleOptions.SetEnforcementMode(d.Get("enforcement_mode").(string)) + } + if _, ok := d.GetOk("x_correlation_id"); ok { + createRuleOptions.SetXCorrelationID(d.Get("x_correlation_id").(string)) + } + if _, ok := d.GetOk("transaction_id"); ok { + createRuleOptions.SetTransactionID(d.Get("transaction_id").(string)) + } rule, response, err := contextBasedRestrictionsClient.CreateRuleWithContext(context, createRuleOptions) if err != nil { @@ -218,95 +271,10 @@ func resourceIBMCbrRuleCreate(context context.Context, d *schema.ResourceData, m d.SetId(*rule.ID) - return resourceIBMCbrRuleRead(context, d, meta) -} - -func resourceIBMCbrRuleMapToRuleContext(ruleContextMap map[string]interface{}) contextbasedrestrictionsv1.RuleContext { - ruleContext := contextbasedrestrictionsv1.RuleContext{} - - attributes := []contextbasedrestrictionsv1.RuleContextAttribute{} - for _, attributesItem := range ruleContextMap["attributes"].([]interface{}) { - attributesItemModel := resourceIBMCbrRuleMapToRuleContextAttribute(attributesItem.(map[string]interface{})) - attributes = append(attributes, attributesItemModel) - } - ruleContext.Attributes = attributes - - return ruleContext -} - -func resourceIBMCbrRuleMapToRuleContextAttribute(ruleContextAttributeMap map[string]interface{}) contextbasedrestrictionsv1.RuleContextAttribute { - ruleContextAttribute := contextbasedrestrictionsv1.RuleContextAttribute{} - - ruleContextAttribute.Name = core.StringPtr(ruleContextAttributeMap["name"].(string)) - ruleContextAttribute.Value = core.StringPtr(ruleContextAttributeMap["value"].(string)) - return ruleContextAttribute -} - -func resourceIBMCbrRuleAccountIdAttribute(accountID string) contextbasedrestrictionsv1.ResourceAttribute { - accountIdAttribute := contextbasedrestrictionsv1.ResourceAttribute{} - - accountIdAttribute.Name = core.StringPtr("accountId") - accountIdAttribute.Value = core.StringPtr(accountID) - //accountIdAttribute.Operator = core.StringPtr("") - - return accountIdAttribute - + return ResourceIBMCbrRuleRead(context, d, meta) } -func resourceIBMCbrRuleMapToResource(resourceMap map[string]interface{}, accountID string) contextbasedrestrictionsv1.Resource { - resource := contextbasedrestrictionsv1.Resource{} - - attributes := []contextbasedrestrictionsv1.ResourceAttribute{} - - attributes = append(attributes, resourceIBMCbrRuleAccountIdAttribute(accountID)) - - for _, attributesItem := range resourceMap["attributes"].([]interface{}) { - attributesItemModel := resourceIBMCbrRuleMapToResourceAttribute(attributesItem.(map[string]interface{})) - - if *attributesItemModel.Name != "accountId" { - attributes = append(attributes, attributesItemModel) - } - } - - resource.Attributes = attributes - - if resourceMap["tags"] != nil { - tags := []contextbasedrestrictionsv1.ResourceTagAttribute{} - for _, tagsItem := range resourceMap["tags"].([]interface{}) { - tagsItemModel := resourceIBMCbrRuleMapToResourceTagAttribute(tagsItem.(map[string]interface{})) - tags = append(tags, tagsItemModel) - } - resource.Tags = tags - } - - return resource -} - -func resourceIBMCbrRuleMapToResourceAttribute(resourceAttributeMap map[string]interface{}) contextbasedrestrictionsv1.ResourceAttribute { - resourceAttribute := contextbasedrestrictionsv1.ResourceAttribute{} - - resourceAttribute.Name = core.StringPtr(resourceAttributeMap["name"].(string)) - resourceAttribute.Value = core.StringPtr(resourceAttributeMap["value"].(string)) - if resourceAttributeMap["operator"] != nil && resourceAttributeMap["operator"] != "" { - resourceAttribute.Operator = core.StringPtr(resourceAttributeMap["operator"].(string)) - } - - return resourceAttribute -} - -func resourceIBMCbrRuleMapToResourceTagAttribute(resourceTagAttributeMap map[string]interface{}) contextbasedrestrictionsv1.ResourceTagAttribute { - resourceTagAttribute := contextbasedrestrictionsv1.ResourceTagAttribute{} - - resourceTagAttribute.Name = core.StringPtr(resourceTagAttributeMap["name"].(string)) - resourceTagAttribute.Value = core.StringPtr(resourceTagAttributeMap["value"].(string)) - if resourceTagAttributeMap["operator"] != nil && resourceTagAttributeMap["operator"] != "" { - resourceTagAttribute.Operator = core.StringPtr(resourceTagAttributeMap["operator"].(string)) - } - - return resourceTagAttribute -} - -func resourceIBMCbrRuleRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { +func ResourceIBMCbrRuleRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { contextBasedRestrictionsClient, err := meta.(conns.ClientSession).ContextBasedRestrictionsV1() if err != nil { return diag.FromErr(err) @@ -326,128 +294,70 @@ func resourceIBMCbrRuleRead(context context.Context, d *schema.ResourceData, met return diag.FromErr(fmt.Errorf("GetRuleWithContext failed %s\n%s", err, response)) } + if err = d.Set("x_correlation_id", getRuleOptions.XCorrelationID); err != nil { + return diag.FromErr(fmt.Errorf("Error setting x_correlation_id: %s", err)) + } + if err = d.Set("transaction_id", getRuleOptions.TransactionID); err != nil { + return diag.FromErr(fmt.Errorf("Error setting transaction_id: %s", err)) + } if err = d.Set("description", rule.Description); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting description: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) } + contexts := []map[string]interface{}{} if rule.Contexts != nil { - contexts := []map[string]interface{}{} for _, contextsItem := range rule.Contexts { - contextsItemMap := resourceIBMCbrRuleRuleContextToMap(contextsItem) + contextsItemMap, err := ResourceIBMCbrRuleRuleContextToMap(&contextsItem) + if err != nil { + return diag.FromErr(err) + } contexts = append(contexts, contextsItemMap) } - if err = d.Set("contexts", contexts); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting contexts: %s", err)) - } } + if err = d.Set("contexts", contexts); err != nil { + return diag.FromErr(fmt.Errorf("Error setting contexts: %s", err)) + } + resources := []map[string]interface{}{} if rule.Resources != nil { - resources := []map[string]interface{}{} for _, resourcesItem := range rule.Resources { - resourcesItemMap := resourceIBMCbrRuleResourceToMap(resourcesItem) + resourcesItemMap, err := ResourceIBMCbrRuleResourceToMap(&resourcesItem) + if err != nil { + return diag.FromErr(err) + } resources = append(resources, resourcesItemMap) } - if err = d.Set("resources", resources); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting resources: %s", err)) - } + } + if err = d.Set("resources", resources); err != nil { + return diag.FromErr(fmt.Errorf("Error setting resources: %s", err)) + } + if err = d.Set("enforcement_mode", rule.EnforcementMode); err != nil { + return diag.FromErr(fmt.Errorf("Error setting enforcement_mode: %s", err)) } if err = d.Set("crn", rule.CRN); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting crn: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) } if err = d.Set("href", rule.Href); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting href: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting href: %s", err)) } if err = d.Set("created_at", flex.DateTimeToString(rule.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting created_at: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) } if err = d.Set("created_by_id", rule.CreatedByID); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting created_by_id: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting created_by_id: %s", err)) } if err = d.Set("last_modified_at", flex.DateTimeToString(rule.LastModifiedAt)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting last_modified_at: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting last_modified_at: %s", err)) } if err = d.Set("last_modified_by_id", rule.LastModifiedByID); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting last_modified_by_id: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting last_modified_by_id: %s", err)) } if err = d.Set("version", response.Headers.Get("Etag")); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting version: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting version: %s", err)) } return nil } -func resourceIBMCbrRuleRuleContextToMap(ruleContext contextbasedrestrictionsv1.RuleContext) map[string]interface{} { - ruleContextMap := map[string]interface{}{} - - attributes := []map[string]interface{}{} - for _, attributesItem := range ruleContext.Attributes { - attributesItemMap := resourceIBMCbrRuleRuleContextAttributeToMap(attributesItem) - attributes = append(attributes, attributesItemMap) - // TODO: handle Attributes of type TypeList -- list of non-primitive, not model items - } - ruleContextMap["attributes"] = attributes - - return ruleContextMap -} - -func resourceIBMCbrRuleRuleContextAttributeToMap(ruleContextAttribute contextbasedrestrictionsv1.RuleContextAttribute) map[string]interface{} { - ruleContextAttributeMap := map[string]interface{}{} - - ruleContextAttributeMap["name"] = ruleContextAttribute.Name - ruleContextAttributeMap["value"] = ruleContextAttribute.Value - - return ruleContextAttributeMap -} - -func resourceIBMCbrRuleResourceToMap(resource contextbasedrestrictionsv1.Resource) map[string]interface{} { - resourceMap := map[string]interface{}{} - - attributes := []map[string]interface{}{} - for _, attributesItem := range resource.Attributes { - - if *attributesItem.Name != "accountId" { - attributesItemMap := resourceIBMCbrRuleResourceAttributeToMap(attributesItem) - attributes = append(attributes, attributesItemMap) - } - // TODO: handle Attributes of type TypeList -- list of non-primitive, not model items - } - resourceMap["attributes"] = attributes - if resource.Tags != nil { - tags := []map[string]interface{}{} - for _, tagsItem := range resource.Tags { - tagsItemMap := resourceIBMCbrRuleResourceTagAttributeToMap(tagsItem) - tags = append(tags, tagsItemMap) - // TODO: handle Tags of type TypeList -- list of non-primitive, not model items - } - resourceMap["tags"] = tags - } - - return resourceMap -} - -func resourceIBMCbrRuleResourceAttributeToMap(resourceAttribute contextbasedrestrictionsv1.ResourceAttribute) map[string]interface{} { - resourceAttributeMap := map[string]interface{}{} - - resourceAttributeMap["name"] = resourceAttribute.Name - resourceAttributeMap["value"] = resourceAttribute.Value - if resourceAttribute.Operator != nil { - resourceAttributeMap["operator"] = resourceAttribute.Operator - } - - return resourceAttributeMap -} - -func resourceIBMCbrRuleResourceTagAttributeToMap(resourceTagAttribute contextbasedrestrictionsv1.ResourceTagAttribute) map[string]interface{} { - resourceTagAttributeMap := map[string]interface{}{} - - resourceTagAttributeMap["name"] = resourceTagAttribute.Name - resourceTagAttributeMap["value"] = resourceTagAttribute.Value - if resourceTagAttribute.Operator != nil { - resourceTagAttributeMap["operator"] = resourceTagAttribute.Operator - } - - return resourceTagAttributeMap -} - -func resourceIBMCbrRuleUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { +func ResourceIBMCbrRuleUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { contextBasedRestrictionsClient, err := meta.(conns.ClientSession).ContextBasedRestrictionsV1() if err != nil { return diag.FromErr(err) @@ -455,11 +365,6 @@ func resourceIBMCbrRuleUpdate(context context.Context, d *schema.ResourceData, m replaceRuleOptions := &contextbasedrestrictionsv1.ReplaceRuleOptions{} - accountID, err := getIBMCbrAccountId(meta) - if err != nil { - return diag.FromErr(err) - } - replaceRuleOptions.SetRuleID(d.Id()) if _, ok := d.GetOk("description"); ok { replaceRuleOptions.SetDescription(d.Get("description").(string)) @@ -468,8 +373,11 @@ func resourceIBMCbrRuleUpdate(context context.Context, d *schema.ResourceData, m var contexts []contextbasedrestrictionsv1.RuleContext for _, e := range d.Get("contexts").([]interface{}) { value := e.(map[string]interface{}) - contextsItem := resourceIBMCbrRuleMapToRuleContext(value) - contexts = append(contexts, contextsItem) + contextsItem, err := ResourceIBMCbrRuleMapToRuleContext(value) + if err != nil { + return diag.FromErr(err) + } + contexts = append(contexts, *contextsItem) } replaceRuleOptions.SetContexts(contexts) } @@ -477,12 +385,23 @@ func resourceIBMCbrRuleUpdate(context context.Context, d *schema.ResourceData, m var resources []contextbasedrestrictionsv1.Resource for _, e := range d.Get("resources").([]interface{}) { value := e.(map[string]interface{}) - resourcesItem := resourceIBMCbrRuleMapToResource(value, accountID) - resources = append(resources, resourcesItem) + resourcesItem, err := ResourceIBMCbrRuleMapToResource(value) + if err != nil { + return diag.FromErr(err) + } + resources = append(resources, *resourcesItem) } replaceRuleOptions.SetResources(resources) } - + if _, ok := d.GetOk("enforcement_mode"); ok { + replaceRuleOptions.SetEnforcementMode(d.Get("enforcement_mode").(string)) + } + if _, ok := d.GetOk("x_correlation_id"); ok { + replaceRuleOptions.SetXCorrelationID(d.Get("x_correlation_id").(string)) + } + if _, ok := d.GetOk("transaction_id"); ok { + replaceRuleOptions.SetTransactionID(d.Get("transaction_id").(string)) + } replaceRuleOptions.SetIfMatch(d.Get("version").(string)) _, response, err := contextBasedRestrictionsClient.ReplaceRuleWithContext(context, replaceRuleOptions) @@ -491,10 +410,10 @@ func resourceIBMCbrRuleUpdate(context context.Context, d *schema.ResourceData, m return diag.FromErr(fmt.Errorf("ReplaceRuleWithContext failed %s\n%s", err, response)) } - return resourceIBMCbrRuleRead(context, d, meta) + return ResourceIBMCbrRuleRead(context, d, meta) } -func resourceIBMCbrRuleDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { +func ResourceIBMCbrRuleDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { contextBasedRestrictionsClient, err := meta.(conns.ClientSession).ContextBasedRestrictionsV1() if err != nil { return diag.FromErr(err) @@ -504,8 +423,6 @@ func resourceIBMCbrRuleDelete(context context.Context, d *schema.ResourceData, m deleteRuleOptions.SetRuleID(d.Id()) - // deleteRuleOptions.SetIfMatch(d.Get("version").(string)) - response, err := contextBasedRestrictionsClient.DeleteRuleWithContext(context, deleteRuleOptions) if err != nil { log.Printf("[DEBUG] DeleteRuleWithContext failed %s\n%s", err, response) @@ -516,3 +433,135 @@ func resourceIBMCbrRuleDelete(context context.Context, d *schema.ResourceData, m return nil } + +func ResourceIBMCbrRuleMapToRuleContext(modelMap map[string]interface{}) (*contextbasedrestrictionsv1.RuleContext, error) { + model := &contextbasedrestrictionsv1.RuleContext{} + attributes := []contextbasedrestrictionsv1.RuleContextAttribute{} + for _, attributesItem := range modelMap["attributes"].([]interface{}) { + attributesItemModel, err := ResourceIBMCbrRuleMapToRuleContextAttribute(attributesItem.(map[string]interface{})) + if err != nil { + return model, err + } + attributes = append(attributes, *attributesItemModel) + } + model.Attributes = attributes + return model, nil +} + +func ResourceIBMCbrRuleMapToRuleContextAttribute(modelMap map[string]interface{}) (*contextbasedrestrictionsv1.RuleContextAttribute, error) { + model := &contextbasedrestrictionsv1.RuleContextAttribute{} + model.Name = core.StringPtr(modelMap["name"].(string)) + model.Value = core.StringPtr(modelMap["value"].(string)) + return model, nil +} + +func ResourceIBMCbrRuleMapToResource(modelMap map[string]interface{}) (*contextbasedrestrictionsv1.Resource, error) { + model := &contextbasedrestrictionsv1.Resource{} + attributes := []contextbasedrestrictionsv1.ResourceAttribute{} + for _, attributesItem := range modelMap["attributes"].([]interface{}) { + attributesItemModel, err := ResourceIBMCbrRuleMapToResourceAttribute(attributesItem.(map[string]interface{})) + if err != nil { + return model, err + } + attributes = append(attributes, *attributesItemModel) + } + model.Attributes = attributes + if modelMap["tags"] != nil { + tags := []contextbasedrestrictionsv1.ResourceTagAttribute{} + for _, tagsItem := range modelMap["tags"].([]interface{}) { + tagsItemModel, err := ResourceIBMCbrRuleMapToResourceTagAttribute(tagsItem.(map[string]interface{})) + if err != nil { + return model, err + } + tags = append(tags, *tagsItemModel) + } + model.Tags = tags + } + return model, nil +} + +func ResourceIBMCbrRuleMapToResourceAttribute(modelMap map[string]interface{}) (*contextbasedrestrictionsv1.ResourceAttribute, error) { + model := &contextbasedrestrictionsv1.ResourceAttribute{} + model.Name = core.StringPtr(modelMap["name"].(string)) + model.Value = core.StringPtr(modelMap["value"].(string)) + if modelMap["operator"] != nil && modelMap["operator"].(string) != "" { + model.Operator = core.StringPtr(modelMap["operator"].(string)) + } + return model, nil +} + +func ResourceIBMCbrRuleMapToResourceTagAttribute(modelMap map[string]interface{}) (*contextbasedrestrictionsv1.ResourceTagAttribute, error) { + model := &contextbasedrestrictionsv1.ResourceTagAttribute{} + model.Name = core.StringPtr(modelMap["name"].(string)) + model.Value = core.StringPtr(modelMap["value"].(string)) + if modelMap["operator"] != nil && modelMap["operator"].(string) != "" { + model.Operator = core.StringPtr(modelMap["operator"].(string)) + } + return model, nil +} + +func ResourceIBMCbrRuleRuleContextToMap(model *contextbasedrestrictionsv1.RuleContext) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + attributes := []map[string]interface{}{} + for _, attributesItem := range model.Attributes { + attributesItemMap, err := ResourceIBMCbrRuleRuleContextAttributeToMap(&attributesItem) + if err != nil { + return modelMap, err + } + attributes = append(attributes, attributesItemMap) + } + modelMap["attributes"] = attributes + return modelMap, nil +} + +func ResourceIBMCbrRuleRuleContextAttributeToMap(model *contextbasedrestrictionsv1.RuleContextAttribute) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["name"] = model.Name + modelMap["value"] = model.Value + return modelMap, nil +} + +func ResourceIBMCbrRuleResourceToMap(model *contextbasedrestrictionsv1.Resource) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + attributes := []map[string]interface{}{} + for _, attributesItem := range model.Attributes { + attributesItemMap, err := ResourceIBMCbrRuleResourceAttributeToMap(&attributesItem) + if err != nil { + return modelMap, err + } + attributes = append(attributes, attributesItemMap) + } + modelMap["attributes"] = attributes + if model.Tags != nil { + tags := []map[string]interface{}{} + for _, tagsItem := range model.Tags { + tagsItemMap, err := ResourceIBMCbrRuleResourceTagAttributeToMap(&tagsItem) + if err != nil { + return modelMap, err + } + tags = append(tags, tagsItemMap) + } + modelMap["tags"] = tags + } + return modelMap, nil +} + +func ResourceIBMCbrRuleResourceAttributeToMap(model *contextbasedrestrictionsv1.ResourceAttribute) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["name"] = model.Name + modelMap["value"] = model.Value + if model.Operator != nil { + modelMap["operator"] = model.Operator + } + return modelMap, nil +} + +func ResourceIBMCbrRuleResourceTagAttributeToMap(model *contextbasedrestrictionsv1.ResourceTagAttribute) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["name"] = model.Name + modelMap["value"] = model.Value + if model.Operator != nil { + modelMap["operator"] = model.Operator + } + return modelMap, nil +} diff --git a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule_test.go b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule_test.go index d575e76e3e6..4bf3537dc2b 100644 --- a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule_test.go +++ b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule_test.go @@ -1,4 +1,4 @@ -// Copyright IBM Corp. 2021 All Rights Reserved. +// Copyright IBM Corp. 2022 All Rights Reserved. // Licensed under the Mozilla Public License v2.0 package contextbasedrestrictions_test @@ -25,7 +25,7 @@ func TestAccIBMCbrRuleBasic(t *testing.T) { Providers: acc.TestAccProviders, CheckDestroy: testAccCheckIBMCbrRuleDestroy, Steps: []resource.TestStep{ - { + resource.TestStep{ Config: testAccCheckIBMCbrRuleConfigBasic(), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckIBMCbrRuleExists("ibm_cbr_rule.cbr_rule", conf), @@ -38,48 +38,55 @@ func TestAccIBMCbrRuleBasic(t *testing.T) { func TestAccIBMCbrRuleAllArgs(t *testing.T) { var conf contextbasedrestrictionsv1.Rule description := fmt.Sprintf("tf_description_%d", acctest.RandIntRange(10, 100)) + enforcementMode := "enabled" descriptionUpdate := fmt.Sprintf("tf_description_%d", acctest.RandIntRange(10, 100)) + enforcementModeUpdate := "report" resource.Test(t, resource.TestCase{ PreCheck: func() { acc.TestAccPreCheck(t) }, Providers: acc.TestAccProviders, CheckDestroy: testAccCheckIBMCbrRuleDestroy, Steps: []resource.TestStep{ - { - Config: testAccCheckIBMCbrRuleConfig(description), + resource.TestStep{ + Config: testAccCheckIBMCbrRuleConfig(description, enforcementMode), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckIBMCbrRuleExists("ibm_cbr_rule.cbr_rule", conf), resource.TestCheckResourceAttr("ibm_cbr_rule.cbr_rule", "description", description), + resource.TestCheckResourceAttr("ibm_cbr_rule.cbr_rule", "enforcement_mode", enforcementMode), ), }, - { - Config: testAccCheckIBMCbrRuleConfig(descriptionUpdate), + resource.TestStep{ + Config: testAccCheckIBMCbrRuleConfig(descriptionUpdate, enforcementModeUpdate), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("ibm_cbr_rule.cbr_rule", "description", descriptionUpdate), + resource.TestCheckResourceAttr("ibm_cbr_rule.cbr_rule", "enforcement_mode", enforcementModeUpdate), ), }, - { + resource.TestStep{ ResourceName: "ibm_cbr_rule.cbr_rule", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{ - "transaction_id"}, }, }, }) } func testAccCheckIBMCbrRuleConfigBasic() string { - return ` + return fmt.Sprintf(` + resource "ibm_cbr_rule" "cbr_rule" { description = "test rule config basic" contexts { attributes { name = "networkZoneId" - value = "322af80e125f6842cded8ba7a1008370" + value = "559052eb8f43302824e7ae490c0281eb" } } - resources { + resources { + attributes { + name = "accountId" + value = "82cbc8dcd1ab4112b7272b410ac9965c" + } attributes { name = "serviceName" value = "user-management" @@ -89,12 +96,12 @@ func testAccCheckIBMCbrRuleConfigBasic() string { value = "tag_value" } } + enforcement_mode = "disabled" } - ` + `) } -func testAccCheckIBMCbrRuleConfig(description string) string { - // func testAccCheckIBMCbrRuleConfig(description string) string { +func testAccCheckIBMCbrRuleConfig(description string, enforcementMode string) string { return fmt.Sprintf(` resource "ibm_cbr_rule" "cbr_rule" { @@ -102,21 +109,27 @@ func testAccCheckIBMCbrRuleConfig(description string) string { contexts { attributes { name = "networkZoneId" - value = "322af80e125f6842cded8ba7a1008370" + value = "559052eb8f43302824e7ae490c0281eb" } } resources { + attributes { + name = "accountId" + value = "82cbc8dcd1ab4112b7272b410ac9965c" + } attributes { name = "serviceName" value = "user-management" } - tags { - name = "tag_name" - value = "tag_value" - } + tags { + name = "name" + value = "value" + operator = "stringEquals" + } } + enforcement_mode = "%s" } - `, description) + `, description, enforcementMode) } func testAccCheckIBMCbrRuleExists(n string, obj contextbasedrestrictionsv1.Rule) resource.TestCheckFunc { @@ -166,7 +179,7 @@ func testAccCheckIBMCbrRuleDestroy(s *terraform.State) error { if err == nil { return fmt.Errorf("cbr_rule still exists: %s", rs.Primary.ID) } else if response.StatusCode != 404 { - return fmt.Errorf("[ERROR] Error checking for cbr_rule (%s) has been destroyed: %s", rs.Primary.ID, err) + return fmt.Errorf("Error checking for cbr_rule (%s) has been destroyed: %s", rs.Primary.ID, err) } } diff --git a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone.go b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone.go index 10e2b119e11..f2fdf9835b4 100644 --- a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone.go +++ b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone.go @@ -1,11 +1,10 @@ -// Copyright IBM Corp. 2021 All Rights Reserved. +// Copyright IBM Corp. 2022 All Rights Reserved. // Licensed under the Mozilla Public License v2.0 package contextbasedrestrictions import ( "context" - "encoding/json" "fmt" "log" @@ -21,69 +20,70 @@ import ( func ResourceIBMCbrZone() *schema.Resource { return &schema.Resource{ - CreateContext: resourceIBMCbrZoneCreate, - ReadContext: resourceIBMCbrZoneRead, - UpdateContext: resourceIBMCbrZoneUpdate, - DeleteContext: resourceIBMCbrZoneDelete, + CreateContext: ResourceIBMCbrZoneCreate, + ReadContext: ResourceIBMCbrZoneRead, + UpdateContext: ResourceIBMCbrZoneUpdate, + DeleteContext: ResourceIBMCbrZoneDelete, Importer: &schema.ResourceImporter{}, Schema: map[string]*schema.Schema{ - "name": { + "name": &schema.Schema{ Type: schema.TypeString, - Required: true, + Optional: true, ValidateFunc: validate.InvokeValidator("ibm_cbr_zone", "name"), Description: "The name of the zone.", }, - "account_id": { - Type: schema.TypeString, - Computed: true, - Description: "The id of the account owning this zone.", + "account_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ValidateFunc: validate.InvokeValidator("ibm_cbr_zone", "account_id"), + Description: "The id of the account owning this zone.", }, - "description": { + "description": &schema.Schema{ Type: schema.TypeString, Optional: true, ValidateFunc: validate.InvokeValidator("ibm_cbr_zone", "description"), Description: "The description of the zone.", }, - "addresses": { + "addresses": &schema.Schema{ Type: schema.TypeList, - Required: true, + Optional: true, Description: "The list of addresses in the zone.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "type": { + "type": &schema.Schema{ Type: schema.TypeString, Optional: true, Description: "The type of address.", }, - "value": { + "value": &schema.Schema{ Type: schema.TypeString, Optional: true, Description: "The IP address.", }, - "ref": { + "ref": &schema.Schema{ Type: schema.TypeList, MaxItems: 1, Optional: true, Description: "A service reference value.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "account_id": { + "account_id": &schema.Schema{ Type: schema.TypeString, - Computed: true, + Required: true, Description: "The id of the account owning the service.", }, - "service_type": { + "service_type": &schema.Schema{ Type: schema.TypeString, Optional: true, Description: "The service type.", }, - "service_name": { + "service_name": &schema.Schema{ Type: schema.TypeString, Optional: true, Description: "The service name.", }, - "service_instance": { + "service_instance": &schema.Schema{ Type: schema.TypeString, Optional: true, Description: "The service instance.", @@ -94,45 +94,45 @@ func ResourceIBMCbrZone() *schema.Resource { }, }, }, - "excluded": { + "excluded": &schema.Schema{ Type: schema.TypeList, Optional: true, Description: "The list of excluded addresses in the zone. Only addresses of type `ipAddress`, `ipRange`, and `subnet` can be excluded.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "type": { + "type": &schema.Schema{ Type: schema.TypeString, Optional: true, Description: "The type of address.", }, - "value": { + "value": &schema.Schema{ Type: schema.TypeString, Optional: true, Description: "The IP address.", }, - "ref": { + "ref": &schema.Schema{ Type: schema.TypeList, MaxItems: 1, Optional: true, Description: "A service reference value.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "account_id": { + "account_id": &schema.Schema{ Type: schema.TypeString, - Computed: true, + Required: true, Description: "The id of the account owning the service.", }, - "service_type": { + "service_type": &schema.Schema{ Type: schema.TypeString, Optional: true, Description: "The service type.", }, - "service_name": { + "service_name": &schema.Schema{ Type: schema.TypeString, Optional: true, Description: "The service name.", }, - "service_instance": { + "service_instance": &schema.Schema{ Type: schema.TypeString, Optional: true, Description: "The service instance.", @@ -143,47 +143,59 @@ func ResourceIBMCbrZone() *schema.Resource { }, }, }, - "crn": { + "x_correlation_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ValidateFunc: validate.InvokeValidator("ibm_cbr_zone", "x_correlation_id"), + Description: "The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.", + }, + "transaction_id": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ValidateFunc: validate.InvokeValidator("ibm_cbr_zone", "transaction_id"), + Description: "The `Transaction-Id` header behaves as the `X-Correlation-Id` header. It is supported for backward compatibility with other IBM platform services that support the `Transaction-Id` header only. If both `X-Correlation-Id` and `Transaction-Id` are provided, `X-Correlation-Id` has the precedence over `Transaction-Id`.", + }, + "crn": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The zone CRN.", }, - "address_count": { + "address_count": &schema.Schema{ Type: schema.TypeInt, Computed: true, Description: "The number of addresses in the zone.", }, - "excluded_count": { + "excluded_count": &schema.Schema{ Type: schema.TypeInt, Computed: true, Description: "The number of excluded addresses in the zone.", }, - "href": { + "href": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The href link to the resource.", }, - "created_at": { + "created_at": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The time the resource was created.", }, - "created_by_id": { + "created_by_id": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "IAM ID of the user or service which created the resource.", }, - "last_modified_at": { + "last_modified_at": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "The last time the resource was modified.", }, - "last_modified_by_id": { + "last_modified_by_id": &schema.Schema{ Type: schema.TypeString, Computed: true, Description: "IAM ID of the user or service which modified the resource.", }, - "version": { + "version": &schema.Schema{ Type: schema.TypeString, Computed: true, }, @@ -192,14 +204,23 @@ func ResourceIBMCbrZone() *schema.Resource { } func ResourceIBMCbrZoneValidator() *validate.ResourceValidator { - validateSchema := make([]validate.ValidateSchema, 0) + validateSchema := make([]validate.ValidateSchema, 1) validateSchema = append(validateSchema, validate.ValidateSchema{ Identifier: "name", ValidateFunctionIdentifier: validate.ValidateRegexpLen, Type: validate.TypeString, Optional: true, - Regexp: `^[a-zA-Z0-9 \\-_]+$`, + Regexp: `^[a-zA-Z0-9 \-_]+$`, + MinValueLength: 1, + MaxValueLength: 128, + }, + validate.ValidateSchema{ + Identifier: "account_id", + ValidateFunctionIdentifier: validate.ValidateRegexpLen, + Type: validate.TypeString, + Optional: true, + Regexp: `^[a-zA-Z0-9\-]+$`, MinValueLength: 1, MaxValueLength: 128, }, @@ -212,23 +233,31 @@ func ResourceIBMCbrZoneValidator() *validate.ResourceValidator { MinValueLength: 0, MaxValueLength: 300, }, + validate.ValidateSchema{ + Identifier: "x_correlation_id", + ValidateFunctionIdentifier: validate.ValidateRegexpLen, + Type: validate.TypeString, + Optional: true, + Regexp: `^[a-zA-Z0-9 ,\-_]+$`, + MinValueLength: 1, + MaxValueLength: 1024, + }, + validate.ValidateSchema{ + Identifier: "transaction_id", + ValidateFunctionIdentifier: validate.ValidateRegexpLen, + Type: validate.TypeString, + Optional: true, + Regexp: `^[a-zA-Z0-9 ,\-_]+$`, + MinValueLength: 1, + MaxValueLength: 1024, + }, ) resourceValidator := validate.ResourceValidator{ResourceName: "ibm_cbr_zone", Schema: validateSchema} return &resourceValidator } -func getIBMCbrAccountId(meta interface{}) (string, error) { - userDetails, err := meta.(conns.ClientSession).BluemixUserDetails() - - if err != nil { - return "", err - } else { - return userDetails.UserAccount, nil - } -} - -func resourceIBMCbrZoneCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { +func ResourceIBMCbrZoneCreate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { contextBasedRestrictionsClient, err := meta.(conns.ClientSession).ContextBasedRestrictionsV1() if err != nil { return diag.FromErr(err) @@ -239,13 +268,9 @@ func resourceIBMCbrZoneCreate(context context.Context, d *schema.ResourceData, m if _, ok := d.GetOk("name"); ok { createZoneOptions.SetName(d.Get("name").(string)) } - - accountID, err := getIBMCbrAccountId(meta) - if err != nil { - return diag.FromErr(err) + if _, ok := d.GetOk("account_id"); ok { + createZoneOptions.SetAccountID(d.Get("account_id").(string)) } - createZoneOptions.SetAccountID(accountID) - if _, ok := d.GetOk("description"); ok { createZoneOptions.SetDescription(d.Get("description").(string)) } @@ -253,7 +278,10 @@ func resourceIBMCbrZoneCreate(context context.Context, d *schema.ResourceData, m var addresses []contextbasedrestrictionsv1.AddressIntf for _, e := range d.Get("addresses").([]interface{}) { value := e.(map[string]interface{}) - addressesItem := resourceIBMCbrZoneMapToAddress(value, accountID) + addressesItem, err := ResourceIBMCbrZoneMapToAddress(value) + if err != nil { + return diag.FromErr(err) + } addresses = append(addresses, addressesItem) } createZoneOptions.SetAddresses(addresses) @@ -262,11 +290,20 @@ func resourceIBMCbrZoneCreate(context context.Context, d *schema.ResourceData, m var excluded []contextbasedrestrictionsv1.AddressIntf for _, e := range d.Get("excluded").([]interface{}) { value := e.(map[string]interface{}) - excludedItem := resourceIBMCbrZoneMapToAddress(value, accountID) + excludedItem, err := ResourceIBMCbrZoneMapToAddress(value) + if err != nil { + return diag.FromErr(err) + } excluded = append(excluded, excludedItem) } createZoneOptions.SetExcluded(excluded) } + if _, ok := d.GetOk("x_correlation_id"); ok { + createZoneOptions.SetXCorrelationID(d.Get("x_correlation_id").(string)) + } + if _, ok := d.GetOk("transaction_id"); ok { + createZoneOptions.SetTransactionID(d.Get("transaction_id").(string)) + } zone, response, err := contextBasedRestrictionsClient.CreateZoneWithContext(context, createZoneOptions) if err != nil { @@ -276,112 +313,10 @@ func resourceIBMCbrZoneCreate(context context.Context, d *schema.ResourceData, m d.SetId(*zone.ID) - return resourceIBMCbrZoneRead(context, d, meta) -} - -func resourceIBMCbrZoneMapToAddress(addressMap map[string]interface{}, accountID string) contextbasedrestrictionsv1.AddressIntf { - var address contextbasedrestrictionsv1.AddressIntf - disc, ok := addressMap["type"] - if ok { - switch disc { - case "ipAddress": - ipAddress := resourceIBMCbrZoneMapToAddressIPAddress(addressMap) - address = &ipAddress - case "ipRange": - ipAddressRange := resourceIBMCbrZoneMapToAddressIPAddressRange(addressMap) - address = &ipAddressRange - case "subnet": - subnet := resourceIBMCbrZoneMapToAddressSubnet(addressMap) - address = &subnet - case "vpc": - vpc := resourceIBMCbrZoneMapToAddressVPC(addressMap) - address = &vpc - case "serviceRef": - serviceRef := resourceIBMCbrZoneMapToAddressServiceRef(addressMap, accountID) - address = &serviceRef - } - } else { - log.Println("[DEBUG] 'type' field is missing from 'addresses'") - } - - return address + return ResourceIBMCbrZoneRead(context, d, meta) } -func resourceIBMCbrZoneMapToServiceRefValue(serviceRefValueMap map[string]interface{}, accountID string) contextbasedrestrictionsv1.ServiceRefValue { - serviceRefValue := contextbasedrestrictionsv1.ServiceRefValue{} - - serviceRefValue.AccountID = &accountID - - if serviceRefValueMap["service_type"] != nil && serviceRefValueMap["service_type"] != "" { - serviceRefValue.ServiceType = core.StringPtr(serviceRefValueMap["service_type"].(string)) - } - if serviceRefValueMap["service_name"] != nil && serviceRefValueMap["service_name"] != "" { - serviceRefValue.ServiceName = core.StringPtr(serviceRefValueMap["service_name"].(string)) - } - if serviceRefValueMap["service_instance"] != nil && serviceRefValueMap["service_instance"] != "" { - serviceRefValue.ServiceInstance = core.StringPtr(serviceRefValueMap["service_instance"].(string)) - } - - return serviceRefValue -} - -func resourceIBMCbrZoneMapToAddressIPAddress(addressIPAddressMap map[string]interface{}) contextbasedrestrictionsv1.AddressIPAddress { - addressIPAddress := contextbasedrestrictionsv1.AddressIPAddress{} - - addressIPAddress.Type = core.StringPtr(addressIPAddressMap["type"].(string)) - addressIPAddress.Value = core.StringPtr(addressIPAddressMap["value"].(string)) - - return addressIPAddress -} - -func resourceIBMCbrZoneMapToAddressServiceRef(addressServiceRefMap map[string]interface{}, accountID string) contextbasedrestrictionsv1.AddressServiceRef { - addressServiceRef := contextbasedrestrictionsv1.AddressServiceRef{} - - addressServiceRef.Type = core.StringPtr(addressServiceRefMap["type"].(string)) - - if _, ok := addressServiceRefMap["value"]; ok { - delete(addressServiceRefMap, "value") - } - - if refSlice, ok := addressServiceRefMap["ref"]; ok { - ref := refSlice.([]interface{}) - if len(ref) > 0 { - serviceRefValue := resourceIBMCbrZoneMapToServiceRefValue(ref[0].(map[string]interface{}), accountID) - addressServiceRef.Ref = &serviceRefValue - } - } - - return addressServiceRef -} - -func resourceIBMCbrZoneMapToAddressSubnet(addressSubnetMap map[string]interface{}) contextbasedrestrictionsv1.AddressSubnet { - addressSubnet := contextbasedrestrictionsv1.AddressSubnet{} - - addressSubnet.Type = core.StringPtr(addressSubnetMap["type"].(string)) - addressSubnet.Value = core.StringPtr(addressSubnetMap["value"].(string)) - - return addressSubnet -} - -func resourceIBMCbrZoneMapToAddressIPAddressRange(addressIPAddressRangeMap map[string]interface{}) contextbasedrestrictionsv1.AddressIPAddressRange { - addressIPAddressRange := contextbasedrestrictionsv1.AddressIPAddressRange{} - - addressIPAddressRange.Type = core.StringPtr(addressIPAddressRangeMap["type"].(string)) - addressIPAddressRange.Value = core.StringPtr(addressIPAddressRangeMap["value"].(string)) - - return addressIPAddressRange -} - -func resourceIBMCbrZoneMapToAddressVPC(addressVPCMap map[string]interface{}) contextbasedrestrictionsv1.AddressVPC { - addressVPC := contextbasedrestrictionsv1.AddressVPC{} - - addressVPC.Type = core.StringPtr(addressVPCMap["type"].(string)) - addressVPC.Value = core.StringPtr(addressVPCMap["value"].(string)) - - return addressVPC -} - -func resourceIBMCbrZoneRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { +func ResourceIBMCbrZoneRead(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { contextBasedRestrictionsClient, err := meta.(conns.ClientSession).ContextBasedRestrictionsV1() if err != nil { return diag.FromErr(err) @@ -389,11 +324,6 @@ func resourceIBMCbrZoneRead(context context.Context, d *schema.ResourceData, met getZoneOptions := &contextbasedrestrictionsv1.GetZoneOptions{} - accountID, err := getIBMCbrAccountId(meta) - if err != nil { - return diag.FromErr(err) - } - getZoneOptions.SetZoneID(d.Id()) zone, response, err := contextBasedRestrictionsClient.GetZoneWithContext(context, getZoneOptions) @@ -406,170 +336,79 @@ func resourceIBMCbrZoneRead(context context.Context, d *schema.ResourceData, met return diag.FromErr(fmt.Errorf("GetZoneWithContext failed %s\n%s", err, response)) } + if err = d.Set("x_correlation_id", getZoneOptions.XCorrelationID); err != nil { + return diag.FromErr(fmt.Errorf("Error setting x_correlation_id: %s", err)) + } + if err = d.Set("transaction_id", getZoneOptions.TransactionID); err != nil { + return diag.FromErr(fmt.Errorf("Error setting transaction_id: %s", err)) + } if err = d.Set("name", zone.Name); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting name: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting name: %s", err)) + } + if err = d.Set("account_id", zone.AccountID); err != nil { + return diag.FromErr(fmt.Errorf("Error setting account_id: %s", err)) } - if err = d.Set("description", zone.Description); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting description: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting description: %s", err)) } - + addresses := []map[string]interface{}{} if zone.Addresses != nil { - addresses := []map[string]interface{}{} for _, addressesItem := range zone.Addresses { - addressesItemMap := resourceIBMCbrZoneAddressToMap(addressesItem, accountID) + addressesItemMap, err := ResourceIBMCbrZoneAddressToMap(addressesItem) + if err != nil { + return diag.FromErr(err) + } addresses = append(addresses, addressesItemMap) } - - if err = d.Set("addresses", addresses); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting addresses: %s", err)) - } } - + if err = d.Set("addresses", addresses); err != nil { + return diag.FromErr(fmt.Errorf("Error setting addresses: %s", err)) + } + excluded := []map[string]interface{}{} if zone.Excluded != nil { - excluded := []map[string]interface{}{} for _, excludedItem := range zone.Excluded { - excludedItemMap := resourceIBMCbrZoneAddressToMap(excludedItem, accountID) + excludedItemMap, err := ResourceIBMCbrZoneAddressToMap(excludedItem) + if err != nil { + return diag.FromErr(err) + } excluded = append(excluded, excludedItemMap) } - if err = d.Set("excluded", excluded); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting excluded: %s", err)) - } + } + if err = d.Set("excluded", excluded); err != nil { + return diag.FromErr(fmt.Errorf("Error setting excluded: %s", err)) } if err = d.Set("crn", zone.CRN); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting crn: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) } if err = d.Set("address_count", flex.IntValue(zone.AddressCount)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting address_count: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting address_count: %s", err)) } if err = d.Set("excluded_count", flex.IntValue(zone.ExcludedCount)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting excluded_count: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting excluded_count: %s", err)) } if err = d.Set("href", zone.Href); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting href: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting href: %s", err)) } if err = d.Set("created_at", flex.DateTimeToString(zone.CreatedAt)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting created_at: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting created_at: %s", err)) } if err = d.Set("created_by_id", zone.CreatedByID); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting created_by_id: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting created_by_id: %s", err)) } if err = d.Set("last_modified_at", flex.DateTimeToString(zone.LastModifiedAt)); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting last_modified_at: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting last_modified_at: %s", err)) } if err = d.Set("last_modified_by_id", zone.LastModifiedByID); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting last_modified_by_id: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting last_modified_by_id: %s", err)) } if err = d.Set("version", response.Headers.Get("Etag")); err != nil { - return diag.FromErr(fmt.Errorf("[ERROR] Error setting version: %s", err)) + return diag.FromErr(fmt.Errorf("Error setting version: %s", err)) } return nil } -func resourceIBMCbrZoneAddressToMap(address contextbasedrestrictionsv1.AddressIntf, accountID string) map[string]interface{} { - addressMap := map[string]interface{}{} - - buf, err := json.Marshal(address) - - if err == nil { - err = json.Unmarshal(buf, &addressMap) - } - - if err != nil { - panic(err) - } - - if addressMap["type"] == "serviceRef" { - var refArray []interface{} - - refMap := map[string]string{} - refBuf, err := json.Marshal(addressMap["ref"]) - if err == nil { - err = json.Unmarshal(refBuf, &refMap) - } - - if err != nil { - panic(err) - } - - delete(refMap, "account_id") - - refArray = append(refArray, refMap) - - delete(addressMap, "ref") - addressMap["ref"] = refArray - - addressMap["value"] = "" - } - - return addressMap -} - -func resourceIBMCbrZoneServiceRefValueToMap(serviceRefValue contextbasedrestrictionsv1.ServiceRefValue) map[string]interface{} { - serviceRefValueMap := map[string]interface{}{} - - serviceRefValueMap["account_id"] = serviceRefValue.AccountID - if serviceRefValue.ServiceType != nil { - serviceRefValueMap["service_type"] = serviceRefValue.ServiceType - } - if serviceRefValue.ServiceName != nil { - serviceRefValueMap["service_name"] = serviceRefValue.ServiceName - } - if serviceRefValue.ServiceInstance != nil { - serviceRefValueMap["service_instance"] = serviceRefValue.ServiceInstance - } - - return serviceRefValueMap -} - -func resourceIBMCbrZoneAddressIPAddressToMap(addressIPAddress contextbasedrestrictionsv1.AddressIPAddress) map[string]interface{} { - addressIPAddressMap := map[string]interface{}{} - - addressIPAddressMap["type"] = addressIPAddress.Type - addressIPAddressMap["value"] = addressIPAddress.Value - - return addressIPAddressMap -} - -func resourceIBMCbrZoneAddressServiceRefToMap(addressServiceRef contextbasedrestrictionsv1.AddressServiceRef) map[string]interface{} { - addressServiceRefMap := map[string]interface{}{} - - addressServiceRefMap["type"] = addressServiceRef.Type - RefMap := resourceIBMCbrZoneServiceRefValueToMap(*addressServiceRef.Ref) - addressServiceRefMap["ref"] = []map[string]interface{}{RefMap} - - return addressServiceRefMap -} - -func resourceIBMCbrZoneAddressSubnetToMap(addressSubnet contextbasedrestrictionsv1.AddressSubnet) map[string]interface{} { - addressSubnetMap := map[string]interface{}{} - - addressSubnetMap["type"] = addressSubnet.Type - addressSubnetMap["value"] = addressSubnet.Value - - return addressSubnetMap -} - -func resourceIBMCbrZoneAddressIPAddressRangeToMap(addressIPAddressRange contextbasedrestrictionsv1.AddressIPAddressRange) map[string]interface{} { - addressIPAddressRangeMap := map[string]interface{}{} - - addressIPAddressRangeMap["type"] = addressIPAddressRange.Type - addressIPAddressRangeMap["value"] = addressIPAddressRange.Value - - return addressIPAddressRangeMap -} - -func resourceIBMCbrZoneAddressVPCToMap(addressVPC contextbasedrestrictionsv1.AddressVPC) map[string]interface{} { - addressVPCMap := map[string]interface{}{} - - addressVPCMap["type"] = addressVPC.Type - addressVPCMap["value"] = addressVPC.Value - - return addressVPCMap -} - -func resourceIBMCbrZoneUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { +func ResourceIBMCbrZoneUpdate(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { contextBasedRestrictionsClient, err := meta.(conns.ClientSession).ContextBasedRestrictionsV1() if err != nil { return diag.FromErr(err) @@ -581,13 +420,9 @@ func resourceIBMCbrZoneUpdate(context context.Context, d *schema.ResourceData, m if _, ok := d.GetOk("name"); ok { replaceZoneOptions.SetName(d.Get("name").(string)) } - - accountID, err := getIBMCbrAccountId(meta) - if err != nil { - return diag.FromErr(err) + if _, ok := d.GetOk("account_id"); ok { + replaceZoneOptions.SetAccountID(d.Get("account_id").(string)) } - replaceZoneOptions.SetAccountID(accountID) - if _, ok := d.GetOk("description"); ok { replaceZoneOptions.SetDescription(d.Get("description").(string)) } @@ -595,7 +430,10 @@ func resourceIBMCbrZoneUpdate(context context.Context, d *schema.ResourceData, m var addresses []contextbasedrestrictionsv1.AddressIntf for _, e := range d.Get("addresses").([]interface{}) { value := e.(map[string]interface{}) - addressesItem := resourceIBMCbrZoneMapToAddress(value, accountID) + addressesItem, err := ResourceIBMCbrZoneMapToAddress(value) + if err != nil { + return diag.FromErr(err) + } addresses = append(addresses, addressesItem) } replaceZoneOptions.SetAddresses(addresses) @@ -604,12 +442,20 @@ func resourceIBMCbrZoneUpdate(context context.Context, d *schema.ResourceData, m var excluded []contextbasedrestrictionsv1.AddressIntf for _, e := range d.Get("excluded").([]interface{}) { value := e.(map[string]interface{}) - excludedItem := resourceIBMCbrZoneMapToAddress(value, accountID) + excludedItem, err := ResourceIBMCbrZoneMapToAddress(value) + if err != nil { + return diag.FromErr(err) + } excluded = append(excluded, excludedItem) } replaceZoneOptions.SetExcluded(excluded) } - + if _, ok := d.GetOk("x_correlation_id"); ok { + replaceZoneOptions.SetXCorrelationID(d.Get("x_correlation_id").(string)) + } + if _, ok := d.GetOk("transaction_id"); ok { + replaceZoneOptions.SetTransactionID(d.Get("transaction_id").(string)) + } replaceZoneOptions.SetIfMatch(d.Get("version").(string)) _, response, err := contextBasedRestrictionsClient.ReplaceZoneWithContext(context, replaceZoneOptions) @@ -618,10 +464,10 @@ func resourceIBMCbrZoneUpdate(context context.Context, d *schema.ResourceData, m return diag.FromErr(fmt.Errorf("ReplaceZoneWithContext failed %s\n%s", err, response)) } - return resourceIBMCbrZoneRead(context, d, meta) + return ResourceIBMCbrZoneRead(context, d, meta) } -func resourceIBMCbrZoneDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { +func ResourceIBMCbrZoneDelete(context context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { contextBasedRestrictionsClient, err := meta.(conns.ClientSession).ContextBasedRestrictionsV1() if err != nil { return diag.FromErr(err) @@ -641,3 +487,165 @@ func resourceIBMCbrZoneDelete(context context.Context, d *schema.ResourceData, m return nil } + +func ResourceIBMCbrZoneMapToAddress(modelMap map[string]interface{}) (contextbasedrestrictionsv1.AddressIntf, error) { + discValue, ok := modelMap["type"] + if ok { + if discValue == "ipAddress" { + return ResourceIBMCbrZoneMapToAddressIPAddress(modelMap) + } else if discValue == "ipRange" { + return ResourceIBMCbrZoneMapToAddressIPAddressRange(modelMap) + } else if discValue == "subnet" { + return ResourceIBMCbrZoneMapToAddressSubnet(modelMap) + } else if discValue == "vpc" { + return ResourceIBMCbrZoneMapToAddressVPC(modelMap) + } else if discValue == "serviceRef" { + return ResourceIBMCbrZoneMapToAddressServiceRef(modelMap) + } else { + return nil, fmt.Errorf("unexpected value for discriminator property 'type' found in map: '%s'", discValue) + } + } else { + return nil, fmt.Errorf("discriminator property 'type' not found in map") + } +} + +func ResourceIBMCbrZoneMapToServiceRefValue(modelMap map[string]interface{}) (*contextbasedrestrictionsv1.ServiceRefValue, error) { + model := &contextbasedrestrictionsv1.ServiceRefValue{} + model.AccountID = core.StringPtr(modelMap["account_id"].(string)) + if modelMap["service_type"] != nil && modelMap["service_type"].(string) != "" { + model.ServiceType = core.StringPtr(modelMap["service_type"].(string)) + } + if modelMap["service_name"] != nil && modelMap["service_name"].(string) != "" { + model.ServiceName = core.StringPtr(modelMap["service_name"].(string)) + } + if modelMap["service_instance"] != nil && modelMap["service_instance"].(string) != "" { + model.ServiceInstance = core.StringPtr(modelMap["service_instance"].(string)) + } + return model, nil +} + +func ResourceIBMCbrZoneMapToAddressIPAddress(modelMap map[string]interface{}) (*contextbasedrestrictionsv1.AddressIPAddress, error) { + model := &contextbasedrestrictionsv1.AddressIPAddress{} + model.Type = core.StringPtr(modelMap["type"].(string)) + model.Value = core.StringPtr(modelMap["value"].(string)) + return model, nil +} + +func ResourceIBMCbrZoneMapToAddressServiceRef(modelMap map[string]interface{}) (*contextbasedrestrictionsv1.AddressServiceRef, error) { + model := &contextbasedrestrictionsv1.AddressServiceRef{} + model.Type = core.StringPtr(modelMap["type"].(string)) + RefModel, err := ResourceIBMCbrZoneMapToServiceRefValue(modelMap["ref"].([]interface{})[0].(map[string]interface{})) + if err != nil { + return model, err + } + model.Ref = RefModel + return model, nil +} + +func ResourceIBMCbrZoneMapToAddressSubnet(modelMap map[string]interface{}) (*contextbasedrestrictionsv1.AddressSubnet, error) { + model := &contextbasedrestrictionsv1.AddressSubnet{} + model.Type = core.StringPtr(modelMap["type"].(string)) + model.Value = core.StringPtr(modelMap["value"].(string)) + return model, nil +} + +func ResourceIBMCbrZoneMapToAddressIPAddressRange(modelMap map[string]interface{}) (*contextbasedrestrictionsv1.AddressIPAddressRange, error) { + model := &contextbasedrestrictionsv1.AddressIPAddressRange{} + model.Type = core.StringPtr(modelMap["type"].(string)) + model.Value = core.StringPtr(modelMap["value"].(string)) + return model, nil +} + +func ResourceIBMCbrZoneMapToAddressVPC(modelMap map[string]interface{}) (*contextbasedrestrictionsv1.AddressVPC, error) { + model := &contextbasedrestrictionsv1.AddressVPC{} + model.Type = core.StringPtr(modelMap["type"].(string)) + model.Value = core.StringPtr(modelMap["value"].(string)) + return model, nil +} + +func ResourceIBMCbrZoneAddressToMap(model contextbasedrestrictionsv1.AddressIntf) (map[string]interface{}, error) { + if _, ok := model.(*contextbasedrestrictionsv1.AddressIPAddress); ok { + return ResourceIBMCbrZoneAddressIPAddressToMap(model.(*contextbasedrestrictionsv1.AddressIPAddress)) + } else if _, ok := model.(*contextbasedrestrictionsv1.AddressIPAddressRange); ok { + return ResourceIBMCbrZoneAddressIPAddressRangeToMap(model.(*contextbasedrestrictionsv1.AddressIPAddressRange)) + } else if _, ok := model.(*contextbasedrestrictionsv1.AddressSubnet); ok { + return ResourceIBMCbrZoneAddressSubnetToMap(model.(*contextbasedrestrictionsv1.AddressSubnet)) + } else if _, ok := model.(*contextbasedrestrictionsv1.AddressVPC); ok { + return ResourceIBMCbrZoneAddressVPCToMap(model.(*contextbasedrestrictionsv1.AddressVPC)) + } else if _, ok := model.(*contextbasedrestrictionsv1.AddressServiceRef); ok { + return ResourceIBMCbrZoneAddressServiceRefToMap(model.(*contextbasedrestrictionsv1.AddressServiceRef)) + } else if _, ok := model.(*contextbasedrestrictionsv1.Address); ok { + modelMap := make(map[string]interface{}) + model := model.(*contextbasedrestrictionsv1.Address) + if model.Type != nil { + modelMap["type"] = model.Type + } + if model.Value != nil { + modelMap["value"] = model.Value + } + if model.Ref != nil { + refMap, err := ResourceIBMCbrZoneServiceRefValueToMap(model.Ref) + if err != nil { + return modelMap, err + } + modelMap["ref"] = []map[string]interface{}{refMap} + } + return modelMap, nil + } else { + return nil, fmt.Errorf("Unrecognized contextbasedrestrictionsv1.AddressIntf subtype encountered") + } +} + +func ResourceIBMCbrZoneServiceRefValueToMap(model *contextbasedrestrictionsv1.ServiceRefValue) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["account_id"] = model.AccountID + if model.ServiceType != nil { + modelMap["service_type"] = model.ServiceType + } + if model.ServiceName != nil { + modelMap["service_name"] = model.ServiceName + } + if model.ServiceInstance != nil { + modelMap["service_instance"] = model.ServiceInstance + } + return modelMap, nil +} + +func ResourceIBMCbrZoneAddressIPAddressToMap(model *contextbasedrestrictionsv1.AddressIPAddress) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = model.Value + return modelMap, nil +} + +func ResourceIBMCbrZoneAddressServiceRefToMap(model *contextbasedrestrictionsv1.AddressServiceRef) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + refMap, err := ResourceIBMCbrZoneServiceRefValueToMap(model.Ref) + if err != nil { + return modelMap, err + } + modelMap["ref"] = []map[string]interface{}{refMap} + return modelMap, nil +} + +func ResourceIBMCbrZoneAddressSubnetToMap(model *contextbasedrestrictionsv1.AddressSubnet) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = model.Value + return modelMap, nil +} + +func ResourceIBMCbrZoneAddressIPAddressRangeToMap(model *contextbasedrestrictionsv1.AddressIPAddressRange) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = model.Value + return modelMap, nil +} + +func ResourceIBMCbrZoneAddressVPCToMap(model *contextbasedrestrictionsv1.AddressVPC) (map[string]interface{}, error) { + modelMap := make(map[string]interface{}) + modelMap["type"] = model.Type + modelMap["value"] = model.Value + return modelMap, nil +} diff --git a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone_test.go b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone_test.go index ba0c5f6c1df..92733f09d64 100644 --- a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone_test.go +++ b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone_test.go @@ -1,4 +1,4 @@ -// Copyright IBM Corp. 2021 All Rights Reserved. +// Copyright IBM Corp. 2022 All Rights Reserved. // Licensed under the Mozilla Public License v2.0 package contextbasedrestrictions_test @@ -25,7 +25,7 @@ func TestAccIBMCbrZoneBasic(t *testing.T) { Providers: acc.TestAccProviders, CheckDestroy: testAccCheckIBMCbrZoneDestroy, Steps: []resource.TestStep{ - { + resource.TestStep{ Config: testAccCheckIBMCbrZoneConfigBasic(), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckIBMCbrZoneExists("ibm_cbr_zone.cbr_zone", conf), @@ -38,8 +38,10 @@ func TestAccIBMCbrZoneBasic(t *testing.T) { func TestAccIBMCbrZoneAllArgs(t *testing.T) { var conf contextbasedrestrictionsv1.Zone name := fmt.Sprintf("tf_name_%d", acctest.RandIntRange(10, 100)) + accountID := fmt.Sprintf("82cbc8dcd1ab4112b7272b410ac9965c") description := fmt.Sprintf("tf_description_%d", acctest.RandIntRange(10, 100)) nameUpdate := fmt.Sprintf("tf_name_%d", acctest.RandIntRange(10, 100)) + accountIDUpdate := fmt.Sprintf("82cbc8dcd1ab4112b7272b410ac9965c") descriptionUpdate := fmt.Sprintf("tf_description_%d", acctest.RandIntRange(10, 100)) resource.Test(t, resource.TestCase{ @@ -47,67 +49,69 @@ func TestAccIBMCbrZoneAllArgs(t *testing.T) { Providers: acc.TestAccProviders, CheckDestroy: testAccCheckIBMCbrZoneDestroy, Steps: []resource.TestStep{ - { - Config: testAccCheckIBMCbrZoneConfig(name, description), + resource.TestStep{ + Config: testAccCheckIBMCbrZoneConfig(name, accountID, description), Check: resource.ComposeAggregateTestCheckFunc( testAccCheckIBMCbrZoneExists("ibm_cbr_zone.cbr_zone", conf), resource.TestCheckResourceAttr("ibm_cbr_zone.cbr_zone", "name", name), + resource.TestCheckResourceAttr("ibm_cbr_zone.cbr_zone", "account_id", accountID), resource.TestCheckResourceAttr("ibm_cbr_zone.cbr_zone", "description", description), ), }, - { - Config: testAccCheckIBMCbrZoneConfig(nameUpdate, descriptionUpdate), + resource.TestStep{ + Config: testAccCheckIBMCbrZoneConfig(nameUpdate, accountIDUpdate, descriptionUpdate), Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("ibm_cbr_zone.cbr_zone", "name", nameUpdate), + resource.TestCheckResourceAttr("ibm_cbr_zone.cbr_zone", "account_id", accountIDUpdate), resource.TestCheckResourceAttr("ibm_cbr_zone.cbr_zone", "description", descriptionUpdate), ), }, - { + resource.TestStep{ ResourceName: "ibm_cbr_zone.cbr_zone", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{ - "transaction_id"}, }, }, }) } func testAccCheckIBMCbrZoneConfigBasic() string { - return ` + return fmt.Sprintf(` resource "ibm_cbr_zone" "cbr_zone" { name = "Test Zone Resource Config Basic" description = "Test Zone Resource Config Basic" + account_id = "82cbc8dcd1ab4112b7272b410ac9965c" addresses { type = "ipRange" value = "169.23.22.0-169.23.22.255" } } - ` + `) } -func testAccCheckIBMCbrZoneConfig(name string, description string) string { +func testAccCheckIBMCbrZoneConfig(name string, accountID string, description string) string { return fmt.Sprintf(` - resource "ibm_cbr_zone" "cbr_zone" { name = "%s" description = "%s" + account_id = "%s" addresses { type = "ipRange" value = "169.23.22.0-169.23.22.255" } + excluded { + type = "ipAddress" + value = "169.23.22.10" + } addresses { type = "serviceRef" ref { service_name = "user-management" + account_id = "%s" } } - excluded { - type = "ipAddress" - value = "169.23.22.10" - } } - `, name, description) + `, name, description, accountID, accountID) } func testAccCheckIBMCbrZoneExists(n string, obj contextbasedrestrictionsv1.Zone) resource.TestCheckFunc { @@ -157,7 +161,7 @@ func testAccCheckIBMCbrZoneDestroy(s *terraform.State) error { if err == nil { return fmt.Errorf("cbr_zone still exists: %s", rs.Primary.ID) } else if response.StatusCode != 404 { - return fmt.Errorf("[ERROR] Error checking for cbr_zone (%s) has been destroyed: %s", rs.Primary.ID, err) + return fmt.Errorf("Error checking for cbr_zone (%s) has been destroyed: %s", rs.Primary.ID, err) } } diff --git a/website/docs/d/cbr_rule.html.markdown b/website/docs/d/cbr_rule.html.markdown index b7628ee2f1d..7443c2d2652 100644 --- a/website/docs/d/cbr_rule.html.markdown +++ b/website/docs/d/cbr_rule.html.markdown @@ -2,7 +2,7 @@ layout: "ibm" page_title: "IBM : ibm_cbr_rule" description: |- - Get information about cbr_rule +Get information about cbr_rule subcategory: "Context Based Restrictions" --- @@ -14,7 +14,7 @@ Provides a read-only data source for cbr_rule. You can then reference the fields ```hcl data "ibm_cbr_rule" "cbr_rule" { - rule_id = "rule_id" + rule_id = "rule_id" } ``` @@ -22,61 +22,64 @@ data "ibm_cbr_rule" "cbr_rule" { Review the argument reference that you can specify for your data source. -* `rule_id` - (Required, String) The ID of a rule. - * Constraints: The maximum length is `32` characters. The minimum length is `32` characters. The value must match regular expression `^[a-fA-F0-9]{32}$`. +* `rule_id` - (Required, Forces new resource, String) The ID of a rule. + * Constraints: The maximum length is `32` characters. The minimum length is `32` characters. The value must match regular expression `^[a-fA-F0-9]{32}$`. ## Attribute Reference In addition to all argument references listed, you can access the following attribute references after your data source is created. * `id` - The unique identifier of the cbr_rule. -* `contexts` - (List) The contexts this rule applies to. - * Constraints: The maximum length is `1000` items. The minimum length is `1` item. -Nested scheme for **contexts**: - * `attributes` - (List) The attributes. - * Constraints: The minimum length is `1` item. - Nested scheme for **attributes**: - * `name` - (String) The attribute name. - * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. - * `value` - (String) The attribute value. - * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[\S\s]+$`. - -* `created_at` - (String) The time the resource was created. - -* `created_by_id` - (String) IAM ID of the user or service which created the resource. - -* `crn` - (String) The rule CRN. - -* `description` - (String) The description of the rule. - * Constraints: The maximum length is `300` characters. The minimum length is `0` characters. The value must match regular expression `^[\x20-\xFE]*$`. - -* `href` - (String) The href link to the resource. - -* `id` - (String) The globally unique ID of the rule. - -* `last_modified_at` - (String) The last time the resource was modified. - -* `last_modified_by_id` - (String) IAM ID of the user or service which modified the resource. - -* `resources` - (List) The resources this rule apply to. - * Constraints: The maximum length is `1` item. The minimum length is `1` item. -Nested scheme for **resources**: - * `attributes` - (List) The resource attributes. - * Constraints: The minimum length is `1` item. - Nested scheme for **attributes**: - * `name` - (String) The attribute name. - * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. - * `operator` - (Optional, String) The attribute operator. - * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. - * `value` - (String) The attribute value. - * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[\S\s]+$`. - * `tags` - (Optional, List) The optional resource tags. - * Constraints: The maximum length is `10` items. The minimum length is `1` item. - Nested scheme for **tags**: - * `name` - (String) The tag attribute name. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9 _.-]+$`. - * `operator` - (Optional, String) The attribute operator. - * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. - * `value` - (String) The tag attribute value. - * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9 _*?.-]+$`. +* `contexts` - (Required, List) The contexts this rule applies to. + * Constraints: The maximum length is `1000` items. The minimum length is `1` item. + Nested scheme for **contexts**: + * `attributes` - (Required, List) The attributes. + * Constraints: The minimum length is `1` item. + Nested scheme for **attributes**: + * `name` - (Required, String) The attribute name. + * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. + * `value` - (Required, String) The attribute value. + * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[\S\s]+$`. + +* `created_at` - (Required, String) The time the resource was created. + +* `created_by_id` - (Required, String) IAM ID of the user or service which created the resource. + +* `crn` - (Required, String) The rule CRN. + +* `description` - (Required, String) The description of the rule. + * Constraints: The maximum length is `300` characters. The minimum length is `0` characters. The value must match regular expression `^[\x20-\xFE]*$`. + +* `enforcement_mode` - (Optional, String) The rule enforcement mode: * `enabled` - The restrictions are enforced and reported. This is the default. * `disabled` - The restrictions are disabled. Nothing is enforced or reported. * `report` - The restrictions are evaluated and reported, but not enforced. + * Constraints: The default value is `enabled`. Allowable values are: `enabled`, `disabled`, `report`. + +* `href` - (Required, String) The href link to the resource. + +* `id` - (Required, String) The globally unique ID of the rule. + +* `last_modified_at` - (Required, String) The last time the resource was modified. + +* `last_modified_by_id` - (Required, String) IAM ID of the user or service which modified the resource. + +* `resources` - (Required, List) The resources this rule apply to. + * Constraints: The maximum length is `1` item. The minimum length is `1` item. + Nested scheme for **resources**: + * `attributes` - (Required, List) The resource attributes. + * Constraints: The minimum length is `1` item. + Nested scheme for **attributes**: + * `name` - (Required, String) The attribute name. + * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. + * `operator` - (Optional, String) The attribute operator. + * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. + * `value` - (Required, String) The attribute value. + * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[\S\s]+$`. + * `tags` - (Optional, List) The optional resource tags. + * Constraints: The maximum length is `10` items. The minimum length is `1` item. + Nested scheme for **tags**: + * `name` - (Required, String) The tag attribute name. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9 _.-]+$`. + * `operator` - (Optional, String) The attribute operator. + * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. + * `value` - (Required, String) The tag attribute value. + * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9 _*?.-]+$`. diff --git a/website/docs/d/cbr_zone.html.markdown b/website/docs/d/cbr_zone.html.markdown index ff52c19f16b..0d10637a8b0 100644 --- a/website/docs/d/cbr_zone.html.markdown +++ b/website/docs/d/cbr_zone.html.markdown @@ -2,7 +2,7 @@ layout: "ibm" page_title: "IBM : ibm_cbr_zone" description: |- - Get information about cbr_zone +Get information about cbr_zone subcategory: "Context Based Restrictions" --- @@ -14,7 +14,7 @@ Provides a read-only data source for cbr_zone. You can then reference the fields ```hcl data "ibm_cbr_zone" "cbr_zone" { - zone_id = "zone_id" + zone_id = "zone_id" } ``` @@ -22,70 +22,74 @@ data "ibm_cbr_zone" "cbr_zone" { Review the argument reference that you can specify for your data source. -* `zone_id` - (Required, String) The ID of a zone. - * Constraints: The maximum length is `32` characters. The minimum length is `32` characters. The value must match regular expression `^[a-fA-F0-9]{32}$`. +* `zone_id` - (Required, Forces new resource, String) The ID of a zone. + * Constraints: The maximum length is `32` characters. The minimum length is `32` characters. The value must match regular expression `^[a-fA-F0-9]{32}$`. ## Attribute Reference In addition to all argument references listed, you can access the following attribute references after your data source is created. * `id` - The unique identifier of the cbr_zone. - -* `address_count` - (Integer) The number of addresses in the zone. - -* `addresses` - (List) The list of addresses in the zone. - * Constraints: The maximum length is `1000` items. The minimum length is `1` item. -Nested scheme for **addresses**: - * `ref` - (Optional, List) A service reference value. - Nested scheme for **ref**: - * `account_id` - (String) The id of the account owning the service. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9\-]+$`. - * `service_instance` - (Optional, String) The service instance. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-\/]+$`. - * `service_name` - (Optional, String) The service name. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-]+$`. - * `service_type` - (Optional, String) The service type. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z_]+$`. +* `account_id` - (Required, String) The id of the account owning this zone. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9\-]+$`. + +* `address_count` - (Required, Integer) The number of addresses in the zone. + +* `addresses` - (Required, List) The list of addresses in the zone. + * Constraints: The maximum length is `1000` items. The minimum length is `1` item. + Nested scheme for **addresses**: + * `ref` - (Optional, List) A service reference value. + Nested scheme for **ref**: + * `account_id` - (Required, String) The id of the account owning the service. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9\-]+$`. + * `service_instance` - (Optional, String) The service instance. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-/]+$`. + * `service_name` - (Optional, String) The service name. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-]+$`. + * `service_type` - (Optional, String) The service type. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z_]+$`. * `type` - (Optional, String) The type of address. - * Constraints: Allowable values are: `ipAddress`, `ipRange`, `subnet`, `vpc`, `serviceRef`. + * Constraints: Allowable values are: `ipAddress`, `ipRange`, `subnet`, `vpc`, `serviceRef`. * `value` - (Optional, String) The IP address. - * Constraints: The maximum length is `45` characters. The minimum length is `7` characters. The value must match regular expression `^[a-zA-Z0-9:.]+$`. - -* `created_at` - (String) The time the resource was created. - -* `created_by_id` - (String) IAM ID of the user or service which created the resource. - -* `crn` - (String) The zone CRN. - -* `description` - (String) The description of the zone. - * Constraints: The maximum length is `300` characters. The minimum length is `0` characters. The value must match regular expression `^[\x20-\xFE]*$`. - -* `excluded` - (List) The list of excluded addresses in the zone. Only addresses of type `ipAddress`, `ipRange`, and `subnet` can be excluded. - * Constraints: The maximum length is `1000` items. -Nested scheme for **excluded**: - * `ref` - (Optional, List) A service reference value. - Nested scheme for **ref**: - * `service_instance` - (Optional, String) The service instance. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-\/]+$`. - * `service_name` - (Optional, String) The service name. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-]+$`. - * `service_type` - (Optional, String) The service type. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z_]+$`. + * Constraints: The maximum length is `45` characters. The minimum length is `2` characters. The value must match regular expression `^[a-zA-Z0-9:.]+$`. + +* `created_at` - (Required, String) The time the resource was created. + +* `created_by_id` - (Required, String) IAM ID of the user or service which created the resource. + +* `crn` - (Required, String) The zone CRN. + +* `description` - (Required, String) The description of the zone. + * Constraints: The maximum length is `300` characters. The minimum length is `0` characters. The value must match regular expression `^[\x20-\xFE]*$`. + +* `excluded` - (Required, List) The list of excluded addresses in the zone. Only addresses of type `ipAddress`, `ipRange`, and `subnet` can be excluded. + * Constraints: The maximum length is `1000` items. + Nested scheme for **excluded**: + * `ref` - (Optional, List) A service reference value. + Nested scheme for **ref**: + * `account_id` - (Required, String) The id of the account owning the service. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9\-]+$`. + * `service_instance` - (Optional, String) The service instance. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-/]+$`. + * `service_name` - (Optional, String) The service name. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-]+$`. + * `service_type` - (Optional, String) The service type. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z_]+$`. * `type` - (Optional, String) The type of address. - * Constraints: Allowable values are: `ipAddress`, `ipRange`, `subnet`, `vpc`, `serviceRef`. + * Constraints: Allowable values are: `ipAddress`, `ipRange`, `subnet`, `vpc`, `serviceRef`. * `value` - (Optional, String) The IP address. - * Constraints: The maximum length is `45` characters. The minimum length is `7` characters. The value must match regular expression `^[a-zA-Z0-9:.]+$`. + * Constraints: The maximum length is `45` characters. The minimum length is `2` characters. The value must match regular expression `^[a-zA-Z0-9:.]+$`. -* `excluded_count` - (Integer) The number of excluded addresses in the zone. +* `excluded_count` - (Required, Integer) The number of excluded addresses in the zone. -* `href` - (String) The href link to the resource. +* `href` - (Required, String) The href link to the resource. -* `id` - (String) The globally unique ID of the zone. +* `id` - (Required, String) The globally unique ID of the zone. -* `last_modified_at` - (String) The last time the resource was modified. +* `last_modified_at` - (Required, String) The last time the resource was modified. -* `last_modified_by_id` - (String) IAM ID of the user or service which modified the resource. +* `last_modified_by_id` - (Required, String) IAM ID of the user or service which modified the resource. -* `name` - (String) The name of the zone. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9\-_]+$`. +* `name` - (Required, String) The name of the zone. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9 \-_]+$`. diff --git a/website/docs/r/cbr_rule.html.markdown b/website/docs/r/cbr_rule.html.markdown index a285e872c15..6c70c595b75 100644 --- a/website/docs/r/cbr_rule.html.markdown +++ b/website/docs/r/cbr_rule.html.markdown @@ -2,7 +2,7 @@ layout: "ibm" page_title: "IBM : ibm_cbr_rule" description: |- - Manages cbr_rule. +Manages cbr_rule. subcategory: "Context Based Restrictions" --- @@ -14,75 +14,132 @@ Provides a resource for cbr_rule. This allows cbr_rule to be created, updated an ```hcl resource "ibm_cbr_rule" "cbr_rule" { - description = "this is an example of rule" contexts { attributes { - name = "networkZoneId" - value = "322af80e125f6842cded8ba7a1008370" + name = "name" + value = "value" } } + description = "this is an example of rule" + enforcement_mode = "enabled" resources { attributes { - name = "serviceName" - value = "user-management" + name = "name" + value = "value" + operator = "operator" + } + tags { + name = "name" + value = "value" + operator = "operator" } } } - ``` ## Argument Reference Review the argument reference that you can specify for your resource. -* `contexts` - (Required, List) The contexts this rule applies to. - * Constraints: The maximum length is `1000` items. The minimum length is `1` item. -Nested scheme for **contexts**: - * `attributes` - (Required, List) The attributes. - * Constraints: The minimum length is `1` item. - Nested scheme for **attributes**: - * `name` - (Required, String) The attribute name. - * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. - * `value` - (Required, String) The attribute value. - * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[\S\s]+$`. +* `contexts` - (Optional, List) The contexts this rule applies to. + * Constraints: The maximum length is `1000` items. The minimum length is `1` item. + Nested scheme for **contexts**: + * `attributes` - (Required, List) The attributes. + * Constraints: The minimum length is `1` item. + Nested scheme for **attributes**: + * `name` - (Required, String) The attribute name. + * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. + * `value` - (Required, String) The attribute value. + * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[\S\s]+$`. * `description` - (Optional, String) The description of the rule. - * Constraints: The maximum length is `300` characters. The minimum length is `0` characters. The value must match regular expression `^[\x20-\xFE]*$`. -* `resources` - (Required, List) The resources this rule apply to. - * Constraints: The maximum length is `1` item. The minimum length is `1` item. -Nested scheme for **resources**: - * `attributes` - (Required, List) The resource attributes. - * Constraints: The minimum length is `1` item. - Nested scheme for **attributes**: - * `name` - (Required, String) The attribute name. - * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. - * `operator` - (Optional, String) The attribute operator. - * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. - * `value` - (Required, String) The attribute value. - * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[\S\s]+$`. - * `tags` - (Optional, List) The optional resource tags. - * Constraints: The maximum length is `10` items. The minimum length is `1` item. - Nested scheme for **tags**: - * `name` - (Required, String) The tag attribute name. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9 _.-]+$`. - * `operator` - (Optional, String) The attribute operator. - * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. - * `value` - (Required, String) The tag attribute value. - * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9 _*?.-]+$`. - + * Constraints: The maximum length is `300` characters. The minimum length is `0` characters. The value must match regular expression `^[\x20-\xFE]*$`. +* `enforcement_mode` - (Optional, String) The rule enforcement mode: * `enabled` - The restrictions are enforced and reported. This is the default. * `disabled` - The restrictions are disabled. Nothing is enforced or reported. * `report` - The restrictions are evaluated and reported, but not enforced. + * Constraints: The default value is `enabled`. Allowable values are: `enabled`, `disabled`, `report`. +* `resources` - (Optional, List) The resources this rule apply to. + * Constraints: The maximum length is `1` item. The minimum length is `1` item. + Nested scheme for **resources**: + * `attributes` - (Required, List) The resource attributes. + * Constraints: The minimum length is `1` item. + Nested scheme for **attributes**: + * `name` - (Required, String) The attribute name. + * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. + * `operator` - (Optional, String) The attribute operator. + * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. + * `value` - (Required, String) The attribute value. + * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[\S\s]+$`. + * `tags` - (Optional, List) The optional resource tags. + * Constraints: The maximum length is `10` items. The minimum length is `1` item. + Nested scheme for **tags**: + * `name` - (Required, String) The tag attribute name. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9 _.-]+$`. + * `operator` - (Optional, String) The attribute operator. + * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. + * `value` - (Required, String) The tag attribute value. + * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9 _*?.-]+$`. ## Attribute Reference In addition to all argument references listed, you can access the following attribute references after your resource is created. * `id` - The unique identifier of the cbr_rule. -* `created_at` - (String) The time the resource was created. -* `created_by_id` - (String) IAM ID of the user or service which created the resource. -* `crn` - (String) The rule CRN. -* `href` - (String) The href link to the resource. -* `last_modified_at` - (String) The last time the resource was modified. -* `last_modified_by_id` - (String) IAM ID of the user or service which modified the resource. +* `created_at` - (Required, String) The time the resource was created. +* `created_by_id` - (Required, String) IAM ID of the user or service which created the resource. +* `crn` - (Required, String) The rule CRN. +* `href` - (Required, String) The href link to the resource. +* `last_modified_at` - (Required, String) The last time the resource was modified. +* `last_modified_by_id` - (Required, String) IAM ID of the user or service which modified the resource. * `version` - Version of the cbr_rule. +## Provider Configuration + +The IBM Cloud provider offers a flexible means of providing credentials for authentication. The following methods are supported, in this order, and explained below: + +- Static credentials +- Environment variables + +To find which credentials are required for this resource, see the service table [here](https://cloud.ibm.com/docs/ibm-cloud-provider-for-terraform?topic=ibm-cloud-provider-for-terraform-provider-reference#required-parameters). + +### Static credentials + +You can provide your static credentials by adding the `ibmcloud_api_key`, `iaas_classic_username`, and `iaas_classic_api_key` arguments in the IBM Cloud provider block. + +Usage: +``` +provider "ibm" { + ibmcloud_api_key = "" + iaas_classic_username = "" + iaas_classic_api_key = "" +} +``` + +### Environment variables + +You can provide your credentials by exporting the `IC_API_KEY`, `IAAS_CLASSIC_USERNAME`, and `IAAS_CLASSIC_API_KEY` environment variables, representing your IBM Cloud platform API key, IBM Cloud Classic Infrastructure (SoftLayer) user name, and IBM Cloud infrastructure API key, respectively. + +``` +provider "ibm" {} +``` + +Usage: +``` +export IC_API_KEY="ibmcloud_api_key" +export IAAS_CLASSIC_USERNAME="iaas_classic_username" +export IAAS_CLASSIC_API_KEY="iaas_classic_api_key" +terraform plan +``` + +Note: + +1. Create or find your `ibmcloud_api_key` and `iaas_classic_api_key` [here](https://cloud.ibm.com/iam/apikeys). +- Select `My IBM Cloud API Keys` option from view dropdown for `ibmcloud_api_key` +- Select `Classic Infrastructure API Keys` option from view dropdown for `iaas_classic_api_key` +2. For iaas_classic_username +- Go to [Users](https://cloud.ibm.com/iam/users) +- Click on user. +- Find user name in the `VPN password` section under `User Details` tab + +For more informaton, see [here](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs#authentication). + ## Import You can import the `ibm_cbr_rule` resource by using `id`. The globally unique ID of the rule. diff --git a/website/docs/r/cbr_zone.html.markdown b/website/docs/r/cbr_zone.html.markdown index 02253bdb349..96df200a812 100644 --- a/website/docs/r/cbr_zone.html.markdown +++ b/website/docs/r/cbr_zone.html.markdown @@ -2,7 +2,7 @@ layout: "ibm" page_title: "IBM : ibm_cbr_zone" description: |- - Manages cbr_zone. +Manages cbr_zone. subcategory: "Context Based Restrictions" --- @@ -14,12 +14,17 @@ Provides a resource for cbr_zone. This allows cbr_zone to be created, updated an ```hcl resource "ibm_cbr_zone" "cbr_zone" { - name = "Test Zone Resource Config Basic" - description = "Test Zone Resource Config Basic" - addresses { - type = "ipRange" - value = "169.23.22.0-169.23.22.255" - } + account_id = "12ab34cd56ef78ab90cd12ef34ab56cd" + addresses { + type = "ipAddress" + value = "value" + } + description = "this is an example of zone" + excluded { + type = "ipAddress" + value = "value" + } + name = "an example of zone" } ``` @@ -27,57 +32,112 @@ resource "ibm_cbr_zone" "cbr_zone" { Review the argument reference that you can specify for your resource. -* `addresses` - (Required, List) The list of addresses in the zone. - * Constraints: The maximum length is `1000` items. The minimum length is `1` item. -Nested scheme for **addresses**: - * `ref` - (Optional, List) A service reference value. - Nested scheme for **ref**: - * `service_instance` - (Optional, String) The service instance. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-\/]+$`. - * `service_name` - (Optional, String) The service name. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-]+$`. - * `service_type` - (required, String) The service type. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z_]+$`. - * `type` - (required, String) The type of address. - * Constraints: Allowable values are: `ipAddress`, `ipRange`, `subnet`, `vpc`, `serviceRef`. - * `value` - (required, String) The IP address. - * Constraints: The maximum length is `45` characters. The minimum length is `7` characters. The value must match regular expression `^[a-zA-Z0-9:.]+$`. +* `account_id` - (Optional, String) The id of the account owning this zone. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9\-]+$`. +* `addresses` - (Optional, List) The list of addresses in the zone. + * Constraints: The maximum length is `1000` items. The minimum length is `1` item. + Nested scheme for **addresses**: + * `ref` - (Optional, List) A service reference value. + Nested scheme for **ref**: + * `account_id` - (Required, String) The id of the account owning the service. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9\-]+$`. + * `service_instance` - (Optional, String) The service instance. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-/]+$`. + * `service_name` - (Optional, String) The service name. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-]+$`. + * `service_type` - (Optional, String) The service type. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z_]+$`. + * `type` - (Optional, String) The type of address. + * Constraints: Allowable values are: `ipAddress`, `ipRange`, `subnet`, `vpc`, `serviceRef`. + * `value` - (Optional, String) The IP address. + * Constraints: The maximum length is `45` characters. The minimum length is `2` characters. The value must match regular expression `^[a-zA-Z0-9:.]+$`. * `description` - (Optional, String) The description of the zone. - * Constraints: The maximum length is `300` characters. The minimum length is `0` characters. The value must match regular expression `^[\x20-\xFE]*$`. + * Constraints: The maximum length is `300` characters. The minimum length is `0` characters. The value must match regular expression `^[\x20-\xFE]*$`. * `excluded` - (Optional, List) The list of excluded addresses in the zone. Only addresses of type `ipAddress`, `ipRange`, and `subnet` can be excluded. - * Constraints: The maximum length is `1000` items. -Nested scheme for **excluded**: - * `ref` - (Optional, List) A service reference value. - Nested scheme for **ref**: - * `service_instance` - (Optional, String) The service instance. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-/]+$`. - * `service_name` - (Optional, String) The service name. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-]+$`. - * `service_type` - (required, String) The service type. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z_]+$`. - * `type` - (required, String) The type of address. - * Constraints: Allowable values are: `ipAddress`, `ipRange`, `subnet`, `vpc`, `serviceRef`. - * `value` - (required, String) The IP address. - * Constraints: The maximum length is `45` characters. The minimum length is `7` characters. The value must match regular expression `/^[a-zA-Z0-9:.]+$/`. -* `name` - (required, String) The name of the zone. - * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `/^[a-zA-Z0-9 \\-_]+$/`. - + * Constraints: The maximum length is `1000` items. + Nested scheme for **excluded**: + * `ref` - (Optional, List) A service reference value. + Nested scheme for **ref**: + * `account_id` - (Required, String) The id of the account owning the service. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9\-]+$`. + * `service_instance` - (Optional, String) The service instance. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-/]+$`. + * `service_name` - (Optional, String) The service name. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-]+$`. + * `service_type` - (Optional, String) The service type. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z_]+$`. + * `type` - (Optional, String) The type of address. + * Constraints: Allowable values are: `ipAddress`, `ipRange`, `subnet`, `vpc`, `serviceRef`. + * `value` - (Optional, String) The IP address. + * Constraints: The maximum length is `45` characters. The minimum length is `2` characters. The value must match regular expression `^[a-zA-Z0-9:.]+$`. +* `name` - (Optional, String) The name of the zone. + * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9 \-_]+$`. ## Attribute Reference In addition to all argument references listed, you can access the following attribute references after your resource is created. * `id` - The unique identifier of the cbr_zone. -* `address_count` - (Integer) The number of addresses in the zone. -* `created_at` - (String) The time the resource was created. -* `created_by_id` - (String) IAM ID of the user or service which created the resource. -* `crn` - (String) The zone CRN. -* `excluded_count` - (Integer) The number of excluded addresses in the zone. -* `href` - (String) The href link to the resource. -* `last_modified_at` - (String) The last time the resource was modified. -* `last_modified_by_id` - (String) IAM ID of the user or service which modified the resource. +* `address_count` - (Required, Integer) The number of addresses in the zone. +* `created_at` - (Required, String) The time the resource was created. +* `created_by_id` - (Required, String) IAM ID of the user or service which created the resource. +* `crn` - (Required, String) The zone CRN. +* `excluded_count` - (Required, Integer) The number of excluded addresses in the zone. +* `href` - (Required, String) The href link to the resource. +* `last_modified_at` - (Required, String) The last time the resource was modified. +* `last_modified_by_id` - (Required, String) IAM ID of the user or service which modified the resource. * `version` - Version of the cbr_zone. +## Provider Configuration + +The IBM Cloud provider offers a flexible means of providing credentials for authentication. The following methods are supported, in this order, and explained below: + +- Static credentials +- Environment variables + +To find which credentials are required for this resource, see the service table [here](https://cloud.ibm.com/docs/ibm-cloud-provider-for-terraform?topic=ibm-cloud-provider-for-terraform-provider-reference#required-parameters). + +### Static credentials + +You can provide your static credentials by adding the `ibmcloud_api_key`, `iaas_classic_username`, and `iaas_classic_api_key` arguments in the IBM Cloud provider block. + +Usage: +``` +provider "ibm" { + ibmcloud_api_key = "" + iaas_classic_username = "" + iaas_classic_api_key = "" +} +``` + +### Environment variables + +You can provide your credentials by exporting the `IC_API_KEY`, `IAAS_CLASSIC_USERNAME`, and `IAAS_CLASSIC_API_KEY` environment variables, representing your IBM Cloud platform API key, IBM Cloud Classic Infrastructure (SoftLayer) user name, and IBM Cloud infrastructure API key, respectively. + +``` +provider "ibm" {} +``` + +Usage: +``` +export IC_API_KEY="ibmcloud_api_key" +export IAAS_CLASSIC_USERNAME="iaas_classic_username" +export IAAS_CLASSIC_API_KEY="iaas_classic_api_key" +terraform plan +``` + +Note: + +1. Create or find your `ibmcloud_api_key` and `iaas_classic_api_key` [here](https://cloud.ibm.com/iam/apikeys). +- Select `My IBM Cloud API Keys` option from view dropdown for `ibmcloud_api_key` +- Select `Classic Infrastructure API Keys` option from view dropdown for `iaas_classic_api_key` +2. For iaas_classic_username +- Go to [Users](https://cloud.ibm.com/iam/users) +- Click on user. +- Find user name in the `VPN password` section under `User Details` tab + +For more informaton, see [here](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs#authentication). + ## Import You can import the `ibm_cbr_zone` resource by using `id`. The globally unique ID of the zone. From c853637f742d2c2876f31c2cb73b88194d7f7f7c Mon Sep 17 00:00:00 2001 From: zhenwan Date: Fri, 17 Jun 2022 22:36:37 -0500 Subject: [PATCH 2/8] secrets.baseline update --- .secrets.baseline | 134 ++++++++++++++---- .../.terraform.lock.hcl | 13 -- .../variables.tf | 2 +- .../data_source_ibm_cbr_rule_test.go | 4 +- .../data_source_ibm_cbr_zone_test.go | 4 +- .../resource_ibm_cbr_rule_test.go | 4 +- .../resource_ibm_cbr_zone_test.go | 6 +- 7 files changed, 116 insertions(+), 51 deletions(-) delete mode 100644 examples/ibm-context-based-restrictions/.terraform.lock.hcl diff --git a/.secrets.baseline b/.secrets.baseline index 3210882505c..fab60c3171e 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2022-05-17T20:25:11Z", + "generated_at": "2022-06-18T03:34:06Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -427,6 +427,14 @@ "line_number": 37, "type": "Hex High Entropy String", "verified_result": null + }, + { + "hashed_secret": "ca8b3e9d1445b3218e3512da63b05c8f26f181e5", + "is_secret": false, + "is_verified": false, + "line_number": 45, + "type": "Hex High Entropy String", + "verified_result": null } ], "examples/ibm-database/main.tf": [ @@ -632,7 +640,7 @@ "hashed_secret": "813274ccae5b6b509379ab56982d862f7b5969b6", "is_secret": false, "is_verified": false, - "line_number": 719, + "line_number": 729, "type": "Base64 High Entropy String", "verified_result": null } @@ -642,7 +650,7 @@ "hashed_secret": "9184b0c38101bf24d78b2bb0d044deb1d33696fc", "is_secret": false, "is_verified": false, - "line_number": 123, + "line_number": 125, "type": "Secret Keyword", "verified_result": null }, @@ -650,7 +658,7 @@ "hashed_secret": "c427f185ddcb2440be9b77c8e45f1cd487a2e790", "is_secret": false, "is_verified": false, - "line_number": 1343, + "line_number": 1345, "type": "Base64 High Entropy String", "verified_result": null }, @@ -658,7 +666,7 @@ "hashed_secret": "1f7e33de15e22de9d2eaf502df284ed25ca40018", "is_secret": false, "is_verified": false, - "line_number": 1411, + "line_number": 1413, "type": "Secret Keyword", "verified_result": null }, @@ -666,7 +674,7 @@ "hashed_secret": "1f614c2eb6b3da22d89bd1b9fd47d7cb7c8fc670", "is_secret": false, "is_verified": false, - "line_number": 3038, + "line_number": 3040, "type": "Secret Keyword", "verified_result": null }, @@ -674,7 +682,7 @@ "hashed_secret": "7abfce65b8504403afc25c9790f358d513dfbcc6", "is_secret": false, "is_verified": false, - "line_number": 3051, + "line_number": 3053, "type": "Secret Keyword", "verified_result": null }, @@ -682,7 +690,7 @@ "hashed_secret": "0c2d85bf9a9b1579b16f220a4ea8c3d62b2e24b1", "is_secret": false, "is_verified": false, - "line_number": 3092, + "line_number": 3094, "type": "Secret Keyword", "verified_result": null } @@ -692,7 +700,7 @@ "hashed_secret": "da8cae6284528565678de15e03d461e23fe22538", "is_secret": false, "is_verified": false, - "line_number": 1513, + "line_number": 1514, "type": "Secret Keyword", "verified_result": null } @@ -702,7 +710,7 @@ "hashed_secret": "c8b6f5ef11b9223ac35a5663975a466ebe7ebba9", "is_secret": false, "is_verified": false, - "line_number": 1240, + "line_number": 1243, "type": "Secret Keyword", "verified_result": null }, @@ -710,7 +718,7 @@ "hashed_secret": "8abf4899c01104241510ba87685ad4de76b0c437", "is_secret": false, "is_verified": false, - "line_number": 1246, + "line_number": 1249, "type": "Secret Keyword", "verified_result": null } @@ -1305,20 +1313,56 @@ ], "ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule_test.go": [ { - "hashed_secret": "565a143eb50b2b9265143febed766438753c7b65", + "hashed_secret": "9b6e9b736d5aad4455eee13c6b2741e2271fb6c9", + "is_secret": false, + "is_verified": false, + "line_number": 106, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "ca8b3e9d1445b3218e3512da63b05c8f26f181e5", + "is_secret": false, + "is_verified": false, + "line_number": 112, + "type": "Hex High Entropy String", + "verified_result": null + } + ], + "ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone_test.go": [ + { + "hashed_secret": "ca8b3e9d1445b3218e3512da63b05c8f26f181e5", "is_secret": false, "is_verified": false, - "line_number": 101, + "line_number": 89, "type": "Hex High Entropy String", "verified_result": null } ], "ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule_test.go": [ { - "hashed_secret": "565a143eb50b2b9265143febed766438753c7b65", + "hashed_secret": "9b6e9b736d5aad4455eee13c6b2741e2271fb6c9", "is_secret": false, "is_verified": false, - "line_number": 105, + "line_number": 112, + "type": "Hex High Entropy String", + "verified_result": null + }, + { + "hashed_secret": "ca8b3e9d1445b3218e3512da63b05c8f26f181e5", + "is_secret": false, + "is_verified": false, + "line_number": 118, + "type": "Hex High Entropy String", + "verified_result": null + } + ], + "ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone_test.go": [ + { + "hashed_secret": "ca8b3e9d1445b3218e3512da63b05c8f26f181e5", + "is_secret": false, + "is_verified": false, + "line_number": 83, "type": "Hex High Entropy String", "verified_result": null } @@ -1328,7 +1372,7 @@ "hashed_secret": "884a58e4c2c5d195d3876787bdc63af6c5af2924", "is_secret": false, "is_verified": false, - "line_number": 347, + "line_number": 375, "type": "Secret Keyword", "verified_result": null } @@ -1338,7 +1382,7 @@ "hashed_secret": "884a58e4c2c5d195d3876787bdc63af6c5af2924", "is_secret": false, "is_verified": false, - "line_number": 1314, + "line_number": 1472, "type": "Secret Keyword", "verified_result": null } @@ -1358,7 +1402,7 @@ "hashed_secret": "988ff3bd9a74260f3e32e115fdd6535aaa5c531a", "is_secret": false, "is_verified": false, - "line_number": 723, + "line_number": 1031, "type": "Secret Keyword", "verified_result": null } @@ -1386,7 +1430,7 @@ "hashed_secret": "deab23f996709b4e3d14e5499d1cc2de677bfaa8", "is_secret": false, "is_verified": false, - "line_number": 1431, + "line_number": 1437, "type": "Secret Keyword", "verified_result": null }, @@ -1394,7 +1438,7 @@ "hashed_secret": "20a25bac21219ffff1904bde871ded4027eca2f8", "is_secret": false, "is_verified": false, - "line_number": 2022, + "line_number": 2028, "type": "Secret Keyword", "verified_result": null }, @@ -1402,7 +1446,7 @@ "hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f", "is_secret": false, "is_verified": false, - "line_number": 2041, + "line_number": 2047, "type": "Secret Keyword", "verified_result": null }, @@ -1410,7 +1454,7 @@ "hashed_secret": "1f5e25be9b575e9f5d39c82dfd1d9f4d73f1975c", "is_secret": false, "is_verified": false, - "line_number": 2313, + "line_number": 2319, "type": "Secret Keyword", "verified_result": null } @@ -2009,12 +2053,46 @@ ], "website/docs/r/cbr_rule.html.markdown": [ { - "hashed_secret": "565a143eb50b2b9265143febed766438753c7b65", + "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e", "is_secret": false, "is_verified": false, - "line_number": 21, + "line_number": 125, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f", + "is_secret": false, + "is_verified": false, + "line_number": 127, + "type": "Secret Keyword", + "verified_result": null + } + ], + "website/docs/r/cbr_zone.html.markdown": [ + { + "hashed_secret": "ca8b3e9d1445b3218e3512da63b05c8f26f181e5", + "is_secret": false, + "is_verified": false, + "line_number": 17, "type": "Hex High Entropy String", "verified_result": null + }, + { + "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e", + "is_secret": false, + "is_verified": false, + "line_number": 123, + "type": "Secret Keyword", + "verified_result": null + }, + { + "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f", + "is_secret": false, + "is_verified": false, + "line_number": 125, + "type": "Secret Keyword", + "verified_result": null } ], "website/docs/r/cis_alert.html.markdown": [ @@ -2156,7 +2234,7 @@ "hashed_secret": "10c28f9cf0668595d45c1090a7b4a2ae98edfa58", "is_secret": false, "is_verified": false, - "line_number": 372, + "line_number": 433, "type": "Secret Keyword", "verified_result": null }, @@ -2164,7 +2242,7 @@ "hashed_secret": "91199272d5d6a574a51722ca6f3d1148edb1a0e7", "is_secret": false, "is_verified": false, - "line_number": 415, + "line_number": 488, "type": "Secret Keyword", "verified_result": null } @@ -2254,7 +2332,7 @@ "hashed_secret": "19463ab0c6cf2c8f229c8c9666f2f784edf6bb4f", "is_secret": false, "is_verified": false, - "line_number": 165, + "line_number": 167, "type": "Secret Keyword", "verified_result": null } @@ -2300,7 +2378,7 @@ } ] }, - "version": "0.13.1+ibm.47.dss", + "version": "0.13.1+ibm.50.dss", "word_list": { "file": null, "hash": null diff --git a/examples/ibm-context-based-restrictions/.terraform.lock.hcl b/examples/ibm-context-based-restrictions/.terraform.lock.hcl deleted file mode 100644 index 0e6c45a8153..00000000000 --- a/examples/ibm-context-based-restrictions/.terraform.lock.hcl +++ /dev/null @@ -1,13 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/ibm-cloud/ibm" { - version = "1.31.0" - constraints = "1.31.0" - hashes = [ - "h1:LW3USvFUFp8SROjOBnIbmQIDR2iDyjIJn3EmrCN2Lp8=", - "zh:62e67d75a14e7aa62dbc0839d1d4c17243094be3c49bf92bcfd9916733f0285b", - "zh:7abbb18e9146c97b66eab3ae22c0a06bafc5d4478f102d510900620a8373ad7e", - "zh:e649b44a4f0eb2b1917fae31871a64bbfac7bb27fbaade9dcee0cbb21fc59735", - ] -} diff --git a/examples/ibm-context-based-restrictions/variables.tf b/examples/ibm-context-based-restrictions/variables.tf index c19bacbc1dd..3ce2c1dbcc8 100644 --- a/examples/ibm-context-based-restrictions/variables.tf +++ b/examples/ibm-context-based-restrictions/variables.tf @@ -42,5 +42,5 @@ variable "cbr_rule_rule_id" { variable "ibmcloud_account_id" { description = "Account ID for rule / zone" type = string - default = "82cbc8dcd1ab4112b7272b410ac9965c" + default = "12ab34cd56ef78ab90cd12ef34ab56cd" } \ No newline at end of file diff --git a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule_test.go b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule_test.go index f2f08deeec2..44528d8512d 100644 --- a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule_test.go +++ b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule_test.go @@ -82,7 +82,7 @@ func testAccCheckIBMCbrRuleDataSourceConfigBasic() string { resources { attributes { name = "accountId" - value = "82cbc8dcd1ab4112b7272b410ac9965c" + value = "12ab34cd56ef78ab90cd12ef34ab56cd" } attributes { name = "serviceName" @@ -109,7 +109,7 @@ func testAccCheckIBMCbrRuleDataSourceConfig(ruleDescription string, ruleEnforcem resources { attributes { name = "accountId" - value = "82cbc8dcd1ab4112b7272b410ac9965c" + value = "12ab34cd56ef78ab90cd12ef34ab56cd" } attributes { name = "serviceName" diff --git a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone_test.go b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone_test.go index c4a6d069fe1..f891de5c438 100644 --- a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone_test.go +++ b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone_test.go @@ -45,7 +45,7 @@ func TestAccIBMCbrZoneDataSourceBasic(t *testing.T) { func TestAccIBMCbrZoneDataSourceAllArgs(t *testing.T) { zoneName := fmt.Sprintf("tf_name_%d", acctest.RandIntRange(10, 100)) - zoneAccountID := "82cbc8dcd1ab4112b7272b410ac9965c" + zoneAccountID := "12ab34cd56ef78ab90cd12ef34ab56cd" zoneDescription := fmt.Sprintf("tf_description_%d", acctest.RandIntRange(10, 100)) resource.Test(t, resource.TestCase{ @@ -86,7 +86,7 @@ func testAccCheckIBMCbrZoneDataSourceConfigBasic() string { resource "ibm_cbr_zone" "cbr_zone" { name = "Test Zone Data Source Config Basic" description = "Test Zone Data Source Config Basic" - account_id = "82cbc8dcd1ab4112b7272b410ac9965c" + account_id = "12ab34cd56ef78ab90cd12ef34ab56cd" addresses { type = "ipRange" value = "169.23.22.0-169.23.22.255" diff --git a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule_test.go b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule_test.go index 4bf3537dc2b..34fc218bf04 100644 --- a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule_test.go +++ b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule_test.go @@ -85,7 +85,7 @@ func testAccCheckIBMCbrRuleConfigBasic() string { resources { attributes { name = "accountId" - value = "82cbc8dcd1ab4112b7272b410ac9965c" + value = "12ab34cd56ef78ab90cd12ef34ab56cd" } attributes { name = "serviceName" @@ -115,7 +115,7 @@ func testAccCheckIBMCbrRuleConfig(description string, enforcementMode string) st resources { attributes { name = "accountId" - value = "82cbc8dcd1ab4112b7272b410ac9965c" + value = "12ab34cd56ef78ab90cd12ef34ab56cd" } attributes { name = "serviceName" diff --git a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone_test.go b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone_test.go index 92733f09d64..242ec69f356 100644 --- a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone_test.go +++ b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone_test.go @@ -38,10 +38,10 @@ func TestAccIBMCbrZoneBasic(t *testing.T) { func TestAccIBMCbrZoneAllArgs(t *testing.T) { var conf contextbasedrestrictionsv1.Zone name := fmt.Sprintf("tf_name_%d", acctest.RandIntRange(10, 100)) - accountID := fmt.Sprintf("82cbc8dcd1ab4112b7272b410ac9965c") + accountID := fmt.Sprintf("12ab34cd56ef78ab90cd12ef34ab56cd") description := fmt.Sprintf("tf_description_%d", acctest.RandIntRange(10, 100)) nameUpdate := fmt.Sprintf("tf_name_%d", acctest.RandIntRange(10, 100)) - accountIDUpdate := fmt.Sprintf("82cbc8dcd1ab4112b7272b410ac9965c") + accountIDUpdate := fmt.Sprintf("12ab34cd56ef78ab90cd12ef34ab56cd") descriptionUpdate := fmt.Sprintf("tf_description_%d", acctest.RandIntRange(10, 100)) resource.Test(t, resource.TestCase{ @@ -80,7 +80,7 @@ func testAccCheckIBMCbrZoneConfigBasic() string { resource "ibm_cbr_zone" "cbr_zone" { name = "Test Zone Resource Config Basic" description = "Test Zone Resource Config Basic" - account_id = "82cbc8dcd1ab4112b7272b410ac9965c" + account_id = "12ab34cd56ef78ab90cd12ef34ab56cd" addresses { type = "ipRange" value = "169.23.22.0-169.23.22.255" From b076691833e635213e87d343059214a8de0edec3 Mon Sep 17 00:00:00 2001 From: zhenwan Date: Sat, 18 Jun 2022 17:54:38 -0500 Subject: [PATCH 3/8] fix import --- ibm/conns/config.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ibm/conns/config.go b/ibm/conns/config.go index 0bd2b657911..05b3547176a 100644 --- a/ibm/conns/config.go +++ b/ibm/conns/config.go @@ -62,9 +62,7 @@ import ( "github.com/IBM/platform-services-go-sdk/atrackerv1" "github.com/IBM/platform-services-go-sdk/atrackerv2" "github.com/IBM/platform-services-go-sdk/catalogmanagementv1" - //"github.com/IBM/platform-services-go-sdk/contextbasedrestrictionsv1" - "github.com/IBM-Cloud/terraform-provider-ibm/contextbasedrestrictionsv1" - + "github.com/IBM/platform-services-go-sdk/contextbasedrestrictionsv1" "github.com/IBM/platform-services-go-sdk/enterprisemanagementv1" "github.com/IBM/platform-services-go-sdk/globaltaggingv1" iamaccessgroups "github.com/IBM/platform-services-go-sdk/iamaccessgroupsv2" From 636aa92f6bf8c22a57f94b3305b9dd977c5f35f8 Mon Sep 17 00:00:00 2001 From: zhenwan Date: Sat, 18 Jun 2022 17:57:00 -0500 Subject: [PATCH 4/8] update secrets.baseline --- .secrets.baseline | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 2384f5ebec6..75a61a9c318 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2022-06-18T03:34:06Z", + "generated_at": "2022-06-18T22:56:07Z", "plugins_used": [ { "name": "AWSKeyDetector" @@ -650,7 +650,7 @@ "hashed_secret": "9184b0c38101bf24d78b2bb0d044deb1d33696fc", "is_secret": false, "is_verified": false, - "line_number": 125, + "line_number": 123, "type": "Secret Keyword", "verified_result": null }, @@ -658,7 +658,7 @@ "hashed_secret": "c427f185ddcb2440be9b77c8e45f1cd487a2e790", "is_secret": false, "is_verified": false, - "line_number": 1345, + "line_number": 1343, "type": "Base64 High Entropy String", "verified_result": null }, @@ -666,7 +666,7 @@ "hashed_secret": "1f7e33de15e22de9d2eaf502df284ed25ca40018", "is_secret": false, "is_verified": false, - "line_number": 1413, + "line_number": 1411, "type": "Secret Keyword", "verified_result": null }, @@ -674,7 +674,7 @@ "hashed_secret": "1f614c2eb6b3da22d89bd1b9fd47d7cb7c8fc670", "is_secret": false, "is_verified": false, - "line_number": 3040, + "line_number": 3038, "type": "Secret Keyword", "verified_result": null }, @@ -682,7 +682,7 @@ "hashed_secret": "7abfce65b8504403afc25c9790f358d513dfbcc6", "is_secret": false, "is_verified": false, - "line_number": 3053, + "line_number": 3051, "type": "Secret Keyword", "verified_result": null }, @@ -690,7 +690,7 @@ "hashed_secret": "0c2d85bf9a9b1579b16f220a4ea8c3d62b2e24b1", "is_secret": false, "is_verified": false, - "line_number": 3094, + "line_number": 3092, "type": "Secret Keyword", "verified_result": null } @@ -710,7 +710,7 @@ "hashed_secret": "c8b6f5ef11b9223ac35a5663975a466ebe7ebba9", "is_secret": false, "is_verified": false, - "line_number": 1243, + "line_number": 1255, "type": "Secret Keyword", "verified_result": null }, @@ -718,7 +718,7 @@ "hashed_secret": "8abf4899c01104241510ba87685ad4de76b0c437", "is_secret": false, "is_verified": false, - "line_number": 1249, + "line_number": 1261, "type": "Secret Keyword", "verified_result": null } From cd9dcf9a07bd027b504b4212ed2dc79bc7627ca0 Mon Sep 17 00:00:00 2001 From: zhenwan Date: Thu, 23 Jun 2022 14:14:55 -0500 Subject: [PATCH 5/8] update platform-service-so-sdk version --- go.mod | 4 ++-- go.sum | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 45d3033df53..53b78fe24cc 100644 --- a/go.mod +++ b/go.mod @@ -14,13 +14,13 @@ require ( github.com/IBM/container-registry-go-sdk v0.0.15 github.com/IBM/event-notifications-go-admin-sdk v0.1.2 github.com/IBM/eventstreams-go-sdk v1.2.0 - github.com/IBM/go-sdk-core/v5 v5.9.5 + github.com/IBM/go-sdk-core/v5 v5.10.1 github.com/IBM/ibm-cos-sdk-go v1.8.0 github.com/IBM/ibm-cos-sdk-go-config v1.2.0 github.com/IBM/ibm-hpcs-tke-sdk v0.0.0-20211109141421-a4b61b05f7d1 github.com/IBM/keyprotect-go-client v0.7.0 github.com/IBM/networking-go-sdk v0.28.0 - github.com/IBM/platform-services-go-sdk v0.25.1 + github.com/IBM/platform-services-go-sdk v0.26.0 github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5 github.com/IBM/scc-go-sdk v1.3.4 github.com/IBM/scc-go-sdk/v3 v3.1.6 diff --git a/go.sum b/go.sum index c71bc08b9fb..0f7b8b1b29d 100644 --- a/go.sum +++ b/go.sum @@ -41,6 +41,8 @@ github.com/IBM/go-sdk-core/v5 v5.9.1/go.mod h1:axE2JrRq79gIJTjKPBwV6gWHswvVptBjb github.com/IBM/go-sdk-core/v5 v5.9.2/go.mod h1:YlOwV9LeuclmT/qi/LAK2AsobbAP42veV0j68/rlZsE= github.com/IBM/go-sdk-core/v5 v5.9.5 h1:+uMyHpOyBlFFd/I0PB+7JqqXOPY2DzRR0tbBjTc4d/g= github.com/IBM/go-sdk-core/v5 v5.9.5/go.mod h1:YlOwV9LeuclmT/qi/LAK2AsobbAP42veV0j68/rlZsE= +github.com/IBM/go-sdk-core/v5 v5.10.1 h1:IEpjDJyB7okrC6bJ7fPZqBiOv+16VichT6kZXAz9bbQ= +github.com/IBM/go-sdk-core/v5 v5.10.1/go.mod h1:u/33BzPy8sthgEhSeBnf6/kPCqwvC9VKw5byfqQfbe0= github.com/IBM/ibm-cos-sdk-go v1.3.1/go.mod h1:YLBAYobEA8bD27P7xpMwSQeNQu6W3DNBtBComXrRzRY= github.com/IBM/ibm-cos-sdk-go v1.8.0 h1:6d3BY+jo71JvQoyUwdtv4pemEfbnK/XSKQCKOEuWmks= github.com/IBM/ibm-cos-sdk-go v1.8.0/go.mod h1:Oi8AC5WNDhmUJgbo1GL2FtBdo0nRgbzE/1HmCL1SERU= @@ -54,6 +56,8 @@ github.com/IBM/networking-go-sdk v0.28.0 h1:kdZnHb9SaVd/NgYFpOlXfXSA8Q/mASBGaiAE github.com/IBM/networking-go-sdk v0.28.0/go.mod h1:tVxXclpQs8nQJYPTr9ZPNC1voaPNQLy8iy/72oVfFtM= github.com/IBM/platform-services-go-sdk v0.25.1 h1:hF4EvJNe8KRGiytN0mVJvJaZV4UJHsrJi1xIRgIaa5w= github.com/IBM/platform-services-go-sdk v0.25.1/go.mod h1:9/v5qTMXaEBOpFe2marMukgCqv83W8PcjPWr91m2Ids= +github.com/IBM/platform-services-go-sdk v0.26.0 h1:jY1SYzMe0wihYmrfgo4+Ly4AhtUH1WHsb6ac3eu/JRY= +github.com/IBM/platform-services-go-sdk v0.26.0/go.mod h1:ZFuISyKu+qekMfvFebzqJ8AIpNlRqI7a6WuieGfjGuA= github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5 h1:NPUhkoOCRuv3OFWt19PmwjXGGTKlvmbuPg9fUrBUNe4= github.com/IBM/push-notifications-go-sdk v0.0.0-20210310100607-5790b96c47f5/go.mod h1:b07XHUVh0XYnQE9s2mqgjYST1h9buaQNqN4EcKhOsX0= github.com/IBM/scc-go-sdk v1.3.4 h1:nvSsyA2GfwjX3Aloty/LStkrY0e2rV2r+CM+YYg3zR4= @@ -405,6 +409,8 @@ github.com/hashicorp/go-retryablehttp v0.6.2/go.mod h1:gEx6HMUGxYYhJScX7W1Il64m6 github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.7.0 h1:eu1EI/mbirUgP5C8hVsTNaGZreBDlYiwC1FZWkvQPQ4= github.com/hashicorp/go-retryablehttp v0.7.0/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ= +github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= @@ -628,6 +634,7 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= @@ -790,6 +797,7 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220330033206-e17cdc41300f h1:rlezHXNlxYWvBCzNses9Dlc7nGFaNMJeqLolcmQSSZY= golang.org/x/sys v0.0.0-20220330033206-e17cdc41300f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= From ab95264a88fe48f5d871cc0dcd95ac96249ad7a3 Mon Sep 17 00:00:00 2001 From: zhenwan Date: Thu, 23 Jun 2022 14:25:19 -0500 Subject: [PATCH 6/8] Update .secrets.baseline --- .secrets.baseline | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.secrets.baseline b/.secrets.baseline index 75a61a9c318..d73f92b01b5 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2022-06-18T22:56:07Z", + "generated_at": "2022-06-23T19:24:50Z", "plugins_used": [ { "name": "AWSKeyDetector" From ad3516464780efdda729b5327e73ca34e4ab50f2 Mon Sep 17 00:00:00 2001 From: zhenwan Date: Mon, 27 Jun 2022 18:18:47 -0500 Subject: [PATCH 7/8] updated on PR review comments --- .../data_source_ibm_cbr_rule.go | 9 --- .../data_source_ibm_cbr_zone.go | 9 --- .../resource_ibm_cbr_rule.go | 6 +- .../resource_ibm_cbr_zone.go | 12 ++-- website/docs/d/cbr_rule.html.markdown | 48 +++++++-------- website/docs/d/cbr_zone.html.markdown | 60 +++++++++---------- website/docs/r/cbr_rule.html.markdown | 25 +++----- website/docs/r/cbr_zone.html.markdown | 24 ++++---- 8 files changed, 83 insertions(+), 110 deletions(-) diff --git a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule.go b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule.go index 93bb712b5f6..76970b66e03 100644 --- a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule.go +++ b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule.go @@ -26,11 +26,6 @@ func DataSourceIBMCbrRule() *schema.Resource { Required: true, Description: "The ID of a rule.", }, - "id": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The globally unique ID of the rule.", - }, "crn": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -178,10 +173,6 @@ func DataSourceIBMCbrRuleRead(context context.Context, d *schema.ResourceData, m d.SetId(fmt.Sprintf("%s", *getRuleOptions.RuleID)) - if err = d.Set("id", rule.ID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting id: %s", err)) - } - if err = d.Set("crn", rule.CRN); err != nil { return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) } diff --git a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone.go b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone.go index 09f90795799..2778474befe 100644 --- a/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone.go +++ b/ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone.go @@ -26,11 +26,6 @@ func DataSourceIBMCbrZone() *schema.Resource { Required: true, Description: "The ID of a zone.", }, - "id": &schema.Schema{ - Type: schema.TypeString, - Computed: true, - Description: "The globally unique ID of the zone.", - }, "crn": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -204,10 +199,6 @@ func DataSourceIBMCbrZoneRead(context context.Context, d *schema.ResourceData, m d.SetId(fmt.Sprintf("%s", *getZoneOptions.ZoneID)) - if err = d.Set("id", zone.ID); err != nil { - return diag.FromErr(fmt.Errorf("Error setting id: %s", err)) - } - if err = d.Set("crn", zone.CRN); err != nil { return diag.FromErr(fmt.Errorf("Error setting crn: %s", err)) } diff --git a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule.go b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule.go index 0855fc8ef63..e5a0fb18e32 100644 --- a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule.go +++ b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule.go @@ -35,7 +35,7 @@ func ResourceIBMCbrRule() *schema.Resource { }, "contexts": &schema.Schema{ Type: schema.TypeList, - Optional: true, + Required: true, Description: "The contexts this rule applies to.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -63,7 +63,7 @@ func ResourceIBMCbrRule() *schema.Resource { }, "resources": &schema.Schema{ Type: schema.TypeList, - Optional: true, + Required: true, Description: "The resources this rule apply to.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -176,7 +176,7 @@ func ResourceIBMCbrRule() *schema.Resource { } func ResourceIBMCbrRuleValidator() *validate.ResourceValidator { - validateSchema := make([]validate.ValidateSchema, 1) + validateSchema := make([]validate.ValidateSchema, 0) validateSchema = append(validateSchema, validate.ValidateSchema{ Identifier: "description", diff --git a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone.go b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone.go index f2fdf9835b4..e823409a37a 100644 --- a/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone.go +++ b/ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone.go @@ -29,13 +29,13 @@ func ResourceIBMCbrZone() *schema.Resource { Schema: map[string]*schema.Schema{ "name": &schema.Schema{ Type: schema.TypeString, - Optional: true, + Required: true, ValidateFunc: validate.InvokeValidator("ibm_cbr_zone", "name"), Description: "The name of the zone.", }, "account_id": &schema.Schema{ Type: schema.TypeString, - Optional: true, + Required: true, ValidateFunc: validate.InvokeValidator("ibm_cbr_zone", "account_id"), Description: "The id of the account owning this zone.", }, @@ -47,13 +47,13 @@ func ResourceIBMCbrZone() *schema.Resource { }, "addresses": &schema.Schema{ Type: schema.TypeList, - Optional: true, + Required: true, Description: "The list of addresses in the zone.", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "type": &schema.Schema{ Type: schema.TypeString, - Optional: true, + Required: true, Description: "The type of address.", }, "value": &schema.Schema{ @@ -102,7 +102,7 @@ func ResourceIBMCbrZone() *schema.Resource { Schema: map[string]*schema.Schema{ "type": &schema.Schema{ Type: schema.TypeString, - Optional: true, + Required: true, Description: "The type of address.", }, "value": &schema.Schema{ @@ -204,7 +204,7 @@ func ResourceIBMCbrZone() *schema.Resource { } func ResourceIBMCbrZoneValidator() *validate.ResourceValidator { - validateSchema := make([]validate.ValidateSchema, 1) + validateSchema := make([]validate.ValidateSchema, 0) validateSchema = append(validateSchema, validate.ValidateSchema{ Identifier: "name", diff --git a/website/docs/d/cbr_rule.html.markdown b/website/docs/d/cbr_rule.html.markdown index 7443c2d2652..583a5f1a7d4 100644 --- a/website/docs/d/cbr_rule.html.markdown +++ b/website/docs/d/cbr_rule.html.markdown @@ -1,9 +1,9 @@ --- +subcategory: "Context Based Restrictions" layout: "ibm" page_title: "IBM : ibm_cbr_rule" description: |- Get information about cbr_rule -subcategory: "Context Based Restrictions" --- # ibm_cbr_rule @@ -22,7 +22,7 @@ data "ibm_cbr_rule" "cbr_rule" { Review the argument reference that you can specify for your data source. -* `rule_id` - (Required, Forces new resource, String) The ID of a rule. +* `rule_id` - (Forces new resource, String) The ID of a rule. * Constraints: The maximum length is `32` characters. The minimum length is `32` characters. The value must match regular expression `^[a-fA-F0-9]{32}$`. ## Attribute Reference @@ -30,56 +30,56 @@ Review the argument reference that you can specify for your data source. In addition to all argument references listed, you can access the following attribute references after your data source is created. * `id` - The unique identifier of the cbr_rule. -* `contexts` - (Required, List) The contexts this rule applies to. +* `contexts` - (List) The contexts this rule applies to. * Constraints: The maximum length is `1000` items. The minimum length is `1` item. Nested scheme for **contexts**: - * `attributes` - (Required, List) The attributes. + * `attributes` - (List) The attributes. * Constraints: The minimum length is `1` item. Nested scheme for **attributes**: - * `name` - (Required, String) The attribute name. + * `name` - (String) The attribute name. * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. - * `value` - (Required, String) The attribute value. + * `value` - (String) The attribute value. * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[\S\s]+$`. -* `created_at` - (Required, String) The time the resource was created. +* `created_at` - (String) The time the resource was created. -* `created_by_id` - (Required, String) IAM ID of the user or service which created the resource. +* `created_by_id` - (String) IAM ID of the user or service which created the resource. -* `crn` - (Required, String) The rule CRN. +* `crn` - (String) The rule CRN. -* `description` - (Required, String) The description of the rule. +* `description` - (String) The description of the rule. * Constraints: The maximum length is `300` characters. The minimum length is `0` characters. The value must match regular expression `^[\x20-\xFE]*$`. -* `enforcement_mode` - (Optional, String) The rule enforcement mode: * `enabled` - The restrictions are enforced and reported. This is the default. * `disabled` - The restrictions are disabled. Nothing is enforced or reported. * `report` - The restrictions are evaluated and reported, but not enforced. +* `enforcement_mode` - (String) The rule enforcement mode: * `enabled` - The restrictions are enforced and reported. This is the default. * `disabled` - The restrictions are disabled. Nothing is enforced or reported. * `report` - The restrictions are evaluated and reported, but not enforced. * Constraints: The default value is `enabled`. Allowable values are: `enabled`, `disabled`, `report`. -* `href` - (Required, String) The href link to the resource. +* `href` - (String) The href link to the resource. -* `id` - (Required, String) The globally unique ID of the rule. +* `id` - (String) The globally unique ID of the rule. -* `last_modified_at` - (Required, String) The last time the resource was modified. +* `last_modified_at` - (String) The last time the resource was modified. -* `last_modified_by_id` - (Required, String) IAM ID of the user or service which modified the resource. +* `last_modified_by_id` - (String) IAM ID of the user or service which modified the resource. -* `resources` - (Required, List) The resources this rule apply to. +* `resources` - (List) The resources this rule apply to. * Constraints: The maximum length is `1` item. The minimum length is `1` item. Nested scheme for **resources**: - * `attributes` - (Required, List) The resource attributes. + * `attributes` - (List) The resource attributes. * Constraints: The minimum length is `1` item. Nested scheme for **attributes**: - * `name` - (Required, String) The attribute name. + * `name` - (String) The attribute name. * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. - * `operator` - (Optional, String) The attribute operator. + * `operator` - (String) The attribute operator. * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. - * `value` - (Required, String) The attribute value. + * `value` - (String) The attribute value. * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[\S\s]+$`. - * `tags` - (Optional, List) The optional resource tags. + * `tags` - (List) The optional resource tags. * Constraints: The maximum length is `10` items. The minimum length is `1` item. Nested scheme for **tags**: - * `name` - (Required, String) The tag attribute name. + * `name` - (String) The tag attribute name. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9 _.-]+$`. - * `operator` - (Optional, String) The attribute operator. + * `operator` - (String) The attribute operator. * Constraints: The maximum length is `64` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9]+$`. - * `value` - (Required, String) The tag attribute value. + * `value` - (String) The tag attribute value. * Constraints: The maximum length is `1000` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9 _*?.-]+$`. diff --git a/website/docs/d/cbr_zone.html.markdown b/website/docs/d/cbr_zone.html.markdown index 0d10637a8b0..c5c748b9f98 100644 --- a/website/docs/d/cbr_zone.html.markdown +++ b/website/docs/d/cbr_zone.html.markdown @@ -1,9 +1,9 @@ --- +subcategory: "Context Based Restrictions" layout: "ibm" page_title: "IBM : ibm_cbr_zone" description: |- Get information about cbr_zone -subcategory: "Context Based Restrictions" --- # ibm_cbr_zone @@ -22,7 +22,7 @@ data "ibm_cbr_zone" "cbr_zone" { Review the argument reference that you can specify for your data source. -* `zone_id` - (Required, Forces new resource, String) The ID of a zone. +* `zone_id` - (String) The ID of a zone. * Constraints: The maximum length is `32` characters. The minimum length is `32` characters. The value must match regular expression `^[a-fA-F0-9]{32}$`. ## Attribute Reference @@ -30,66 +30,66 @@ Review the argument reference that you can specify for your data source. In addition to all argument references listed, you can access the following attribute references after your data source is created. * `id` - The unique identifier of the cbr_zone. -* `account_id` - (Required, String) The id of the account owning this zone. +* `account_id` - (String) The id of the account owning this zone. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9\-]+$`. -* `address_count` - (Required, Integer) The number of addresses in the zone. +* `address_count` - (Integer) The number of addresses in the zone. -* `addresses` - (Required, List) The list of addresses in the zone. +* `addresses` - (List) The list of addresses in the zone. * Constraints: The maximum length is `1000` items. The minimum length is `1` item. Nested scheme for **addresses**: - * `ref` - (Optional, List) A service reference value. + * `ref` - (List) A service reference value. Nested scheme for **ref**: - * `account_id` - (Required, String) The id of the account owning the service. + * `account_id` - (String) The id of the account owning the service. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9\-]+$`. - * `service_instance` - (Optional, String) The service instance. + * `service_instance` - (String) The service instance. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-/]+$`. - * `service_name` - (Optional, String) The service name. + * `service_name` - (String) The service name. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-]+$`. - * `service_type` - (Optional, String) The service type. + * `service_type` - (String) The service type. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z_]+$`. - * `type` - (Optional, String) The type of address. + * `type` - (String) The type of address. * Constraints: Allowable values are: `ipAddress`, `ipRange`, `subnet`, `vpc`, `serviceRef`. - * `value` - (Optional, String) The IP address. + * `value` - (String) The IP address. * Constraints: The maximum length is `45` characters. The minimum length is `2` characters. The value must match regular expression `^[a-zA-Z0-9:.]+$`. -* `created_at` - (Required, String) The time the resource was created. +* `created_at` - (String) The time the resource was created. -* `created_by_id` - (Required, String) IAM ID of the user or service which created the resource. +* `created_by_id` - (String) IAM ID of the user or service which created the resource. -* `crn` - (Required, String) The zone CRN. +* `crn` - (String) The zone CRN. -* `description` - (Required, String) The description of the zone. +* `description` - (String) The description of the zone. * Constraints: The maximum length is `300` characters. The minimum length is `0` characters. The value must match regular expression `^[\x20-\xFE]*$`. -* `excluded` - (Required, List) The list of excluded addresses in the zone. Only addresses of type `ipAddress`, `ipRange`, and `subnet` can be excluded. +* `excluded` - (List) The list of excluded addresses in the zone. Only addresses of type `ipAddress`, `ipRange`, and `subnet` can be excluded. * Constraints: The maximum length is `1000` items. Nested scheme for **excluded**: - * `ref` - (Optional, List) A service reference value. + * `ref` - (List) A service reference value. Nested scheme for **ref**: - * `account_id` - (Required, String) The id of the account owning the service. + * `account_id` - (String) The id of the account owning the service. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9\-]+$`. - * `service_instance` - (Optional, String) The service instance. + * `service_instance` - (String) The service instance. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-/]+$`. - * `service_name` - (Optional, String) The service name. + * `service_name` - (String) The service name. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-]+$`. - * `service_type` - (Optional, String) The service type. + * `service_type` - (String) The service type. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z_]+$`. - * `type` - (Optional, String) The type of address. + * `type` - (String) The type of address. * Constraints: Allowable values are: `ipAddress`, `ipRange`, `subnet`, `vpc`, `serviceRef`. - * `value` - (Optional, String) The IP address. + * `value` - (String) The IP address. * Constraints: The maximum length is `45` characters. The minimum length is `2` characters. The value must match regular expression `^[a-zA-Z0-9:.]+$`. -* `excluded_count` - (Required, Integer) The number of excluded addresses in the zone. +* `excluded_count` - (Integer) The number of excluded addresses in the zone. -* `href` - (Required, String) The href link to the resource. +* `href` - (String) The href link to the resource. -* `id` - (Required, String) The globally unique ID of the zone. +* `id` - (String) The globally unique ID of the zone. -* `last_modified_at` - (Required, String) The last time the resource was modified. +* `last_modified_at` - (String) The last time the resource was modified. -* `last_modified_by_id` - (Required, String) IAM ID of the user or service which modified the resource. +* `last_modified_by_id` - (String) IAM ID of the user or service which modified the resource. -* `name` - (Required, String) The name of the zone. +* `name` - (String) The name of the zone. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9 \-_]+$`. diff --git a/website/docs/r/cbr_rule.html.markdown b/website/docs/r/cbr_rule.html.markdown index 6c70c595b75..09588b32bb3 100644 --- a/website/docs/r/cbr_rule.html.markdown +++ b/website/docs/r/cbr_rule.html.markdown @@ -41,7 +41,7 @@ resource "ibm_cbr_rule" "cbr_rule" { Review the argument reference that you can specify for your resource. -* `contexts` - (Optional, List) The contexts this rule applies to. +* `contexts` - (Required, List) The contexts this rule applies to. * Constraints: The maximum length is `1000` items. The minimum length is `1` item. Nested scheme for **contexts**: * `attributes` - (Required, List) The attributes. @@ -55,7 +55,7 @@ Review the argument reference that you can specify for your resource. * Constraints: The maximum length is `300` characters. The minimum length is `0` characters. The value must match regular expression `^[\x20-\xFE]*$`. * `enforcement_mode` - (Optional, String) The rule enforcement mode: * `enabled` - The restrictions are enforced and reported. This is the default. * `disabled` - The restrictions are disabled. Nothing is enforced or reported. * `report` - The restrictions are evaluated and reported, but not enforced. * Constraints: The default value is `enabled`. Allowable values are: `enabled`, `disabled`, `report`. -* `resources` - (Optional, List) The resources this rule apply to. +* `resources` - (Required, List) The resources this rule apply to. * Constraints: The maximum length is `1` item. The minimum length is `1` item. Nested scheme for **resources**: * `attributes` - (Required, List) The resource attributes. @@ -81,24 +81,15 @@ Review the argument reference that you can specify for your resource. In addition to all argument references listed, you can access the following attribute references after your resource is created. * `id` - The unique identifier of the cbr_rule. -* `created_at` - (Required, String) The time the resource was created. -* `created_by_id` - (Required, String) IAM ID of the user or service which created the resource. -* `crn` - (Required, String) The rule CRN. -* `href` - (Required, String) The href link to the resource. -* `last_modified_at` - (Required, String) The last time the resource was modified. -* `last_modified_by_id` - (Required, String) IAM ID of the user or service which modified the resource. +* `created_at` - (String) The time the resource was created. +* `created_by_id` - (String) IAM ID of the user or service which created the resource. +* `crn` - (String) The rule CRN. +* `href` - (String) The href link to the resource. +* `last_modified_at` - (String) The last time the resource was modified. +* `last_modified_by_id` - (String) IAM ID of the user or service which modified the resource. * `version` - Version of the cbr_rule. -## Provider Configuration - -The IBM Cloud provider offers a flexible means of providing credentials for authentication. The following methods are supported, in this order, and explained below: - -- Static credentials -- Environment variables - -To find which credentials are required for this resource, see the service table [here](https://cloud.ibm.com/docs/ibm-cloud-provider-for-terraform?topic=ibm-cloud-provider-for-terraform-provider-reference#required-parameters). - ### Static credentials You can provide your static credentials by adding the `ibmcloud_api_key`, `iaas_classic_username`, and `iaas_classic_api_key` arguments in the IBM Cloud provider block. diff --git a/website/docs/r/cbr_zone.html.markdown b/website/docs/r/cbr_zone.html.markdown index 96df200a812..9d44a0ec5e5 100644 --- a/website/docs/r/cbr_zone.html.markdown +++ b/website/docs/r/cbr_zone.html.markdown @@ -32,9 +32,9 @@ resource "ibm_cbr_zone" "cbr_zone" { Review the argument reference that you can specify for your resource. -* `account_id` - (Optional, String) The id of the account owning this zone. +* `account_id` - (Required, String) The id of the account owning this zone. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[a-zA-Z0-9\-]+$`. -* `addresses` - (Optional, List) The list of addresses in the zone. +* `addresses` - (Required, List) The list of addresses in the zone. * Constraints: The maximum length is `1000` items. The minimum length is `1` item. Nested scheme for **addresses**: * `ref` - (Optional, List) A service reference value. @@ -47,7 +47,7 @@ Review the argument reference that you can specify for your resource. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-]+$`. * `service_type` - (Optional, String) The service type. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z_]+$`. - * `type` - (Optional, String) The type of address. + * `type` - (required, String) The type of address. * Constraints: Allowable values are: `ipAddress`, `ipRange`, `subnet`, `vpc`, `serviceRef`. * `value` - (Optional, String) The IP address. * Constraints: The maximum length is `45` characters. The minimum length is `2` characters. The value must match regular expression `^[a-zA-Z0-9:.]+$`. @@ -66,7 +66,7 @@ Review the argument reference that you can specify for your resource. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z\-]+$`. * `service_type` - (Optional, String) The service type. * Constraints: The maximum length is `128` characters. The minimum length is `1` character. The value must match regular expression `^[0-9a-z_]+$`. - * `type` - (Optional, String) The type of address. + * `type` - (required, String) The type of address. * Constraints: Allowable values are: `ipAddress`, `ipRange`, `subnet`, `vpc`, `serviceRef`. * `value` - (Optional, String) The IP address. * Constraints: The maximum length is `45` characters. The minimum length is `2` characters. The value must match regular expression `^[a-zA-Z0-9:.]+$`. @@ -77,14 +77,14 @@ Review the argument reference that you can specify for your resource. In addition to all argument references listed, you can access the following attribute references after your resource is created. * `id` - The unique identifier of the cbr_zone. -* `address_count` - (Required, Integer) The number of addresses in the zone. -* `created_at` - (Required, String) The time the resource was created. -* `created_by_id` - (Required, String) IAM ID of the user or service which created the resource. -* `crn` - (Required, String) The zone CRN. -* `excluded_count` - (Required, Integer) The number of excluded addresses in the zone. -* `href` - (Required, String) The href link to the resource. -* `last_modified_at` - (Required, String) The last time the resource was modified. -* `last_modified_by_id` - (Required, String) IAM ID of the user or service which modified the resource. +* `address_count` - (Integer) The number of addresses in the zone. +* `created_at` - (String) The time the resource was created. +* `created_by_id` - (String) IAM ID of the user or service which created the resource. +* `crn` - (String) The zone CRN. +* `excluded_count` - (Integer) The number of excluded addresses in the zone. +* `href` - (String) The href link to the resource. +* `last_modified_at` - (String) The last time the resource was modified. +* `last_modified_by_id` - (String) IAM ID of the user or service which modified the resource. * `version` - Version of the cbr_zone. From b4f90dccfcb8da611929e75c795ce7988e345ffc Mon Sep 17 00:00:00 2001 From: zhenwan Date: Tue, 28 Jun 2022 11:31:00 -0500 Subject: [PATCH 8/8] Update cbr_zone.html.markdown --- website/docs/r/cbr_zone.html.markdown | 9 --------- 1 file changed, 9 deletions(-) diff --git a/website/docs/r/cbr_zone.html.markdown b/website/docs/r/cbr_zone.html.markdown index 9d44a0ec5e5..b8473d50ab6 100644 --- a/website/docs/r/cbr_zone.html.markdown +++ b/website/docs/r/cbr_zone.html.markdown @@ -88,15 +88,6 @@ In addition to all argument references listed, you can access the following attr * `version` - Version of the cbr_zone. -## Provider Configuration - -The IBM Cloud provider offers a flexible means of providing credentials for authentication. The following methods are supported, in this order, and explained below: - -- Static credentials -- Environment variables - -To find which credentials are required for this resource, see the service table [here](https://cloud.ibm.com/docs/ibm-cloud-provider-for-terraform?topic=ibm-cloud-provider-for-terraform-provider-reference#required-parameters). - ### Static credentials You can provide your static credentials by adding the `ibmcloud_api_key`, `iaas_classic_username`, and `iaas_classic_api_key` arguments in the IBM Cloud provider block.