CBR: context-based-restriction update for Enforcement mode support

.secrets.baseline

@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2022-06-20T12:14:50Z",
+  "generated_at": "2022-06-23T19:24:50Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -437,6 +437,14 @@
         "line_number": 37,
         "type": "Hex High Entropy String",
         "verified_result": null
+      },
+      {
+        "hashed_secret": "ca8b3e9d1445b3218e3512da63b05c8f26f181e5",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 45,
+        "type": "Hex High Entropy String",
+        "verified_result": null
       }
     ],
     "examples/ibm-database/main.tf": [
@@ -652,7 +660,7 @@
         "hashed_secret": "813274ccae5b6b509379ab56982d862f7b5969b6",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 732,
+        "line_number": 729,
         "type": "Base64 High Entropy String",
         "verified_result": null
       }
@@ -722,15 +730,15 @@
         "hashed_secret": "c8b6f5ef11b9223ac35a5663975a466ebe7ebba9",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1361,
+        "line_number": 1255,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "8abf4899c01104241510ba87685ad4de76b0c437",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 1367,
+        "line_number": 1261,
         "type": "Secret Keyword",
         "verified_result": null
       }
@@ -1541,20 +1549,56 @@
     ],
     "ibm/service/contextbasedrestrictions/data_source_ibm_cbr_rule_test.go": [
       {
-        "hashed_secret": "565a143eb50b2b9265143febed766438753c7b65",
+        "hashed_secret": "9b6e9b736d5aad4455eee13c6b2741e2271fb6c9",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 106,
+        "type": "Hex High Entropy String",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "ca8b3e9d1445b3218e3512da63b05c8f26f181e5",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 112,
+        "type": "Hex High Entropy String",
+        "verified_result": null
+      }
+    ],
+    "ibm/service/contextbasedrestrictions/data_source_ibm_cbr_zone_test.go": [
+      {
+        "hashed_secret": "ca8b3e9d1445b3218e3512da63b05c8f26f181e5",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 101,
+        "line_number": 89,
         "type": "Hex High Entropy String",
         "verified_result": null
       }
     ],
     "ibm/service/contextbasedrestrictions/resource_ibm_cbr_rule_test.go": [
       {
-        "hashed_secret": "565a143eb50b2b9265143febed766438753c7b65",
+        "hashed_secret": "9b6e9b736d5aad4455eee13c6b2741e2271fb6c9",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 105,
+        "line_number": 112,
+        "type": "Hex High Entropy String",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "ca8b3e9d1445b3218e3512da63b05c8f26f181e5",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 118,
+        "type": "Hex High Entropy String",
+        "verified_result": null
+      }
+    ],
+    "ibm/service/contextbasedrestrictions/resource_ibm_cbr_zone_test.go": [
+      {
+        "hashed_secret": "ca8b3e9d1445b3218e3512da63b05c8f26f181e5",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 83,
         "type": "Hex High Entropy String",
         "verified_result": null
       }
@@ -2335,12 +2379,46 @@
     ],
     "website/docs/r/cbr_rule.html.markdown": [
       {
-        "hashed_secret": "565a143eb50b2b9265143febed766438753c7b65",
+        "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 21,
+        "line_number": 125,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 127,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "website/docs/r/cbr_zone.html.markdown": [
+      {
+        "hashed_secret": "ca8b3e9d1445b3218e3512da63b05c8f26f181e5",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 17,
         "type": "Hex High Entropy String",
         "verified_result": null
+      },
+      {
+        "hashed_secret": "d47dcacc720a39e236679ac3e311a0d58bb6519e",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 123,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "e66e7d67fdf3c596c435fc7828b13205e4950a0f",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 125,
+        "type": "Secret Keyword",
+        "verified_result": null
       }
     ],
     "website/docs/r/cd_tekton_pipeline.html.markdown": [

examples/ibm-context-based-restrictions/README.md

@@ -27,6 +27,7 @@ cbr_zone resource:
 ```hcl
 resource "cbr_zone" "cbr_zone_instance" {
   name = var.cbr_zone_name
+  account_id = var.cbr_zone_account_id
   description = var.cbr_zone_description
   addresses = var.cbr_zone_addresses
   excluded = var.cbr_zone_excluded
@@ -39,6 +40,7 @@ resource "cbr_rule" "cbr_rule_instance" {
   description = var.cbr_rule_description
   contexts = var.cbr_rule_contexts
   resources = var.cbr_rule_resources
+  enforcement_mode = var.cbr_rule_enforcement_mode
 }
 ```
 
@@ -59,14 +61,6 @@ data "cbr_rule" "cbr_rule_instance" {
 }
 ```
 
-## Assumptions
-
-1. TODO
-
-## Notes
-
-1. TODO
-
 ## Requirements
 
 | Name | Version |
@@ -85,12 +79,14 @@ data "cbr_rule" "cbr_rule_instance" {
 |------|-------------|------|---------|
 | ibmcloud\_api\_key | IBM Cloud API key | `string` | true |
 | name | The name of the zone. | `string` | false |
+| account_id | The id of the account owning this zone. | `string` | false |
 | description | The description of the zone. | `string` | false |
 | addresses | The list of addresses in the zone. | `list()` | false |
-| excluded | The list of excluded addresses in the zone. | `list()` | false |
+| excluded | The list of excluded addresses in the zone. Only addresses of type `ipAddress`, `ipRange`, and `subnet` can be excluded. | `list()` | false |
 | description | The description of the rule. | `string` | false |
 | contexts | The contexts this rule applies to. | `list()` | false |
 | resources | The resources this rule apply to. | `list()` | false |
+| enforcement_mode | The rule enforcement mode: * `enabled` - The restrictions are enforced and reported. This is the default. * `disabled` - The restrictions are disabled. Nothing is enforced or reported. * `report` - The restrictions are evaluated and reported, but not enforced. | `string` | false |
 | zone_id | The ID of a zone. | `string` | true |
 | rule_id | The ID of a rule. | `string` | true |
 

examples/ibm-context-based-restrictions/main.tf

@@ -5,6 +5,7 @@ provider "ibm" {
 // Provision cbr_zone resource instance
 resource "ibm_cbr_zone" "cbr_zone_instance" {
   name = "A terraform example of network zone"
+  account_id = var.ibmcloud_account_id
   description = "A terraform example of network zone"
   addresses {
     type = "ipAddress"
@@ -30,6 +31,10 @@ resource "ibm_cbr_rule" "cbr_rule_instance" {
     }
   }
   resources {
+    attributes {
+      name = "accountId"
+      value = var.ibmcloud_account_id
+    }
     attributes {
       name = "serviceName"
       value = "network-policy-enabled"
@@ -39,6 +44,7 @@ resource "ibm_cbr_rule" "cbr_rule_instance" {
       value    = "tag_value"
     }
   }
+  enforcement_mode = "disabled"
 }
 
 // Create cbr_zone data source

examples/ibm-context-based-restrictions/variables.tf

@@ -36,3 +36,11 @@ variable "cbr_rule_rule_id" {
   type        = string
   default     = "07bca38c06db1a6e125d9738c701f2c1"
 }
+
+
+// IBM cloud account ID
+variable "ibmcloud_account_id" {
+  description = "Account ID for rule / zone"
+  type        = string
+  default     = "12ab34cd56ef78ab90cd12ef34ab56cd"
+}

go.sum

@@ -639,7 +639,6 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
@@ -803,6 +802,7 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220330033206-e17cdc41300f h1:rlezHXNlxYWvBCzNses9Dlc7nGFaNMJeqLolcmQSSZY=
 golang.org/x/sys v0.0.0-20220330033206-e17cdc41300f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=