-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cloudstack security group #9103
Cloudstack security group #9103
Conversation
af29ade
to
ca5f595
Compare
Requires xanzy/go-cloudstack#62 |
ca5f595
to
215bdf5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR @mcanevet! Looks pretty decent, but there are a few things that we should try to improve before we merge this one.
Next to the inline comments I think we should also make this resource be able to update the security groups. The CloudStack API allows us to do so, so why not offer that to our users as well?
But if needed I can add the update part, so don't worry about that for now. And for the other comments, please let me know if you need help with anything or if you think otherwise!
Thanks!
ForceNew: true, | ||
}, | ||
|
||
"ingress_rules": &schema.Schema{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wouldn't it be easier to call this just rules
and then have a parameter in the schema
called traffic_type
?
Have a look at this one as an example: https://github.com/hashicorp/terraform/blob/master/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule.go
This way we can have both ingress
and egress
rules making sure people can configure what they need.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
Optional: true, | ||
Elem: &schema.Resource{ | ||
Schema: map[string]*schema.Schema{ | ||
"cidr": &schema.Schema{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cidr
should be called cidr_list
to stay consistent throughout the CloudStack provider.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
ForceNew: true, | ||
}, | ||
|
||
"start_port": &schema.Schema{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
start_port
and end_port
could be done a bit nicer and more inline with the other firewall related resources, like so: https://github.com/hashicorp/terraform/blob/master/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule.go#L71-L76
I understand this will make the code in the resource a little bit more complex/advanced, but it offers a much better UX and it then stay consistent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
|
||
param.SetSecuritygroupid(d.Id()) | ||
|
||
if cidr, ok := rule["cidr"]; ok { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You don't have to run all these tests (if ... ; ok
) here as they are required parameters. So they are guaranteed to be here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
082c6fa
to
b0d0b3a
Compare
@svanharmelen I think I addressed all your comments. |
@svanharmelen I still have to find out how to specify a SG as source or destination of the rule : xanzy/go-cloudstack#64 |
I'm a bit short on time, but I'll try to have a look before the end of the week... |
@svanharmelen I can make
I'm wondering if |
Requires xanzy/go-cloudstack#65 |
019d40e
to
1e6792e
Compare
@svanharmelen could you please review this? |
1e6792e
to
9c747f4
Compare
@mcanevet I've been a little overloaded, but have reserved time for this tomorrow. Will update you as soon as I had a look... |
9c747f4
to
7fe731f
Compare
@svanharmelen I updated this PR. It now works with latest go-cloudstack |
@mcanevet I'm just about to merge this PR, but there are 2 remaining points of attention.
If you have issues writing the acceptance tests, that's no problem. In that case I will add them in a separate PR right after merging this one. But for the docs, I would very much like you to write (at least the initial) docs to describe how this resource works and what parameters it uses. Writing the docs is really easy and not much work. If you start by making a copy of the Once the docs are added, I'll merge this PR and (if needed) add any tests and tweaks in an additional PR. Thanks... |
7fe731f
to
f80fb6d
Compare
@svanharmelen Documentation added. I never wrote acceptance tests for Terraform, so could you please do it for me for now? I'll try to learn how to do it for next time. |
@mcanevet again thanks for your PR and your patience 😉 I still think this PR needs some work to make to up to spec with the other CloudStack resources, but I'll add the missing stuff in a separate PR later today so that by the end of the day we have a shiny new resource which will be in the next TF release 🎉 Thanks again! |
@mcanevet are you available anywhere online to a have a quick chat? IRC maybe (#terraform-tool)? Or an open Slack or Gitter channel that I can join? I'm refactoring some stuff and would like to better understand how the |
@mcanevet I see there is a Gitter channel as well: https://gitter.im/hashicorp-terraform/Lobby |
@mcanevet not sure if you're getting updates from gitter, but I send you some updates about the progress... |
@svanharmelen yes I received an email from gitter with your comments. I'll try to take some time today to test your modifications |
* Add cloudstack_security_group resource * Update github.com/xanzy/go-cloudstack/cloudstack * Add support for security_group * Add documentation for cloudstack_security_group
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
No description provided.