Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cloudstack security group #9103

Merged
merged 4 commits into from
Oct 26, 2016

Conversation

mcanevet
Copy link
Contributor

No description provided.

@mcanevet
Copy link
Contributor Author

Requires xanzy/go-cloudstack#62

@mcanevet mcanevet force-pushed the cloudstack_security_group branch from ca5f595 to 215bdf5 Compare September 28, 2016 15:50
Copy link
Contributor

@svanharmelen svanharmelen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @mcanevet! Looks pretty decent, but there are a few things that we should try to improve before we merge this one.

Next to the inline comments I think we should also make this resource be able to update the security groups. The CloudStack API allows us to do so, so why not offer that to our users as well?

But if needed I can add the update part, so don't worry about that for now. And for the other comments, please let me know if you need help with anything or if you think otherwise!

Thanks!

ForceNew: true,
},

"ingress_rules": &schema.Schema{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't it be easier to call this just rules and then have a parameter in the schema called traffic_type?

Have a look at this one as an example: https://github.com/hashicorp/terraform/blob/master/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule.go

This way we can have both ingress and egress rules making sure people can configure what they need.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"cidr": &schema.Schema{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cidr should be called cidr_list to stay consistent throughout the CloudStack provider.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

ForceNew: true,
},

"start_port": &schema.Schema{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

start_port and end_port could be done a bit nicer and more inline with the other firewall related resources, like so: https://github.com/hashicorp/terraform/blob/master/builtin/providers/cloudstack/resource_cloudstack_network_acl_rule.go#L71-L76

I understand this will make the code in the resource a little bit more complex/advanced, but it offers a much better UX and it then stay consistent.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done


param.SetSecuritygroupid(d.Id())

if cidr, ok := rule["cidr"]; ok {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You don't have to run all these tests (if ... ; ok) here as they are required parameters. So they are guaranteed to be here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@mcanevet mcanevet force-pushed the cloudstack_security_group branch 8 times, most recently from 082c6fa to b0d0b3a Compare September 29, 2016 09:29
@mcanevet
Copy link
Contributor Author

@svanharmelen I think I addressed all your comments.
Could you please review again?

@mcanevet
Copy link
Contributor Author

mcanevet commented Oct 3, 2016

@svanharmelen I still have to find out how to specify a SG as source or destination of the rule : xanzy/go-cloudstack#64

@svanharmelen
Copy link
Contributor

I'm a bit short on time, but I'll try to have a look before the end of the week...

@mcanevet
Copy link
Contributor Author

mcanevet commented Oct 4, 2016

@svanharmelen I can make SetUsersecuritygrouplist(map[string]string) work. I get this error message:

Invalid user group specified, fields 'group' and 'account' cannot be null, please specify groups in the form:  userGroupList[0].group=XXX&userGroupList[0].account=YYY

I'm wondering if SetUsersecuritygrouplist() shouldn't take a [0]map[string]string as argument.

@mcanevet
Copy link
Contributor Author

Requires xanzy/go-cloudstack#65

@mcanevet mcanevet force-pushed the cloudstack_security_group branch from 019d40e to 1e6792e Compare October 20, 2016 12:47
@mcanevet
Copy link
Contributor Author

@svanharmelen could you please review this?

@mcanevet mcanevet force-pushed the cloudstack_security_group branch from 1e6792e to 9c747f4 Compare October 20, 2016 13:33
@svanharmelen
Copy link
Contributor

@mcanevet I've been a little overloaded, but have reserved time for this tomorrow. Will update you as soon as I had a look...

@mcanevet mcanevet force-pushed the cloudstack_security_group branch from 9c747f4 to 7fe731f Compare October 24, 2016 11:20
@mcanevet
Copy link
Contributor Author

@svanharmelen I updated this PR. It now works with latest go-cloudstack

@svanharmelen
Copy link
Contributor

@mcanevet I'm just about to merge this PR, but there are 2 remaining points of attention.

  1. There are no acceptance tests in the PR
  2. There is no documentation in the PR

If you have issues writing the acceptance tests, that's no problem. In that case I will add them in a separate PR right after merging this one. But for the docs, I would very much like you to write (at least the initial) docs to describe how this resource works and what parameters it uses.

Writing the docs is really easy and not much work. If you start by making a copy of the cloudstack_firewall resource and then refactor that into the cloudstack_security_group resource, it should be a walk in the park 😉

Once the docs are added, I'll merge this PR and (if needed) add any tests and tweaks in an additional PR.

Thanks...

@mcanevet mcanevet force-pushed the cloudstack_security_group branch from 7fe731f to f80fb6d Compare October 25, 2016 12:16
@mcanevet
Copy link
Contributor Author

@svanharmelen Documentation added. I never wrote acceptance tests for Terraform, so could you please do it for me for now? I'll try to learn how to do it for next time.
Thanks

@svanharmelen
Copy link
Contributor

@mcanevet again thanks for your PR and your patience 😉

I still think this PR needs some work to make to up to spec with the other CloudStack resources, but I'll add the missing stuff in a separate PR later today so that by the end of the day we have a shiny new resource which will be in the next TF release 🎉

Thanks again!

@svanharmelen svanharmelen merged commit d030b62 into hashicorp:master Oct 26, 2016
terraformbot pushed a commit that referenced this pull request Oct 26, 2016
[origin/master] Cloudstack security group (#9103)
d030b62
@mcanevet mcanevet deleted the cloudstack_security_group branch October 26, 2016 07:38
@svanharmelen
Copy link
Contributor

@mcanevet are you available anywhere online to a have a quick chat? IRC maybe (#terraform-tool)? Or an open Slack or Gitter channel that I can join?

I'm refactoring some stuff and would like to better understand how the usersecuritygrouplist works. Not in TF, but in CS. I don't use security groups at all, so I have a hard time grasping how this is used and what it functionally does.

@svanharmelen
Copy link
Contributor

@mcanevet I see there is a Gitter channel as well: https://gitter.im/hashicorp-terraform/Lobby

@svanharmelen
Copy link
Contributor

@mcanevet not sure if you're getting updates from gitter, but I send you some updates about the progress...

@mcanevet
Copy link
Contributor Author

@svanharmelen yes I received an email from gitter with your comments. I'll try to take some time today to test your modifications

mathieuherbert pushed a commit to mathieuherbert/terraform that referenced this pull request Oct 30, 2016
* Add cloudstack_security_group resource

* Update github.com/xanzy/go-cloudstack/cloudstack

* Add support for security_group

* Add documentation for cloudstack_security_group
@ghost
Copy link

ghost commented Apr 21, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 21, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants