Skip to content

Commit

Permalink
feat(elb): import elb resource and add unit test and docs
Browse files Browse the repository at this point in the history
  • Loading branch information
Zhukun-Huawei committed Nov 24, 2023
1 parent b2fa237 commit 5cbe0c1
Show file tree
Hide file tree
Showing 3 changed files with 201 additions and 1 deletion.
75 changes: 75 additions & 0 deletions docs/resources/elb_security_policy.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
---
subcategory: "Dedicated Load Balance (Dedicated ELB)"
---

# flexibleengine_elb_security_policy

Manages an ELB security policy resource within Flexibleengine.

## Example Usage

```hcl
resource "flexibleengine_elb_security_policy" "test" {
name = "security_policy_test"
description = "this is a security policy"
protocols = ["TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"]
ciphers = ["ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256"]
}
```

## Argument Reference

The following arguments are supported:

* `region` - (Optional, String, ForceNew) Specifies the region in which to create the resource.
If omitted, the provider-level region will be used. Changing this parameter will create a new resource.

* `protocols` - (Required, List) Specifies the TSL protocol list which the security policy select.
Value options: **TLSv1**, **TLSv1.1**, **TLSv1.2**, and **TLSv1.3**.

* `ciphers` - (Required, List) Specifies the cipher suite list of the security policy.
The protocol and cipher suite must match. That is to say, there must be at least one cipher suite in
ciphers that matches the protocol. The following cipher suites are supported:
**ECDHE-RSA-AES256-GCM-SHA384**, **ECDHE-RSA-AES128-GCM-SHA256**, **ECDHE-ECDSA-AES256-GCM-SHA384**,
**ECDHE-ECDSA-AES128-GCM-SHA256**, **AES128-GCM-SHA256**, **AES256-GCM-SHA384**, **ECDHE-ECDSA-AES128-SHA256**,
**ECDHE-RSA-AES128-SHA256**, **AES128-SHA256**, **AES256-SHA256**, **ECDHE-ECDSA-AES256-SHA384**,
**ECDHE-RSA-AES256-SHA384**, **ECDHE-ECDSA-AES128-SHA**, **ECDHE-RSA-AES128-SHA**, **ECDHE-RSA-AES256-SHA**,
**ECDHE-ECDSA-AES256-SHA**, **AES128-SHA**, **AES256-SHA**, **CAMELLIA128-SHA**, **DES-CBC3-SHA**,
**CAMELLIA256-SHA**, **ECDHE-RSA-CHACHA20-POLY1305**, **ECDHE-ECDSA-CHACHA20-POLY1305**, **TLS_AES_128_GCM_SHA256**,
**TLS_AES_256_GCM_SHA384**, **TLS_CHACHA20_POLY1305_SHA256**, **TLS_AES_128_CCM_SHA256**,
**TLS_AES_128_CCM_8_SHA256**.

* `name` - (Optional, String) Specifies the ELB security policy name.
The name contains only Chinese characters, letters, digits, underscores (_), and hyphens (-),
and cannot exceed 255 characters.

* `description` - (Optional, String) Specifies the description of the ELB security policy.
The value can contain 0 to 255 characters.

* `enterprise_project_id` - (Optional, String, ForceNew) Specifies the enterprise project ID to which the Enterprise
router belongs.

Changing this parameter will create a new resource.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `id` - The resource ID.

* `listeners` - The listener which the security policy associated with.
The [listeners](#elb_listeners) structure is documented below.

<a name="elb_listeners"></a>
The `listeners` block supports:

* `id` - The listener id.

## Import

The elb security policies can be imported using the `id`, e.g.

```bash
$ terraform import flexibleengine_elb_security_policy.test
0ce123456a00f2591fabc00385ff1234
```
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
package acceptance

import (
"fmt"
"strings"
"testing"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"

"github.com/chnsz/golangsdk"

"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config"
"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/utils"
)

func getSecurityPoliciesV3ResourceFunc(cfg *config.Config, state *terraform.ResourceState) (interface{}, error) {
region := OS_REGION_NAME
// getSecurityPolicy: Query the ELB security policy
var (
getSecurityPolicyHttpUrl = "v3/{project_id}/elb/security-policies/{security_policy_id}"
getSecurityPolicyProduct = "elb"
)
getSecurityPolicyClient, err := cfg.NewServiceClient(getSecurityPolicyProduct, region)
if err != nil {
return nil, fmt.Errorf("error creating SecurityPolicies Client: %s", err)
}

getSecurityPolicyPath := getSecurityPolicyClient.Endpoint + getSecurityPolicyHttpUrl
getSecurityPolicyPath = strings.ReplaceAll(getSecurityPolicyPath, "{project_id}", getSecurityPolicyClient.ProjectID)
getSecurityPolicyPath = strings.ReplaceAll(getSecurityPolicyPath, "{security_policy_id}", fmt.Sprintf("%v", state.Primary.ID))

getSecurityPolicyOpt := golangsdk.RequestOpts{
KeepResponseBody: true,
OkCodes: []int{
200,
},
}
getSecurityPolicyResp, err := getSecurityPolicyClient.Request("GET", getSecurityPolicyPath, &getSecurityPolicyOpt)
if err != nil {
return nil, fmt.Errorf("error retrieving SecurityPolicies: %s", err)
}
return utils.FlattenResponse(getSecurityPolicyResp)
}

func TestAccSecurityPoliciesV3_basic(t *testing.T) {
var obj interface{}

name := acceptance.RandomAccResourceName()
rName := "flexibleengine_elb_security_policy.test"

rc := acceptance.InitResourceCheck(
rName,
&obj,
getSecurityPoliciesV3ResourceFunc,
)

resource.ParallelTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
ProviderFactories: TestAccProviderFactories,
CheckDestroy: rc.CheckResourceDestroy(),
Steps: []resource.TestStep{
{
Config: testSecurityPoliciesV3_basic(name),
Check: resource.ComposeTestCheckFunc(
rc.CheckResourceExists(),
resource.TestCheckResourceAttr(rName, "protocols.0", "TLSv1.1"),
resource.TestCheckResourceAttr(rName, "protocols.1", "TLSv1.2"),
resource.TestCheckResourceAttr(rName, "ciphers.0", "ECDHE-ECDSA-AES128-SHA"),
resource.TestCheckResourceAttr(rName, "ciphers.1", "ECDHE-RSA-AES256-SHA"),
),
},
{
Config: testSecurityPoliciesV3_basic_update(name),
Check: resource.ComposeTestCheckFunc(
rc.CheckResourceExists(),
resource.TestCheckResourceAttr(rName, "protocols.0", "TLSv1.2"),
resource.TestCheckResourceAttr(rName, "ciphers.0", "ECDHE-ECDSA-AES128-SHA"),
resource.TestCheckResourceAttr(rName, "name", name),
),
},
{
ResourceName: rName,
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func testSecurityPoliciesV3_basic(name string) string {
return fmt.Sprintf(`
resource "flexibleengine_elb_security_policy" "test" {
protocols = [
"TLSV1",
"TLSV1.1",
"TLSV1.2",
"TLSV1.3",
]
ciphers = [
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES256-SHA"
]
name = "%s"
}
`, name)
}

func testSecurityPoliciesV3_basic_update(name string) string {
return fmt.Sprintf(`
resource "flexibleengine_elb_security_policy" "test" {
protocols = [
"TLSv1.2"
]
ciphers = [
"ECDHE-ECDSA-AES128-SHA"
]
name = "%s"
}
`, name)
}
5 changes: 4 additions & 1 deletion flexibleengine/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -521,7 +521,10 @@ func Provider() *schema.Provider {
"flexibleengine_dli_table": dli.ResourceDliTable(),
"flexibleengine_dli_template_flink": dli.ResourceFlinkTemplate(),

"flexibleengine_drs_job": drs.ResourceDrsJob(),
"flexibleengine_drs_job": drs.ResourceDrsJob(),

"flexibleengine_elb_security_policy": elb.ResourceSecurityPolicy(),

"flexibleengine_fgs_dependency": fgs.ResourceFgsDependency(),
"flexibleengine_fgs_function": fgs.ResourceFgsFunctionV2(),
"flexibleengine_fgs_trigger": fgs.ResourceFunctionGraphTrigger(),
Expand Down

0 comments on commit 5cbe0c1

Please sign in to comment.