Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New resource: azurerm_ip_groups #8556

Merged
merged 6 commits into from
Sep 24, 2020
Merged

New resource: azurerm_ip_groups #8556

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
4b40403
azurerm_ip_group new resource and data source
manicminer Sep 21, 2020
4ad9da6
azurerm_firewall_application_rule_collection: support source_ip_group…
manicminer Sep 21, 2020
04f203c
azurerm_firewall_nat_rule_collection: support source_ip_groups for rules
manicminer Sep 21, 2020
a2f346e
azurerm_firewall_network_rule_collection: support destination_ip_grou…
manicminer Sep 21, 2020
7b5221c
Fix deprecation warnings in Firewall tests
manicminer Sep 21, 2020
da673aa
Address review; better resource group name
manicminer Sep 24, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions azurerm/internal/services/network/client/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ type Client struct {
ExpressRoutePeeringsClient *network.ExpressRouteCircuitPeeringsClient
FirewallPolicyClient *network.FirewallPoliciesClient
InterfacesClient *network.InterfacesClient
IPGroupsClient *network.IPGroupsClient
LoadBalancersClient *networkLegacy.LoadBalancersClient
LoadBalancerLoadBalancingRulesClient *networkLegacy.LoadBalancerLoadBalancingRulesClient
LocalNetworkGatewaysClient *network.LocalNetworkGatewaysClient
Expand Down Expand Up @@ -89,6 +90,9 @@ func NewClient(o *common.ClientOptions) *Client {
InterfacesClient := network.NewInterfacesClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&InterfacesClient.Client, o.ResourceManagerAuthorizer)

IpGroupsClient := network.NewIPGroupsClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&IpGroupsClient.Client, o.ResourceManagerAuthorizer)

LoadBalancersClient := networkLegacy.NewLoadBalancersClientWithBaseURI(o.ResourceManagerEndpoint, o.SubscriptionId)
o.ConfigureClient(&LoadBalancersClient.Client, o.ResourceManagerAuthorizer)

Expand Down Expand Up @@ -195,6 +199,7 @@ func NewClient(o *common.ClientOptions) *Client {
ExpressRoutePeeringsClient: &ExpressRoutePeeringsClient,
FirewallPolicyClient: &FirewallPolicyClient,
InterfacesClient: &InterfacesClient,
IPGroupsClient: &IpGroupsClient,
LoadBalancersClient: &LoadBalancersClient,
LoadBalancerLoadBalancingRulesClient: &LoadBalancerLoadBalancingRulesClient,
LocalNetworkGatewaysClient: &LocalNetworkGatewaysClient,
Expand Down
60 changes: 38 additions & 22 deletions azurerm/internal/services/network/firewall_application_rule_collection_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"github.com/Azure/azure-sdk-for-go/services/network/mgmt/2020-05-01/network"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/helper/validation"

"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/set"
"github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf"
Expand Down Expand Up @@ -80,7 +81,13 @@ func resourceArmFirewallApplicationRuleCollection() *schema.Resource {
},
"source_addresses": {
Type: schema.TypeSet,
Required: true,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
Set: schema.HashString,
},
"source_ip_groups": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
Set: schema.HashString,
},
Expand Down Expand Up @@ -140,24 +147,24 @@ func resourceArmFirewallApplicationRuleCollectionCreateUpdate(d *schema.Resource
resourceGroup := d.Get("resource_group_name").(string)
applicationRules, err := expandArmFirewallApplicationRules(d.Get("rule").([]interface{}))
if err != nil {
return fmt.Errorf("Error expanding Firewall Application Rules: %+v", err)
return fmt.Errorf("expanding Firewall Application Rules: %+v", err)
}

locks.ByName(firewallName, azureFirewallResourceName)
defer locks.UnlockByName(firewallName, azureFirewallResourceName)

firewall, err := client.Get(ctx, resourceGroup, firewallName)
if err != nil {
return fmt.Errorf("Error retrieving Firewall %q (Resource Group %q): %+v", firewallName, resourceGroup, err)
return fmt.Errorf("retrieving Firewall %q (Resource Group %q): %+v", firewallName, resourceGroup, err)
}

if firewall.AzureFirewallPropertiesFormat == nil {
return fmt.Errorf("Error retrieving Application Rule Collections (Firewall %q / Resource Group %q): `properties` was nil", firewallName, resourceGroup)
return fmt.Errorf("retrieving Application Rule Collections (Firewall %q / Resource Group %q): `properties` was nil", firewallName, resourceGroup)
}
props := *firewall.AzureFirewallPropertiesFormat

if props.ApplicationRuleCollections == nil {
return fmt.Errorf("Error retrieving Application Rule Collections (Firewall %q / Resource Group %q): `properties.ApplicationRuleCollections` was nil", firewallName, resourceGroup)
return fmt.Errorf("retrieving Application Rule Collections (Firewall %q / Resource Group %q): `properties.ApplicationRuleCollections` was nil", firewallName, resourceGroup)
}
ruleCollections := *props.ApplicationRuleCollections

Expand All @@ -169,7 +176,7 @@ func resourceArmFirewallApplicationRuleCollectionCreateUpdate(d *schema.Resource
Type: network.AzureFirewallRCActionType(d.Get("action").(string)),
},
Priority: utils.Int32(int32(priority)),
Rules: &applicationRules,
Rules: applicationRules,
},
}

Expand All @@ -189,7 +196,7 @@ func resourceArmFirewallApplicationRuleCollectionCreateUpdate(d *schema.Resource

if !d.IsNewResource() {
if index == -1 {
return fmt.Errorf("Error locating Application Rule Collection %q (Firewall %q / Resource Group %q)", name, firewallName, resourceGroup)
return fmt.Errorf("locating Application Rule Collection %q (Firewall %q / Resource Group %q)", name, firewallName, resourceGroup)
}

ruleCollections[index] = newRuleCollection
Expand All @@ -205,16 +212,16 @@ func resourceArmFirewallApplicationRuleCollectionCreateUpdate(d *schema.Resource

future, err := client.CreateOrUpdate(ctx, resourceGroup, firewallName, firewall)
if err != nil {
return fmt.Errorf("Error creating/updating Application Rule Collection %q in Firewall %q (Resource Group %q): %+v", name, firewallName, resourceGroup, err)
return fmt.Errorf("creating/updating Application Rule Collection %q in Firewall %q (Resource Group %q): %+v", name, firewallName, resourceGroup, err)
}

if err = future.WaitForCompletionRef(ctx, client.Client); err != nil {
return fmt.Errorf("Error waiting for creation/update of Application Rule Collection %q of Firewall %q (Resource Group %q): %+v", name, firewallName, resourceGroup, err)
return fmt.Errorf("waiting for creation/update of Application Rule Collection %q of Firewall %q (Resource Group %q): %+v", name, firewallName, resourceGroup, err)
}

read, err := client.Get(ctx, resourceGroup, firewallName)
if err != nil {
return fmt.Errorf("Error retrieving Firewall %q (Resource Group %q): %+v", firewallName, resourceGroup, err)
return fmt.Errorf("retrieving Firewall %q (Resource Group %q): %+v", firewallName, resourceGroup, err)
}

var collectionID string
Expand Down Expand Up @@ -262,16 +269,16 @@ func resourceArmFirewallApplicationRuleCollectionRead(d *schema.ResourceData, me
d.SetId("")
return nil
}
return fmt.Errorf("Error retrieving Azure Firewall %q (Resource Group %q): %+v", name, resourceGroup, err)
return fmt.Errorf("retrieving Azure Firewall %q (Resource Group %q): %+v", name, resourceGroup, err)
}

if read.AzureFirewallPropertiesFormat == nil {
return fmt.Errorf("Error retrieving Application Rule Collection %q (Firewall %q / Resource Group %q): `props` was nil", name, firewallName, resourceGroup)
return fmt.Errorf("retrieving Application Rule Collection %q (Firewall %q / Resource Group %q): `props` was nil", name, firewallName, resourceGroup)
}
props := *read.AzureFirewallPropertiesFormat

if props.ApplicationRuleCollections == nil {
return fmt.Errorf("Error retrieving Application Rule Collection %q (Firewall %q / Resource Group %q): `props.ApplicationRuleCollections` was nil", name, firewallName, resourceGroup)
return fmt.Errorf("retrieving Application Rule Collection %q (Firewall %q / Resource Group %q): `props.ApplicationRuleCollections` was nil", name, firewallName, resourceGroup)
}

var rule *network.AzureFirewallApplicationRuleCollection
Expand Down Expand Up @@ -307,7 +314,7 @@ func resourceArmFirewallApplicationRuleCollectionRead(d *schema.ResourceData, me

flattenedRules := flattenFirewallApplicationRuleCollectionRules(props.Rules)
if err := d.Set("rule", flattenedRules); err != nil {
return fmt.Errorf("Error setting `rule`: %+v", err)
return fmt.Errorf("setting `rule`: %+v", err)
}
}

Expand Down Expand Up @@ -338,15 +345,15 @@ func resourceArmFirewallApplicationRuleCollectionDelete(d *schema.ResourceData,
return nil
}

return fmt.Errorf("Error making Read request on Azure Firewall %q (Resource Group %q): %+v", firewallName, resourceGroup, err)
return fmt.Errorf("making Read request on Azure Firewall %q (Resource Group %q): %+v", firewallName, resourceGroup, err)
}

props := firewall.AzureFirewallPropertiesFormat
if props == nil {
return fmt.Errorf("Error retrieving Application Rule Collection %q (Firewall %q / Resource Group %q): `props` was nil", name, firewallName, resourceGroup)
return fmt.Errorf("retrieving Application Rule Collection %q (Firewall %q / Resource Group %q): `props` was nil", name, firewallName, resourceGroup)
}
if props.ApplicationRuleCollections == nil {
return fmt.Errorf("Error retrieving Application Rule Collection %q (Firewall %q / Resource Group %q): `props.ApplicationRuleCollections` was nil", name, firewallName, resourceGroup)
return fmt.Errorf("retrieving Application Rule Collection %q (Firewall %q / Resource Group %q): `props.ApplicationRuleCollections` was nil", name, firewallName, resourceGroup)
}

applicationRules := make([]network.AzureFirewallApplicationRuleCollection, 0)
Expand All @@ -363,17 +370,17 @@ func resourceArmFirewallApplicationRuleCollectionDelete(d *schema.ResourceData,

future, err := client.CreateOrUpdate(ctx, resourceGroup, firewallName, firewall)
if err != nil {
return fmt.Errorf("Error deleting Application Rule Collection %q from Firewall %q (Resource Group %q): %+v", name, firewallName, resourceGroup, err)
return fmt.Errorf("deleting Application Rule Collection %q from Firewall %q (Resource Group %q): %+v", name, firewallName, resourceGroup, err)
}

if err = future.WaitForCompletionRef(ctx, client.Client); err != nil {
return fmt.Errorf("Error waiting for deletion of Application Rule Collection %q from Firewall %q (Resource Group %q): %+v", name, firewallName, resourceGroup, err)
return fmt.Errorf("waiting for deletion of Application Rule Collection %q from Firewall %q (Resource Group %q): %+v", name, firewallName, resourceGroup, err)
}

return nil
}

func expandArmFirewallApplicationRules(inputs []interface{}) ([]network.AzureFirewallApplicationRule, error) {
func expandArmFirewallApplicationRules(inputs []interface{}) (*[]network.AzureFirewallApplicationRule, error) {
outputs := make([]network.AzureFirewallApplicationRule, 0)

for _, input := range inputs {
Expand All @@ -382,13 +389,15 @@ func expandArmFirewallApplicationRules(inputs []interface{}) ([]network.AzureFir
ruleName := rule["name"].(string)
ruleDescription := rule["description"].(string)
ruleSourceAddresses := rule["source_addresses"].(*schema.Set).List()
ruleSourceIpGroups := rule["source_ip_groups"].(*schema.Set).List()
ruleFqdnTags := rule["fqdn_tags"].(*schema.Set).List()
ruleTargetFqdns := rule["target_fqdns"].(*schema.Set).List()

output := network.AzureFirewallApplicationRule{
Name: utils.String(ruleName),
Description: utils.String(ruleDescription),
SourceAddresses: utils.ExpandStringSlice(ruleSourceAddresses),
SourceIPGroups: utils.ExpandStringSlice(ruleSourceIpGroups),
FqdnTags: utils.ExpandStringSlice(ruleFqdnTags),
TargetFqdns: utils.ExpandStringSlice(ruleTargetFqdns),
}
Expand All @@ -407,13 +416,17 @@ func expandArmFirewallApplicationRules(inputs []interface{}) ([]network.AzureFir
output.Protocols = &ruleProtocols
if len(*output.FqdnTags) > 0 {
if len(*output.TargetFqdns) > 0 || len(*output.Protocols) > 0 {
return outputs, fmt.Errorf("`fqdn_tags` cannot be used with `target_fqdns` or `protocol`")
return nil, fmt.Errorf("`fqdn_tags` cannot be used with `target_fqdns` or `protocol`")
}
}

if len(*output.SourceAddresses) == 0 && len(*output.SourceIPGroups) == 0 {
return nil, fmt.Errorf("at least one of %q and %q must be specified for each rule", "source_addresses", "source_ip_groups")
}
outputs = append(outputs, output)
}

return outputs, nil
return &outputs, nil
}

func flattenFirewallApplicationRuleCollectionRules(rules *[]network.AzureFirewallApplicationRule) []map[string]interface{} {
Expand All @@ -433,6 +446,9 @@ func flattenFirewallApplicationRuleCollectionRules(rules *[]network.AzureFirewal
if ruleSourceAddresses := rule.SourceAddresses; ruleSourceAddresses != nil {
output["source_addresses"] = set.FromStringSlice(*ruleSourceAddresses)
}
if ruleSourceIpGroups := rule.SourceIPGroups; ruleSourceIpGroups != nil {
output["source_ip_groups"] = set.FromStringSlice(*ruleSourceIpGroups)
}
if ruleFqdnTags := rule.FqdnTags; ruleFqdnTags != nil {
output["fqdn_tags"] = set.FromStringSlice(*ruleFqdnTags)
}
Expand Down
Loading