bhouse-nexthop commented on code in PR #281: URL: https://github.com/apache/cloudstack-terraform-provider/pull/281#discussion_r2912370036
##########
cloudstack/resource_cloudstack_network_acl_rule_test.go:
##########
@@ -251,6 +252,369 @@ func testAccCheckCloudStackNetworkACLRuleDestroy(s
*terraform.State) error {
return nil
}
+func TestAccCloudStackNetworkACLRule_ruleset_basic(t *testing.T) {
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testAccCheckCloudStackNetworkACLRuleDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config:
testAccCloudStackNetworkACLRule_ruleset_basic,
+ Check: resource.ComposeTestCheckFunc(
+
testAccCheckCloudStackNetworkACLRulesExist("cloudstack_network_acl.bar"),
+ resource.TestCheckResourceAttr(
+
"cloudstack_network_acl_rule.bar", "ruleset.#", "4"),
+ // Check for the expected rules using
TypeSet elem matching
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "10",
+ "action": "allow",
+ "protocol": "all",
+ "traffic_type":
"ingress",
+ "description": "Allow
all traffic",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "20",
+ "action": "allow",
+ "protocol": "icmp",
+ "icmp_type": "-1",
+ "icmp_code": "-1",
+ "traffic_type":
"ingress",
+ "description": "Allow
ICMP traffic",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "30",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "80",
+ "traffic_type":
"ingress",
+ "description": "Allow
HTTP",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "40",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "443",
+ "traffic_type":
"ingress",
+ "description": "Allow
HTTPS",
+ }),
+ ),
+ },
+ },
+ })
+}
+
+func TestAccCloudStackNetworkACLRule_ruleset_update(t *testing.T) {
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testAccCheckCloudStackNetworkACLRuleDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config:
testAccCloudStackNetworkACLRule_ruleset_basic,
+ Check: resource.ComposeTestCheckFunc(
+
testAccCheckCloudStackNetworkACLRulesExist("cloudstack_network_acl.bar"),
+ resource.TestCheckResourceAttr(
+
"cloudstack_network_acl_rule.bar", "ruleset.#", "4"),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "10",
+ "action": "allow",
+ "protocol": "all",
+ "traffic_type":
"ingress",
+ "description": "Allow
all traffic",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "20",
+ "action": "allow",
+ "protocol": "icmp",
+ "icmp_type": "-1",
+ "icmp_code": "-1",
+ "traffic_type":
"ingress",
+ "description": "Allow
ICMP traffic",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "30",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "80",
+ "traffic_type":
"ingress",
+ "description": "Allow
HTTP",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "40",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "443",
+ "traffic_type":
"ingress",
+ "description": "Allow
HTTPS",
+ }),
+ ),
+ },
+
+ {
+ Config:
testAccCloudStackNetworkACLRule_ruleset_update,
+ Check: resource.ComposeTestCheckFunc(
+
testAccCheckCloudStackNetworkACLRulesExist("cloudstack_network_acl.bar"),
+ resource.TestCheckResourceAttr(
+
"cloudstack_network_acl_rule.bar", "ruleset.#", "6"),
+ // Check for the expected rules using
TypeSet elem matching
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "10",
+ "action": "deny",
+ "protocol": "all",
+ "traffic_type":
"ingress",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "20",
+ "action": "deny",
+ "protocol": "icmp",
+ "icmp_type": "-1",
+ "icmp_code": "-1",
+ "traffic_type":
"ingress",
+ "description": "Deny
ICMP traffic",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "30",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "80",
+ "traffic_type":
"ingress",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "40",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "443",
+ "traffic_type":
"ingress",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "50",
+ "action": "deny",
+ "protocol": "tcp",
+ "port": "80",
+ "traffic_type":
"egress",
+ "description": "Deny
specific TCP ports",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.bar", "ruleset.*", map[string]string{
+ "rule_number": "60",
+ "action": "deny",
+ "protocol": "tcp",
+ "port":
"1000-2000",
+ "traffic_type":
"egress",
+ "description": "Deny
specific TCP ports",
+ }),
+ ),
+ },
+ },
+ })
+}
+
+func TestAccCloudStackNetworkACLRule_ruleset_insert(t *testing.T) {
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testAccCheckCloudStackNetworkACLRuleDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config:
testAccCloudStackNetworkACLRule_ruleset_insert_initial,
+ Check: resource.ComposeTestCheckFunc(
+
testAccCheckCloudStackNetworkACLRulesExist("cloudstack_network_acl.baz"),
+ resource.TestCheckResourceAttr(
+
"cloudstack_network_acl_rule.baz", "ruleset.#", "3"),
+ // Initial rules: 10, 30, 50
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.baz", "ruleset.*", map[string]string{
+ "rule_number": "10",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "22",
+ "traffic_type":
"ingress",
+ "description": "Allow
SSH",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.baz", "ruleset.*", map[string]string{
+ "rule_number": "30",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "443",
+ "traffic_type":
"ingress",
+ "description": "Allow
HTTPS",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.baz", "ruleset.*", map[string]string{
+ "rule_number": "50",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "3306",
+ "traffic_type":
"ingress",
+ "description": "Allow
MySQL",
+ }),
+ ),
+ },
+
+ {
+ Config:
testAccCloudStackNetworkACLRule_ruleset_insert_middle,
+ Check: resource.ComposeTestCheckFunc(
+
testAccCheckCloudStackNetworkACLRulesExist("cloudstack_network_acl.baz"),
+ resource.TestCheckResourceAttr(
+
"cloudstack_network_acl_rule.baz", "ruleset.#", "4"),
+ // After inserting rule 20 in the
middle, all original rules should still exist
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.baz", "ruleset.*", map[string]string{
+ "rule_number": "10",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "22",
+ "traffic_type":
"ingress",
+ "description": "Allow
SSH",
+ }),
+ // NEW RULE inserted in the middle
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.baz", "ruleset.*", map[string]string{
+ "rule_number": "20",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "80",
+ "traffic_type":
"ingress",
+ "description": "Allow
HTTP",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.baz", "ruleset.*", map[string]string{
+ "rule_number": "30",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "443",
+ "traffic_type":
"ingress",
+ "description": "Allow
HTTPS",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.baz", "ruleset.*", map[string]string{
+ "rule_number": "50",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "3306",
+ "traffic_type":
"ingress",
+ "description": "Allow
MySQL",
+ }),
+ ),
+ },
+ },
+ })
+}
+
+func TestAccCloudStackNetworkACLRule_ruleset_insert_plan_check(t *testing.T) {
+ resource.Test(t, resource.TestCase{
+ PreCheck: func() { testAccPreCheck(t) },
+ Providers: testAccProviders,
+ CheckDestroy: testAccCheckCloudStackNetworkACLRuleDestroy,
+ Steps: []resource.TestStep{
+ {
+ Config:
testAccCloudStackNetworkACLRule_ruleset_plan_check_initial,
+ Check: resource.ComposeTestCheckFunc(
+
testAccCheckCloudStackNetworkACLRulesExist("cloudstack_network_acl.plan_check"),
+ resource.TestCheckResourceAttr(
+
"cloudstack_network_acl_rule.plan_check", "ruleset.#", "3"),
+ // Initial rules: 10, 30, 50
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.plan_check", "ruleset.*", map[string]string{
+ "rule_number": "10",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "22",
+ "traffic_type":
"ingress",
+ "description": "Allow
SSH",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.plan_check", "ruleset.*", map[string]string{
+ "rule_number": "30",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "443",
+ "traffic_type":
"ingress",
+ "description": "Allow
HTTPS",
+ }),
+
resource.TestCheckTypeSetElemNestedAttrs(
+
"cloudstack_network_acl_rule.plan_check", "ruleset.*", map[string]string{
+ "rule_number": "50",
+ "action": "allow",
+ "protocol": "tcp",
+ "port": "3306",
+ "traffic_type":
"ingress",
+ "description": "Allow
MySQL",
+ }),
+ ),
+ },
+
+ {
+ Config:
testAccCloudStackNetworkACLRule_ruleset_plan_check_insert,
+ ConfigPlanChecks: resource.ConfigPlanChecks{
+ PreApply: []plancheck.PlanCheck{
+ // Verify that only 1 rule is
being added (the new rule 20)
+ // and the existing rules (10,
30, 50) are not being modified
+
plancheck.ExpectResourceAction("cloudstack_network_acl_rule.plan_check",
plancheck.ResourceActionUpdate),
+ },
Review Comment:
fixed in 4efb175
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
