Added the egress rules and create_default_rules option to firewall (#120

) * Added the egress rules and the option to avoid the creation of the default rules when you create a firewall
civo · Feb 16, 2022 · 967dd11 · 967dd11
1 parent 2630607
commit 967dd11
Show file tree

Hide file tree

Showing 7 changed files with 106 additions and 56 deletions.
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -3,32 +3,22 @@ on: [push]
 jobs:
 
   build:
-    name: Build
-    runs-on: ubuntu-latest
+    strategy:
+        matrix:
+          go-version: [1.16.x, 1.17.x]
+          os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
     steps:
-
-    - name: Set up Go 1.13
-      uses: actions/setup-go@v1
+    - name: Install Go
+      uses: actions/setup-go@v2
       with:
-        go-version: 1.13
+        go-version: ${{ matrix.go-version }}
       id: go
-
     - name: Check out code into the Go module directory
       uses: actions/checkout@v2
-
-    - name: Get dependencies
-      run: |
-        go get -v -t -d ./...
-        if [ -f Gopkg.toml ]; then
-            curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
-            dep ensure
-        fi
-
     - name: Build
       run: go build -v .
-
     - name: Vet
-      run: go vet
-
+      run: go vet   
     - name: Make test
       run: make test
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -4,16 +4,16 @@ jobs:
   test:
     strategy:
       matrix:
-        go-version: [1.14.x]
-        platform: [ubuntu-latest]
-    runs-on: ${{ matrix.platform }}
+        go-version: [1.16.x, 1.17.x]
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
     steps:
     - name: Install Go
-      uses: actions/setup-go@v1
+      uses: actions/setup-go@v2
       with:
         go-version: ${{ matrix.go-version }}
     - name: Checkout code
-      uses: actions/checkout@v1
+      uses: actions/checkout@v2
     - name: setup env
       run: |
         echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV

diff --git a/civo/resource_firewall.go b/civo/resource_firewall.go
@@ -25,6 +25,13 @@ func resourceFirewall() *schema.Resource {
 				Optional:    true,
 				Description: "The firewall region, if is not defined we use the global defined in the provider",
 			},
+			"create_default_rules": {
+				Type:        schema.TypeBool,
+				Default:     true,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "The create rules flag is used to create the default firewall rules, if is not defined will be set to true",
+			},
 			// As the backend has no support for updating network ID we replace it if the
 			// network_id changes
 			"network_id": {
@@ -48,7 +55,8 @@ func resourceFirewall() *schema.Resource {
 // function to create a firewall
 func resourceFirewallCreate(d *schema.ResourceData, m interface{}) error {
 	apiClient := m.(*civogo.Client)
-	networkID := ""
+	var networkID string
+	var CreateRules bool
 
 	// overwrite the region if it's defined
 	if region, ok := d.GetOk("region"); ok {
@@ -65,8 +73,11 @@ func resourceFirewallCreate(d *schema.ResourceData, m interface{}) error {
 		networkID = network.ID
 	}
 
+	CreateRules = d.Get("create_default_rules").(bool)
+
 	log.Printf("[INFO] creating a new firewall %s", d.Get("name").(string))
-	firewall, err := apiClient.NewFirewall(d.Get("name").(string), networkID)
+
+	firewall, err := apiClient.NewFirewall(d.Get("name").(string), networkID, &CreateRules)
 	if err != nil {
 		return fmt.Errorf("[ERR] failed to create a new firewall: %s", err)
 	}

diff --git a/civo/resource_firewall_rule.go b/civo/resource_firewall_rule.go
@@ -61,12 +61,20 @@ func resourceFirewallRule() *schema.Resource {
 			},
 			"direction": {
 				Type:        schema.TypeString,
-				Optional:    true,
-				Computed:    true,
+				Required:    true,
 				ForceNew:    true,
-				Description: "Will this rule affect ingress traffic (only `ingress` is supported now)",
+				Description: "The direction of the rule can be ingress or egress",
 				ValidateFunc: validation.StringInSlice([]string{
-					"ingress",
+					"ingress", "egress",
+				}, false),
+			},
+			"action": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "the action of the rule can be allow or deny",
+				ValidateFunc: validation.StringInSlice([]string{
+					"allow", "deny",
 				}, false),
 			},
 			"label": {
@@ -110,17 +118,13 @@ func resourceFirewallRuleCreate(d *schema.ResourceData, m interface{}) error {
 		cird[i] = tfCird.(string)
 	}
 
-	direction := d.Get("direction").(string)
-	if direction == "" {
-		direction = "ingress"
-	}
-
 	log.Printf("[INFO] configuring a new firewall rule for firewall %s", d.Get("firewall_id").(string))
 	config := &civogo.FirewallRuleConfig{
 		FirewallID: d.Get("firewall_id").(string),
 		Protocol:   d.Get("protocol").(string),
 		StartPort:  d.Get("start_port").(string),
-		Direction:  direction,
+		Direction:  d.Get("direction").(string),
+		Action:     d.Get("action").(string),
 		Cidr:       cird,
 	}
 
@@ -178,6 +182,7 @@ func resourceFirewallRuleRead(d *schema.ResourceData, m interface{}) error {
 
 	d.Set("cidr", resp.Cidr)
 	d.Set("direction", resp.Direction)
+	d.Set("action", resp.Action)
 	d.Set("label", resp.Label)
 
 	return nil
@@ -229,6 +234,7 @@ func resourceFirewallRuleImport(d *schema.ResourceData, m interface{}) ([]*schem
 	d.Set("end_port", resp.EndPort)
 	d.Set("cidr", resp.Cidr)
 	d.Set("direction", resp.Direction)
+	d.Set("action", resp.Action)
 	d.Set("label", resp.Label)
 
 	return []*schema.ResourceData{d}, nil

diff --git a/civo/resource_firewall_rule_test.go b/civo/resource_firewall_rule_test.go
@@ -60,6 +60,7 @@ func TestAccCivoFirewallRule_update(t *testing.T) {
 					resource.TestCheckResourceAttr(resName, "protocol", "tcp"),
 					resource.TestCheckResourceAttr(resName, "start_port", "80"),
 					resource.TestCheckResourceAttr(resName, "label", "web"),
+					resource.TestCheckResourceAttr(resName, "action", "allow"),
 				),
 			},
 			{
@@ -71,6 +72,7 @@ func TestAccCivoFirewallRule_update(t *testing.T) {
 					resource.TestCheckResourceAttr(resName, "protocol", "tcp"),
 					resource.TestCheckResourceAttr(resName, "start_port", "443"),
 					resource.TestCheckResourceAttr(resName, "label", "web_server"),
+					resource.TestCheckResourceAttr(resName, "action", "allow"),
 				),
 			},
 		},
@@ -155,6 +157,7 @@ resource "civo_firewall_rule" "testrule" {
 	end_port = "80"
 	cidr = ["192.168.1.2/32"]
 	direction = "ingress"
+	action = "allow"
 	label = "web"
 }
 
@@ -174,6 +177,7 @@ resource "civo_firewall_rule" "testrule" {
 	end_port = "443"
 	cidr = ["192.168.1.2/32"]
 	direction = "ingress"
+	action = "allow"
 	label = "web_server"
 }
 `, name)

diff --git a/go.mod b/go.mod
@@ -2,10 +2,9 @@ module github.com/civo/terraform-provider-civo
 
 require (
 	github.com/aws/aws-sdk-go v1.29.22 // indirect
-	github.com/civo/civogo v0.2.59
+	github.com/civo/civogo v0.2.70
 	github.com/fatih/color v1.9.0 // indirect
 	github.com/google/uuid v1.2.0
-	github.com/gorhill/cronexpr v0.0.0-20180427100037-88b0669f7d75
 	github.com/hashicorp/go-uuid v1.0.2 // indirect
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.5.0
 	github.com/hashicorp/yamux v0.0.0-20190923154419-df201c70410d // indirect