enhancement: added tag support for is_security_group

IBM-Cloud · Mar 17, 2021 · 40bd16f · 40bd16f
1 parent e2e60da
commit 40bd16f
Show file tree

Hide file tree

Showing 6 changed files with 132 additions and 3 deletions.
diff --git a/ibm/data_source_ibm_is_security_group.go b/ibm/data_source_ibm_is_security_group.go
@@ -4,6 +4,7 @@
 package ibm
 
 import (
+	"log"
 	"reflect"
 
 	"github.com/IBM/vpc-go-sdk/vpcclassicv1"
@@ -24,6 +25,8 @@ const (
 	isSgRulePortMin   = "port_min"
 	isSgRuleProtocol  = "protocol"
 	isSgVPC           = "vpc"
+	isSgTags          = "tags"
+	isSgCRN           = "crn"
 )
 
 func dataSourceIBMISSecurityGroup() *schema.Resource {
@@ -128,6 +131,20 @@ func dataSourceIBMISSecurityGroup() *schema.Resource {
 				Computed:    true,
 				Description: "The resource group name in which resource is provisioned",
 			},
+
+			isSgTags: {
+				Type:        schema.TypeSet,
+				Computed:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Set:         resourceIBMVPCHash,
+				Description: "List of tags",
+			},
+
+			isSgCRN: {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The crn of the resource",
+			},
 		},
 	}
 }
@@ -169,7 +186,13 @@ func classicSecurityGroupGet(d *schema.ResourceData, meta interface{}, name stri
 
 			d.Set(isSgName, *group.Name)
 			d.Set(isSgVPC, *group.VPC.ID)
-
+			d.Set(isSgCRN, *group.CRN)
+			tags, err := GetTagsUsingCRN(meta, *group.CRN)
+			if err != nil {
+				log.Printf(
+					"An error occured during reading of security group (%s) tags : %s", *group.ID, err)
+			}
+			d.Set(isSgTags, tags)
 			rules := make([]map[string]interface{}, 0)
 			for _, sgrule := range group.Rules {
 				switch reflect.TypeOf(sgrule).String() {
@@ -316,7 +339,13 @@ func securityGroupGet(d *schema.ResourceData, meta interface{}, name string) err
 
 			d.Set(isSgName, *group.Name)
 			d.Set(isSgVPC, *group.VPC.ID)
-
+			d.Set(isSgCRN, *group.CRN)
+			tags, err := GetTagsUsingCRN(meta, *group.CRN)
+			if err != nil {
+				log.Printf(
+					"An error occured during reading of security group (%s) tags : %s", *group.ID, err)
+			}
+			d.Set(isSgTags, tags)
 			rules := make([]map[string]interface{}, 0)
 			for _, sgrule := range group.Rules {
 				switch reflect.TypeOf(sgrule).String() {

diff --git a/ibm/data_source_ibm_is_security_group_test.go b/ibm/data_source_ibm_is_security_group_test.go
@@ -26,6 +26,7 @@ func TestAccIBMISSecurityGroupDatasource_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet(dataSourceName, "vpc"),
 					resource.TestCheckResourceAttrSet(dataSourceName, "rules.#"),
+					resource.TestCheckResourceAttrSet(dataSourceName, "tags.#"),
 				),
 			},
 		},
@@ -40,6 +41,7 @@ func testAccCheckIBMISSgRuleConfig(vpcname, sgname string) string {
 	  
 	  resource "ibm_is_security_group" "testacc_security_group" {
 		name = "%s"
+		tags = ["sgtag1" , "sgTag2"]
 		vpc  = ibm_is_vpc.testacc_vpc.id
 	  }
 	  

diff --git a/ibm/resource_ibm_is_security_group.go b/ibm/resource_ibm_is_security_group.go
@@ -4,11 +4,15 @@
 package ibm
 
 import (
+	"context"
 	"fmt"
+	"log"
+	"os"
 	"reflect"
 
 	"github.com/IBM/vpc-go-sdk/vpcclassicv1"
 	"github.com/IBM/vpc-go-sdk/vpcv1"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
@@ -17,6 +21,8 @@ const (
 	isSecurityGroupVPC           = "vpc"
 	isSecurityGroupRules         = "rules"
 	isSecurityGroupResourceGroup = "resource_group"
+	isSecurityGroupTags          = "tags"
+	isSecurityGroupCRN           = "crn"
 )
 
 func resourceIBMISSecurityGroup() *schema.Resource {
@@ -29,6 +35,12 @@ func resourceIBMISSecurityGroup() *schema.Resource {
 		Exists:   resourceIBMISSecurityGroupExists,
 		Importer: &schema.ResourceImporter{},
 
+		CustomizeDiff: customdiff.Sequence(
+			func(_ context.Context, diff *schema.ResourceDiff, v interface{}) error {
+				return resourceTagsCustomizeDiff(diff)
+			},
+		),
+
 		Schema: map[string]*schema.Schema{
 
 			isSecurityGroupName: {
@@ -45,6 +57,21 @@ func resourceIBMISSecurityGroup() *schema.Resource {
 				ForceNew:    true,
 			},
 
+			isSecurityGroupTags: {
+				Type:        schema.TypeSet,
+				Optional:    true,
+				Computed:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+				Set:         resourceIBMVPCHash,
+				Description: "List of tags",
+			},
+
+			isSecurityGroupCRN: {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The crn of the resource",
+			},
+
 			isSecurityGroupRules: {
 				Type:        schema.TypeList,
 				Computed:    true,
@@ -153,6 +180,14 @@ func classicSgCreate(d *schema.ResourceData, meta interface{}, vpc string) error
 		return fmt.Errorf("Error while creating Security Group %s\n%s", err, response)
 	}
 	d.SetId(*sg.ID)
+	v := os.Getenv("IC_ENV_TAGS")
+	if _, ok := d.GetOk(isSecurityGroupTags); ok || v != "" {
+		oldList, newList := d.GetChange(isSecurityGroupTags)
+		err = UpdateTagsUsingCRN(oldList, newList, meta, *sg.CRN)
+		if err != nil {
+			log.Printf("Error while creating Security Group tags %s\n%s", *sg.ID, err)
+		}
+	}
 	return nil
 }
 
@@ -182,6 +217,15 @@ func sgCreate(d *schema.ResourceData, meta interface{}, vpc string) error {
 		return fmt.Errorf("Error while creating Security Group %s\n%s", err, response)
 	}
 	d.SetId(*sg.ID)
+	v := os.Getenv("IC_ENV_TAGS")
+	if _, ok := d.GetOk(isSecurityGroupTags); ok || v != "" {
+		oldList, newList := d.GetChange(isSecurityGroupTags)
+		err = UpdateTagsUsingCRN(oldList, newList, meta, *sg.CRN)
+		if err != nil {
+			log.Printf(
+				"Error while creating Security Group tags : %s\n%s", *sg.ID, err)
+		}
+	}
 	return nil
 }
 
@@ -221,6 +265,13 @@ func classicSgGet(d *schema.ResourceData, meta interface{}, id string) error {
 		}
 		return fmt.Errorf("Error getting Security Group : %s\n%s", err, response)
 	}
+	tags, err := GetTagsUsingCRN(meta, *group.CRN)
+	if err != nil {
+		log.Printf(
+			"Error getting Security Group tags : %s\n%s", d.Id(), err)
+	}
+	d.Set(isSecurityGroupTags, tags)
+	d.Set(isSecurityGroupCRN, *group.CRN)
 	d.Set(isSecurityGroupName, *group.Name)
 	d.Set(isSecurityGroupVPC, *group.VPC.ID)
 	rules := make([]map[string]interface{}, 0)
@@ -351,6 +402,13 @@ func sgGet(d *schema.ResourceData, meta interface{}, id string) error {
 		}
 		return fmt.Errorf("Error getting Security Group : %s\n%s", err, response)
 	}
+	tags, err := GetTagsUsingCRN(meta, *group.CRN)
+	if err != nil {
+		log.Printf(
+			"Error getting Security Group tags : %s\n%s", d.Id(), err)
+	}
+	d.Set(isSecurityGroupTags, tags)
+	d.Set(isSecurityGroupCRN, *group.CRN)
 	d.Set(isSecurityGroupName, *group.Name)
 	d.Set(isSecurityGroupVPC, *group.VPC.ID)
 	rules := make([]map[string]interface{}, 0)
@@ -466,6 +524,15 @@ func resourceIBMISSecurityGroupUpdate(d *schema.ResourceData, meta interface{})
 	name := ""
 	hasChanged := false
 
+	if d.HasChange(isSecurityGroupTags) {
+		oldList, newList := d.GetChange(isSecurityGroupTags)
+		err = UpdateTagsUsingCRN(oldList, newList, meta, d.Get(isSecurityGroupCRN).(string))
+		if err != nil {
+			log.Printf(
+				"Error Updating Security Group tags: %s\n%s", d.Id(), err)
+		}
+	}
+
 	if d.HasChange(isSecurityGroupName) {
 		name = d.Get(isSecurityGroupName).(string)
 		hasChanged = true

diff --git a/ibm/resource_ibm_is_security_group_test.go b/ibm/resource_ibm_is_security_group_test.go
@@ -33,6 +33,18 @@ func TestAccIBMISSecurityGroup_basic(t *testing.T) {
 					testAccCheckIBMISSecurityGroupExists("ibm_is_security_group.testacc_security_group", securityGroup),
 					resource.TestCheckResourceAttr(
 						"ibm_is_security_group.testacc_security_group", "name", name1),
+					resource.TestCheckResourceAttr(
+						"ibm_is_security_group.testacc_security_group", "tags.#", "2"),
+				),
+			},
+			{
+				Config: testAccCheckIBMISsecurityGroupConfigUpdate(vpcname, name1),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIBMISSecurityGroupExists("ibm_is_security_group.testacc_security_group", securityGroup),
+					resource.TestCheckResourceAttr(
+						"ibm_is_security_group.testacc_security_group", "name", name1),
+					resource.TestCheckResourceAttr(
+						"ibm_is_security_group.testacc_security_group", "tags.#", "1"),
 				),
 			},
 		},
@@ -127,6 +139,21 @@ resource "ibm_is_vpc" "testacc_vpc" {
 resource "ibm_is_security_group" "testacc_security_group" {
 	name = "%s"
 	vpc = "${ibm_is_vpc.testacc_vpc.id}"
+	tags = ["Tag1", "tag2"]
+}`, vpcname, name)
+
+}
+
+func testAccCheckIBMISsecurityGroupConfigUpdate(vpcname, name string) string {
+	return fmt.Sprintf(`
+resource "ibm_is_vpc" "testacc_vpc" {
+	name = "%s"
+}
+
+resource "ibm_is_security_group" "testacc_security_group" {
+	name = "%s"
+	vpc = "${ibm_is_vpc.testacc_vpc.id}"
+	tags = ["tag1"]
 }`, vpcname, name)
 
 }
diff --git a/website/docs/d/is_security_group.html.markdown b/website/docs/d/is_security_group.html.markdown
@@ -87,6 +87,8 @@ The following attributes are exported:
   * `port_max` - The inclusive upper bound of TCP/UDP port range.
   * `port_min` - The inclusive lower bound of TCP/UDP port range.
   * `protocol` - The type of the protocol all, icmp, tcp, udp.
+* `tags` - Tags associated with the security group.
+* `crn` - The CRN of the security group.
 
 
 
diff --git a/website/docs/r/is_security_group.html.markdown b/website/docs/r/is_security_group.html.markdown
@@ -32,6 +32,7 @@ The following arguments are supported:
 * `name` - (Optional, string) The security group name.
 * `vpc` - (Required, Forces new resource, string) The vpc id. 
 * `resource_group` - (Optional, Forces new resource, string) The resource group ID where the security group to be created.
+* `tags` - (Optional, list(string)) Tags associated with the instance.
 
 ## Attribute Reference
 
@@ -48,7 +49,8 @@ Nested `rules` blocks have the following structure:
   * `code` - The ICMP traffic code to allow.
   * `port_max` - The inclusive upper bound of TCP/UDP port range.
   * `port_min` - The inclusive lower bound of TCP/UDP port range. 
-
+* `crn` - The CRN of the security group. 
+
 ## Import
 
 ibm_is_security_group can be imported using lbID, eg