Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support outbound-traffic-protection #5268

Merged
merged 8 commits into from
May 15, 2024
Merged

Support outbound-traffic-protection #5268

merged 8 commits into from
May 15, 2024

Conversation

golibali
Copy link
Contributor

@golibali golibali commented Apr 11, 2024
edited
Loading

A new API endpoint was introduced /network/v2/outbound-traffic-protection, so from now the outbound-traffic-protection can be modified after cluster creation as well. This PR is to support this scenario. Only works with Secure-by-default clusters (IKS 1.30+ & ROKS 4.15+)

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Relates OR Closes #0000

Output from acceptance testing:

$ make testacc TEST=./ibm/service/kubernetes TESTARGS='-run=TestAccIBMContainerVPCClusterDisableOutboundTrafficProtection'
--- PASS: TestAccIBMContainerVPCClusterDisableOutboundTrafficProtection (4640.50s)
PASS
ok  	github.com/IBM-Cloud/terraform-provider-ibm/ibm/service/kubernetes	4640.629s

$ make testacc TEST=./ibm/service/kubernetes TESTARGS='-run=TestAccIBMContainerVPCClusterUpdateDisableOutboundTrafficProtection'
--- PASS: TestAccIBMContainerVPCClusterUpdateDisableOutboundTrafficProtection (3403.31s)
PASS
ok  	github.com/IBM-Cloud/terraform-provider-ibm/ibm/service/kubernetes	3403.427s

...

@golibali
Copy link
Contributor Author

Need to update bluemix-go after PR merged.
IBM-Cloud/bluemix-go#441

Blintmester
Blintmester suggested changes Apr 16, 2024
View reviewed changes
ibm/service/kubernetes/resource_ibm_container_vpc_cluster_test.go Outdated Show resolved Hide resolved
go.mod Outdated Show resolved Hide resolved
@golibali golibali marked this pull request as ready for review April 17, 2024 14:28
hkantare
hkantare reviewed Apr 23, 2024
View reviewed changes
ibm/service/kubernetes/resource_ibm_container_vpc_cluster.go
@@ -598,7 +601,7 @@ func resourceIBMContainerVpcClusterCreate(d *schema.ResourceData, meta interface
workerpool.Labels = labels
}

disableOutboundTrafficProtection := d.Get("disable_outbound_traffic_protection").(bool)
disableOutboundTrafficProtection := d.Get(DisableOutboundTrafficProtectionFlag).(bool)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we add this property to datasource also ?
https://github.com/IBM-Cloud/terraform-provider-ibm/blob/master/ibm/service/kubernetes/data_source_ibm_container_vpc_cluster.go

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately not, because this parameter is not a fetchable one. It can be given at cluster create time, or can be updated after with a seperate API call. If I'm right all the parameters in the resource_ibm_container_vpc_cluster.go are fetchable ones.

@hkantare
Copy link
Collaborator

Can you fix the conflicts in above files

@hkantare
Copy link
Collaborator

Did we test the current change with existing test cases for version less since we defined the argument as optional and default false ?
can you pls share testcase or add testcase for old kube verisons

@golibali
Copy link
Contributor Author

golibali commented May 7, 2024

Did we test the current change with existing test cases for version less since we defined the argument as optional and default false ? can you pls share testcase or add testcase for old kube verisons

I added a test which tests the existing flag with a non secure-by-default cluster (AKA before 1.30, so 1.29)

@hkantare hkantare merged commit 541dbfa into IBM-Cloud:master May 15, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hkantare hkantare hkantare left review comments

@Blintmester Blintmester Blintmester approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@golibali @hkantare @Blintmester