provider/openstack: implement neutron security groups and rules #6410
Conversation
|
The build fails because of an older version of github.com/rackspace/gophercloud in the vendor folder. |
| d.Set("remote_group_id", security_group_rule.RemoteGroupID) | ||
| d.Set("remote_ip_prefix", security_group_rule.RemoteIPPrefix) | ||
| d.Set("tenant_id", security_group_rule.TenantID) | ||
| return nil |
There was a problem hiding this comment.
For the above attributes to be Set, they have to be marked as "computed" in the argument/schema definition. Arguments that are required don't have to be set.
|
@cristicalin This is a welcomed addition! I've left two comments about some areas to fix up, but in general, this is off to a great start. Let me know when you open a PR to Gophercloud and I can review it and (hopefully) help push it along. Nice work! 😄 |
|
I've made the suggested changes. PR to Gophercloud for what ? I'll also work next week on proper unit/acceptance tests and add relevant info to the docs. |
|
oh! I misunderstood. I thought the tests were failing because you were also patching Gophercloud and using a local dev version. The vendoring is only pulling in packages that are in use, which is why the Neutron security group stuff isn't included yet... Sorry about that! All sounds good! |
|
I managed to find the time today to figure out how to properly use godep to satisfy the dependencies. |
cristicalin
changed the title
|
@jtopjian this should be now in a good shape to merge, please have a look when you can. I'll be happy to make any modifications you suggest. |
| }, | ||
| "ethertype": &schema.Schema{ | ||
| Type: schema.TypeString, | ||
| Optional: true, |
There was a problem hiding this comment.
Ethertype is required in Gophercloud.
There was a problem hiding this comment.
According to http://developer.openstack.org/api-ref-networking-v2-ext.html it is not.
But looking at https://github.com/rackspace/gophercloud/blob/master/openstack/networking/v2/extensions/security/rules/requests.go#L113 It looks like the gophercloud code checks for a valid ethertype which cannot be void so I'll mark it as required.
|
@cristicalin Looking really good! I left a few comments, but I'd say they're minor compared to the rest of the work you've done 😄 One other comment is to not forget to modify Let me know if you have any questions or if something sounds off -- I only quickly reviewed this on a Sunday morning. |
|
Also, in preparation for merging into Terraform, can you squash everything into two commits:
These can wait until all reviewing is done -- just wanted to give you a heads up on the final step before this gets merged. |
|
I've made the modifications you suggested except for checking the protocol values as they are already checked in the gophercloud code Create function (see my comment on that). I'll squash the commits as requested when you give a green light for the code. |
| @@ -83,6 +88,16 @@ func resourceNetworkingSecGroupRuleV2Create(d *schema.ResourceData, meta interfa | |||
| return fmt.Errorf("Error creating OpenStack networking client: %s", err) | |||
| } | |||
|
|
|||
| portRangeMin := d.Get("port_min_range").(string) | |||
There was a problem hiding this comment.
It looks like there were a few issues with my rough sketch of this. This should be d.Get("port_range_min").(int)
|
@cristicalin Just the one change I noted and we're good to go 😄 |
Import networking/v2/extensions/security/groups and networking/v2/extensions/security/rules from gophercloud. These will be used by two new resouces openstack_networking_secgroup_v2 and openstack_networking_secgroup_rule_v2.
cristicalin
force-pushed
the
neutron_security_groups_v1
branch
from
5cc749a to
de5c025
Compare
|
I made the last modifications (also updated the docs about the relevant requirements) and squashed the commits into two. |
this implements two new resource types: * openstack_networking_secgroup_v2 - create a neutron security group * openstack_networking_secgroup_rule_v2 - create a newutron security group rule Unlike their nova counterparts the neutron security groups allow a user to specify the target tenant_id allowing a cloud admin to create per tenant resources.
cristicalin
force-pushed
the
neutron_security_groups_v1
branch
from
de5c025 to
6fe8269
Compare
|
Thank you for your time and hard work with this! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
This WIP patch adds support for neutron security groups and
security group rules. This requires a newer version of the
github.com/rackspace/gophercloud (i built and tested against
current master)
Unlike the nova security group, the neutron security group
is a separate entity from the security group rules, they
are created separately and have different identifiers.
An added benefit is that the neutron implementation allows
an admin to target a specific tenant. In this case you can
have a stack that also provisions the security side of a tenant.