Skip to content
This repository has been archived by the owner on May 9, 2024. It is now read-only.

Improve resource Service #96

Closed
wants to merge 2 commits into from
Closed

Improve resource Service #96

wants to merge 2 commits into from

Conversation

sahaqaa
Copy link
Contributor

@sahaqaa sahaqaa commented Sep 7, 2023

Previously it was possible to create only next configuration:

resource "openvpncloud_service" "test" {
	name = "test"
	type = "SERVICE_DESTINATION"
	description = "test"
	network_item_type = "NETWORK"
	network_item_id = openvpncloud_network.test.id
	routes = ["test.ua" ]
	config {
		service_types = ["ANY"]
	}
}

Which was not enough to configure granularity to take advantage of "Zero trust" CloudConnexa's features.

This PR is intended to improve resource "openvpncloud_service" (file "resource_service.go").

Disclaimer:
1/ Every time i run "terraform plan" (both before proposed changes and after) - Terraform wants to modify/rewrite "routes"
(i believe it is not related to scope of this PR, just wanted you to know)

 # openvpncloud_service.test will be updated in-place
  ~ resource "openvpncloud_service" "test" {
        id                = "6d8998e2-8034-47bc-8da3-9b2c7de403f2"
        name              = "test"
      ~ routes            = [
          - "",
          + "192.168.1.1/32",
        ]

2/ Data format looks little bit "bulky" when multiple ports needed to be specified (see examples below)
How it looks like now:

custom_service_types {
      protocol = "TCP"
      port {
        lower_value = "53"
        upper_value = "53"
      }
      port {
        lower_value = "88"
        upper_value = "88"
      }
      port {
        lower_value = "389"
        upper_value = "389"
      }
      port {
        lower_value = "464"
        upper_value = "464"
      }
      port {
        lower_value = "636"
        upper_value = "636"
      }
    }

(maybe it could be optimized or written more optimal in Terraform, but i don't know how to do it properly)

How it could look better (but i don't know how to do it yet, or even possibly API side should be modified as well, because i've checked with Swagger, and in API side it show that it is stored in format above ^^)

custom_service_types {
      protocol = "TCP"
       port {
          lower_value = "53,88,389,464,636"
          upper_value = "53,88,389,464,636"
      }
    }

or

custom_service_types {
      protocol = "TCP"
       port {
         lower_value = ["53", "88", "389", "464", "636"]
         upper_value = ["53", "88", "389", "464", "636"]
       }
    }

(I tried to use both examples above, but got error in Terraform and i believe data structure / scheme should be rewritten for this to work)

@sahaqaa sahaqaa requested a review from a team as a code owner September 7, 2023 06:22
@sahaqaa
Copy link
Contributor Author

sahaqaa commented Sep 7, 2023
edited
Loading

Here are some tests that i've done to test that everything ok:

Test case 1 - OK

resource "openvpncloud_service" "test" {
  provider = openvpn-cloud

	name = "test"
	type = "IP_SOURCE"
	description = "test"
	network_item_type = "NETWORK"
	network_item_id = openvpncloud_network.cloudvpn_eu123.id
	routes            = ["192.168.1.1/32"]
	config {
		service_types = ["ANY"]
	}
}

Test case 2 - OK

resource "openvpncloud_service" "test" {
  provider = openvpn-cloud

	name = "test"
	type = "IP_SOURCE"
	description = "test"
	network_item_type = "NETWORK"
	network_item_id = openvpncloud_network.cloudvpn_eu123.id
	routes            = ["192.168.1.1/32"]
	config {
		service_types = ["HTTPS", "HTTP","CUSTOM"]
        custom_service_types {
          protocol = "ICMP"
            icmp_type {
        upper_value = "0"
        lower_value = "0"
      }
        }
	}
}

Test case 3 - OK

resource "openvpncloud_service" "test" {
  provider = openvpn-cloud

	name = "test"
	type = "IP_SOURCE"
	description = "test"
	network_item_type = "NETWORK"
	network_item_id = openvpncloud_network.cloudvpn_eu123.id
	routes            = ["192.168.1.1/32"]
	config {
		service_types = ["HTTPS", "HTTP","CUSTOM"]
        custom_service_types {
          protocol = "ICMP"
        }
	}
}

Test case 4 - OK

resource "openvpncloud_service" "test" {
  provider = openvpn-cloud

  name              = "test"
  type              = "SERVICE_DESTINATION"
  description       = "test"
  network_item_type = "NETWORK"
  network_item_id   = openvpncloud_network.cloudvpn_eu123.id
  routes            = ["192.168.1.1/32"]
  config {
    service_types = ["HTTPS", "HTTP", "CUSTOM"]
    custom_service_types {
      protocol = "ICMP"
    }
    custom_service_types {
      protocol = "TCP"
      port {
        lower_value = "53"
        upper_value = "53"
      }
      port {
        lower_value = "88"
        upper_value = "88"
      }
      port {
        lower_value = "389"
        upper_value = "389"
      }
      port {
        lower_value = "464"
        upper_value = "464"
      }
      port {
        lower_value = "636"
        upper_value = "636"
      }
    }

    custom_service_types {
      protocol = "UDP"
      port {
        lower_value = "53"
        upper_value = "53"
      }
      port {
        lower_value = "88"
        upper_value = "88"
      }
      port {
        lower_value = "123"
        upper_value = "123"
      }
      port {
        lower_value = "464"
        upper_value = "464"
      }
    }
  }
}

Test case 5 - OK

resource "openvpncloud_service" "test" {
  provider = openvpn-cloud

  name              = "test"
  type              = "IP_SOURCE"
  description       = "test"
  network_item_type = "NETWORK"
  network_item_id   = openvpncloud_network.cloudvpn_eu123.id
  routes            = ["192.168.1.1/32"]
  config {
    service_types = ["HTTPS", "HTTP", "CUSTOM"]
    custom_service_types {
      protocol = "ICMP"
    }
    custom_service_types {
      protocol = "TCP"
      port {
        upper_value = "8080"
        lower_value = "8080"
      }
    }
  }
}

Test case 6 - OK

resource "openvpncloud_service" "test" {
  provider = openvpn-cloud

  name              = "test"
  type              = "IP_SOURCE"
  description       = "test"
  network_item_type = "NETWORK"
  network_item_id   = openvpncloud_network.cloudvpn_eu123.id
  routes            = ["192.168.1.1/32"]
  config {
    service_types = ["HTTPS", "HTTP", "CUSTOM"]
    custom_service_types {
      protocol = "ICMP"
    }
    custom_service_types {
      protocol = "TCP"
      port {
        upper_value = "8080"
        lower_value = "8080"
      }
    }

    custom_service_types {
      protocol = "UDP"
      port {
        upper_value = "53"
        lower_value = "53"
      }
    }
  }
}

Test case 7 - OK

resource "openvpncloud_service" "test" {
  provider = openvpn-cloud

  name              = "test"
  type              = "IP_SOURCE"
  description       = "test"
  network_item_type = "NETWORK"
  network_item_id   = openvpncloud_network.cloudvpn_eu123.id
  routes            = ["192.168.1.1/32"]
  config {
    service_types = ["HTTPS", "HTTP", "CUSTOM"]
    custom_service_types {
      protocol = "ICMP"
    }
    custom_service_types {
      protocol = "TCP"
      port {
        lower_value = "8080"
        upper_value = "8090"
      }
    }

    custom_service_types {
      protocol = "UDP"
      port {
        lower_value = "53"
        upper_value = "53"

      }
    }
  }
}

Test case 8 - OK

resource "openvpncloud_service" "test" {
  provider = openvpn-cloud

  name              = "test"
  type              = "IP_SOURCE"
  description       = "test"
  network_item_type = "NETWORK"
  network_item_id   = openvpncloud_network.cloudvpn_eu123.id
  routes            = ["192.168.1.1/32"]
  config {
    service_types = ["HTTPS", "HTTP", "CUSTOM"]
    custom_service_types {
      protocol = "ICMP"
    }
    custom_service_types {
      protocol = "TCP"
      port {
        lower_value = "8080"
        upper_value = "8090"
      }
      port {
        lower_value = "32000"
        upper_value = "32000"
      }
    }

    custom_service_types {
      protocol = "UDP"
      port {
        lower_value = "53"
        upper_value = "53"
      }
      port {
        lower_value = "4444"
        upper_value = "4444"
      }
    }
  }
}

Test case 9 - OK

resource "openvpncloud_service" "test" {
  provider = openvpn-cloud

  name              = "test"
  type              = "IP_SOURCE"
  description       = "test"
  network_item_type = "NETWORK"
  network_item_id   = openvpncloud_network.cloudvpn_eu123.id
  routes            = ["192.168.1.1/32"]
  config {
    service_types = ["HTTPS", "HTTP", "CUSTOM"]
    custom_service_types {
      protocol = "ICMP"
    }
    custom_service_types {
      protocol = "TCP"
    }

    custom_service_types {
      protocol = "UDP"
    }
  }
}

@sahaqaa
Copy link
Contributor Author

sahaqaa commented Sep 7, 2023

Huge thanks to @michaelfmnk for helping me to get familiar with Swagger, advises on how to build provider for testing and with writing code

@patoarvizu
Copy link

Regarding the port specification, could we have a third field called just value (or number or something like that), make it conflict with lower_value/upper_value, and put logic in place so that if only value is specified we transform it into lower_value and upper_value before calling the backend?

@sahaqaa
Copy link
Contributor Author

sahaqaa commented Sep 8, 2023

This is awesome idea. I've reached to API developers and asked if it's possible to add new field like "value". Possibly it could be implemented on API side and then we add it into provider.

@sahaqaa sahaqaa marked this pull request as draft September 27, 2023 13:26
@arslanbekov
Copy link
Member

#136

@arslanbekov arslanbekov closed this May 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@michaelfmnk michaelfmnk michaelfmnk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sahaqaa @patoarvizu @arslanbekov @michaelfmnk