Merge pull request #797 from ovh/dev/aamstutz/ip-firewall-rule-import

amstuta · web-flow · commit 4d787200fc39 · 2025-01-06T16:30:27.000+01:00
feat: Add import capability to resource ovh_ip_firewall_rule
diff --git a/ovh/resource_ip_firewall_rule.go b/ovh/resource_ip_firewall_rule.go
@@ -5,14 +5,20 @@ import (
 	"errors"
 	"fmt"
 	"net/url"
+	"strconv"
+	"strings"
 	"time"
 
+	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
 	"github.com/ovh/go-ovh/ovh"
+	ovhtypes "github.com/ovh/terraform-provider-ovh/ovh/types"
 )
 
 var _ resource.ResourceWithConfigure = (*ipFirewallRuleResource)(nil)
+var _ resource.ResourceWithImportState = (*ipFirewallRuleResource)(nil)
 
 func NewIpFirewallRuleResource() resource.Resource {
 	return &ipFirewallRuleResource{}
@@ -47,6 +53,26 @@ func (d *ipFirewallRuleResource) Schema(ctx context.Context, req resource.Schema
 	resp.Schema = IpFirewallRuleResourceSchema(ctx)
 }
 
+func (r *ipFirewallRuleResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {
+	splits := strings.Split(req.ID, "|")
+	if len(splits) != 3 {
+		resp.Diagnostics.AddError("Given ID is malformed", "ID must be formatted like the following: <ip>|<ip_on_firewall>|<sequence>")
+		return
+	}
+
+	ip := splits[0]
+	ipOnFirewall := splits[1]
+	sequence, err := strconv.Atoi(splits[2])
+	if err != nil {
+		resp.Diagnostics.AddError("Given firewall sequence number must be an integer", err.Error())
+		return
+	}
+
+	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("ip"), ip)...)
+	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("ip_on_firewall"), ipOnFirewall)...)
+	resp.Diagnostics.Append(resp.State.SetAttribute(ctx, path.Root("sequence"), sequence)...)
+}
+
 func (r *ipFirewallRuleResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
 	var (
 		data         IpFirewallRuleModel
@@ -129,6 +155,27 @@ func (r *ipFirewallRuleResource) Read(ctx context.Context, req resource.ReadRequ
 
 	responseData.MergeWith(&data)
 
+	// In case the resource is being imported, the fields `source_port` and `destination_port` are not returned
+	// by the API, so we must use fields `source_port_desc` and `destination_port_desc` to retrieve the values.
+	if responseData.SourcePort.IsNull() && strings.HasPrefix(responseData.SourcePortDesc.ValueString(), "eq ") {
+		port := strings.TrimPrefix(responseData.SourcePortDesc.ValueString(), "eq ")
+		portNumber, err := strconv.ParseInt(port, 10, 64)
+		if err != nil {
+			tflog.Warn(ctx, fmt.Sprintf("failed to parse source port from desc: %s", err))
+		} else {
+			responseData.SourcePort = ovhtypes.NewTfInt64Value(portNumber)
+		}
+	}
+	if responseData.DestinationPort.IsNull() && strings.HasPrefix(responseData.DestinationPortDesc.ValueString(), "eq ") {
+		port := strings.TrimPrefix(responseData.DestinationPortDesc.ValueString(), "eq ")
+		portNumber, err := strconv.ParseInt(port, 10, 64)
+		if err != nil {
+			tflog.Warn(ctx, fmt.Sprintf("failed to parse destination port from desc: %s", err))
+		} else {
+			responseData.DestinationPort = ovhtypes.NewTfInt64Value(portNumber)
+		}
+	}
+
 	// Save updated data into Terraform state
 	resp.Diagnostics.Append(resp.State.Set(ctx, &responseData)...)
 }
diff --git a/ovh/resource_ip_firewall_rule_test.go b/ovh/resource_ip_firewall_rule_test.go
@@ -61,6 +61,13 @@ func TestAccIPFirewallRule_basic(t *testing.T) {
 						"ovh_ip_firewall_rule.rule", "source_port_desc", "eq 44"),
 				),
 			},
+			{
+				ImportStateId:                        fmt.Sprintf("%s|%s|0", ip, ip),
+				ResourceName:                         "ovh_ip_firewall_rule.rule",
+				ImportState:                          true,
+				ImportStateVerify:                    true,
+				ImportStateVerifyIdentifierAttribute: "ip_on_firewall",
+			},
 		},
 	})
 }
diff --git a/website/docs/r/ip_firewall_rule.html.markdown b/website/docs/r/ip_firewall_rule.html.markdown
@@ -47,4 +47,12 @@ resource "ovh_ip_firewall_rule" "my_firewall_rule" {
 * `source` - IPv4 CIDR notation (e.g., 192.0.2.0/24)
 * `source_port` - Source port for your rule. Only with TCP/UDP protocol
 * `source_port_desc` - String description of field `source_port`
-* `tcp_option` - TCP option on your rule (syn|established)
+* `tcp_option` - TCP option on your rule (syn|established)
+
+## Import
+
+The resource can be imported using the properties `ip`, `ip_on_firewall` and `sequence`, separated by "|" E.g.,
+
+```bash
+$ terraform import ovh_ip_firewall_rule.my_firewall_rule '127.0.0.1|127.0.0.2|0'
+```
