feat: Add IP Restriction for Container Registry (#552)

Co-authored-by: Nicolas Lacroux <[email protected]>

Author: nicolaslacroux

ovh/data_cloud_project_containerregistry_ip_restrictions_management.go

@@ -0,0 +1,67 @@
+package ovh
+
+import (
+	"fmt"
+	"log"
+	"net/url"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceCloudProjectContainerRegistryIPRestrictionsManagement() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceCloudProjectContainerRegistryIPRestrictionsManagementRead,
+		Schema: map[string]*schema.Schema{
+			"service_name": {
+				Type:        schema.TypeString,
+				Description: "Service name",
+				Required:    true,
+				DefaultFunc: schema.EnvDefaultFunc("OVH_CLOUD_PROJECT_SERVICE", nil),
+			},
+			"registry_id": {
+				Type:        schema.TypeString,
+				Description: "Registry ID",
+				Required:    true,
+			},
+			"ip_restrictions": {
+				Type:        schema.TypeList,
+				Description: "List your IP restrictions applied on artifact manager component",
+				Computed:    true,
+				Elem: &schema.Schema{
+					Type: schema.TypeMap,
+					Set:  schema.HashString,
+				},
+			},
+		},
+	}
+}
+
+func dataSourceCloudProjectContainerRegistryIPRestrictionsManagementRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	serviceName := d.Get("service_name").(string)
+	registryID := d.Get("registry_id").(string)
+
+	endpoint := fmt.Sprintf(
+		"/cloud/project/%s/containerRegistry/%s/ipRestrictions/management",
+		url.PathEscape(serviceName),
+		url.PathEscape(registryID),
+	)
+	ipRestrictions := []CloudProjectContainerRegistryIPRestriction{}
+
+	log.Printf("[DEBUG] Will read Management IP Restrictions from registry %s and project: %s", registryID, serviceName)
+	err := config.OVHClient.Get(endpoint, &ipRestrictions)
+	if err != nil {
+		return fmt.Errorf("calling get %s %w", endpoint, err)
+	}
+
+	mapIPRestrictions := make([]map[string]interface{}, len(ipRestrictions))
+	for i, ipRestriction := range ipRestrictions {
+		mapIPRestrictions[i] = ipRestriction.ToMap()
+	}
+	d.Set("ip_restrictions", mapIPRestrictions)
+	d.SetId(serviceName + "/" + registryID)
+
+	log.Printf("[DEBUG] Read Management IP Restrictions %+v", mapIPRestrictions)
+
+	return nil
+}

ovh/data_cloud_project_containerregistry_ip_restrictions_management_test.go

@@ -0,0 +1,80 @@
+package ovh
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+const testAccCloudProjectContainerRegistryIPRestrictionsManagementDataSourceConfig = `
+data "ovh_cloud_project_capabilities_containerregistry_filter" "registryCap" {
+  service_name = "%s"
+  plan_name    = "SMALL"
+  region       = "%s"
+}
+
+resource "ovh_cloud_project_containerregistry" "registry" {
+  service_name = data.ovh_cloud_project_capabilities_containerregistry_filter.registryCap.service_name
+  plan_id      = data.ovh_cloud_project_capabilities_containerregistry_filter.registryCap.id
+  name         = "%s"
+  region       = data.ovh_cloud_project_capabilities_containerregistry_filter.registryCap.region
+}
+
+resource "ovh_cloud_project_containerregistry_ip_restrictions_management" "my-mgt-iprestrictions" {
+  service_name = ovh_cloud_project_containerregistry.registry.service_name
+  registry_id  = ovh_cloud_project_containerregistry.registry.id
+	
+  ip_restrictions = [
+    { 
+      ip_block = "121.121.121.121/32"
+      description = "my awesome ip"  
+    }
+  ]
+  depends_on = [
+    ovh_cloud_project_containerregistry.registry
+  ]
+}
+
+data "ovh_cloud_project_containerregistry_ip_restrictions_management" "mgt-iprestrictions-data" {
+  service_name = ovh_cloud_project_containerregistry.registry.service_name
+  registry_id  = ovh_cloud_project_containerregistry.registry.id
+
+  depends_on = [
+    ovh_cloud_project_containerregistry_ip_restrictions_management.my-mgt-iprestrictions
+  ]
+}
+`
+
+func TestAccCloudProjectContainerIPRestrictionsManagementDataSource_basic(t *testing.T) {
+	serviceName := os.Getenv("OVH_CLOUD_PROJECT_SERVICE_TEST")
+	region := os.Getenv("OVH_CLOUD_PROJECT_CONTAINERREGISTRY_REGION_TEST")
+	registryName := acctest.RandomWithPrefix(test_prefix)
+
+	config := fmt.Sprintf(
+		testAccCloudProjectContainerRegistryIPRestrictionsManagementDataSourceConfig,
+		serviceName,
+		region,
+		registryName,
+	)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheckContainerRegistry(t)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"data.ovh_cloud_project_containerregistry_ip_restrictions_management.mgt-iprestrictions-data", "ip_restrictions.0.ip_block", "121.121.121.121/32"),
+					resource.TestCheckResourceAttr(
+						"data.ovh_cloud_project_containerregistry_ip_restrictions_management.mgt-iprestrictions-data", "ip_restrictions.0.description", "my awesome ip"),
+				),
+			},
+		},
+	})
+}

ovh/data_cloud_project_containerregistry_ip_restrictions_registry.go

@@ -0,0 +1,68 @@
+package ovh
+
+import (
+	"fmt"
+	"log"
+	"net/url"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceCloudProjectContainerRegistryIPRestrictionsRegistry() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceCloudProjectContainerRegistryIPRestrictionsRegistryRead,
+		Schema: map[string]*schema.Schema{
+			"service_name": {
+				Type:        schema.TypeString,
+				Description: "Service name",
+				Required:    true,
+				DefaultFunc: schema.EnvDefaultFunc("OVH_CLOUD_PROJECT_SERVICE", nil),
+			},
+			"registry_id": {
+				Type:        schema.TypeString,
+				Description: "Registry ID",
+				Required:    true,
+			},
+			"ip_restrictions": {
+				Type:        schema.TypeList,
+				Description: "List your IP restrictions applied on artifact manager component",
+				Computed:    true,
+				Elem: &schema.Schema{
+					Type: schema.TypeMap,
+					Set:  schema.HashString,
+				},
+			},
+		},
+	}
+}
+
+func dataSourceCloudProjectContainerRegistryIPRestrictionsRegistryRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	serviceName := d.Get("service_name").(string)
+	registryID := d.Get("registry_id").(string)
+
+	endpoint := fmt.Sprintf(
+		"/cloud/project/%s/containerRegistry/%s/ipRestrictions/registry",
+		url.PathEscape(serviceName),
+		url.PathEscape(registryID),
+	)
+	ipRestrictions := []CloudProjectContainerRegistryIPRestriction{}
+
+	log.Printf("[DEBUG] Will read Registry IP Restrictions from registry %s and project: %s", registryID, serviceName)
+	err := config.OVHClient.Get(endpoint, &ipRestrictions)
+	if err != nil {
+		return fmt.Errorf("calling get %s %w", endpoint, err)
+	}
+
+	mapIPRestrictions := make([]map[string]interface{}, len(ipRestrictions))
+	for i, ipRestriction := range ipRestrictions {
+		mapIPRestrictions[i] = ipRestriction.ToMap()
+	}
+
+	d.Set("ip_restrictions", mapIPRestrictions)
+	d.SetId(serviceName + "/" + registryID)
+
+	log.Printf("[DEBUG] Read Registry IP Restrictions %+v", mapIPRestrictions)
+
+	return nil
+}

ovh/data_cloud_project_containerregistry_ip_restrictions_registry_test.go

@@ -0,0 +1,80 @@
+package ovh
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+const testAccCloudProjectContainerRegistryIPRestrictionsRegistryDataSourceConfig = `
+data "ovh_cloud_project_capabilities_containerregistry_filter" "registryCap" {
+  service_name = "%s"
+  plan_name    = "SMALL"
+  region       = "%s"
+}
+
+resource "ovh_cloud_project_containerregistry" "registry" {
+  service_name = data.ovh_cloud_project_capabilities_containerregistry_filter.registryCap.service_name
+  plan_id      = data.ovh_cloud_project_capabilities_containerregistry_filter.registryCap.id
+  name         = "%s"
+  region       = data.ovh_cloud_project_capabilities_containerregistry_filter.registryCap.region
+}
+
+resource "ovh_cloud_project_containerregistry_ip_restrictions_registry" "my-registry-iprestrictions" {
+  service_name = ovh_cloud_project_containerregistry.registry.service_name
+  registry_id  = ovh_cloud_project_containerregistry.registry.id
+	
+  ip_restrictions = [
+    { 
+      ip_block = "121.121.121.121/32"
+      description = "my awesome ip"  
+    }
+  ]
+  depends_on = [
+    ovh_cloud_project_containerregistry.registry
+  ]
+}
+
+data "ovh_cloud_project_containerregistry_ip_restrictions_registry" "registry-iprestrictions-data" {
+  service_name = ovh_cloud_project_containerregistry.registry.service_name
+  registry_id  = ovh_cloud_project_containerregistry.registry.id
+
+  depends_on = [
+    ovh_cloud_project_containerregistry_ip_restrictions_registry.my-registry-iprestrictions
+  ]
+}
+`
+
+func TestAccCloudProjectContainerIPRestrictionsRegistryDataSource_basic(t *testing.T) {
+	serviceName := os.Getenv("OVH_CLOUD_PROJECT_SERVICE_TEST")
+	region := os.Getenv("OVH_CLOUD_PROJECT_CONTAINERREGISTRY_REGION_TEST")
+	registryName := acctest.RandomWithPrefix(test_prefix)
+
+	config := fmt.Sprintf(
+		testAccCloudProjectContainerRegistryIPRestrictionsRegistryDataSourceConfig,
+		serviceName,
+		region,
+		registryName,
+	)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheckContainerRegistry(t)
+		},
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"data.ovh_cloud_project_containerregistry_ip_restrictions_registry.registry-iprestrictions-data", "ip_restrictions.0.ip_block", "121.121.121.121/32"),
+					resource.TestCheckResourceAttr(
+						"data.ovh_cloud_project_containerregistry_ip_restrictions_registry.registry-iprestrictions-data", "ip_restrictions.0.description", "my awesome ip"),
+				),
+			},
+		},
+	})
+}