feat(instance): add support for enable_default_security (#651)

remyleone · jerome-quere · web-flow · commit 3253a158964a · 2020-12-11T11:03:23.000+01:00
Co-authored-by: Jerome Quere &lt;pub@jeromequere.fr&gt;
diff --git a/docs/resources/instance_security_group.md b/docs/resources/instance_security_group.md
@@ -120,6 +120,7 @@ The following arguments are supported:
 
 - `project_id` - (Defaults to [provider](../index.md#project_id) `project_id`) The ID of the project the security group is associated with.
 
+- `enable_defaul_security` - Whether to block SMTP on IPv4/IPv6 (Port 25, 465, 587). Set to false will unblock SMTP if your account is authorized to. If your organization is not yet authorized to send SMTP traffic, [open a support ticket](https://console.scaleway.com/support/tickets).
 
 The `inbound_rule` and `outbound_rule` block supports:
 
diff --git a/go.mod b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/google/go-cmp v0.5.2
 	github.com/hashicorp/go-retryablehttp v0.6.7
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.2.0
-	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7.0.20201113152841-1153aa56e20e
+	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7.0.20201210153359-29e11ec95efd
 	github.com/stretchr/testify v1.6.1
 	golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
diff --git a/go.sum b/go.sum
@@ -299,8 +299,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7.0.20201113152841-1153aa56e20e h1:KW5n7q2CMM/MsFNAwdZWB0UioVa3E3XQSrKRZcjmaGo=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7.0.20201113152841-1153aa56e20e/go.mod h1:CJJ5VAbozOl0yEw7nHB9+7BXTJbIn6h7W+f6Gau5IP8=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7.0.20201210153359-29e11ec95efd h1:CjD+yEroS8fNyXwWNdGHb1fr3DE6As6dZoBhNIHZtHk=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7.0.20201210153359-29e11ec95efd/go.mod h1:CJJ5VAbozOl0yEw7nHB9+7BXTJbIn6h7W+f6Gau5IP8=
 github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
 github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
 github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
diff --git a/scaleway/helpers.go b/scaleway/helpers.go
@@ -386,6 +386,13 @@ func expandStringPtr(data interface{}) *string {
 	return scw.StringPtr(data.(string))
 }
 
+func expandBoolPtr(data interface{}) *bool {
+	if data == nil {
+		return nil
+	}
+	return scw.BoolPtr(data.(bool))
+}
+
 func flattenInt32Ptr(i *int32) interface{} {
 	if i == nil {
 		return 0
diff --git a/scaleway/resource_instance_security_group.go b/scaleway/resource_instance_security_group.go
@@ -82,6 +82,12 @@ func resourceScalewayInstanceSecurityGroup() *schema.Resource {
 				Default:       false,
 				ConflictsWith: []string{"inbound_rule", "outbound_rule"},
 			},
+			"enable_default_security": {
+				Type:        schema.TypeBool,
+				Description: "Enable blocking of SMTP on IPv4 and IPv6",
+				Optional:    true,
+				Default:     true,
+			},
 			"zone":            zoneSchema(),
 			"organization_id": organizationIDSchema(),
 			"project_id":      projectIDSchema(),
@@ -104,6 +110,7 @@ func resourceScalewayInstanceSecurityGroupCreate(ctx context.Context, d *schema.
 		Stateful:              d.Get("stateful").(bool),
 		InboundDefaultPolicy:  instance.SecurityGroupPolicy(d.Get("inbound_default_policy").(string)),
 		OutboundDefaultPolicy: instance.SecurityGroupPolicy(d.Get("outbound_default_policy").(string)),
+		EnableDefaultSecurity: expandBoolPtr(d.Get("enable_default_security")),
 	}, scw.WithContext(ctx))
 	if err != nil {
 		return diag.FromErr(err)
@@ -144,6 +151,7 @@ func resourceScalewayInstanceSecurityGroupRead(ctx context.Context, d *schema.Re
 	_ = d.Set("description", res.SecurityGroup.Description)
 	_ = d.Set("inbound_default_policy", res.SecurityGroup.InboundDefaultPolicy.String())
 	_ = d.Set("outbound_default_policy", res.SecurityGroup.OutboundDefaultPolicy.String())
+	_ = d.Set("enable_default_security", res.SecurityGroup.EnableDefaultSecurity)
 
 	if !d.Get("external_rules").(bool) {
 		inboundRules, outboundRules, err := getSecurityGroupRules(instanceAPI, zone, ID, d)
@@ -232,6 +240,10 @@ func resourceScalewayInstanceSecurityGroupUpdate(ctx context.Context, d *schema.
 		OutboundDefaultPolicy: &outboundDefaultPolicy,
 	}
 
+	if d.HasChange("enable_default_security") {
+		updateReq.EnableDefaultSecurity = expandBoolPtr(d.Get("enable_default_security"))
+	}
+
 	// Only update name if one is provided in the state
 	if d.Get("name") != nil && d.Get("name").(string) != "" {
 		updateReq.Name = expandStringPtr(d.Get("name"))
diff --git a/scaleway/resource_instance_security_group_test.go b/scaleway/resource_instance_security_group_test.go
@@ -538,3 +538,35 @@ func testSweepComputeInstanceSecurityGroup(_ string) error {
 		return nil
 	})
 }
+
+func TestAccScalewayInstanceSecurityGroup_EnableDefaultSecurity(t *testing.T) {
+	tt := NewTestTools(t)
+	defer tt.Cleanup()
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      testAccCheckScalewayInstanceSecurityGroupDestroy(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: `
+					resource "scaleway_instance_security_group" "base" {
+						enable_default_security = false
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("scaleway_instance_security_group.base", "enable_default_security", "false"),
+				),
+			},
+			{
+				Config: `
+					resource "scaleway_instance_security_group" "base" {
+						enable_default_security = true
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("scaleway_instance_security_group.base", "enable_default_security", "true"),
+				),
+			},
+		},
+	})
+}
diff --git a/scaleway/testdata/instance-security-group-enable-default-security.cassette.yaml b/scaleway/testdata/instance-security-group-enable-default-security.cassette.yaml

Original file line number	Diff line number	Diff line change
`@@ -120,6 +120,7 @@ The following arguments are supported:`
`120`	`120`
`121`	`121`	- `project_id` - (Defaults to [provider](../index.md#project_id) `project_id`) The ID of the project the security group is associated with.
`122`	`122`
	`123`	+- `enable_defaul_security` - Whether to block SMTP on IPv4/IPv6 (Port 25, 465, 587). Set to false will unblock SMTP if your account is authorized to. If your organization is not yet authorized to send SMTP traffic, [open a support ticket](https://console.scaleway.com/support/tickets).
`123`	`124`
`124`	`125`	The `inbound_rule` and `outbound_rule` block supports:
`125`	`126`
-Original file line number
+Diff line change
 	github.com/google/go-cmp v0.5.2
 	github.com/hashicorp/go-retryablehttp v0.6.7
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.2.0
 -	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7.0.20201113152841-1153aa56e20e
 +	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7.0.20201210153359-29e11ec95efd
 	github.com/stretchr/testify v1.6.1
 	golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a // indirect
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1