Add Firewall support to Load Balancer datasource & resource

digitalocean · andrewsomething · Dec 21, 2022 · Dec 13, 2022 · Dec 13, 2022 · Dec 13, 2022
commit e5f0519d155177bf0e5d976dc5bdca07c499c725
diff --git a/digitalocean/datasource_digitalocean_loadbalancer.go b/digitalocean/datasource_digitalocean_loadbalancer.go
@@ -220,12 +220,32 @@ func dataSourceDigitalOceanLoadbalancer() *schema.Resource {
  Computed: true,
  Description: " Specifies the idle timeout for HTTPS connections on the load balancer.",
  },
-
  "project_id": {
  Type: schema.TypeString,
  Computed: true,
  Description: "The ID of the project that the load balancer is associated with.",
  },
+ "firewall": {
+ Type: schema.TypeList,
+ Computed: true,
+ Description: "the firewall rules for allowing/denying traffic to the load balancer",
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "allow": {
+ Type: schema.TypeSet,
+ Elem: &schema.Schema{Type: schema.TypeString},
+ Computed: true,
+ Description: "the rules for ALLOWING traffic to the LB (strings in the form: 'ip:1.2.3.4' or 'cidr:1.2.0.0/16')",
+ },
+ "deny": {
+ Type: schema.TypeSet,
+ Elem: &schema.Schema{Type: schema.TypeString},
+ Computed: true,
+ Description: "the rules for DENYING traffic to the LB (strings in the form: 'ip:1.2.3.4' or 'cidr:1.2.0.0/16')",
+ },
+ },
+ },
+ },
  },
  }
 }
@@ -324,6 +344,10 @@ func dataSourceDigitalOceanLoadbalancerRead(ctx context.Context, d *schema.Resou
  return diag.Errorf("[DEBUG] Error setting Load Balancer forwarding_rule - error: %#v", err)
  }
 
+ if err := d.Set("firewall", flattenLBFirewall(foundLoadbalancer.Firewall)); err != nil {
+ return diag.Errorf("[DEBUG] Error setting Load Balancer firewall - error: %#v", err)
+ }
+
  return nil
 }
 

diff --git a/digitalocean/loadbalancer.go b/digitalocean/loadbalancer.go
@@ -41,6 +41,22 @@ func expandStickySessions(config []interface{}) *godo.StickySessions {
  return stickySession
 }
 
+func expandLBFirewall(config []interface{}) *godo.LBFirewall {
+ firewallConfig := config[0].(map[string]interface{})
+
+ firewall := &godo.LBFirewall{}
+
+ if v, ok := firewallConfig["allow"]; ok {
+ firewall.Allow = v.([]string)
+ }
+
+ if v, ok := firewallConfig["deny"]; ok {
+ firewall.Deny = v.([]string)
+ }
+
+ return firewall
+}
+
 func expandHealthCheck(config []interface{}) *godo.HealthCheck {
  healthcheckConfig := config[0].(map[string]interface{})
 
@@ -187,6 +203,29 @@ func flattenStickySessions(session *godo.StickySessions) []map[string]interface{
  return result
 }
 
+func flattenLBFirewall(firewall *godo.LBFirewall) []map[string]interface{} {
+ result := make([]map[string]interface{}, 0, 1)
+
+ if firewall != nil {
+ r := make(map[string]interface{})
+ // TODO: Unsure if nested rules requiring flattening? (jrolheiser)
+ r["allow"] = flattenFirewallRules((*firewall).Allow)
+ r["deny"] = flattenFirewallRules((*firewall).Deny)
+
+ result = append(result, r)
+ }
+
+ return result
+}
+
+func flattenFirewallRules(rules []string) *schema.Set {
+ flatSet := schema.NewSet(schema.HashString, []interface{}{})
+ for _, v := range rules {
+ flatSet.Add(v)
+ }
+ return flatSet
+}
+
 func flattenForwardingRules(client *godo.Client, rules []godo.ForwardingRule) ([]map[string]interface{}, error) {
  result := make([]map[string]interface{}, 0, 1)
 

diff --git a/digitalocean/resource_digitalocean_loadbalancer.go b/digitalocean/resource_digitalocean_loadbalancer.go
@@ -377,6 +377,29 @@ func resourceDigitalOceanLoadBalancerV0() *schema.Resource {
  Optional: true,
  Computed: true,
  },
+
+ "firewall": {
+ Type: schema.TypeList,
+ Optional: true,
+ Computed: true,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "allow": {
+ Type: schema.TypeSet,
+ Elem: &schema.Schema{Type: schema.TypeString},
+ Computed: true,
+ Description: "the rules for ALLOWING traffic to the LB (strings in the form: 'ip:1.2.3.4' or 'cidr:1.2.0.0/16')",
+ },
+ "deny": {
+ Type: schema.TypeSet,
+ Elem: &schema.Schema{Type: schema.TypeString},
+ Computed: true,
+ Description: "the rules for DENYING traffic to the LB (strings in the form: 'ip:1.2.3.4' or 'cidr:1.2.0.0/16')",
+ },
+ },
+ },
+ },
  },
  }
 }
@@ -459,6 +482,10 @@ func buildLoadBalancerRequest(client *godo.Client, d *schema.ResourceData) (*god
  opts.StickySessions = expandStickySessions(v.([]interface{}))
  }
 
+ if v, ok := d.GetOk("firewall"); ok {
+ opts.Firewall = expandLBFirewall(v.([]interface{}))
+ }
+
  if v, ok := d.GetOk("vpc_uuid"); ok {
  opts.VPCUUID = v.(string)
  }
@@ -556,6 +583,10 @@ func resourceDigitalOceanLoadbalancerRead(ctx context.Context, d *schema.Resourc
  return diag.Errorf("[DEBUG] Error setting Load Balancer forwarding_rule - error: %#v", err)
  }
 
+ if err := d.Set("firewall", flattenLBFirewall(loadbalancer.Firewall)); err != nil {
+ return diag.Errorf("[DEBUG] Error setting Load Balancer firewall - error: %#v", err)
+ }
+
  return nil
 
 }