Merge pull request #14307 from takaishi/support-to-create-seccgorup-rule-with-protocol-name

provider/openstack: Add to support protocols for resourceNetworkingSecGroupRuleV2

builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2.go

@@ -236,6 +236,42 @@ func resourceNetworkingSecGroupRuleV2DetermineProtocol(v string) rules.RuleProto
 		protocol = rules.ProtocolUDP
 	case "icmp":
 		protocol = rules.ProtocolICMP
+	case "ah":
+		protocol = rules.ProtocolAH
+	case "dccp":
+		protocol = rules.ProtocolDCCP
+	case "egp":
+		protocol = rules.ProtocolEGP
+	case "esp":
+		protocol = rules.ProtocolESP
+	case "gre":
+		protocol = rules.ProtocolGRE
+	case "igmp":
+		protocol = rules.ProtocolIGMP
+	case "ipv6-encap":
+		protocol = rules.ProtocolIPv6Encap
+	case "ipv6-frag":
+		protocol = rules.ProtocolIPv6Frag
+	case "ipv6-icmp":
+		protocol = rules.ProtocolIPv6ICMP
+	case "ipv6-nonxt":
+		protocol = rules.ProtocolIPv6NoNxt
+	case "ipv6-opts":
+		protocol = rules.ProtocolIPv6Opts
+	case "ipv6-route":
+		protocol = rules.ProtocolIPv6Route
+	case "ospf":
+		protocol = rules.ProtocolOSPF
+	case "pgm":
+		protocol = rules.ProtocolPGM
+	case "rsvp":
+		protocol = rules.ProtocolRSVP
+	case "sctp":
+		protocol = rules.ProtocolSCTP
+	case "udplite":
+		protocol = rules.ProtocolUDPLite
+	case "vrrp":
+		protocol = rules.ProtocolVRRP
 	}
 
 	return protocol

builtin/providers/openstack/resource_openstack_networking_secgroup_rule_v2_test.go

@@ -85,6 +85,115 @@ func TestAccNetworkingV2SecGroupRule_timeout(t *testing.T) {
 	})
 }
 
+func TestAccNetworkingV2SecGroupRule_protocols(t *testing.T) {
+	var secgroup_1 groups.SecGroup
+	var secgroup_rule_ah rules.SecGroupRule
+	var secgroup_rule_dccp rules.SecGroupRule
+	var secgroup_rule_egp rules.SecGroupRule
+	var secgroup_rule_esp rules.SecGroupRule
+	var secgroup_rule_gre rules.SecGroupRule
+	var secgroup_rule_igmp rules.SecGroupRule
+	var secgroup_rule_ipv6_encap rules.SecGroupRule
+	var secgroup_rule_ipv6_frag rules.SecGroupRule
+	var secgroup_rule_ipv6_icmp rules.SecGroupRule
+	var secgroup_rule_ipv6_nonxt rules.SecGroupRule
+	var secgroup_rule_ipv6_opts rules.SecGroupRule
+	var secgroup_rule_ipv6_route rules.SecGroupRule
+	var secgroup_rule_ospf rules.SecGroupRule
+	var secgroup_rule_pgm rules.SecGroupRule
+	var secgroup_rule_rsvp rules.SecGroupRule
+	var secgroup_rule_sctp rules.SecGroupRule
+	var secgroup_rule_udplite rules.SecGroupRule
+	var secgroup_rule_vrrp rules.SecGroupRule
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckNetworkingV2SecGroupRuleDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccNetworkingV2SecGroupRule_protocols,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckNetworkingV2SecGroupExists(
+						"openstack_networking_secgroup_v2.secgroup_1", &secgroup_1),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ah", &secgroup_rule_ah),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_dccp", &secgroup_rule_dccp),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_egp", &secgroup_rule_egp),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_esp", &secgroup_rule_esp),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_gre", &secgroup_rule_gre),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_igmp", &secgroup_rule_igmp),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ipv6_encap", &secgroup_rule_ipv6_encap),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ipv6_frag", &secgroup_rule_ipv6_frag),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ipv6_icmp", &secgroup_rule_ipv6_icmp),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ipv6_nonxt", &secgroup_rule_ipv6_nonxt),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ipv6_opts", &secgroup_rule_ipv6_opts),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ipv6_route", &secgroup_rule_ipv6_route),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ospf", &secgroup_rule_ospf),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_pgm", &secgroup_rule_pgm),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_rsvp", &secgroup_rule_rsvp),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_sctp", &secgroup_rule_sctp),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_udplite", &secgroup_rule_udplite),
+					testAccCheckNetworkingV2SecGroupRuleExists(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_vrrp", &secgroup_rule_vrrp),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ah", "protocol", "ah"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_dccp", "protocol", "dccp"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_egp", "protocol", "egp"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_esp", "protocol", "esp"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_gre", "protocol", "gre"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_igmp", "protocol", "igmp"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ipv6_encap", "protocol", "ipv6-encap"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ipv6_frag", "protocol", "ipv6-frag"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ipv6_icmp", "protocol", "ipv6-icmp"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ipv6_nonxt", "protocol", "ipv6-nonxt"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ipv6_opts", "protocol", "ipv6-opts"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ipv6_route", "protocol", "ipv6-route"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_ospf", "protocol", "ospf"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_pgm", "protocol", "pgm"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_rsvp", "protocol", "rsvp"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_sctp", "protocol", "sctp"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_udplite", "protocol", "udplite"),
+					resource.TestCheckResourceAttr(
+						"openstack_networking_secgroup_rule_v2.secgroup_rule_vrrp", "protocol", "vrrp"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckNetworkingV2SecGroupRuleDestroy(s *terraform.State) error {
 	config := testAccProvider.Meta().(*Config)
 	networkingClient, err := config.networkingV2Client(OS_REGION_NAME)
@@ -226,3 +335,154 @@ resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_2" {
   }
 }
 `
+
+const testAccNetworkingV2SecGroupRule_protocols = `
+resource "openstack_networking_secgroup_v2" "secgroup_1" {
+  name = "secgroup_1"
+  description = "terraform security group rule acceptance test"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ah" {
+  direction = "ingress"
+  ethertype = "IPv4"
+  protocol = "ah"
+  remote_ip_prefix = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_dccp" {
+  direction = "ingress"
+  ethertype = "IPv4"
+  protocol = "dccp"
+  remote_ip_prefix = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_egp" {
+  direction = "ingress"
+  ethertype = "IPv4"
+  protocol = "egp"
+  remote_ip_prefix = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_esp" {
+  direction = "ingress"
+  ethertype = "IPv4"
+  protocol = "esp"
+  remote_ip_prefix = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_gre" {
+  direction = "ingress"
+  ethertype = "IPv4"
+  protocol = "gre"
+  remote_ip_prefix = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_igmp" {
+  direction = "ingress"
+  ethertype = "IPv4"
+  protocol = "igmp"
+  remote_ip_prefix = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ipv6_encap" {
+  direction = "ingress"
+  ethertype = "IPv6"
+  protocol = "ipv6-encap"
+  remote_ip_prefix = "::/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ipv6_frag" {
+  direction = "ingress"
+  ethertype = "IPv6"
+  protocol = "ipv6-frag"
+  remote_ip_prefix = "::/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ipv6_icmp" {
+  direction = "ingress"
+  ethertype = "IPv6"
+  protocol = "ipv6-icmp"
+  remote_ip_prefix = "::/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ipv6_nonxt" {
+  direction = "ingress"
+  ethertype = "IPv6"
+  protocol = "ipv6-nonxt"
+  remote_ip_prefix = "::/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ipv6_opts" {
+  direction = "ingress"
+  ethertype = "IPv6"
+  protocol = "ipv6-opts"
+  remote_ip_prefix = "::/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ipv6_route" {
+  direction = "ingress"
+  ethertype = "IPv6"
+  protocol = "ipv6-route"
+  remote_ip_prefix = "::/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_ospf" {
+  direction = "ingress"
+  ethertype = "IPv4"
+  protocol = "ospf"
+  remote_ip_prefix = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_pgm" {
+  direction = "ingress"
+  ethertype = "IPv4"
+  protocol = "pgm"
+  remote_ip_prefix = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_rsvp" {
+  direction = "ingress"
+  ethertype = "IPv4"
+  protocol = "rsvp"
+  remote_ip_prefix = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_sctp" {
+  direction = "ingress"
+  ethertype = "IPv4"
+  protocol = "sctp"
+  remote_ip_prefix = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_udplite" {
+  direction = "ingress"
+  ethertype = "IPv4"
+  protocol = "udplite"
+  remote_ip_prefix = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+
+resource "openstack_networking_secgroup_rule_v2" "secgroup_rule_vrrp" {
+  direction = "ingress"
+  ethertype = "IPv4"
+  protocol = "vrrp"
+  remote_ip_prefix = "0.0.0.0/0"
+  security_group_id = "${openstack_networking_secgroup_v2.secgroup_1.id}"
+}
+`

vendor/github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/rules/requests.go

@@ -47,13 +47,31 @@ type RuleEtherType string
 
 // Constants useful for CreateOpts
 const (
-	DirIngress   RuleDirection = "ingress"
+	DirIngress        RuleDirection = "ingress"
-	DirEgress    RuleDirection = "egress"
+	DirEgress         RuleDirection = "egress"
-	ProtocolTCP  RuleProtocol  = "tcp"
+	EtherType4        RuleEtherType = "IPv4"
-	ProtocolUDP  RuleProtocol  = "udp"
+	EtherType6        RuleEtherType = "IPv6"
-	ProtocolICMP RuleProtocol  = "icmp"
+	ProtocolAH        RuleProtocol  = "ah"
-	EtherType4   RuleEtherType = "IPv4"
+	ProtocolDCCP      RuleProtocol  = "dccp"
-	EtherType6   RuleEtherType = "IPv6"
+	ProtocolEGP       RuleProtocol  = "egp"
+	ProtocolESP       RuleProtocol  = "esp"
+	ProtocolGRE       RuleProtocol  = "gre"
+	ProtocolICMP      RuleProtocol  = "icmp"
+	ProtocolIGMP      RuleProtocol  = "igmp"
+	ProtocolIPv6Encap RuleProtocol  = "ipv6-encap"
+	ProtocolIPv6Frag  RuleProtocol  = "ipv6-frag"
+	ProtocolIPv6ICMP  RuleProtocol  = "ipv6-icmp"
+	ProtocolIPv6NoNxt RuleProtocol  = "ipv6-nonxt"
+	ProtocolIPv6Opts  RuleProtocol  = "ipv6-opts"
+	ProtocolIPv6Route RuleProtocol  = "ipv6-route"
+	ProtocolOSPF      RuleProtocol  = "ospf"
+	ProtocolPGM       RuleProtocol  = "pgm"
+	ProtocolRSVP      RuleProtocol  = "rsvp"
+	ProtocolSCTP      RuleProtocol  = "sctp"
+	ProtocolTCP       RuleProtocol  = "tcp"
+	ProtocolUDP       RuleProtocol  = "udp"
+	ProtocolUDPLite   RuleProtocol  = "udplite"
+	ProtocolVRRP      RuleProtocol  = "vrrp"
 )
 
 // CreateOptsBuilder is what types must satisfy to be used as Create

vendor/vendor.json

@@ -1827,10 +1827,10 @@
 			"revisionTime": "2017-03-10T01:59:53Z"
 		},
 		{
-			"checksumSHA1": "CsS/kI3VeLcSHzMKviFVDwqwgvk=",
+			"checksumSHA1": "E/5q7DTCoOD15K1KGFXSwFCGDE4=",
 			"path": "github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/security/rules",
-			"revision": "0f64da0e36de86a0ca1a8f2fc1b0570a0d3f7504",
+			"revision": "ce1e02c3ccfdb7fab257340dc4d603ec3035fa11",
-			"revisionTime": "2017-03-10T01:59:53Z"
+			"revisionTime": "2017-05-08T02:10:49Z"
 		},
 		{
 			"checksumSHA1": "zKOhFTL5BDZPMC58ZzZkryjskno=",

website/source/docs/providers/openstack/r/networking_secgroup_rule_v2.html.markdown

@@ -46,9 +46,28 @@ The following arguments are supported:
 * `ethertype` - (Required) The layer 3 protocol type, valid values are __IPv4__
     or __IPv6__. Changing this creates a new security group rule.
 
-* `protocol` - (Optional) The layer 4 protocol type, valid values are __tcp__,
+* `protocol` - (Optional) The layer 4 protocol type, valid values are following. Changing this creates a new security group rule. This is required if you want to specify a port range.
-    __udp__ or __icmp__. This is required if you want to specify a port range.
+  * __tcp__
-    Changing this creates a new security group rule.
+  * __udp__
+  * __icmp__
+  * __ah__
+  * __dccp__
+  * __egp__
+  * __esp__
+  * __gre__
+  * __igmp__
+  * __ipv6-encap__
+  * __ipv6-frag__
+  * __ipv6-icmp__
+  * __ipv6-nonxt__
+  * __ipv6-opts__
+  * __ipv6-route__
+  * __ospf__
+  * __pgm__
+  * __rsvp__
+  * __sctp__
+  * __udplite__
+  * __vrrp__
 
 * `port_range_min` - (Optional) The lower part of the allowed port range, valid
     integer value needs to be between 1 and 65535. Changing this creates a new