Added nlb-cp zpr support

Kumar dhiraj · Maxrovr · commit 818fdf93ec10 · 2024-10-23T23:39:17.000-07:00
diff --git a/internal/integrationtest/network_load_balancer_network_load_balancer_test.go b/internal/integrationtest/network_load_balancer_network_load_balancer_test.go
@@ -63,6 +63,7 @@ var (
 		"reserved_ips":                   acctest.RepresentationGroup{RepType: acctest.Optional, Group: networkLoadBalancerReservedIpsRepresentation},
 		"network_security_group_ids":     acctest.Representation{RepType: acctest.Optional, Create: []string{`${oci_core_network_security_group.test_network_security_group.id}`}},
 		"lifecycle":                      acctest.RepresentationGroup{RepType: acctest.Required, Group: NetworkLoadBalancerIgnoreChangesRepresentation},
+		"security_attributes":            acctest.Representation{RepType: acctest.Optional, Create: map[string]string{"secAttriZprNlbIAD.secAttriIAD.mode": "enforce", "secAttriZprNlbIAD.secAttriIAD.value": "someVal"}},
 	}
 
 	NetworkLoadBalancerSubnetIpv6CidrRepresentation = map[string]interface{}{
@@ -231,6 +232,7 @@ func TestNetworkLoadBalancerNetworkLoadBalancerResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(resourceName, "ip_addresses.0.is_public", "true"),
 				resource.TestCheckResourceAttrSet(resourceName, "ip_addresses.0.ip_address"),
 				resource.TestCheckResourceAttrSet(resourceName, "ip_addresses.0.reserved_ip.0.id"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.%", "2"),
 				resource.TestCheckResourceAttrSet(resourceName, "state"),
 				resource.TestCheckResourceAttrSet(resourceName, "subnet_id"),
 				resource.TestCheckResourceAttrSet(resourceName, "time_created"),
@@ -266,6 +268,7 @@ func TestNetworkLoadBalancerNetworkLoadBalancerResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(resourceName, "nlb_ip_version", "IPV4"),
 				resource.TestCheckResourceAttrSet(resourceName, "ip_addresses.0.ip_address"),
 				resource.TestCheckResourceAttrSet(resourceName, "ip_addresses.0.reserved_ip.0.id"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.%", "2"),
 				resource.TestCheckResourceAttrSet(resourceName, "state"),
 				resource.TestCheckResourceAttrSet(resourceName, "subnet_id"),
 				resource.TestCheckResourceAttrSet(resourceName, "time_created"),
@@ -295,6 +298,7 @@ func TestNetworkLoadBalancerNetworkLoadBalancerResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(resourceName, "is_preserve_source_destination", "false"),
 				resource.TestCheckResourceAttr(resourceName, "is_private", "false"),
 				resource.TestCheckResourceAttr(resourceName, "nlb_ip_version", "IPV4"),
+				resource.TestCheckResourceAttr(resourceName, "security_attributes.%", "2"),
 				resource.TestCheckResourceAttrSet(resourceName, "state"),
 				resource.TestCheckResourceAttrSet(resourceName, "subnet_id"),
 				resource.TestCheckResourceAttrSet(resourceName, "time_created"),
@@ -374,6 +378,7 @@ func TestNetworkLoadBalancerNetworkLoadBalancerResource_basic(t *testing.T) {
 				resource.TestCheckResourceAttr(singularDatasourceName, "is_private", "false"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "is_symmetric_hash_enabled", "false"),
 				resource.TestCheckResourceAttr(singularDatasourceName, "nlb_ip_version", "IPV4"),
+				resource.TestCheckResourceAttr(singularDatasourceName, "security_attributes.%", "2"),
 				resource.TestCheckResourceAttrSet(singularDatasourceName, "state"),
 				resource.TestCheckResourceAttrSet(singularDatasourceName, "time_created"),
 				resource.TestCheckResourceAttrSet(singularDatasourceName, "time_updated"),
diff --git a/internal/service/network_load_balancer/network_load_balancer_network_load_balancer_data_source.go b/internal/service/network_load_balancer/network_load_balancer_network_load_balancer_data_source.go
@@ -104,6 +104,11 @@ func (s *NetworkLoadBalancerNetworkLoadBalancerDataSourceCrud) SetData() error {
 
 	s.D.Set("network_security_group_ids", s.Res.NetworkSecurityGroupIds)
 	s.D.Set("nlb_ip_version", s.Res.NlbIpVersion)
+
+	if s.Res.SecurityAttributes != nil {
+		s.D.Set("security_attributes", SecurityAttributesToMap(s.Res.SecurityAttributes))
+	}
+
 	s.D.Set("state", s.Res.LifecycleState)
 
 	if s.Res.SubnetId != nil {
diff --git a/internal/service/network_load_balancer/network_load_balancer_network_load_balancer_resource.go b/internal/service/network_load_balancer/network_load_balancer_network_load_balancer_resource.go
@@ -6,6 +6,7 @@ package network_load_balancer
 import (
 	"context"
 	"fmt"
+	"reflect"
 	"strings"
 	"time"
 
@@ -121,6 +122,12 @@ func NetworkLoadBalancerNetworkLoadBalancerResource() *schema.Resource {
 					},
 				},
 			},
+			"security_attributes": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				Computed: true,
+				Elem:     schema.TypeString,
+			},
 			"subnet_ipv6cidr": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -348,6 +355,11 @@ func (s *NetworkLoadBalancerNetworkLoadBalancerResourceCrud) Create() error {
 		}
 	}
 
+	if securityAttributes, ok := s.D.GetOkExists("security_attributes"); ok {
+		convertedAttributes := MapToSecurityAttributes(securityAttributes.(map[string]interface{}))
+		request.SecurityAttributes = convertedAttributes
+	}
+
 	if subnetId, ok := s.D.GetOkExists("subnet_id"); ok {
 		tmp := subnetId.(string)
 		request.SubnetId = &tmp
@@ -567,6 +579,15 @@ func (s *NetworkLoadBalancerNetworkLoadBalancerResourceCrud) Update() error {
 		request.NlbIpVersion = oci_network_load_balancer.NlbIpVersionEnum(nlbIpVersion.(string))
 	}
 
+	//if securityAttributes, ok := s.D.GetOkExists("security_attributes"); ok {
+	//request.SecurityAttributes = securityAttributes.(map[string]map[string]interface{})
+	//}
+
+	if securityAttributes, ok := s.D.GetOkExists("security_attributes"); ok {
+		convertedAttributes := MapToSecurityAttributes(securityAttributes.(map[string]interface{}))
+		request.SecurityAttributes = convertedAttributes
+	}
+
 	if subnetIpv6Cidr, ok := s.D.GetOkExists("subnet_ipv6cidr"); ok &&
 		s.D.HasChange("subnet_ipv6cidr") {
 		tmp := subnetIpv6Cidr.(string)
@@ -647,6 +668,10 @@ func (s *NetworkLoadBalancerNetworkLoadBalancerResourceCrud) SetData() error {
 	}
 	s.D.Set("network_security_group_ids", schema.NewSet(tfresource.LiteralTypeHashCodeForSets, networkSecurityGroupIds))
 	s.D.Set("nlb_ip_version", s.Res.NlbIpVersion)
+
+	//s.D.Set("security_attributes", s.Res.SecurityAttributes)
+	s.D.Set("security_attributes", SecurityAttributesToMap(s.Res.SecurityAttributes))
+
 	s.D.Set("state", s.Res.LifecycleState)
 
 	if s.Res.SubnetId != nil {
@@ -739,6 +764,9 @@ func NetworkLoadBalancerSummaryToMap(obj oci_network_load_balancer.NetworkLoadBa
 		result["network_security_group_ids"] = schema.NewSet(tfresource.LiteralTypeHashCodeForSets, networkSecurityGroupIds)
 	}
 	result["nlb_ip_version"] = string(obj.NlbIpVersion)
+
+	result["security_attributes"] = obj.SecurityAttributes
+
 	result["state"] = string(obj.LifecycleState)
 
 	if obj.SubnetId != nil {
@@ -830,3 +858,55 @@ func (s *NetworkLoadBalancerNetworkLoadBalancerResourceCrud) updateCompartment(c
 	workId := response.OpcWorkRequestId
 	return s.getNetworkLoadBalancerFromWorkRequest(workId, tfresource.GetRetryPolicy(s.DisableNotFoundRetries, "network_load_balancer"), oci_network_load_balancer.ActionTypeUpdated, s.D.Timeout(schema.TimeoutUpdate))
 }
+
+func MapToSecurityAttributes(rawMap map[string]interface{}) map[string]map[string]interface{} {
+	result := make(map[string]map[string]interface{})
+	for fullKey, value := range rawMap {
+		keys := strings.Split(fullKey, ".")
+		if len(keys) < 2 {
+			continue
+		}
+		outerKey := keys[0]
+		innerKey := strings.Join(keys[1:], ".")
+		if result[outerKey] == nil {
+			result[outerKey] = make(map[string]interface{})
+		}
+		unflattenHelper(result[outerKey], innerKey, value)
+	}
+
+	return result
+}
+
+func unflattenHelper(currentMap map[string]interface{}, key string, value interface{}) {
+	keys := strings.Split(key, ".")
+	for i, k := range keys {
+		if i == len(keys)-1 {
+			currentMap[k] = value
+		} else {
+			if _, ok := currentMap[k]; !ok {
+				currentMap[k] = make(map[string]interface{})
+			}
+			currentMap = currentMap[k].(map[string]interface{})
+		}
+	}
+}
+
+func SecurityAttributesToMap(rm map[string]map[string]interface{}) map[string]interface{} {
+	result := make(map[string]interface{})
+	for outerKey, innerMap := range rm {
+		flattenHelper(result, outerKey, innerMap)
+	}
+
+	return result
+}
+
+func flattenHelper(flat map[string]interface{}, prefix string, nested map[string]interface{}) {
+	for key, value := range nested {
+		fullKey := prefix + "." + key
+		if reflect.TypeOf(value).Kind() == reflect.Map {
+			flattenHelper(flat, fullKey, value.(map[string]interface{}))
+		} else {
+			flat[fullKey] = value
+		}
+	}
+}
diff --git a/website/docs/d/network_load_balancer_network_load_balancer.html.markdown b/website/docs/d/network_load_balancer_network_load_balancer.html.markdown
@@ -155,6 +155,7 @@ The following attributes are exported:
 
     Example: ["ocid1.nsg.oc1.phx.unique_ID"] 
 * `nlb_ip_version` - IP version associated with the NLB.
+* `security_attributes` - ZPR tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm).  Example: `{ "oracle-zpr": { "td": { "value": "42", "mode": "audit" } } }` 
 * `state` - The current state of the network load balancer.
 * `subnet_id` - The subnet in which the network load balancer is spawned [OCIDs](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm)."
 * `system_tags` - Key-value pair representing system tags' keys and values scoped to a namespace. Example: `{"bar-key": "value"}` 
diff --git a/website/docs/d/network_load_balancer_network_load_balancers.html.markdown b/website/docs/d/network_load_balancer_network_load_balancers.html.markdown
@@ -133,7 +133,8 @@ The following attributes are exported:
     *  Network security groups define network security rules to govern ingress and egress traffic for the network load balancer.
     *  The network security rules of other resources can reference the network security groups associated with the network load balancer to ensure access.
 
-    Example: ["ocid1.nsg.oc1.phx.unique_ID"] 
+	Example: ["ocid1.nsg.oc1.phx.unique_ID"] 
+* `security_attributes` - ZPR tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm).  Example: `{ "oracle-zpr": { "td": { "value": "42", "mode": "audit" } } }` 
 * `state` - The current state of the network load balancer.
 * `subnet_id` - The subnet in which the network load balancer is spawned [OCIDs](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm)."
 * `nlb_ip_version` - IP version associated with the NLB.
diff --git a/website/docs/r/network_load_balancer_network_load_balancer.html.markdown b/website/docs/r/network_load_balancer_network_load_balancer.html.markdown
@@ -140,6 +140,7 @@ resource "oci_network_load_balancer_network_load_balancer" "test_network_load_ba
 		#Optional
 		id = var.network_load_balancer_reserved_ips_id
 	}
+	security_attributes = var.network_load_balancer_security_attributes
 	subnet_ipv6cidr = var.network_load_balancer_subnet_ipv6cidr
 }
 ```
@@ -230,7 +231,8 @@ The following arguments are supported:
 
         Reserved public IP addresses are not deleted when the network load balancer is deleted. The IP addresses become unattached from the network load balancer.
 
-        Example: "ocid1.publicip.oc1.phx.unique_ID" 
+		Example: "ocid1.publicip.oc1.phx.unique_ID" 
+* `security_attributes` - (Optional) (Updatable) ZPR tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm).  Example: `{"oracle-zpr": {"td": {"value": "42", "mode": "audit"}}}` 
 * `subnet_id` - (Required) The subnet in which the network load balancer is spawned [OCIDs](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm).
 * `subnet_ipv6cidr` - (Optional) IPv6 subnet prefix selection. If Ipv6 subnet prefix is passed, Nlb Ipv6 Address would be assign within the cidr block. NLB has to be dual or single stack ipv6 to support this.
 
@@ -334,6 +336,7 @@ The following attributes are exported:
 
     Example: ["ocid1.nsg.oc1.phx.unique_ID"] 
 * `nlb_ip_version` - IP version associated with the NLB.
+* `security_attributes` - ZPR tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm).  Example: `{ "oracle-zpr": { "td": { "value": "42", "mode": "audit" } } }` 
 * `state` - The current state of the network load balancer.
 * `subnet_id` - The subnet in which the network load balancer is spawned [OCIDs](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm)."
 * `system_tags` - Key-value pair representing system tags' keys and values scoped to a namespace. Example: `{"bar-key": "value"}` 
