Fix SecurityList ingressRule isStateless property

* update docs, examples and tests

Author: ccushing

docs/examples/networking/security_list/security_list.tf

@@ -1,3 +1,7 @@
+/*
+ * This example demonstrates some basic security list options.
+ */
+
 variable "tenancy_ocid" {}
 variable "user_ocid" {}
 variable "fingerprint" {}
@@ -21,18 +25,48 @@ provider "baremetal" {
 
 resource "baremetal_core_security_list" "security_list1" {
   compartment_id = "${var.compartment_ocid}"
+  vcn_id = "${var.vcn_ocid}"
   display_name = "security_list1"
-  vcn_id = "${var.vcn_ocid}}"
+
+  // allow outbound tcp traffic on all ports
   egress_security_rules {
     destination = "0.0.0.0/0"
     protocol = "6"
   }
+
+  // allow outbound udp traffic on a port range
+  egress_security_rules {
+    destination = "0.0.0.0/0"
+    protocol = "17" // udp
+    stateless = true
+
+    udp_options {
+      "min" = 319
+      "max" = 320
+    }
+  }
+
+  // allow inbound ssh traffic
   ingress_security_rules {
+    protocol = "6" // tcp
+    source = "0.0.0.0/0"
+    stateless = false
+
     tcp_options {
-      "max" = 22
       "min" = 22
+      "max" = 22
+    }
+  }
+
+  // allow inbound icmp traffic of a specific type
+  ingress_security_rules {
+    protocol  = 1
+    source    = "0.0.0.0/0"
+    stateless = true
+
+    icmp_options {
+      "type" = 3
+      "code" = 4
     }
-    protocol = "6"
-    source = "0.0.0.0/0"
   }
 }

docs/resources/core/security_list.md

@@ -1,30 +1,51 @@
 # baremetal\_core\_security\_lists
 
 Provides a security list resource.
+See the [Security Lists](https://docs.us-phoenix-1.oraclecloud.com/Content/Network/Concepts/securitylists.htm)
+overview for more information
 
 ## Example Usage
 
+Protocols are specified as protocol numbers. For protocol numbers see
+http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
+
 ```
 resource "baremetal_core_security_list" "t" {
     compartment_id = "compartment_id"
+    vcn_id = "vcn_id"
     display_name = "display_name"
+
     egress_security_rules {
-        destination = "destination"
+        protocol = "1"
+        destination = "0.0.0.0/0"
+
         icmp_options {
-            "code" = 1
-            "type" = 2
+            "type" = 3
+            "code" = 4
         }
-        protocol = "protocol"
     }
+
     ingress_security_rules {
+        protocol = "6"
+        source = "0.0.0.0/0"
+        stateful = true
+
         tcp_options {
-            "max" = 2
-            "min" = 1
+            "min" = 80
+            "max" = 82
+        }
+    }
+
+    ingress_security_rules {
+        protocol = "17"
+        source = "0.0.0.0/0"
+        stateful = true
+
+        upd_options {
+            "min" = 319
+            "max" = 320
         }
-        protocol = "protocol"
-        source = "source"
     }
-    vcn_id = "vcn_id"
 }
 ```
 
@@ -34,8 +55,8 @@ The following arguments are supported:
 
 * `compartment_id` - (Required) The OCID of the compartment to contain the security list.
 * `display_name` - (Required) The OCID of the VCN.
-* `egress_security_rules` - (Required) Rules for allowing egress IP packets.
-* `ingress_security_rules` - (Required) Rules for allowing ingress IP packets.
+* `egress_security_rules` - (Required) Rules for allowing egress IP packets. [EgressSecurityRule API Docs](https://docs.us-phoenix-1.oraclecloud.com/api/#/en/iaas/20160918/EgressSecurityRule/)
+* `ingress_security_rules` - (Required) Rules for allowing ingress IP packets. [IngressSecurityRule API Docs](https://docs.us-phoenix-1.oraclecloud.com/api/#/en/iaas/20160918/IngressSecurityRule/)
 * `vcn_id` - (Optional) The OCID of the VCN the security list belongs to.
 
 ## Attributes Reference

resource_obmcs_core_security_list.go

@@ -264,7 +264,7 @@ func (s *SecurityListResourceCrud) SetData() {
 			ingressRule.ICMPOptions,
 			ingressRule.TCPOptions,
 			ingressRule.UDPOptions,
-			nil,
+			&ingressRule.IsStateless,
 		)
 		confIngressRules = append(confIngressRules, confIngressRule)
 	}

resource_obmcs_core_security_list_test.go

@@ -50,45 +50,40 @@ resource "baremetal_core_virtual_network" "t" {
 	compartment_id = "${var.compartment_id}"
 	display_name = "display_name"
 }
-
-
-resource "baremetal_core_internet_gateway" "CompleteIG" {
-    compartment_id = "${var.compartment_id}"
-    display_name = "CompleteIG"
-    vcn_id = "${baremetal_core_virtual_network.t.id}"
-}
-
-resource "baremetal_core_route_table" "RouteForComplete" {
-    compartment_id = "${var.compartment_id}"
-    vcn_id = "${baremetal_core_virtual_network.t.id}"
-    display_name = "RouteTableForComplete"
-    route_rules {
-        cidr_block = "0.0.0.0/0"
-        network_entity_id = "${baremetal_core_internet_gateway.CompleteIG.id}"
-    }
-}
 `
 	s.SLConfig = `
 resource "baremetal_core_security_list" "t" {
-    compartment_id = "${var.compartment_id}"
-    display_name = "Public"
-    vcn_id = "${baremetal_core_virtual_network.t.id}"
-    egress_security_rules = [{
-        destination = "0.0.0.0/0"
-        protocol = "6"
-    }]
-    ingress_security_rules = [{
-        tcp_options {
-            "max" = 80
-            "min" = 80
-        }
-        protocol = "6"
-        source = "0.0.0.0/0"
-    },
+	compartment_id = "${var.compartment_id}"
+	display_name = "security_list0"
+	vcn_id = "${baremetal_core_virtual_network.t.id}"
+	egress_security_rules = [{
+		destination = "0.0.0.0/0"
+		protocol = "6"
+	}]
+	ingress_security_rules = [{
+		protocol = "1"
+		source = "0.0.0.0/0"
+		icmp_options {
+			"type" = 3
+			"code" = 4
+		}
+	},
 	{
-	protocol = "6"
-	source = "10.0.0.0/16"
-    }]
+		protocol = "6"
+		source = "0.0.0.0/0"
+		tcp_options {
+			"min" = 80
+			"max" = 80
+		}
+	},
+	{
+		protocol = "17"
+		source = "10.0.0.0/16"
+		udp_options {
+			"min" = 319
+			"max" = 320
+		}
+	}]
 }
 	`
 	s.Config += testProviderConfig()
@@ -106,18 +101,20 @@ func (s *ResourceCoreSecurityListTestSuite) TestCreateResourceCoreSecurityList()
 				ImportStateVerify: true,
 				Config:            s.Config + s.SLConfig,
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(s.ResourceName, "display_name", "Public"),
+					resource.TestCheckResourceAttr(s.ResourceName, "display_name", "security_list0"),
 					resource.TestCheckResourceAttr(s.ResourceName, "egress_security_rules.#", "1"),
-					resource.TestCheckResourceAttr(s.ResourceName, "ingress_security_rules.#", "2"),
 					resource.TestCheckResourceAttr(s.ResourceName, "egress_security_rules.0.stateless", "false"),
-					resource.TestCheckResourceAttr(s.ResourceName, "ingress_security_rules.0.tcp_options.0.max", "80"),
+					resource.TestCheckResourceAttr(s.ResourceName, "ingress_security_rules.#", "3"),
+					resource.TestCheckResourceAttr(s.ResourceName, "ingress_security_rules.0.icmp_options.0.type", "3"),
+					resource.TestCheckResourceAttr(s.ResourceName, "ingress_security_rules.1.tcp_options.0.max", "80"),
+					resource.TestCheckResourceAttr(s.ResourceName, "ingress_security_rules.2.udp_options.0.max", "320"),
 				),
 			},
 		},
 	})
 }
 
-func (s *ResourceCoreSecurityListTestSuite) TestCreateResourceCoreSecurityListRemoveRules() {
+func (s *ResourceCoreSecurityListTestSuite) TestCreateResourceCoreSecurityListUpdateRules() {
 
 	resource.UnitTest(s.T(), resource.TestCase{
 		Providers: s.Providers,
@@ -130,11 +127,65 @@ func (s *ResourceCoreSecurityListTestSuite) TestCreateResourceCoreSecurityListRe
 			{
 				Config: s.Config + `
 					resource "baremetal_core_security_list" "t" {
-					    compartment_id = "${var.compartment_id}"
-					    display_name = "Public"
-					    vcn_id = "${baremetal_core_virtual_network.t.id}"
-					    egress_security_rules = []
-					    ingress_security_rules = []
+						compartment_id = "${var.compartment_id}"
+						display_name = "security_list1"
+						vcn_id = "${baremetal_core_virtual_network.t.id}"
+						egress_security_rules = [{
+							destination = "0.0.0.0/0"
+							protocol = "17"
+							stateless = true
+						}]
+						ingress_security_rules = [{
+							protocol = "1"
+							source = "0.0.0.0/0"
+							stateless = true
+							icmp_options {
+								"type" = 5
+								"code" = 0
+							}
+						},
+						{
+							protocol = "6"
+							source = "0.0.0.0/0"
+							stateless = true
+							tcp_options {
+								"min" = 80
+								"max" = 82
+							}
+						},
+						{
+							protocol = "17"
+							source = "10.0.0.0/16"
+							stateless = true
+						}]
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(s.ResourceName, "display_name", "security_list1"),
+					resource.TestCheckResourceAttr(s.ResourceName, "egress_security_rules.0.protocol", "17"),
+					resource.TestCheckResourceAttr(s.ResourceName, "egress_security_rules.0.stateless", "true"),
+					resource.TestCheckResourceAttr(s.ResourceName, "ingress_security_rules.0.stateless", "true"),
+					resource.TestCheckResourceAttr(s.ResourceName, "ingress_security_rules.0.icmp_options.0.type", "5"),
+					resource.TestCheckResourceAttr(s.ResourceName, "ingress_security_rules.1.tcp_options.0.max", "82"),
+					resource.TestCheckResourceAttr(s.ResourceName, "ingress_security_rules.1.stateless", "true"),
+					resource.TestCheckResourceAttr(s.ResourceName, "ingress_security_rules.2.stateless", "true"),
+					resource.TestCheckNoResourceAttr(s.ResourceName, "ingress_security_rules.2.udp_options"),
+				),
+			},
+			// todo: consistent 500 error from server without this step
+			{
+				ImportState:       true,
+				ImportStateVerify: true,
+				Config:            s.Config,
+			},
+			{
+				Config: s.Config + `
+					resource "baremetal_core_security_list" "t" {
+						compartment_id = "${var.compartment_id}"
+						display_name = "Public"
+						vcn_id = "${baremetal_core_virtual_network.t.id}"
+						egress_security_rules = []
+						ingress_security_rules = []
 					}
 				`,
 				Check: resource.ComposeTestCheckFunc(