add nsg_ids in ffs mount target

Author: jiangong

CHANGELOG.md

@@ -1,7 +1,8 @@
-## 3.54.1 (Unreleased)
+## 3.55.0 (Unreleased)
 
 ### Added
 - Support Etag for ListObjects
+- Support for Network Security Groups in `oci_file_storage_mount_target` resource
 
 ## 3.54.0 (November 27, 2019)
 

examples/storage/fss/mount_target.tf

@@ -13,6 +13,8 @@ resource "oci_file_storage_mount_target" "my_mount_target_1" {
   freeform_tags = {
     "Department" = "Finance"
   }
+
+  nsg_ids = ["${oci_core_network_security_group.test_network_security_group.id}"]
 }
 
 resource "oci_file_storage_mount_target" "my_mount_target_2" {
@@ -28,6 +30,8 @@ resource "oci_file_storage_mount_target" "my_mount_target_2" {
   freeform_tags = {
     "Department" = "Accounting"
   }
+
+  nsg_ids = ["${oci_core_network_security_group.test_network_security_group.id}"]
 }
 
 # Use export_set.tf config to update the size for a mount target

examples/storage/fss/network.tf

@@ -26,6 +26,7 @@ resource "oci_core_route_table" "my_route_table" {
 }
 
 resource "oci_core_subnet" "my_subnet" {
+  depends_on          = ["oci_core_network_security_group.test_network_security_group"]
   availability_domain = "${data.oci_identity_availability_domain.ad.name}"
   cidr_block          = "${var.my_subnet_cidr}"
   display_name        = "mysubnet"
@@ -35,3 +36,9 @@ resource "oci_core_subnet" "my_subnet" {
   security_list_ids   = ["${oci_core_security_list.my_security_list.id}"]
   route_table_id      = "${oci_core_route_table.my_route_table.id}"
 }
+
+resource "oci_core_network_security_group" "test_network_security_group" {
+  #Required
+  compartment_id = "${var.compartment_ocid}"
+  vcn_id         = "${oci_core_vcn.my_vcn.id}"
+}

oci/file_storage_mount_target_resource.go

@@ -69,6 +69,15 @@ func FileStorageMountTargetResource() *schema.Resource {
 				Computed: true,
 				ForceNew: true,
 			},
+			"nsg_ids": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Computed: true,
+				Set:      literalTypeHashCodeForSets,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
 
 			// Computed
 			"export_set_id": {
@@ -208,6 +217,20 @@ func (s *FileStorageMountTargetResourceCrud) Create() error {
 		request.IpAddress = &tmp
 	}
 
+	if nsgIds, ok := s.D.GetOkExists("nsg_ids"); ok {
+		set := nsgIds.(*schema.Set)
+		interfaces := set.List()
+		tmp := make([]string, len(interfaces))
+		for i := range interfaces {
+			if interfaces[i] != nil {
+				tmp[i] = interfaces[i].(string)
+			}
+		}
+		if len(tmp) != 0 || s.D.HasChange("nsg_ids") {
+			request.NsgIds = tmp
+		}
+	}
+
 	if subnetId, ok := s.D.GetOkExists("subnet_id"); ok {
 		tmp := subnetId.(string)
 		request.SubnetId = &tmp
@@ -273,6 +296,20 @@ func (s *FileStorageMountTargetResourceCrud) Update() error {
 	tmp := s.D.Id()
 	request.MountTargetId = &tmp
 
+	if nsgIds, ok := s.D.GetOkExists("nsg_ids"); ok {
+		set := nsgIds.(*schema.Set)
+		interfaces := set.List()
+		tmp := make([]string, len(interfaces))
+		for i := range interfaces {
+			if interfaces[i] != nil {
+				tmp[i] = interfaces[i].(string)
+			}
+		}
+		if len(tmp) != 0 || s.D.HasChange("nsg_ids") {
+			request.NsgIds = tmp
+		}
+	}
+
 	request.RequestMetadata.RetryPolicy = getRetryPolicy(s.DisableNotFoundRetries, "file_storage")
 
 	response, err := s.Client.UpdateMountTarget(context.Background(), request)
@@ -323,6 +360,12 @@ func (s *FileStorageMountTargetResourceCrud) SetData() error {
 		s.D.Set("lifecycle_details", *s.Res.LifecycleDetails)
 	}
 
+	nsgIds := []interface{}{}
+	for _, item := range s.Res.NsgIds {
+		nsgIds = append(nsgIds, item)
+	}
+	s.D.Set("nsg_ids", schema.NewSet(literalTypeHashCodeForSets, nsgIds))
+
 	s.D.Set("private_ip_ids", s.Res.PrivateIpIds)
 
 	s.D.Set("state", s.Res.LifecycleState)

oci/file_storage_mount_target_test.go

@@ -44,12 +44,14 @@ var (
 		"freeform_tags":       Representation{repType: Optional, create: map[string]string{"Department": "Finance"}, update: map[string]string{"Department": "Accounting"}},
 		"hostname_label":      Representation{repType: Optional, create: `hostnameLabel`},
 		"ip_address":          Representation{repType: Optional, create: `10.0.0.5`},
+		"nsg_ids":             Representation{repType: Optional, create: []string{`${oci_core_network_security_group.test_network_security_group.id}`}, update: []string{}},
 	}
 
-	MountTargetResourceDependencies = generateResourceFromRepresentationMap("oci_core_subnet", "test_subnet", Required, Create, representationCopyWithNewProperties(subnetRepresentation, map[string]interface{}{
-		"availability_domain": Representation{repType: Required, create: `${lower("${data.oci_identity_availability_domains.test_availability_domains.availability_domains.0.name}")}`},
-		"dns_label":           Representation{repType: Required, create: `dnslabel`},
-	})) +
+	MountTargetResourceDependencies = generateResourceFromRepresentationMap("oci_core_network_security_group", "test_network_security_group", Required, Create, networkSecurityGroupRepresentation) +
+		generateResourceFromRepresentationMap("oci_core_subnet", "test_subnet", Required, Create, representationCopyWithNewProperties(subnetRepresentation, map[string]interface{}{
+			"availability_domain": Representation{repType: Required, create: `${lower("${data.oci_identity_availability_domains.test_availability_domains.availability_domains.0.name}")}`},
+			"dns_label":           Representation{repType: Required, create: `dnslabel`},
+		})) +
 		generateResourceFromRepresentationMap("oci_core_vcn", "test_vcn", Required, Create, representationCopyWithNewProperties(vcnRepresentation, map[string]interface{}{
 			"dns_label": Representation{repType: Required, create: `dnslabel`},
 		})) +
@@ -117,6 +119,7 @@ func TestFileStorageMountTargetResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "hostname_label", "hostnameLabel"),
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
 					resource.TestCheckResourceAttr(resourceName, "ip_address", "10.0.0.5"),
+					resource.TestCheckResourceAttr(resourceName, "nsg_ids.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "private_ip_ids.#", "1"),
 					resource.TestCheckResourceAttrSet(resourceName, "private_ip_ids.0"),
 					resource.TestCheckResourceAttr(resourceName, "state", string(oci_file_storage.MountTargetLifecycleStateActive)),
@@ -151,6 +154,7 @@ func TestFileStorageMountTargetResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "hostname_label", "hostnameLabel"),
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
 					resource.TestCheckResourceAttr(resourceName, "ip_address", "10.0.0.5"),
+					resource.TestCheckResourceAttr(resourceName, "nsg_ids.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "private_ip_ids.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "state", string(oci_file_storage.MountTargetLifecycleStateActive)),
 					resource.TestCheckResourceAttrSet(resourceName, "subnet_id"),
@@ -180,6 +184,7 @@ func TestFileStorageMountTargetResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "hostname_label", "hostnameLabel"),
 					resource.TestCheckResourceAttrSet(resourceName, "id"),
 					resource.TestCheckResourceAttr(resourceName, "ip_address", "10.0.0.5"),
+					resource.TestCheckResourceAttr(resourceName, "nsg_ids.#", "0"),
 					resource.TestCheckResourceAttr(resourceName, "private_ip_ids.#", "1"),
 					resource.TestCheckResourceAttr(resourceName, "state", string(oci_file_storage.MountTargetLifecycleStateActive)),
 					resource.TestCheckResourceAttrSet(resourceName, "subnet_id"),
@@ -210,6 +215,7 @@ func TestFileStorageMountTargetResource_basic(t *testing.T) {
 					resource.TestCheckResourceAttrSet(datasourceName, "mount_targets.0.export_set_id"),
 					resource.TestCheckResourceAttr(datasourceName, "mount_targets.0.freeform_tags.%", "1"),
 					resource.TestCheckResourceAttrSet(datasourceName, "mount_targets.0.id"),
+					resource.TestCheckResourceAttr(datasourceName, "mount_targets.nsg_ids.#", "0"),
 					resource.TestCheckResourceAttrSet(datasourceName, "mount_targets.0.private_ip_ids.#"),
 					resource.TestCheckResourceAttr(datasourceName, "mount_targets.0.state", string(oci_file_storage.MountTargetLifecycleStateActive)),
 					resource.TestCheckResourceAttrSet(datasourceName, "mount_targets.0.subnet_id"),

oci/file_storage_mount_targets_data_source.go

@@ -152,6 +152,8 @@ func (s *FileStorageMountTargetsDataSourceCrud) SetData() error {
 			mountTarget["id"] = *r.Id
 		}
 
+		mountTarget["nsg_ids"] = r.NsgIds
+
 		mountTarget["private_ip_ids"] = r.PrivateIpIds
 
 		mountTarget["state"] = r.LifecycleState

website/docs/d/file_storage_mount_targets.html.markdown

@@ -59,6 +59,7 @@ The following attributes are exported:
 * `freeform_tags` - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Department": "Finance"}` 
 * `id` - The OCID of the mount target.
 * `lifecycle_details` - Additional information about the current 'lifecycleState'.
+* `nsg_ids` - A list of Network Security Group [OCIDs](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) associated with this mount target. A maximum of 5 is allowed. Setting this to an empty array after the list is created removes the mount target from all NSGs. For more information about NSGs, see [Security Rules](https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/securityrules.htm). 
 * `private_ip_ids` - The OCIDs of the private IP addresses associated with this mount target.
 * `state` - The current state of the mount target.
 * `subnet_id` - The OCID of the subnet the mount target is in.

website/docs/r/file_storage_file_system.html.markdown

@@ -24,6 +24,9 @@ more than one mount target at a time.
 For information about access control and compartments, see
 [Overview of the IAM Service](https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/overview.htm).
 
+For information about Network Security Groups access control, see
+[Network Security Groups](https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/networksecuritygroups.htm).
+
 For information about availability domains, see [Regions and
 Availability Domains](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm).
 To get a list of availability domains, use the

website/docs/r/file_storage_mount_target.html.markdown

@@ -59,6 +59,7 @@ resource "oci_file_storage_mount_target" "test_mount_target" {
 	freeform_tags = {"Department"= "Finance"}
 	hostname_label = "${var.mount_target_hostname_label}"
 	ip_address = "${var.mount_target_ip_address}"
+	nsg_ids = "${var.mount_target_nsg_ids}"
 }
 ```
 
@@ -77,6 +78,7 @@ The following arguments are supported:
 
 	Example: `files-1` 
 * `ip_address` - (Optional) A private IP address of your choice. Must be an available IP address within the subnet's CIDR. If you don't specify a value, Oracle automatically assigns a private IP address from the subnet.  Example: `10.0.3.3` 
+* `nsg_ids` - (Optional) (Updatable) A list of Network Security Group [OCIDs](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) associated with this mount target. A maximum of 5 is allowed. Setting this to an empty array after the list is created removes the mount target from all NSGs. For more information about NSGs, see [Security Rules](https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/securityrules.htm). 
 * `subnet_id` - (Required) The OCID of the subnet in which to create the mount target. 
 
 
@@ -95,6 +97,7 @@ The following attributes are exported:
 * `freeform_tags` - Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see [Resource Tags](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/resourcetags.htm). Example: `{"Department": "Finance"}` 
 * `id` - The OCID of the mount target.
 * `lifecycle_details` - Additional information about the current 'lifecycleState'.
+* `nsg_ids` - A list of Network Security Group [OCIDs](https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.htm) associated with this mount target. A maximum of 5 is allowed. Setting this to an empty array after the list is created removes the mount target from all NSGs. For more information about NSGs, see [Security Rules](https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/securityrules.htm). 
 * `private_ip_ids` - The OCIDs of the private IP addresses associated with this mount target.
 * `state` - The current state of the mount target.
 * `subnet_id` - The OCID of the subnet the mount target is in.