Adds login for ibmcloud cli before creating acl rules (#37)

Signed-off-by: Sean Sundberg <[email protected]>

Author: Sean Sundberg

main.tf

@@ -128,7 +128,11 @@ resource null_resource open_acl_rules {
   count = !var.exists && var.vpc_subnet_count > 0 ? 1 : 0
 
   provisioner "local-exec" {
-    command = "${path.module}/scripts/open-acl-rules.sh ${data.ibm_is_subnet.vpc_subnet[0].network_acl}"
+    command = "${path.module}/scripts/open-acl-rules.sh '${data.ibm_is_subnet.vpc_subnet[0].network_acl}' '${var.region}' '${var.resource_group_name}'"
+
+    environment = {
+      IBMCLOUD_API_KEY = var.ibmcloud_api_key
+    }
   }
 }
 

scripts/open-acl-rules.sh

@@ -1,8 +1,20 @@
 #!/usr/bin/env bash
 
 NETWORK_ACL="$1"
+REGION="$2"
+RESOURCE_GROUP="$3"
 
-## TODO more sophisiticated logic needed to 1) test for existing rules and 2) place this rule in the right order
+if [[ -z "${NETWORK_ACL}" ]] || [[ -z "${REGION}" ]] || [[ -z "${RESOURCE_GROUP}" ]]; then
+  echo "Usage: open-acl-rules.sh NETWORK_ACL REGION RESOURCE_GROUP"
+  exit 1
+fi
+
+if [[ -z "${IBMCLOUD_API_KEY}" ]]; then
+  echo "IBMCLOUD_API_KEY environment variable must be set"
+  exit 1
+fi
+
+ibmcloud login --apikey "${IBMCLOUD_API_KEY}" -g "${RESOURCE_GROUP}" -r "${REGION}"
 
 ibmcloud is network-acl-rule-add "${NETWORK_ACL}" allow inbound all "0.0.0.0/0" "0.0.0.0/0" --name allow-all-ingress
 ibmcloud is network-acl-rule-add "${NETWORK_ACL}" allow outbound all "0.0.0.0/0" "0.0.0.0/0" --name allow-all-egress