Local IP/CIDR to Security Group and SG Rule

go.mod

@@ -31,7 +31,7 @@ require (
 	github.com/IBM/schematics-go-sdk v0.2.3
 	github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4
 	github.com/IBM/vpc-beta-go-sdk v0.6.0
-	github.com/IBM/vpc-go-sdk v0.49.1
+	github.com/IBM/vpc-go-sdk v0.50.0
 	github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v5 v5.0.0
@@ -243,4 +243,4 @@ exclude (
 	github.com/kubernetes-incubator/external-storage v0.20.4-openstorage-rc2
 	k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible
 	k8s.io/client-go v12.0.0+incompatible
-)
+)

go.sum

@@ -178,6 +178,8 @@ github.com/IBM/vpc-beta-go-sdk v0.6.0 h1:wfM3AcW3zOM3xsRtZ+EA6+sESlGUjQ6Yf4n5QQy
 github.com/IBM/vpc-beta-go-sdk v0.6.0/go.mod h1:fzHDAQIqH/5yJmYsKodKHLcqxMDT+yfH6vZjdiw8CQA=
 github.com/IBM/vpc-go-sdk v0.49.1 h1:VIkZ8iJMBHqBulUXcPtN0ifxsa0xwlBtaLslU2V9HsY=
 github.com/IBM/vpc-go-sdk v0.49.1/go.mod h1:iBg9UJY1y/XpkweyP6YH7G6guzKPV8BYDoBMTdPupH4=
+github.com/IBM/vpc-go-sdk v0.50.0 h1:+vnXYK0FXFXYqaS/5/X1XEqH0bbRotkzkerRk21ZEjE=
+github.com/IBM/vpc-go-sdk v0.50.0/go.mod h1:iBg9UJY1y/XpkweyP6YH7G6guzKPV8BYDoBMTdPupH4=
 github.com/Jeffail/gabs v1.1.1 h1:V0uzR08Hj22EX8+8QMhyI9sX2hwRu+/RJhJUmnwda/E=
 github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=
 github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56 h1:vuquMR410psHNax14XKNWa0Ae/kYgWJcXi0IFuX60N0=
@@ -1267,6 +1269,7 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl
 github.com/onsi/gomega v1.18.0/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
 github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs=
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
+github.com/onsi/gomega v1.20.0/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
 github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo=
 github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc=
 github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM=
@@ -1489,6 +1492,7 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=

ibm/service/vpc/data_source_ibm_is_security_group.go

@@ -20,6 +20,7 @@ const (
 	isSgRuleDirection = "direction"
 	isSgRuleIPVersion = "ip_version"
 	isSgRuleRemote    = "remote"
+	isSgRuleLocal     = "local"
 	isSgRuleType      = "type"
 	isSgRuleCode      = "code"
 	isSgRulePortMax   = "port_max"
@@ -81,6 +82,12 @@ func DataSourceIBMISSecurityGroup() *schema.Resource {
 							Description: "Security group id: an IP address, a CIDR block, or a single security group identifier",
 						},
 
+						isSgRuleLocal: {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Security group local ip: an IP address, a CIDR block",
+						},
+
 						isSgRuleType: {
 							Type:     schema.TypeInt,
 							Computed: true,
@@ -248,6 +255,16 @@ func securityGroupGet(d *schema.ResourceData, meta interface{}, name string) err
 								}
 							}
 						}
+						local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal)
+						if ok {
+							if local != nil && reflect.ValueOf(local).IsNil() == false {
+								if local.Address != nil {
+									r[isSgRuleLocal] = local.Address
+								} else if local.CIDRBlock != nil {
+									r[isSgRuleLocal] = local.CIDRBlock
+								}
+							}
+						}
 						rules = append(rules, r)
 					}
 
@@ -273,6 +290,16 @@ func securityGroupGet(d *schema.ResourceData, meta interface{}, name string) err
 								}
 							}
 						}
+						local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal)
+						if ok {
+							if local != nil && reflect.ValueOf(local).IsNil() == false {
+								if local.Address != nil {
+									r[isSgRuleLocal] = local.Address
+								} else if local.CIDRBlock != nil {
+									r[isSgRuleLocal] = local.CIDRBlock
+								}
+							}
+						}
 						rules = append(rules, r)
 					}
 
@@ -303,6 +330,16 @@ func securityGroupGet(d *schema.ResourceData, meta interface{}, name string) err
 								}
 							}
 						}
+						local, ok := rule.Local.(*vpcv1.SecurityGroupRuleLocal)
+						if ok {
+							if local != nil && reflect.ValueOf(local).IsNil() == false {
+								if local.Address != nil {
+									r[isSgRuleLocal] = local.Address
+								} else if local.CIDRBlock != nil {
+									r[isSgRuleLocal] = local.CIDRBlock
+								}
+							}
+						}
 						rules = append(rules, r)
 					}
 				}

ibm/service/vpc/data_source_ibm_is_security_group_rule.go

@@ -104,6 +104,25 @@ func DataSourceIBMIsSecurityGroupRule() *schema.Resource {
 					},
 				},
 			},
+			"local": &schema.Schema{
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules).",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"address": &schema.Schema{
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered.",
+						},
+						"cidr_block": &schema.Schema{
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered.",
+						},
+					},
+				},
+			},
 			"code": &schema.Schema{
 				Type:        schema.TypeInt,
 				Computed:    true,
@@ -173,6 +192,16 @@ func dataSourceIBMIsSecurityGroupRuleRead(context context.Context, d *schema.Res
 					return diag.FromErr(fmt.Errorf("Error setting remote %s", err))
 				}
 			}
+			if securityGroupRule.Local != nil {
+				securityGroupRuleLocal, err := dataSourceSecurityGroupRuleFlattenLocal(securityGroupRule.Local)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf("Error flattening securityGroupRule.Local %s", err))
+				}
+				err = d.Set("local", securityGroupRuleLocal)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf("Error setting local %s", err))
+				}
+			}
 
 		}
 	case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolIcmp":
@@ -202,6 +231,16 @@ func dataSourceIBMIsSecurityGroupRuleRead(context context.Context, d *schema.Res
 					return diag.FromErr(fmt.Errorf("Error setting remote %s", err))
 				}
 			}
+			if securityGroupRule.Local != nil {
+				securityGroupRuleLocal, err := dataSourceSecurityGroupRuleFlattenLocal(securityGroupRule.Local)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf("Error flattening securityGroupRule.Local %s", err))
+				}
+				err = d.Set("local", securityGroupRuleLocal)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf("Error setting local %s", err))
+				}
+			}
 
 			if err = d.Set("code", flex.IntValue(securityGroupRule.Code)); err != nil {
 				return diag.FromErr(fmt.Errorf("Error setting code: %s", err))
@@ -237,6 +276,16 @@ func dataSourceIBMIsSecurityGroupRuleRead(context context.Context, d *schema.Res
 					return diag.FromErr(fmt.Errorf("Error setting remote %s", err))
 				}
 			}
+			if securityGroupRule.Local != nil {
+				securityGroupRuleLocal, err := dataSourceSecurityGroupRuleFlattenLocal(securityGroupRule.Local)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf("Error flattening securityGroupRule.Local %s", err))
+				}
+				err = d.Set("local", securityGroupRuleLocal)
+				if err != nil {
+					return diag.FromErr(fmt.Errorf("Error setting local %s", err))
+				}
+			}
 			if err = d.Set("port_max", flex.IntValue(securityGroupRule.PortMax)); err != nil {
 				return diag.FromErr(fmt.Errorf("Error setting port_max: %s", err))
 			}
@@ -289,6 +338,24 @@ func dataSourceSecurityGroupRuleRemoteToMap(remoteItem *vpcv1.SecurityGroupRuleR
 	return remoteMap
 }
 
+func dataSourceSecurityGroupRuleFlattenLocal(m vpcv1.SecurityGroupRuleLocalIntf) ([]map[string]interface{}, error) {
+	var ruleList []map[string]interface{}
+	ruleMap := dataSourceSecurityGroupRuleLocalToMap(m.(*vpcv1.SecurityGroupRuleLocal))
+	ruleList = append(ruleList, ruleMap)
+	return ruleList, nil
+}
+
+func dataSourceSecurityGroupRuleLocalToMap(localItem *vpcv1.SecurityGroupRuleLocal) (localMap map[string]interface{}) {
+	localMap = map[string]interface{}{}
+	if localItem.Address != nil {
+		localMap["address"] = *localItem.Address
+	}
+	if localItem.CIDRBlock != nil {
+		localMap["cidr_block"] = *localItem.CIDRBlock
+	}
+	return localMap
+}
+
 func dataSourceSecurityGroupRuleRemoteDeletedToMap(deletedItem *vpcv1.SecurityGroupReferenceDeleted) (resultMap map[string]interface{}) {
 	resultMap = map[string]interface{}{}
 

ibm/service/vpc/data_source_ibm_is_security_group_rules.go

@@ -106,6 +106,25 @@ func DataSourceIBMIsSecurityGroupRules() *schema.Resource {
 								},
 							},
 						},
+						"local": &schema.Schema{
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules).",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"address": &schema.Schema{
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered.",
+									},
+									"cidr_block": &schema.Schema{
+										Type:        schema.TypeString,
+										Computed:    true,
+										Description: "The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered.",
+									},
+								},
+							},
+						},
 						"code": &schema.Schema{
 							Type:        schema.TypeInt,
 							Computed:    true,
@@ -168,6 +187,13 @@ func dataSourceIBMIsSecurityGroupRulesRead(d *schema.ResourceData, meta interfac
 					remoteList = append(remoteList, remoteMap)
 					l["remote"] = remoteList
 				}
+				// nested map for local.
+				if rulex.Local != nil {
+					localList := []map[string]interface{}{}
+					localMap := dataSourceSecurityGroupRuleLocalToMap(rulex.Local.(*vpcv1.SecurityGroupRuleLocal))
+					localList = append(localList, localMap)
+					l["local"] = localList
+				}
 
 			}
 		case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolIcmp":
@@ -177,7 +203,9 @@ func dataSourceIBMIsSecurityGroupRulesRead(d *schema.ResourceData, meta interfac
 				l["href"] = *rulex.Href
 				l["id"] = *rulex.ID
 				l["ip_version"] = *rulex.IPVersion
-				l["code"] = *rulex.Code
+				if rulex.Code != nil {
+					l["code"] = *rulex.Code
+				}
 				l["protocol"] = *rulex.Protocol
 				l["type"] = *rulex.Type
 				// remote
@@ -187,6 +215,13 @@ func dataSourceIBMIsSecurityGroupRulesRead(d *schema.ResourceData, meta interfac
 					remoteList = append(remoteList, remoteMap)
 					l["remote"] = remoteList
 				}
+				// nested map for local.
+				if rulex.Local != nil {
+					localList := []map[string]interface{}{}
+					localMap := dataSourceSecurityGroupRuleLocalToMap(rulex.Local.(*vpcv1.SecurityGroupRuleLocal))
+					localList = append(localList, localMap)
+					l["local"] = localList
+				}
 			}
 		case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolTcpudp":
 			{
@@ -205,6 +240,13 @@ func dataSourceIBMIsSecurityGroupRulesRead(d *schema.ResourceData, meta interfac
 					remoteList = append(remoteList, remoteMap)
 					l["remote"] = remoteList
 				}
+				// nested map for local.
+				if rulex.Local != nil {
+					localList := []map[string]interface{}{}
+					localMap := dataSourceSecurityGroupRuleLocalToMap(rulex.Local.(*vpcv1.SecurityGroupRuleLocal))
+					localList = append(localList, localMap)
+					l["local"] = localList
+				}
 			}
 		}
 		rulesInfo = append(rulesInfo, l)

ibm/service/vpc/data_source_ibm_is_security_groups.go

@@ -128,6 +128,25 @@ func DataSourceIBMIsSecurityGroups() *schema.Resource {
 										Computed:    true,
 										Description: "The protocol to enforce.",
 									},
+									"local": &schema.Schema{
+										Type:        schema.TypeList,
+										Computed:    true,
+										Description: "The local IP address or range of local IP addresses to which this rule will allow inbound traffic (or from which, for outbound traffic). A CIDR block of 0.0.0.0/0 allows traffic to all local IP addresses (or from all local IP addresses, for outbound rules).",
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"address": &schema.Schema{
+													Type:        schema.TypeString,
+													Computed:    true,
+													Description: "The IP address.This property may add support for IPv6 addresses in the future. When processing a value in this property, verify that the address is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected IP address format was encountered.",
+												},
+												"cidr_block": &schema.Schema{
+													Type:        schema.TypeString,
+													Computed:    true,
+													Description: "The CIDR block. This property may add support for IPv6 CIDR blocks in the future. When processing a value in this property, verify that the CIDR block is in an expected format. If it is not, log an error. Optionally halt processing and surface the error, or bypass the resource on which the unexpected CIDR block format was encountered.",
+												},
+											},
+										},
+									},
 									"remote": &schema.Schema{
 										Type:        schema.TypeList,
 										Computed:    true,
@@ -476,6 +495,12 @@ func dataSourceSecurityGroupCollectionSecurityGroupsRulesToMap(rulesItem vpcv1.S
 				remoteList = append(remoteList, remoteMap)
 				resultMap["remote"] = remoteList
 			}
+			if securityGroupRule.Local != nil {
+				localList := []map[string]interface{}{}
+				localMap := dataSourceSecurityGroupsLocalToMap(*securityGroupRule.Local.(*vpcv1.SecurityGroupRuleLocal))
+				localList = append(localList, localMap)
+				resultMap["local"] = localList
+			}
 		}
 	case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolIcmp":
 		{
@@ -511,6 +536,12 @@ func dataSourceSecurityGroupCollectionSecurityGroupsRulesToMap(rulesItem vpcv1.S
 				remoteList = append(remoteList, remoteMap)
 				resultMap["remote"] = remoteList
 			}
+			if securityGroupRule.Local != nil {
+				localList := []map[string]interface{}{}
+				localMap := dataSourceSecurityGroupsLocalToMap(*securityGroupRule.Local.(*vpcv1.SecurityGroupRuleLocal))
+				localList = append(localList, localMap)
+				resultMap["local"] = localList
+			}
 		}
 	case "*vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolTcpudp":
 		{
@@ -546,6 +577,12 @@ func dataSourceSecurityGroupCollectionSecurityGroupsRulesToMap(rulesItem vpcv1.S
 				remoteList = append(remoteList, remoteMap)
 				resultMap["remote"] = remoteList
 			}
+			if securityGroupRule.Local != nil {
+				localList := []map[string]interface{}{}
+				localMap := dataSourceSecurityGroupsLocalToMap(*securityGroupRule.Local.(*vpcv1.SecurityGroupRuleLocal))
+				localList = append(localList, localMap)
+				resultMap["local"] = localList
+			}
 		}
 	}
 
@@ -703,3 +740,16 @@ func dataSourceSecurityGroupsRemoteToMap(remoteItem vpcv1.SecurityGroupRuleRemot
 	}
 	return remoteMap
 }
+
+func dataSourceSecurityGroupsLocalToMap(localItem vpcv1.SecurityGroupRuleLocal) (localMap map[string]interface{}) {
+	localMap = map[string]interface{}{}
+
+	if localItem.Address != nil {
+		localMap["address"] = *localItem.Address
+	}
+
+	if localItem.CIDRBlock != nil {
+		localMap["cidr_block"] = *localItem.CIDRBlock
+	}
+	return localMap
+}

ibm/service/vpc/resource_ibm_is_lb_listener.go

@@ -619,7 +619,7 @@ func lbListenerUpdate(d *schema.ResourceData, meta interface{}, lbID, lbListener
 			diag.FromErr(err)
 		}
 		defPool = lbpool
-		loadBalancerListenerPatchModel.DefaultPool = &vpcv1.LoadBalancerPoolIdentity{
+		loadBalancerListenerPatchModel.DefaultPool = &vpcv1.LoadBalancerListenerDefaultPoolPatch{
 			ID: &defPool,
 		}
 		hasChanged = true