Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(firewall): Add support for firewall flag for LXC/VM net adapters #295

Merged
merged 2 commits into from
Apr 9, 2023
Merged

fix(firewall): Add support for firewall flag for LXC/VM net adapters #295

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8a2a3f7
fix(firewall): Add support for `firewall` flag for LXC/VM net adapters
bpg Apr 9, 2023
21620b4
Merge branch 'main' into add-firewal-flag-for-net-adapter
bpg Apr 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions docs/resources/virtual_environment_container.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,8 @@ output "ubuntu_container_public_key" {
to `vmbr0`).
- `enabled` - (Optional) Whether to enable the network device (defaults
to `true`).
- `firewall` - (Optional) Whether this interface's firewall rules should be
used (defaults to `false`).
- `mac_address` - (Optional) The MAC address.
- `mtu` - (Optional) Maximum transfer unit of the interface. Cannot be
larger than the bridge's MTU.
Expand Down Expand Up @@ -170,10 +172,11 @@ output "ubuntu_container_public_key" {
meta-argument to ignore changes to this attribute.
- `template` - (Optional) Whether to create a template (defaults to `false`).
- `unprivileged` - (Optional) Whether the container runs as unprivileged on
the host (defaults to `false`).
the host (defaults to `false`).
- `vm_id` - (Optional) The virtual machine identifier
- `features` - (Optional) The container features
- `nesting` - (Optional) Whether the container is nested (defaults to `false`)
- `nesting` - (Optional) Whether the container is nested (defaults
to `false`)

## Attribute Reference

Expand Down
2 changes: 2 additions & 0 deletions docs/resources/virtual_environment_vm.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,8 @@ output "ubuntu_vm_public_key" {
to `vmbr0`).
- `enabled` - (Optional) Whether to enable the network device (defaults
to `true`).
- `firewall` - (Optional) Whether this interface's firewall rules should be
used (defaults to `false`).
- `mac_address` - (Optional) The MAC address.
- `model` - (Optional) The network device model (defaults to `virtio`).
- `e1000` - Intel E1000.
Expand Down
27 changes: 27 additions & 0 deletions proxmoxtf/resource/container.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ const (
dvResourceVirtualEnvironmentContainerMemorySwap = 0
dvResourceVirtualEnvironmentContainerNetworkInterfaceBridge = "vmbr0"
dvResourceVirtualEnvironmentContainerNetworkInterfaceEnabled = true
dvResourceVirtualEnvironmentContainerNetworkInterfaceFirewall = false
dvResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress = ""
dvResourceVirtualEnvironmentContainerNetworkInterfaceRateLimit = 0
dvResourceVirtualEnvironmentContainerNetworkInterfaceVLANID = 0
Expand Down Expand Up @@ -98,6 +99,7 @@ const (
mkResourceVirtualEnvironmentContainerNetworkInterface = "network_interface"
mkResourceVirtualEnvironmentContainerNetworkInterfaceBridge = "bridge"
mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled = "enabled"
mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall = "firewall"
mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress = "mac_address"
mkResourceVirtualEnvironmentContainerNetworkInterfaceName = "name"
mkResourceVirtualEnvironmentContainerNetworkInterfaceRateLimit = "rate_limit"
Expand Down Expand Up @@ -510,6 +512,12 @@ func Container() *schema.Resource {
Optional: true,
Default: dvResourceVirtualEnvironmentContainerNetworkInterfaceEnabled,
},
mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall: {
Type: schema.TypeBool,
Description: "Whether this interface's firewall rules should be used.",
Optional: true,
Default: dvResourceVirtualEnvironmentContainerNetworkInterfaceFirewall,
},
mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress: {
Type: schema.TypeString,
Description: "The MAC address",
Expand Down Expand Up @@ -888,6 +896,9 @@ func containerCreateClone(ctx context.Context, d *schema.ResourceData, m interfa

bridge := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceBridge].(string)
enabled := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled].(bool)
firewall := types.CustomBool(
networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall].(bool),
)
macAddress := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress].(string)
name := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceName].(string)
rateLimit := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceRateLimit].(float64)
Expand All @@ -899,6 +910,7 @@ func containerCreateClone(ctx context.Context, d *schema.ResourceData, m interfa
}

networkInterfaceObject.Enabled = enabled
networkInterfaceObject.Firewall = &firewall

if len(initializationIPConfigIPv4Address) > ni {
if initializationIPConfigIPv4Address[ni] != "" {
Expand Down Expand Up @@ -1418,6 +1430,11 @@ func containerGetExistingNetworkInterface(
}

networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled] = true
if nv.Firewall != nil {
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall] = *nv.Firewall
} else {
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall] = false
}

if nv.MACAddress != nil {
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress] = *nv.MACAddress
Expand Down Expand Up @@ -1776,6 +1793,12 @@ func containerRead(ctx context.Context, d *schema.ResourceData, m interface{}) d

networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled] = true

if nv.Firewall != nil {
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall] = *nv.Firewall
} else {
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall] = false
}

if nv.MACAddress != nil {
networkInterface[mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress] = *nv.MACAddress
} else {
Expand Down Expand Up @@ -2150,6 +2173,9 @@ func containerUpdate(ctx context.Context, d *schema.ResourceData, m interface{})

bridge := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceBridge].(string)
enabled := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceEnabled].(bool)
firewall := types.CustomBool(
networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceFirewall].(bool),
)
macAddress := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceMACAddress].(string)
name := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceName].(string)
rateLimit := networkInterfaceMap[mkResourceVirtualEnvironmentContainerNetworkInterfaceRateLimit].(float64)
Expand All @@ -2161,6 +2187,7 @@ func containerUpdate(ctx context.Context, d *schema.ResourceData, m interface{})
}

networkInterfaceObject.Enabled = enabled
networkInterfaceObject.Firewall = &firewall

if len(initializationIPConfigIPv4Address) > ni {
if initializationIPConfigIPv4Address[ni] != "" {
Expand Down
34 changes: 25 additions & 9 deletions proxmoxtf/resource/vm.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,7 @@ const (
dvResourceVirtualEnvironmentVMName = ""
dvResourceVirtualEnvironmentVMNetworkDeviceBridge = "vmbr0"
dvResourceVirtualEnvironmentVMNetworkDeviceEnabled = true
dvResourceVirtualEnvironmentVMNetworkDeviceFirewall = false
dvResourceVirtualEnvironmentVMNetworkDeviceMACAddress = ""
dvResourceVirtualEnvironmentVMNetworkDeviceModel = "virtio"
dvResourceVirtualEnvironmentVMNetworkDeviceRateLimit = 0
Expand Down Expand Up @@ -198,6 +199,7 @@ const (
mkResourceVirtualEnvironmentVMNetworkDevice = "network_device"
mkResourceVirtualEnvironmentVMNetworkDeviceBridge = "bridge"
mkResourceVirtualEnvironmentVMNetworkDeviceEnabled = "enabled"
mkResourceVirtualEnvironmentVMNetworkDeviceFirewall = "firewall"
mkResourceVirtualEnvironmentVMNetworkDeviceMACAddress = "mac_address"
mkResourceVirtualEnvironmentVMNetworkDeviceModel = "model"
mkResourceVirtualEnvironmentVMNetworkDeviceRateLimit = "rate_limit"
Expand Down Expand Up @@ -982,6 +984,12 @@ func VM() *schema.Resource {
Optional: true,
Default: dvResourceVirtualEnvironmentVMNetworkDeviceEnabled,
},
mkResourceVirtualEnvironmentVMNetworkDeviceFirewall: {
Type: schema.TypeBool,
Description: "Whether this interface's firewall rules should be used",
Optional: true,
Default: dvResourceVirtualEnvironmentVMNetworkDeviceEnabled,
},
mkResourceVirtualEnvironmentVMNetworkDeviceMACAddress: {
Type: schema.TypeString,
Description: "The MAC address",
Expand Down Expand Up @@ -2602,17 +2610,19 @@ func vmGetNetworkDeviceObjects(d *schema.ResourceData) proxmox.CustomNetworkDevi
for i, networkDeviceEntry := range networkDevice {
block := networkDeviceEntry.(map[string]interface{})

bridge, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceBridge].(string)
enabled, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceEnabled].(bool)
macAddress, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceMACAddress].(string)
model, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceModel].(string)
rateLimit, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceRateLimit].(float64)
vlanID, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceVLANID].(int)
mtu, _ := block[mkResourceVirtualEnvironmentVMNetworkDeviceMTU].(int)
bridge := block[mkResourceVirtualEnvironmentVMNetworkDeviceBridge].(string)
enabled := block[mkResourceVirtualEnvironmentVMNetworkDeviceEnabled].(bool)
firewall := types.CustomBool(block[mkResourceVirtualEnvironmentVMNetworkDeviceFirewall].(bool))
macAddress := block[mkResourceVirtualEnvironmentVMNetworkDeviceMACAddress].(string)
model := block[mkResourceVirtualEnvironmentVMNetworkDeviceModel].(string)
rateLimit := block[mkResourceVirtualEnvironmentVMNetworkDeviceRateLimit].(float64)
vlanID := block[mkResourceVirtualEnvironmentVMNetworkDeviceVLANID].(int)
mtu := block[mkResourceVirtualEnvironmentVMNetworkDeviceMTU].(int)

device := proxmox.CustomNetworkDevice{
Enabled: enabled,
Model: model,
Enabled: enabled,
Firewall: &firewall,
Model: model,
}

if bridge != "" {
Expand Down Expand Up @@ -3478,6 +3488,12 @@ func vmReadCustom(

networkDevice[mkResourceVirtualEnvironmentVMNetworkDeviceEnabled] = nd.Enabled

if nd.Firewall != nil {
networkDevice[mkResourceVirtualEnvironmentVMNetworkDeviceFirewall] = *nd.Firewall
} else {
networkDevice[mkResourceVirtualEnvironmentVMNetworkDeviceFirewall] = false
}

if nd.MACAddress != nil {
macAddresses[ni] = *nd.MACAddress
} else {
Expand Down