feat(cfw): add resource CFW capture (#5238)

docs/resources/cfw_capture_task.md

@@ -0,0 +1,145 @@
+---
+subcategory: "Cloud Firewall (CFW)"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_cfw_capture_task"
+description: |-
+  Manages a CFW capture task resource within HuaweiCloud.
+---
+
+# huaweicloud_cfw_capture_task
+
+Manages a CFW capture task resource within HuaweiCloud.
+
+-> **NOTE:** For the Cloud Firewall service, you can only initiate up to 20 packet capture tasks per day.
+Beyond this limit, no additional packet capture tasks can be initiated. Furthermore, only one packet capture task can be
+in progress at any given time.
+
+## Example Usage
+
+```hcl
+variable "fw_instance_id" {}
+variable "name" {}
+variable "duration" {}
+variable "max_packets" {}
+
+resource huaweicloud_cfw_capture_task "test" {
+  fw_instance_id = var.fw_instance_id
+  name           = var.name
+  duration       = var.duration
+  max_packets    = var.max_packets
+  
+  destination {
+    address      = "1.1.1.1"
+    address_type = 0
+  }
+
+  source {
+    address      = "2.2.2.2"
+    address_type = 0
+  }
+
+  service {
+    protocol = -1
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region in which to create the resource.
+  If omitted, the provider-level region will be used.
+  Changing this creates a new resource.
+
+* `fw_instance_id` - (Required, String, NonUpdatable) Specifies the ID of the firewall instance.
+
+* `name` - (Required, String, NonUpdatable) Specifies the capture task name.
+
+* `duration` - (Required, Int, NonUpdatable) Specifies the capture task duration.
+
+* `max_packets` - (Required, Int, NonUpdatable) Specifies the maximum number of packets captured.
+  The Maximum value is **1000000**.
+
+* `destination` - (Required, List, NonUpdatable) Specifies the destination configuration.
+  The [destination](#Address) structure is documented below.
+
+* `source` - (Required, List, NonUpdatable) Specifies the source configuration.
+  The [source](#Address) structure is documented below.
+
+* `service` - (Required, List, NonUpdatable) Specifies the service configuration.
+  The [service](#Service) structure is documented below.
+
+* `stop_capture` - (Optional, Bool) Specifies whether to stop the capture task.
+
+<a name="Address"></a>
+The `destination` or `source` block supports:
+
+* `address` - (Required, String, NonUpdatable) Specifies the address.
+
+* `address_type` - (Required, Int, NonUpdatable) Specifies the address type.
+  The valid values are:
+  + **0**: indicates IPv4;
+  + **1**: indicates IPv6.
+
+<a name="Service"></a>
+The `service` block supports:
+
+* `protocol` - (Required, Int, NonUpdatable) Specifies the protocol type.
+  The valid values are:
+  + **6**: indicates TCP;
+  + **17**: indicates UDP;
+  + **1**: indicates ICMP;
+  + **58**: indicates ICMPv6;
+  + **-1**: indicates any protocol.
+
+* `dest_port` - (Optional, String, NonUpdatable) Specifies the destination port.
+
+* `source_port` - (Optional, String, NonUpdatable) Specifies the source port.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The resource ID. The value is the name of the capture task.
+
+* `created_at` - The creation time of the capture task.
+
+* `status` - The status of the capture task.
+
+* `updated_at` - The update time of the capture task.
+
+* `task_id` - The ID of the capture task.
+
+## Timeouts
+
+This resource provides the following timeouts configuration options:
+
+* `update` - Default is 5 minutes.
+* `delete` - Default is 5 minutes.
+
+## Import
+
+The capture task can be imported using `fw_instance_id`, `name`, separated by a slash, e.g.
+
+```bash
+$ terraform import huaweicloud_cfw_capture_task.test <fw_instance_id>/<name>
+```
+
+Note that the imported state may not be identical to your resource definition, due to some attributes missing from the
+API response, security or some other reason.
+The missing attributes is `stop_capture`. It is generally recommended running `terraform plan` after importing the resource.
+You can then decide if changes should be applied to the capture task, or the resource definition should be updated to
+align with the capture task. Also you can ignore changes as below.
+
+```hcl
+resource "huaweicloud_cfw_capture_task" "test" {
+    ...
+
+  lifecycle {
+    ignore_changes = [
+      stop_capture,
+    ]
+  }
+}
+```

huaweicloud/provider.go

@@ -1177,6 +1177,7 @@ func Provider() *schema.Provider {
 			"huaweicloud_cfw_domain_name_group":    cfw.ResourceDomainNameGroup(),
 			"huaweicloud_cfw_lts_log":              cfw.ResourceLtsLog(),
 			"huaweicloud_cfw_dns_resolution":       cfw.ResourceDNSResolution(),
+			"huaweicloud_cfw_capture_task":         cfw.ResourceCaptureTask(),
 
 			"huaweicloud_cloudtable_cluster": cloudtable.ResourceCloudTableCluster(),
 

huaweicloud/services/acceptance/cfw/resource_huaweicloud_cfw_capture_task_test.go

@@ -0,0 +1,158 @@
+package cfw
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/cfw"
+)
+
+func getCaptureTaskResourceFunc(cfg *config.Config, state *terraform.ResourceState) (interface{}, error) {
+	region := acceptance.HW_REGION_NAME
+	product := "cfw"
+
+	client, err := cfg.NewServiceClient(product, region)
+	if err != nil {
+		return nil, fmt.Errorf("error creating CFW client: %s", err)
+	}
+
+	return cfw.GetCaptureTask(client, state.Primary.ID, state.Primary.Attributes["fw_instance_id"])
+}
+
+func TestAccCaptureTask_basic(t *testing.T) {
+	var obj interface{}
+
+	rName := "huaweicloud_cfw_capture_task.test"
+	name := acceptance.RandomAccResourceName()
+
+	rc := acceptance.InitResourceCheck(
+		rName,
+		&obj,
+		getCaptureTaskResourceFunc,
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+			acceptance.TestAccPreCheckCfw(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		CheckDestroy:      rc.CheckResourceDestroy(),
+		Steps: []resource.TestStep{
+			{
+				Config: testCaptureTask_basic(name),
+				Check: resource.ComposeTestCheckFunc(
+					rc.CheckResourceExists(),
+					resource.TestCheckResourceAttr(rName, "name", name),
+					resource.TestCheckResourceAttr(rName, "duration", "5"),
+					resource.TestCheckResourceAttr(rName, "max_packets", "100000"),
+					resource.TestCheckResourceAttr(rName, "destination.0.address", "1.1.1.1"),
+					resource.TestCheckResourceAttr(rName, "destination.0.address_type", "0"),
+					resource.TestCheckResourceAttr(rName, "source.0.address", "2.2.2.2"),
+					resource.TestCheckResourceAttr(rName, "source.0.address_type", "0"),
+					resource.TestCheckResourceAttr(rName, "service.0.dest_port", "80"),
+					resource.TestCheckResourceAttr(rName, "service.0.protocol", "6"),
+					resource.TestCheckResourceAttr(rName, "service.0.source_port", "80"),
+					resource.TestCheckResourceAttrSet(rName, "task_id"),
+					resource.TestCheckResourceAttrSet(rName, "created_at"),
+					resource.TestCheckResourceAttrSet(rName, "updated_at"),
+				),
+			},
+			{
+				Config: testCaptureTask_update(name),
+				Check: resource.ComposeTestCheckFunc(
+					rc.CheckResourceExists(),
+					resource.TestCheckResourceAttr(rName, "name", name),
+					resource.TestCheckResourceAttr(rName, "duration", "5"),
+					resource.TestCheckResourceAttr(rName, "max_packets", "100000"),
+					resource.TestCheckResourceAttr(rName, "stop_capture", "true"),
+				),
+			},
+			{
+				ResourceName:      rName,
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateIdFunc: testCaptureTaskImportState(rName),
+				ImportStateVerifyIgnore: []string{
+					"stop_capture",
+				},
+			},
+		},
+	})
+}
+
+func testCaptureTask_basic(name string) string {
+	return fmt.Sprintf(`
+resource huaweicloud_cfw_capture_task "test" {
+  fw_instance_id = "%[1]s"
+  name           = "%[2]s"
+  duration       = 5
+  max_packets    = 100000
+  
+  destination {
+    address      = "1.1.1.1"
+    address_type = 0
+  }
+  
+  source {
+    address      = "2.2.2.2"
+    address_type = 0
+  }
+  
+  service {
+    dest_port   = "80"
+    protocol    =  6
+    source_port = "80"
+  }
+}
+`, acceptance.HW_CFW_INSTANCE_ID, name)
+}
+
+func testCaptureTask_update(name string) string {
+	return fmt.Sprintf(`
+resource huaweicloud_cfw_capture_task "test" {
+  fw_instance_id = "%[1]s"
+  name           = "%[2]s"
+  duration       = 5
+  max_packets    = 100000
+  stop_capture   = true
+  
+  destination {
+    address      = "1.1.1.1"
+    address_type = 0
+  }
+  
+  source {
+    address      = "2.2.2.2"
+    address_type = 0
+  }
+  
+  service {
+    dest_port   = "80"
+    protocol    =  6
+    source_port = "80"
+  }
+}
+`, acceptance.HW_CFW_INSTANCE_ID, name)
+}
+
+func testCaptureTaskImportState(name string) resource.ImportStateIdFunc {
+	return func(s *terraform.State) (string, error) {
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return "", fmt.Errorf("resource (%s) not found: %s", name, rs)
+		}
+		if rs.Primary.Attributes["fw_instance_id"] == "" {
+			return "", fmt.Errorf("attribute (fw_instance_id) of Resource (%s) not found: %s", name, rs)
+		}
+		if rs.Primary.ID == "" {
+			return "", fmt.Errorf("attribute (ID) of Resource (%s) not found: %s", name, rs)
+		}
+		return rs.Primary.Attributes["fw_instance_id"] + "/" + rs.Primary.ID, nil
+	}
+}